ESET Policy Hub

Legally speaking, about your privacy using ESET.

Privacy Policy

Privacy Policy

The protection of personal data is of particular importance to ESET, spol. s r. o., which has its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic and is registered in the Commercial Register administered by the Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number: 31333532 as a Data Controller (hereinafter "ESET" or "We"). To comply with the transparency requirement as legally standardized under the EU General Data Protection Regulation ("GDPR"), We are publishing this Privacy Policy with the sole purpose of informing You, as a data subject, about the following personal data protection topics:
  • Legal basis of personal data processing;
  • Data sharing and confidentiality;
  • Data security;
  • Your rights as a data subject;
  • Processing of Your personal data;
  • Contact information.

Legal basis of personal data processing

We use a range of legal bases for data processing, according to the applicable legislative framework related to protection of personal data. The processing of personal data by ESET is mainly required for the performance of the contract such as Terms of Use or End User License Agreement ("EULA") with You (Art. 6 (1) (b) GDPR), which is applicable for the provision of ESET products or services, unless explicitly stated otherwise, e.g.:
  • Legitimate interest legal basis (Art. 6 (1) (f) GDPR), which enables us to process data on how You use our services and your satisfaction with those services, in order to provide You with the best protection, support and experience We can offer. Marketing is recognized in the applicable legislation as a legitimate interest, therefore We usually rely on the legitimate interest legal basis for marketing communication or the consent, if applicable.
  • Consent (Art. 6 (1) (a) GDPR), which We may request from You in specific situations where We deem this legal basis to be the most appropriate, or where it is required by law.
  • Compliance with a legal obligation (Art. 6 (1) (c) GDPR), e.g. data retention for the purposes of electronic communication and/or invoicing.

Data sharing and confidentiality

We do not share your data with third parties. However, ESET is a company that operates globally through affiliated companies or partners as part of our sales, service and support network. Licensing, billing and technical support information processed by ESET may be transferred to and from its affiliates or partners for the purpose of fulfilling the EULA, for instance in the provision of services or support. ESET prefers to process its data in the European Union (EU). However, depending on your location (e.g. when using our products and/or services outside the EU) and/or the service You choose, it may be necessary to transfer your data to a country outside the EU. For example, We use third-party services in connection with cloud computing. In these cases, We carefully select our service providers and ensure an appropriate level of data protection through contractual as well as technical and organizational measures. As a rule, We agree on the EU standard contractual clauses, if necessary with supplementary contractual regulations. For some countries outside the EU, such as the United Kingdom and Switzerland, the EU has already determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement. According to the applicable legislation and based on the legitimate request, We might be required to provide information to public authorities, law enforcement, or other entities.

Data security

ESET implements appropriate technical and organizational measures to ensure a level of security which corresponds to the potential risks. We do our best to ensure that the confidentiality, integrity, availability and resilience of processing systems and services is consistently maintained. However, in the event of a data breach resulting in a risk to your rights and freedoms, We will notify You as well as the relevant supervisory authority.

Your rights as a data subject

The rights of every data subject matter and all data subjects (whether in an EU or a non-EU state) have the rights set out below, guaranteed by ESET. To exercise your rights as a data subject, You can contact us via a support form or via email at dpo@eset.sk. For identification purposes, We will ask You for the following information: name, email address and – if available – license key or customer number and company affiliation. Please refrain from sending us any other personal data, such as date of birth. We would like to point out that to be able to process your request, as well as for identification purposes, We will process your personal data.

Right to withdraw consent.

The right to withdraw consent is applicable in the case of data processing based on consent only. If We process your personal data on the basis of your consent, You have the right to withdraw that consent at any time without giving any reason. The withdrawal of your consent is only effective in the future and does not affect the legality of data processing that occurred before the withdrawal of consent.

Right to object.

The right to object to processing is applicable in the case of data processed based on the legitimate interests of ESET or a third party. If We process your personal data to protect a legitimate interest, You as the data subject have the right to object to the legitimate interest named by us and the processing of your personal data at any time. Your objection is only effective in the future and does not affect the lawfulness of data processing that occurred before the objection. If We process your personal data for direct marketing purposes, it is not necessary to give reasons for your objection. This also applies to profiling, insofar as it is connected with such direct marketing. In all other cases, We will ask You to briefly inform us about your reasons for objecting to the legitimate interest of ESET to process your personal data. Please note that in some cases, despite the withdrawal of your consent or objection to the processing of data, We are entitled to further process your personal data on a separate legal basis; for example, for the performance of a contract.

Right of access.

As a data subject, You have the right to obtain information about your data stored by ESET free of charge at any time.

Right to rectification.

If We inadvertently process incorrect personal data about You, You have the right to have this corrected.

Right to erasure.

As a data subject, You have the right to request the deletion or restriction of the processing of your personal data. If We process your personal data, for example, with your consent, and You later withdraw it, We will delete your personal data immediately, providing there is no other legal basis to retain them, for example, performance of a contract. Your personal data will also be deleted as soon as they are no longer required for the purposes stated for them at the end of our retention period.

Right to restriction of processing.

If We use your personal data for the sole purpose of direct marketing and You revoke your consent or object to the underlying legitimate interest of ESET, We will restrict the processing of your personal data to the extent that We include your contact data on our internal black list in order to allow us to avoid unsolicited contact. Otherwise, your personal data will be deleted. Please note that We may be required to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities. Retention obligations and periods may also result from Slovak legislation. Thereafter, the corresponding data will be deleted.

Right to data portability.

We are happy to provide You, as a data subject, with the personal data processed by ESET in .xlsx format.

Right to lodge a complaint.

As a data subject, You have the right to lodge a complaint with a supervisory authority at any time. ESET is subject to regulation under Slovak law and We are bound by data protection legislation as part of the European Union. The relevant data supervisory authority is The Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 82007 Bratislava 27, Slovak Republic.

Processing of Your personal data

All services incorporated in these websites and other websites under the control of ESET are governed by this Privacy Policy, including those which are governed by specific Terms of Use with data processing rules. Some parts of the websites may be administered by local ESET Partners, using the ESET website platform, which may be governed by specific terms and conditions based on local legislation. Generally, You may use our websites for information purposes without giving personal information and informing ESET who You are. On the other hand, some of our services need to collect more information:
  • ESET may collect personal information for the purposes of direct communication with You in order to respond to your questions, and fulfill your requests. If You send us product orders, service requirements, other requests or if You upload any materials to our website, We may have to contact You in order to gain additional information necessary for processing or in order to fulfill your order, request or requirement. For this purpose, as well as for the purpose of performing the requested services, We need to process your details provided via web forms, email or applications.
  • If You are an End User of our products or services, the processing of your data is covered by the specific End User License Agreement or Terms of Use and dedicated Privacy Policy related to each product or service. For more information concerning data processing, please visit the online help documentation dedicated to our products and services. You can access this directly from the graphical user interface of your product by clicking on the “?” symbol. The maximum storage period for invoicing data is determined by law and We are legally required to keep the data for a period of 10 years. Unlike invoicing data, We only store licensing data for a period not exceeding 12 months from the expiration date of your license, and statistics that do not require the End User’s identification are processed for a period of 4 years.
  • If You are already our customer or if You agree with the processing of your data for the purposes of marketing communication, We may use your details to administer marketing communication until You unsubscribe or withdraw your consent.
  • Contact information and data contained in your support requests are required for provision of technical or other support provided by ESET. Based on the channel by which You choose to contact us, We may collect your email address, phone number, license information, product details and a description of your support case. You may be asked to provide us with other information to facilitate provision of support, such as generated log files or dumps. The data from such support may only be used for the provision of the support service and to enhance your experience while providing support. The maximum storage period is limited by the time required to provide support and review, and even in a pseudonymized form cannot exceed a period of 10 years.
  • Email addresses provided to ESET, for example as part of trial license activation or purchases on our websites, may also be processed in the form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, i.e. profiling. Your activity on our website and your email address may be used to analyze or predict aspects concerning your personal preferences with respect to ESET products and services in order to provide personalized marketing messages or website content without any significant or legal consequences. The length of the retention period is based on the contract duration or the exercise of your right to object to the data’s processing.
  • Customer feedback, answers or requests may be provided by You via our web forms. For the purpose of follow-up, your contact details including email address or other data may be requested based on the nature or purpose of our communication. Data storage periods may differ based on the nature or purpose of communication explicitly in compliance with this Privacy Policy.
  • If You use our products or services designed for parents, the protection of personal data related to children is in place as required by the respective jurisdiction. All additional information is included in the product or service documentation.
  • We want to do our best to help You to enjoy safer technology. Your input is very valuable for us and We provide a range of channels by which You can provide us with samples of malicious or suspicious software. Samples and their metadata will be processed and stored based on public interest as well as the legitimate interest of ESET, which is cybersecurity.

Contact information

If You would like to exercise your right(s) as a data subject or You have a question or concern, please send us a message at: ESET, spol. s.r.o.
Data Protection Officer
Einsteinova 24
85101 Bratislava
Slovak Republic
dpo@eset.sk