This privacy policy applies to all Bitdefender Home Solutions and their related support services, including the creation of an individual account on Bitdefender Central. The anti-theft, parental control and VPN services have additional privacy policies which are detailed in Chapter 7.
O documento explica os dados pessoais que recolhemos, como e onde os podemos utilizar, como os protegemos, quem tem acesso, com quem os partilhamos e como pode corrigi-los.
S.C. BITDEFENDER S.R.L. (hereafter mentioned as Bitdefender), with its official headquarters in 15A Sos. Orhideelor, Orhideea Towers Building, 9-12 floors, 6th District, Bucharest, Romania, registered in the Bucharest Trade Register with number J40/20427/2005, fiscal code RO18189442, e-mail privacy@bitdefender.com processes personal data in agreement with the European legislation on data protection (GDPR – Regulation EU 2016/679). Our Data Protection Officer can be found at the following contacts: Bitdefender’s Data Protection Office – privacy@bitdefender.com, Phone: 4021 -206.34.70
A Bitdefender oferece produtos e serviços de segurança de dados. O nosso objetivo é garantir que a segurança da rede e informações ao fornecer produtos e serviços de qualidade nestas áreas enquanto respeita a privacidade e dados pessoais dos clientes, utilizadores de Internet e parceiros de negócios.
For this purpose, we collect only that personal data absolutely necessary for the specified purposes, on a best efforts basis. For the collected information and data, we strive to apply adequate solutions to anonymize them, or at least to pseudonimyze them.
Our main principle applied to the data we collect is anonymization of all technical data that can be used by Bitdefender only for the specified purposes below. In cases where perfect anonymization of technical data is not possible, the potential identification of a user could be possible only in very limited cases and only by highly skilled IT specialists.
Personal data according to the European legislation definition (GDPR - Regulation 2016/679) means:
qualquer informação associada a uma pessoa singular identificada ou identificável ("titular dos dados"); uma pessoa identificável é uma pessoa que pode ser identificada, direta ou indiretamente, em particular por referência a um número de identificação ou a um ou mais fatores específicos da sua identidade física, fisiológica, mental, económica, cultural ou social;
Neste contexto, a Bitdefender processa dados pessoais para os seguintes fins principais:
Bitdefender may collect personal information from its users from its Home Solutions in three different ways:
– for example, when you login on your Bitdefender account (known as Bitdefender Central - https://login.bitdefender.net), we might ask your name, surname and/or email address so we can contact you with updates, notices, or to provide support.
Also, when you access the Support Center, we may ask for a valid email address or a phone number to communicate with you in providing support.. All these data are being used for contacting you, for contractual purposes, providing a specific user with a license to use our products, for solving a request or complaint you addressed to us or for offering technical support. Bitdefender may also ask for other data that could be considered personal data, if those are necessary for solving the information security problem you sought help on.
The legal basis for processing these data is performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The minimum data for entering into a contract or creating an account with Bitdefender are a name and email address, without them it would be impossible for us to offer you our products and services.
The data used for licensing information is kept for the duration of the contract, plus five years after its expiration to be able to prove or defend any legal complaints on contractual issues.
The data used for support services is kept for different periods of time, depending especially if the problem has been solved and the exact method of communication with the support services, but in no case the data will be kept for more than five years after the last communication took place. This period is necessary for Bitdefender to be able to defend any legal complaints on contractual issues that may arise.
As regards the use of these data for marketing purposes, the legal basis we use is legitimate interest for marketing communications with users of our Home Solutions (based on Recital 47 of GDPR and Romanian law 506/2004, art 12 (2) that is implementing the EU E-privacy directive), unless those persons have opted out.
We may use these data for marketing purpose for a maximum period of contractual duration, plus three years after the contract is terminated, except if the data subject has opted out from these communications at any moment in time. After this time frame expires the data will be deleted or anonymized.
- when you use Bitdefender products it is possible to share with us some technical details, such as data for identifying the device (UUID), the infected URL you reported or an IP addresses. If you use a Bitdefender product that integrates with your email server, some technical data of the infected files could be send to us, including data such as sender, recipient, subject or attachment. In most cases, these technical data may not lead to your direct or indirect identification, but in some very specific cases computer specialists might be able to identify a specific user. Therefore, we treat all such information as personal data and protect it as such.
This information is solely used for the purpose of information and network security by correct and efficient operation of the products and services, according to the technical specifications, and their improvement, including by analyzing the reported security issues. This includes delivering and customizing related services. Also, we may use this information for statistical purposes and improving the quality of our products.
The legal basis for processing these data is performance of a contract to which the data subject is part of.
These data are is being stored for a limited period, depending on its usefulness for the current information security needs. Based on the current speed of technology, we will not need them for over 10 years from the day of the collection.
In the recent years, an increasing number of companies' databases have been involved in incidents leading to user details becoming publicly available. We are constantly analyzing these situations and the public data leaks in order to identify if the exposed records can be used to improve the information security of our users.
We use this information exclusively for the purpose of ensuring information security by notifying our users that their emails, passwords or other data might have been hacked in the past, so it is not safe to use them anymore.
The legal basis for this collection is legitimate interest of our users, of Bitdefender and of any third party to ensure network and information security, by not using credentials that have already been hacked. We do this based on Art 6 (1) f of GDPR and explanations on legitimate interest for information security in Recital 49 of GDPR. These data are is being stored for a limited period, depending on its usefulness for the current information security needs. The data subject may always ask us not to collect data about him from data leaks. Based on the current speed of technology, we will not need them for over 10 years from the day of the collection.
Whenever we note that we use legitimate interest as a legal basis for a specific situation, we rely on internal legal analysis on how in these specific cases we have balanced out the legitimate interest to the interests or fundamental rights and freedoms of the data subject. The analysis is updated if we decide to collect more data, for another purpose or there are new developments that require a new assessment.
Na qualidade de líder em serviços de segurança de informações, a confidencialidade e a proteção de dados são de grande importância para nós. O acesso aos dados pessoais recolhidos está limitado apenas aos funcionários da Bitdefender e processadores de dados que necessitam de acesso a estas informações. Todas as políticas de segurança de informações da Bitdefender são certificadas por ISO 27001.
A Bitdefender pode utilizar outras empresas de TI para processar os dados pessoais recolhidos. Estas empresas são consideradas processadores de dados e têm obrigações contratuais rigorosas para manter a confidencialidade dos dados processados e para oferecer pelo menos o mesmo nível de segurança da Bitdefender. Os processadores de dados têm a obrigação de não permitir que terceiros processem dados pessoais em nome da Bitdefender e aceder, utilizar e/ou manter os dados protegidos e confidenciais.
A Bitdefender pode alojar dados pessoais na Roménia, Irlanda, assim como na União Europeia ou qualquer outra jurisdição que ofereça um nível adequado de proteção de dados pessoais de acordo com os padrões da União Europeia, incluindo empresas que estão certificadas ao abrigo do programa Escudo de Proteção da Privacidade EUA-UE.
Devido a obrigações de confidencialidade e requisitos de segurança, as informações específicas referentes ao nome e detalhes de cada processador utilizado serão fornecidas apenas a autoridades competentes.
Estão a ser utilizados os seguintes tipos de processadores de dados:
Todos os nossos processadores de dados nos EUA são certificados no programa Escudo de Proteção da Privacidade EUA-UE.
O acesso a determinadas secções dos sites Web da Bitdefender é protegido por um nome de utilizador e palavra-passe. Recomendamos que não revele esta palavra-passe. A Bitdefender nunca pede a palavra-passe da sua conta através de qualquer tipo de mensagens ou chamadas telefónicas. Aconselhamo-lo a não divulgar a sua palavra-passe a qualquer pessoa que peça que o faça. Se possível, também recomendamos que termine sessão na conta dos serviços online depois de cada sessão. Também aconselhamos a fechar a janela do browser depois de navegar ou utilizar os serviços da Bitdefender.
Infelizmente, a transferência de dados pela Internet pode não ser 100% segura. Consequentemente, apesar dos nossos esforços de proteger os dados pessoais, a Bitdefender não pode garantir a segurança das informações transmitidas pelo utilizador até as informações estarem nos nossos servidores. Qualquer transmissão de informações da sua parte é feita por sua conta e risco.
Em princípio, a Bitdefender não revelará quaisquer dados pessoais sobre os seus utilizadores a terceiros sem as exceções mencionadas acima.
Exceptionally, Bitdefender may reveal personal data to:
4.1. Competent authorities, upon their legal request according to the applicable laws or when this is necessary to protect the rights and interests of our clients and Bitdefender. .
4.2. Bitdefender may allow limited access to its Partners, which are presented on Bitdefender's Partners webpage. Access will be allowed only to certain data related to its referred clients and just for the purpose of fulfilling the contractual obligations between Bitdefender and its Partner for selling or for support of Bitdefender products. All Partners have strict contractual obligations to keep the confidentiality of data and to offer at least the same level of security as Bitdefender. These Partners have the obligation not to allow third parties to access personal data processed on behalf of Bitdefender.
4.3. Bitdefender subsidiaries in your country may send some personal information to its main company - S.C. BITDEFENDER S.R.L, in Romania.
Also, when you use Bitdefender Home Solutions or access Bitdefender Central and you are asked to give information about yourself, you will reveal this information only to Bitdefender. The only exception is when the information is offered in partnership with another service (such as Facebook login, Google+ login or Microsoft Live login).
Each time when such a service is offered in partnership with another provider you will be properly notified. If you wish this data not to be accessed or used you can choose not to allow data transfer via this particular service.
If you choose to accept data sharing, it is important to mention that the service partners may have separate data collection and privacy policies. Bitdefender has no control and cannot offer guarantees regarding all the legal aspects that these independent confidentiality practices entail.
When you create an account on Bitdefender websites or for one of our services, a confirmation email with your account details will be sent. The confirmation email will be sent to the email you supplied and it may describe the ways in which you can modify or delete the account you created. We advise you to keep this confirmation email since it contains useful information regarding access to our services. Any requested modification will be solved in maximum 15 days from when the written request of the user has been received.
According to European Union applicable data protection legislation (GDPR), data subjects shall have the right to access to data, rectification, erasure, restriction on processing, objection to processing and right to data portability.
For exercising these rights, you may send a written request, dated and signed and send it to the above mentioned Bitdefender headquarters or via email to Data Protection Officer at privacy@bitdefender.com
You also have the right to lodge a complaint with a competent supervisory authority on data protection.
This chapter complements the privacy policy with specific information regarding processing information which may be personal data and which is collected by Bitdefender for the anti-theft services.
Part of the Bitdefender products include the anti-theft service option designed for both mobile phones products as well as for tablets and laptops. Once activated and configured, the anti-theft option can track in real time via geo-localization the lost or stolen device. This Bitdefender service offers the localization option as well as other connected options such as remote blocking of the device, deleting the entire content of the device or taking photos of the person who is accessing the phone without authorization. More details are available here.
In case the anti-theft services are activated, Bitdefender may receive personal data such as geo-localization data either from GPS, GSM cells, Wi-Fi usage or IP address. The only purpose of processing these data is the functioning of the anti-theft service offered by Bitdefender. For the purpose of identifying the precise location, we may use third party services, as mentioned in Chapter 3.
All geo-localization information are kept for as long as the anti-theft service is active, but they will be deleted when the service is deactivated.
Anti-theft services may be remotely activated from your Bitdefender system account (known as Bitdefender Central). For this reason it is highly important for your privacy and personal data protection not to reveal your password to unauthorized persons. For more advice in this regard please see Chapter 3 of this document.
Thus, the owner of a Bitdefender account may have administration rights for Bitdefender services and products. Therefore on the devices where the anti-theft services are installed, he/she can operate commands remotely. In this regard, the entire responsibility of the account owner is to ensure that he/she can fulfill these actions from a legal standpoint and that he/she has the right to know the location, to take pictures remotely, to block or delete the device' content or to interact in any way with it. Therefore, we recommend to activate the anti-theft service exclusively on your own devices or on devices where you have the right to legally do so.
This chapter completes the rest of the privacy policy with specific details regarding processing information which may be personal data and which are collected by Bitdefender for the parental control services.
Some of Bitdefender products include the parental control option. If you activate this option you have the possibility to monitor your children's activity and to restrict access to certain phone numbers, applications, websites or Internet services. This is only possible on children devices (for example computer or phone) for which you installed and activated Bitdefender.
The parental control services option settings are managed from the web interface through which you access your Bitdefender account (known as Bitdefender Central). More details regarding the functionalities of this product are available on our dedicated webpage.
Once you activated the parental control services, Bitdefender will ask certain data for creating a profile – name, age and sex of the person. The name will be used exclusively for device identification purposes and you do not have to give your child's full name. Age and sex are necessary only for determining the default level of online protection offered by this product which can be also later changed or configured by the account administrator.
Where this Bitdefender parental control product is installed and an active profile is associated with the device, Bitdefender may collect, excursively for the purpose of displaying in the parent's account, detailed information about the use of the device such as: visited websites, search engine keywords, used applications and software, traffic data monitoring of phone calls and messages, social media monitoring and geo-localization information.The collected information depends on the settings configured by the parent in Bitdefender Central. The only purpose of collecting this data is reporting them to you, as a parent. We do not use children information for identification or monitoring Internet access by us.
Under no circumstance we will transmit to third parties the above mentioned information for marketing purposes or any other information which could lead to identifying your children.
When processing this data from your children's device, Bitdefender acts as a technical intermediary. Therefore, the responsibility of a notice to your children regarding the installation of this software and the way the personal data is processed is exclusively up to you. You are the only one who may activate this option and specify which type of personal information you wish to be collected.
The Bitdefender account owner has administration rights for Bitdefender products and services which includes parental control services. As such, he/she has full responsibility in assuring that he/she can undertake the surveillance activity from a legal point of view and that he/she has the right to know the location, to block the content or applications from that device. Therefore, we recommend to activate the parental control service exclusively on your minor children's devices or where you have the legal right to do so, based on the applicable law. We inform you that any illegal monitoring of online behavior or communications may be a crime. In this sense we are not recommending activating parental control services on devices used by persons that are over 16 years old.
This chapter completes the rest of the privacy policy with specific details regarding processing information which may be personal data and which are collected by Bitdefender for the VPN services.
Applying the data minimization principle, we collect for this service only randomly generated or hashed user and device IDs, IP addresses and randomly generated tokens to establish VPN connection for the sole purpose of providing the VPN service. For this service, we use AnchorFree as data processor who processes data on behalf of Bitdefender in accordance with Bitdefender's instructions and for the sole purpose of providing VPN services to users.
The privacy policy has been adopted on 22 October 2018 and will be modified each time is necessary without prior or future notice of the changes. The new version will enter into force when published on the website and it will be marked accordingly. The present document is available at https://www.bitdefender.com/site/view/legal-privacy.html