Privacy Policy

Last updated on 25.05.2018

The terms and conditions of this Privacy Policy (the “Policy”) apply to any personal data Doctor Web, Ltd. (the “Rights Holder”) receives and/or may receive about users/visitors (the “Users”/”User”) while they are visiting/using, or in connection with their visiting/using, any of the websites, services, subscriptions, computer programs, or other products of Doctor Web, Ltd. (the “Services”).

1.1. The Rights Holder is the data controller. The User unconditionally and entirely accepts the terms and conditions of the Policy as soon as he/she starts using the Services. If the User disagrees with the Policy or with any of its terms and conditions, he/she has no right to use the Services. The User understands that the Services are intended to people who attained legal age to consent to such services according to their local law, so, when starting to use the Services, the User confirms that he/she has 1) attained this legal age in accordance with the laws of the country of which he/she is a national, or 2) that the User’s agreement to the Policy is given with the permission and in the presence of the User’s parents or other legal representatives. Unless the User has not expressly agreed to the contrary, the Rights Holder proceeds on the basis that the User has reached the age of majority.

For personal data collected from Users located in the EU, where children are at least 13 years old and below the age of 16, the Rights Holder will collect or process personal data about them with the consent or the authorisation of the holder of parental responsibility over the child. If the Rights Holder becomes aware that it has unknowingly collected personal data from a child under the age of 13, or under the age of 16 without the consent or the authorisation of the holder of the parental responsibility, the Rights Holder will make reasonable efforts to delete such personal data from its records.

2. Personal data of the User.

2.1. The prerequisite to provide the Services to the User is the receiving of the User's personal data by the Rights Holder, and their future processing.

2.2. The personal data provided by the User when creating accounts for the use of the Services or while using the Services may include, for example, comments he/she made while using the Services, name, contacts details, email address, and country of the User which the User specified when registering.

2.3. Personal data is also transmitted to the Rights Holder by the User’s devices through the software installed on those devices while the User is using the Services. Such personal data includes, for example, the User’s IP address. Other information such as cookie data, the contents and configuration of the User’s hardware and software, and information about actions taken while the Services were being used may also be collected.

3. Purpose and legal basis of the processing.

3.1. The Rights Holder processes the User's personal data on the following legal basis:

• Performance of a contract - the use of the User's personal data may be necessary to perform the contract that it has with the Rights Holder (for example: software licence);
• Legitimate interests - the Rights Holder may use the User's personal data for its legitimate interests to improve its products and Services and the content on its website (for example to manage its network, improve the Service, and better tailor the features, performance and support of the Service);
• Consent - the Rights Holder will rely on the User's consent to use (i) technical information such as cookie data; and (ii) the personal data for marketing purposes when requested;
• Legal obligation - to comply with its legal obligations.

3.2. The Rights Holder collects only personal data that is needed to:

• conclude and execute agreements and contracts with the User,
• send newsletters to Users;
• better understand how Users access and use the Rights Holder's website;
• improve the Rights Holder's website and services;
• ensure the security of Users and its Services;
• monitor User compliance with Service usage rules;
• provide Services to the User;
• develop and improve products and Services;
• collect and summarise statistics;
• conduct research;
• provide consultations;
• technical support;
• communicate and engage in other interactions with the User.

3.3. For example, if the User contacts the technical support service or contacts via the email, the Rights Holder shall process data provided by the User in the course of such request. The Rights Holder does not collect and process personal data that is statutorily referred to special categories of personal data.

3.4. In addition, the User understands and accepts that information about the composition and configuration of his/her hardware and software configuration will be needed in order for the Rights Holder to pinpoint any technical problems the User has experienced as a result of using the Services and to develop the most effective recommendations for eliminating such problems.

3.5. The User understands and accepts that when using the Services to upload files for online anti-virus scanning, the full path to the uploaded files on the User’s device is revealed to the Rights Holder. The Rights Holder can store and use at its discretion any files uploaded by the User for online anti-virus scanning; this includes the Rights Holder adding such information to its virus databases.

4. Accuracy of the personal data.

4.1 The Rights Holder proceeds on the basis that the personal data provided by the User is reliable and up to date. The Rights Holder expects the User to inform it of any changes to his/her personal data such as changes to contact information. The Rights Holder is not liable for consequences arising from the User providing unreliable or outdated personal data.

5. Personal data security.

5.1. The Rights Holder takes all necessary and sufficient technical and organisational measures to ensure that personal data are securely processed and to prevent User's personal data from being available to third parties without the User's consent, and from being deleted accidentally or in the result of illegal actions.

5.2. The same security measures shall be implemented by other companies providing services on the Rights Holder's behalf and which process personal data on its behalf.

5.3. The laws of the Russian Federation in the field of personal data security may differ from the laws of the User's country of residence.

6. Storage period.

The Rights Holder will store Users' personal data as long as reasonably necessary and only for as long as required to fulfil the relevant purposes of the processing of their personal Data.

7. User's rights.

7.1. Subject to local law, the User has the following rights to:

• access to his/her personal data being processed;
• make a request to rectify his/her personal data which are inaccurate or incomplete;
• erase his/her personal data;
• restrict the Rights Holder use of the personal data;
• receive his/her personal data in a usable electronic format and transmit it to a third party;
• object to the processing of his/her personal data;
• withdraw his/her consent to any processing based on consent at any time;
• and to lodge a complaint with the local data protection authority.

If the User wants to discuss or exercise such rights, he/she may contact the Rights Holder via email address data_protection@drweb.com

7.2. The Rights Holder, upon receipt of such requests, has the right to take appropriate actions and request, from the person (who sent the request), information needed to ascertain that this person is the subject of the personal data requested. This action is intended to protect User's personal data from disclosing to third parties and to prevent any attempts to get access to personal data of other Users.

7.3. Because personal data statutorily includes data needed for the User technical identification in order to use the Rights Holder's Software and Services, if the User sends a demand to stop processing or to delete his/her personal data, agreements and contract (and other types of cooperation) concluded with the User shall be terminated the same day the User's personal data is stopped to be processed or deleted in view of User's confirmation of will. Termination of agreements and contracts in view of User's confirmation of will means that the User is not able to use the Rights Holder's Software and Services starting from the date of such termination. This also means that the Rights Holder does not have any responsibilities to compensate the User for the unused period of the agreement, contract or services.

8. Sharing with third parties.

8.1. The Rights Holder may share the User's personal data with third parties under the following circumstances:

• Affiliates: the Rights Holder may disclose the User's personal data it collects to its affiliates; however, in this case, their use of and disclosure of the User's personal data will be subject to this policy;
• Business partners: the User understands and agrees that his/her personal data shall be sent to owners of Software distribution sources and third-party services.
• Business transfers: if the Rights Holder is acquired by or merged with another company, if substantially all of its assets are transferred to another company, or as part of a bankruptcy proceeding, it may transfer the Users personal data it has collected to the other company.
• To protect the Rights Holder and others: the Rights Holder may also disclose the User personal data it collects where it believes it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy, or as evidence in litigation in which the Rights Holder is involved.

Also, the User understands and accepts that despite the fact that the Rights Holder uses secure protocols for receiving/transmitting data, the content of the files uploaded for online anti-virus scanning may be intercepted and read by third parties at the moment such files are uploaded (before the Rights Holder receives the files) without the User’s or the Rights Holder’s knowledge. Therefore, the Rights Holder is not liable for the safety of the information contained in files uploaded by Users for online anti-virus scanning.

The User understands and accepts that prior his/her personal data is received by the Rights Holder, such personal data is transmitted through communication channels that are not controlled by the Rights Holder, therefore, the Rights Holder is not liable for the safety of such transmission process.

9. Transfer of personal data.

The Rights Holder collects personal data of the Users located in the European Union from the Russian Federation based on such User's explicit consent to transfer. In accordance with the clauses 45-49 of the GDPR, the User located in the European Union is informed of the possible risks of this transfer for his/her personal data due to the absence of any adequacy decision and appropriate safeguards. Prior to such consent, the User must also be informed that without his/her consent, the Rights Holder will not be able to provide the Service.

10. Cookies.

10.1. Cookies are small text files that are temporarily stored on the User’s computer through the web browser and allow websites, for example, to identify the User’s computer during repeated website visits or to follow the User's activity. Cookies do not contain any personal data and are required for the collection of statistical data.

10.2. They make User authentication possible with regards to the use of certain Services, which makes it easier for Users to navigate around the Services and eliminates the need for Users to repeatedly enter their credentials. For technical reasons, authentication for some Services may be impossible without the authorised use of Cookies.

10.3. Types of cookies the Rights Holder uses.

• Strictly necessary cookies: These are cookies which are required for the Rights Holder's website to function properly. They include, for example, cookies that enable the User to log into secure areas of the Rights Holder's website.
• Performance cookies and analytics technologies: The Rights Holder also uses cookies which allow to recognize the User when he/she returns to the Rights Holder's website. This also enables the Rights Holder to count the number of users and to see how users use the services and navigate on its website.
• Functionality cookies: These cookies allow the Rights Holder's website to remember choices the User makes (such as the User's name, language or his/her region) and provide enhanced, more personal features. These cookies can also be used to remember changes User has made to text size, fonts and other parts of web pages that can be customized. They may also be used to provide services the User has asked for.
• Targeting or advertising cookies: These cookies are used to deliver adverts more relevant to the User and his/her interests. They remember that the User has visited a website and this information is shared with other organisations such as advertisers. These cookies record the User's visit on website, the pages he/she has visited, and the links they have followed or clicks done while navigating. The Rights Holder may share this information with third parties for this purpose. Regarding advertising, cookies may be used to place interest-based advertising on third-party websites Users visit thanks to cookies. Such cookies would enable the cookie provider to identify Users' terminal equipment when they visit other websites so as to provide them with interest-based advertising on such other websites.

Among the above categories, cookies can be of two types: session and persistent cookies.

• Session Cookies. Session cookies exist only during an online session. They disappear from the User's computer when he/she closes his/her browser or turn off his/her computer. The Rights Holder uses session cookies to allow its systems to uniquely identify Users during a session or while they are logged into the website. This allows the Rights Holder to process User's online transactions and requests and verify their identity, after they have logged in, as they move through the site.
• Persistent Cookies. Persistent cookies remain on User's computer after they have closed their browser or turned off their computer. The Rights Holder's website uses persistent cookies.

10.4. Disabling cookies. The User understands that it is at the User’s discretion to allow, prohibit, or restrict the use of Cookies. Most web browsers are set to automatically accept cookies. To block cookies, the User needs to adjust the appropriate settings of his/her browser—the software employed by the User to visit websites. The Help portion of the toolbar on most browsers will specify the User how to prevent computer from accepting new cookies, how to have the browser notify when a new cookie is received or how to disable cookies altogether. For more information about cookies and instructions on how to adjust browser settings to accept, delete or reject cookies, see the Internet Advertising Bureau website www.youronlinechoices.com. The User may also remove previously received Cookies. The User who disable cookies will be able to browse certain areas of the site, but some features may not function.

10.5. The Rights Holder may use automated devices and applications, such as [for example: Google Analytics], to evaluate usage of its website and, to the extent permitted, its service. The Rights Holder may also use other analytic means to evaluate its Service. It uses these tools to help improve the Services, performance and User experiences. These entities may use cookies and other tracking technologies to perform their services. The Rights Holder does not share the User's personal data with these third parties.

11. Changes to this privacy policy.

The Rights Holder can change the terms of this Policy and will provide notification to the Users within a reasonable time prior to the change taking effect. A new version of the Policy comes into force as soon as it is published at company.drweb.com/policy, unless stated otherwise by the new version of the Policy.

The current legislation of the Russian Federation applies to this Privacy Policy and the relationship between the User and the Rights Holder, subject to applicable local law and requirements such as the European Regulation 2016/679 on the processing of personal data.

12. Rights Holder's representative

The Rights Holder has appointed, as its representative in the EU, Doctor Web SARL, 9-11 Allée de l'Arche, 92671 Courbevoie cedex, France.

13. The Rights Holder's contact information

Website: https://www.drweb.com

Registered address: 2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040

Reg. # 1047796021723 / TIN 7714533600