Contact Info - 24x7

Privacy Policy

As a leading antivirus software company, Sushkom aims to defend you against threats in cyberspace. To do so, we may have to collect your Personal Data to provide you with the best weapons and the most up-to-date security. We do not take your trust for granted. As a multinational company with its headquarters in the Czech Republic, we conform our data use to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”), with effect from 25 May 2018. Therefore, in our Privacy Policy, we explain what we do, how we do it, your choices, and how we may need your cooperation to help you stay safe. We are transparent in our use of our Personal Data, while using it in accordance with the GDPR, and balancing the relevant interests of our users, ourselves and other third parties.

The Sushkom Privacy Policy (“Privacy Notice”) applies to Sushkom Software s.r.o. ("Sushkom") and unless specified, its subsidiaries, contractors, representatives, agents, and resellers while they are working on our behalf (collectively “we,” “us” or “our”).”

The Privacy Notice provides an overview of how Sushkom and its subsidiaries, via our websites, products and services, handle privacy, and how we protect your Personal Data.

Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”). To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. Account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments.

This Privacy Notice describes how we handle Personal Data and the choices available to you regarding collection, process, access, and how to update, correct and delete your Personal Data. Additional information on our Personal Data practices may be provided in product settings, contractual terms, or notices provided prior to or at the time of data collection. Certain products and services may have specific privacy notices that describe how we handle Personal Data for those products and services. If any other privacy notice conflicts with this Privacy Statement, such specific notice will take precedence.

If you are in the European Economic Area, the Controller of your Personal Data is Sushkom Software s.r.o., which has its principal place of business at 1737/1A Pikrtova, Prague 4, Czech Republic, 140 00.

This Privacy Notice Covers

The following general aspects of our collection and processing of Personal Data concerning you:

  • What Personal Data we collect;
  • How Personal Data is used and for what purposes;
  • When and why Personal Data is transferred to third parties;
  • How we maintain the accuracy, integrity and security of your Personal Data;
  • How your Personal data is retained and destroyed;
  • What individual rights available to you as it pertains to your Personal Data;
  • Where applicable, how we may process the Personal Data of children under 13 years of age; and
  • Who you can contact if you have any questions regarding the use of your Personal Data.
 

Please refer to our supplementary product and service privacy notices at the end of this Privacy Notice for additional detail specific to those products and services.

This privacy notice is intended for you if you are a user of our products and services. If you are a business partner or a media contact, the privacy notice that applies to you is located here: [insert link to business partner and PR privacy notice].

Personal Data We Collect

When you visit and use our websites, products and services, we may collect data or ask you to provide certain data, including Personal Data, about you as you use our websites, products and services and interact with us, for the purpose of helping us manage our relationship with you. We will treat as “Personal Data” the following: (i) data collected directly from you or your device relating to an identified or identifiable natural person (“Data Subject”), and may include direct identifiers such as name, address, email address, phone number, and online or indirect identifiers such as login account number, login password, marketing preferences, social media account, payment card number, or IP address; (ii) If we link other online data with your Personal Data, we will treat that linked data as Personal Data; and (iii)we may also collect Personal Data from trusted third-party sources such as distributors, resellers, app stores, contact centers, and engage third-parties such as marketing/survey/analytics/software suppliersto collect Personal Data to assist us.

We organize the Personal Data we process into these categories: Billing Data, Account Data, Device Data, and Service Data.

Billing Data includes your name, email address, credit card number, and in certain circumstances, your billing address and your phone number. In most circumstances, our products and services are purchased from a trusted third-party service provider, reseller, or app store. In those circumstances, your Billing Data is processed by the relevant third party.

Account Data includes your name, address, email address, phone number, photo, date of birth, gender, and interests.

Device Data includes information about the operating system; hardware; city/country of device; error logs; browser; network; applications running on the device, including the Sushkom products.

Service Data includes information about the Sushkom product usage; visited URLs; referral page; and product event and error logs. When a suspicious file is detected, the following information is processed: the suspicious file hash, the detection name, the suspicious file name and path, the executable suspicious file, and the last local IP address.

If you want more detail about the Personal Data we process on a product basis, please refer to the relevant product and service privacy notices accessible below.

WhyWe Process Your Personal Data

We use your Personal Data for the following purposes and on the following grounds:

On the basis of fulfilling our contract with you or entering into a contract with you on your request, in order to:

  • When you purchase our products or services from us, our partners or our trusted third party service providers’ online stores;
  • Provision the download, activation, and performance of the product or service;
  • Keep our products or services up-to-date, safe and free of errors;
  • Verify your identity and entitlement to paid products or services, when you contact us for support or access our services;
  • Process your purchase transactions;
  • Update you on the status of your orders;
  • Manage your subscriptions and user accounts; and
  • Provide you with technical and customer support.
 

On the basis of your consent, in order to:

  • Subscribe you to a newsletter or the Sushkom forum;
  • Enable the provision of interest-based ads in support of our free mobile products.

On the basis of legal obligations, we process your Personal Data when it is necessary for compliance with a legal tax, accounting, anti-money laundering, legal order, or other obligation to which we are subject..

On the basis of our legitimate interest in the effective delivery of our products, services and communications to you, in order to:

  • In-product messaging and cross-selling, we will communicate commercial promotions for products and services provided by us;
  • Product development, research and to implement product features and improvements, as well as product updates;
  • 3rd party analytics to evaluate and improve the performance and quality of our products, services and websites;
  • Allow interoperability within our applications;
  • Secure our systems and applications;
  • Allow effective performance of our business by ensuring necessary internal administrative and commercial processes (e.g. finances, controlling, business intelligence, legal&compliance, information security etc.); and
  • Enforce our legal rights.
 

How we process your Personal Data

We do our best to disconnect or remove all direct identifiers from the Personal Data that we use. For free versions of the antivirus, this disconnection or removal of identifiers begins when the products and services are initially activated. For paid users of the antivirus, we keep Billing Data in a separate database and minimize its use for anything other than handling payments and our own finances. For both paid and free versions, we continuously monitor for, minimize, disconnect and remove all direct identifiers during the normal performance of the products and services.

Please note, consistent with the above, our processing of your Personal Data in most cases does not require identification. With the paid versions, while the products and services are active and for a necessary retention period after that, we will maintain a copy of your direct identification in order to handle payments, respond to support queries, for anti-fraud purposes, and to maintain proper records of transactions. For the paid versions, Sushkom is technically able to connect the provision of products and services with the billing data. For the free versions, when no registration or additional collection of information concerning a user’s identity is required, for example, with the free antivirus, Sushkom provide the products and services without any direct identification of the user.

For the free versions, Sushkom shall not maintain, acquire or process additional information solely in order to identify the users of our free products and services. This is simply not necessary for the free versions of our products to be provided to you and function. This means, when you use a free version of our products and services and you contact us with a request concerning your Personal Data, e.g. for a copy or deletion of your Personal Data, please understand we are not in a position to identify you in connection with your specific free products and services and thus we will not be able to satisfy some of your requests. Of course, where we are not able to satisfy some of your requests because of this, we will always inform you of this fact.

Processing of IP addresses

For paid products including antivirus, virtual private network, and performance, your IP Address is collected at the time at which your product or service is being provided, for the purpose of facilitating our billing process. Specifically, our third-party billing partner will collect your IP address for its billing process; Sushkom does not store the IP address from this process.

For free products including antivirus, your IP Address is not collected at the time you download and activate your product. Instead of collecting your IP Address, Sushkom stores a city/country. This data is used for understanding where the software has been downloaded and for related analytics.

For certain antivirus products (both paid and free versions), the antivirus software, after detecting a suspicious or malware file on your device, will send the malware file with the last detected IP address to Sushkom for malware analysis, in particular, to study the spread of the contagion, which allows us to better understand the threat we are dealing with and how to best protect against it. Sushkom will delete this IP address collected for malware analysis promptly, or in any case within 30 days.

For mobile antivirus products, the IP address of your device may be processed by advertising networks to serve ads; Sushkom does not collect or store the IP address for this purpose. See the purpose of processing Personal Data for marketing [link].

For products that use third-party analytics, some (although not all) of the analytics tools we use may process the IP address; Sushkom does not store the IP address for this purpose. See the purpose of processing Personal Data for analytics [link].

Network security

We process Personal Data for network and information security purposes. In line with EU data protection law, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security. This primarily covers the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.

Both as an organization in our own right, and as a provider of cybersecurity technologies and services which may include hosted and managed cybersecurity technology services, it is necessary for the functionality of our systems, products and services andin our legitimate interests as well as in our users’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring the security of our own, and of our users’ networks, devices, and information systems. This includes the development of threat intelligence resources aimed at maintaining and improving on an ongoing basis the ability of networks and systems to resist unlawful or malicious actions and other harmful events (“cyber-threats”). The Personal Data we process for said purposes includes, without limitation, network traffic data related to cyber-threats such as:

  • sender email addresses (e.g., of sources of SPAM);
  • recipient email addresses (e.g., of victims of targeted email cyberattacks including phishing);
  • reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);
  • filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);
  • URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful contents); and/or
  • IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting, caching or other storage of cyber-threats such as malicious or otherwise harmful contents).
 

Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting (by removing any personally identifiable elements) and mitigating the cyber-threats of concern to you, and to secure your network, device and systems. When processing Personal Data in this context, we do not seek to identify a data subject.

Marketing and Community Networking

Sushkom has a legitimate interest in promoting our commercial offerings and to optimize the delivery of communications to that effect to our users that are most likely to find them relevant. We will therefore collect and process data to that end as explained below. However, where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in the communication or e-mail at any time.

In-App Messages

Sushkom will use Personal Data to provide notices (we call this in-product messaging) of our latest product announcements, software updates, and product and service performance. If you do not want to see these notices, you can shut it off in the product settings. If you have supplied Sushkom your email address, Sushkom will also provide notices through this channel. Please note, if you don’t want to be on our mailing list, you may unsubscribe anytime by using an unsubscribe link we provide you in every marketing communication we send you.

Interest-Based Ads

We have versions of our products such as mobile antivirus that are free to our users and supported by serving relevant 3rd party ads. Your Personal Data is used by our advertising partners [insert link to the list of third-party ad networks]to serve the 3rd party ads. If you do not want to see 3rd party ads, you may, at any time, change to the paid version of the product, which does not serve 3rd party ads.

These advertisements are delivered to you by our advertising partners and we do not process your Personal Data in order to deliver interest-based advertising ourselves. The only information we get in this particular scenario is the minimum information necessary in order to manage our relationship with the advertising partners and through that, track our revenue and manage our finances. This information consists of a specific advertising partner (although the report does not list the specific ad that was clicked on).

Cookies, Analytics and Crash Reporting

Cookies

Our websites use cookies to acquire data that may be used to determine your physical location via your IP Address and automated geolocation techniques, or to acquire basic information about the computer, tablet, or mobile phone that you use to visit us. See description below. Whileusing our websites, you will be asked to authorize the collection and use of data by cookies according to the terms of this Privacy Notice.

We use common information-gathering tools, such as cookies, pixel tags and Web beacons, to collect information about your general internet usage. When you visit our websites, a cookie file is stored on your browser or the hard drive of your device. Technologies such as: cookies, beacons, tags and scripts are used by us and our marketing partners, affiliates, or analytics or service providers (e.g. payment processor, etc.). These technologies are used in analyzing trends, administering the site, tracking your movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. You authorize us and agree that we may place cookies or tracking technologies on your device.