We are Avast Foundation, i.e., Nadační fond AVAST, with our registered office at Pikrtova 1737/1a, Nusle, 140 00 Praha 4, Czech Republic, foundation ID No. 24775401 (“we” or the “Foundation”). The Foundation’s founding entity is Avast Software (“Avast”). We use the resources donated to us to develop various projects in the Czech Republic, which has been our home for almost 30 years, and in other places and continents where Avast has offices. In order for us to be able to realize these projects, we sometimes need to process personal data. Here we explain what we do, how we do it and what your rights and choices are. We take the protection of your personal data very seriously, so please take a moment to read through the following information.
There are two ways in which your personal data may find its way to us – either you give it to us directly or we obtain it from other, indirect sources.
In most cases when we obtain your personal data directly, it is because you approach us in some capacity through various points of contact, for instance, if you represent an organization whose project you would like to submit for our consideration, you are our business partner, a media contact or a contractor, or an applicant interested in finding a job with us. We also obtain your personal data from you directly in the context of our promotional activities – during our photoshoots, recording sessions or campaigns that you attend.
Another way in which we might obtain your personal data is indirect. Our operation is aimed primarily at cooperating with various organizations, and we need certain documents from them in order to be able to evaluate whether our contributions were used as promised, whether their use was purposeful, and in order to fulfill our legal obligations concerning maintaining billing records and conducting audits. These materials might contain your personal data.
If we have your personal data, you are usually one of the following:
(i) An employee or a contractor of an organization, which provides services to the causes or people we help as part of one of our programs;
(ii) A recipient of funding provided by the Foundation as part of one of its programs;
(iii) A partner (someone we cooperate with in a professional capacity in connection with assessing, evaluating or carrying out our projects or a guest or a presenter at one of our events) or a media contact; in this case, because we are linked to the Avast group, we follow the same rules and practices as the broader operation does, and the information relevant to how we process your data is located here (Flexi Grant provided by Fluent Technology); or
(iv) Someone who has contacted us in another capacity, such as an applicant interested in working for us. The type of your data we process is usually your name, date of birth, your address, your email and your telephone number, although these categories vary depending on the capacity in which you interact with us.
Parties interested in having their projects supported by the Foundation register in our FlexiGrant Portal , through which they submit their application. This registration is generally carried out by an employee (or another representative) of that organization. The information necessary in order for us to create a registration is name, email address (usually a professional or work email), identification of the organization they represent, contact details of that organization (physical address), and phone number. Through the FlexiGrant Portal, the registrants can then submit projects for our consideration, manage the account they have with us and communicate with us. We process this information, as well as any information which is included in the materials submitted (which may include personal data) in order to assess the applications and project we receive, document and track the course of the project as it is being carried out and manage that relationship.
They give us this information on a variety of documents which may contain personal data of employees, representatives or other persons, such as invoices, but they may also include information about that organization’s payroll, and their own financial information they provide to us, such as interim and final reports.
This information is absolutely necessary for us to maintain a transparent relationship with that organization throughout the realization of the project, see how they are using the resources we have provided, whether our support is utilized efficiently and, more importantly, with the purpose to achieve the goal stated in the project and to help the causes and people we have chosen to support. In addition to this, we also need to maintain these overviews in order to fulfill our own legal obligations, in particular, concerning accounting and billing records, obligations concerning audit (internal and external) and tax, and in order to participate in and present materials in potential legal proceedings when defending or enforcing our rights and legitimate interests. Without these documents, we would not be able to carry out any of these activities.
If you are a representative of an organization we have cooperated with, a professional contact or a media contact, in other words, someone we have interacted with previously in a professional capacity, we will also use your contact information (your email) in order to periodically inform you about our activities, events or opportunities for further cooperation.
Some of the information about the projects we have supported, which may potentially include personal data, may be included in the documents we are legally obligated to maintain and publish, such as our Annual Report, which we are obligated to submit to the Czech Register of Foundations (a public registry) under applicable law.
There are several instances in which the Foundation may have audiovisual material (photos, videos or voice recordings) or other similar material of personal nature (such as written statements or testimonials) concerning your person. The most common situations in which this could occur are listed below.
If you are a speaker or a host we have contracted at one of our events or events we have participated in, such as charity activities, fundraising events, award ceremonies, conferences and similar gatherings, more detailed information is contained in the Avast Privacy Policy.
If you are a beneficiary of one of our projects or you were otherwise involved, we may capture your likeness (including any information that can be inferred from it) on photos, videos or audio recordings or other material of personal nature (such as written statements or testimonials) in order to use it in our promotional materials or over the course of our other promotional activities. Some of these pictures or videos may be used in connection with our reporting obligations, for instance, they could be included in our annual report, which we are obligated by law to publish in the Register of Foundations. We may ask for your consent with the photos, videos or recordings where it is necessary.
We would like to reiterate that in cases where the context of the pictures, videos or recordings might be sensitive, we will only use this information on the basis of your free and voluntary consent, which you can withdraw at any time (for more information about how to do this, please refer to the “Your Rights” section below). In the event that you choose to not give us consent to process this data, or if you choose to withdraw your consent, this will have no negative impacts on your relationship with us.
As this information will be used for the purposes of promoting the Foundation and our activities, it will be published in our various promotional materials, newsletters, reports, corporate documents such as annual reports, etc., as well as on our website and across our social media accounts on Facebook, Twitter and Instagram. Due to the fact that our accounts are publically accessible, i.e., their visibility is in no way restricted, this means that your personal data captured on these photographs may be, as a result of such publication, accessible in countries outside of the European Economic Area where different data protection laws apply. By granting us consent to have your likeness used in our promotional activities, you are also granting us consent to the above-described publication of your photos, video footage, voice recordings or other materials of personal nature (written statements or testimonials).
We are sometimes approached by candidates who are interested in working for us. To that end, these candidates submit, as part of their application, their personal data and any other information which is included on their CVs, resumes, letters of recommendation and other similar materials.
In the event that we currently have an opening we’re hiring for, we will use this information to evaluate the candidate and contact them over the course of the interview process and, if they are successful and we do decide to hire them, through the hiring process up to and including the signature of their employment agreement.
In the event that we are not looking to fill an open spot, we keep this information in our databases, so that in the event that we do have an opening at a later date, we can consider these candidates for the newly opened position and contact them with the opportunity to interview with us and commence the interviewing process. Our hiring practices are being handled by Avast and so, follow the same general rules.
Our websites use cookies, namely, we have implemented Google Analytics. For more information about our website and the cookies, please consult the cookie section of Avast’s Privacy Policy, which can be found here (Avast Cookie Policy).
Some of the personal data we get concerns children younger than sixteen years of age. This happens in situations when we support organizations or projects that are aimed at helping children in various ways. In those cases, where consent is required (for instance, in case of photos or videos), we never process any of their personal data unless the children’s parent has granted the consent.
While we are on the subject, we would also like to note that sometimes we get information, mostly through the email, from individuals who seek to participate in our programs or seek to approach us in a similar capacity. Sometimes this communication contains data or materials, which could be considered to be of a personal or even sensitive nature. We do not accept any project submissions or proposals provided in this way and we will not accept any sensitive or personal information you provide unprompted and through this channel. Any such information we receive in this way we immediately delete. If you want to cooperate with us, however, you are always more than welcome to go through our official channels and submit your projects and their relevant information following our proper procedure at a time when we are accepting submissions.
We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorized personnel only, and company networks are password protected and subject to additional policies and procedures for security.
We or our contractors, affiliates, representatives, or agents, who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.
We retain data for limited periods when it needs to be kept for legitimate business or legal purposes. Some of the retention periods we use are mentioned in the previous sections of this Privacy Policy. As a general approach, for each type of data, we set retention timeframes based on the reason for its collection and processing. We do not delete data that we need for our legitimate or legal purposes, even upon request, until the purposes expire.
We have operational and legal requirements that require we retain certain personal data, for specific purposes, for an extended period of time. For example, when our financial department processes information concerning the payments we have made and the necessary supporting documentation contains personal data, this data will be retained for as long as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:
· Security, fraud & abuse prevention
· Financial record-keeping
· Complying with legal or regulatory obligations, including for investigations, enforcement, or when legally actionable
· Ensuring the continuity of our activities
· Direct communication with you and the organizations we cooperate with, such as for additional reporting, providing information about our other activities, open projects and opportunities for cooperation.
The Foundation does almost all of its processing internally, without the use of processors or involvement of other third parties. We do closely cooperate with Avast, our founding company, in the matters concerning internal administration and functions, and our FlexiGrant portal is provided by Fluent Technology, 2 Rowan House, Beechill Business Park, Belfast, BT8 7QN, and which operates out of Ireland (you can find their Privacy Policy).
In some circumstances we may need to give access to our data, which may include personal data, to other parties, such as our service providers, partners or Avast, our founding company; even in those instances, however, we make sure that any personnel that may have access to this data is bound to confidentiality, does not compromise the security of our data, and that additional appropriate safeguards are put in place to keep the data safe and secure.
The Foundation operates locally, and so there is generally no need for us to transfer data outside of the Czech Republic or, as the case may be, the European Economic Area. These instances only occur on a case-by-case basis (for instance, when we share media contacts with other entities in our group), but in some of these cases data may be transferred to other countries, including countries outside of the European Economic Area, where the local law provides a different level of protection to personal data than the law of the Czech Republic and the European Union. In all such cases, however, we always make sure to put in place appropriate safeguards to ensure that any data we send out are protected and that your rights and legitimate interests are protected.
As a data subject under European data protection law, you have certain rights. You have the right to information about whether and how we process your personal data, the right of access to your personal data, and the right to rectification and erasure of personal data or restriction of processing. You have the right to object to the processing of your personal data as well as the right to data portability. You also have the right to lodge a complaint with the supervisory authority. Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. More details about your rights can be found in our general privacy policy, which can be found here.
You can exercise your rights by sending an email with the words “PRIVACY REQUEST” in its subject line to privacy@avast.com. You may also send paper mail to Nadační fond AVAST, Pikrtova 1737/1a, 140 00, Prague 4, Czech Republic. Please write "Attention: PRIVACY" in the address.
© 2017 Avast Foundation. Czech Republic | Privacy Policy