Skip to main content

NOTICE TO CALIFORNIA, VIRGINIA, COLORADO, CONNECTICUT, AND UTAH RESIDENTS

We are required by the California Consumer Privacy Act of 2018 (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”) and other applicable legislation to provide to residents of the correspondent states an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information (the “Notice”).

Kaspersky provides products and services to business users and individual home users.

This Notice applies only to individual home users and website visitors who reside in California, whose interactions with us are limited to:

  • Visiting our US-based consumer websites, including MyKaspersky portal,
  • Requesting and receiving technical support for our consumer products or services,
  • Signing up for email alerts or other marketing communications,
  • Participating in one of our consumer-facing offers, programs or promotions, or
  • Interacting with us on social media.

For additional information about our collection and use of personal information of website visitors, and the rights and choices that may be available to website visitors, please visit our Kaspersky Lab Privacy Policy for Websites.

Privacy Practices

We do not sell personal information. As we explain in our privacy policies, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.

Below is a description of our privacy practices with respect to the personal information of California residents who visit our websites, and otherwise interact with us as described in this Notice.

User activity

Personal information collection

Sources of personal information

Purposes for which we may collect and use tde personal information

Sharing

Signing up for email alerts

Interacting with us on social media

Name or alias

Email address

You

Operations

Research and development

Marketing

Shared with service providers

Establishing an account with us

Username

Password

You

Operations

Research and development

Shared with service providers

Visiting our websites

Receiving and responding to marketing emails

Device data

Online activity data

Information derived from device data and online activity data

Automatic collection

Operations

Marketing

Advertising

Research and development

Collected directly by or shared with our service providers

Collected directly by advertising partners

Please note that we may also disclose all personal information (a) with Kaspersky Lab group companies; (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Privacy Rights

The CCPA grants individuals the following rights:

Information

You can request information about how we have collected, used and shared your Personal Information during the past 12 months.

Access

You can request a copy of the personal information that we maintain about you.

Deletion

You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you.

The VCDPA, CPA and CTDPA grant individuals the following rights:

Access

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Before we disclose information to you, we will ask you for information to verify your identity. Once we receive and confirm your verifiable consumer request, we will disclose to you whether we process your personal information and provide you with access to your personal information. We will provide a copy of personal information we have obtained about you in a portable and, to the extent technically feasible, readily usable format.

Please note that we may not disclose the information you have requested if we are unable to verify your identity. In addition, we may not disclose certain information that is covered by one or more exemptions, as outlined in the VCDPA, CPA and CTDPA.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

Correction Request

You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.

Appeals

If we deny your request, you have the right to appeal our decision. We will respond to appeals from Virginia and Connecticut residents within 60 days. We will respond to appeals from Colorado residents within 45 days.

The UCPA grants individuals the following rights:

Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Before we disclose information to you, we will ask you for information to verify your identity. Once we receive and confirm your verifiable consumer request, we will disclose to you whether we process your personal information and provide you with access to your personal information. We will provide a copy of personal information we have obtained about you in a portable and, to the extent technically feasible, readily usable format.

Please note that we may not disclose the information you have requested if we are unable to verify your identity. In addition, we may not disclose certain information that is covered by one or more exemptions, as outlined in the UCPA.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

You are entitled to exercise the rights described above free from discrimination regardless of applicable law.

How to Submit a Request

To request access to or deletion of personal information please contact us at https://support.kaspersky.com/general/privacy or directly by email: dpo@kaspersky.com.

Identity verification. The CCPA, VCDPA, CPA, CDTPA and UCPA require us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.

Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Online Tracking Opt-Out Guide

Like many companies online, we use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

Blocking cookies in your browser.  Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://allaboutcookies.org.

Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.

Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:

Google: https://adssettings.google.com

Microsoft: https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads

Facebook: https://www.facebook.com/about/ads

X: https://twitter.com/personalization

Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Digital Advertising Alliance: https://optout.aboutads.info

Network Advertising Initiative: https://optout.networkadvertising.org/?c=1

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

GLOSSARY

Biometric Information

An individual’s physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Education Information

Personal information from an educational record, which could include: a student’s name, the names of the student’s parent or other family members, the address of a student or student’s family, a student’s personal identifier (e.g., SSN, student number), other indirect identifiers of the student (e.g., date of birth, place of birth, mother’s maiden name), other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

Financial Information

Bank account number, debit or credit card numbers, insurance policy number, and other financial information.

Geolocation Data

Precise location, e.g., derived from GPS coordinates or telemetry data

Identifiers

Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Inferences

The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Internet or Network Information

Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.

Medical Information

Personal information about an individual’s health or healthcare, including health insurance information. Does not include (a) medical information governed by California’s Confidentiality of Medical Information Act, (b) protected health information that is collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 or (c) information collected as part of certain clinical trials.

Online Identifiers

An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.

Physical Description

An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight).

Professional or Employment Information

This term is not defined in the privacy legislation, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

Protected Classification Characteristics

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Sensory Information

Audio, electronic, visual, thermal, olfactory, or similar information.