SUPPLEMENTAL STATEMENT ON DATA PROCESSING (SUPPLEMENTAL STATEMENT) Supplemental Statement On Data Processing (hereinafter “Statement”) relates to Kaspersky Anti-Ransomware Tool for Home (hereinafter “Software”). All terms used in this Statement have the same meaning as defined in the “Definitions” clause of the End User License Agreement (EULA). Please carefully read the terms of this Statement, as well as all documents referred to in this Statement, before accepting it. If the Software is used within a legal entity or on the Computer used by several individuals, You must ensure that they have understood and accepted the conditions of this Statement before data processing begins. Data Protection and Processing The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder’s Privacy Policy published at: https://www.kaspersky.com/products-and-services-privacy-policy. Purposes of Processing Data If a technical problem occurs during the use of the Software, You may send files with diagnostic information under this Statement to the Rightholder in order to improve the Software. Preparing and Providing Files with Diagnostic Information Files with diagnostic information are prepared in accordance with the User Manual. The files with diagnostic information are not sent to the Rightholder without Your consent. While the files with diagnostic information are stored on Your Computer, You are responsible for monitoring and limiting access to them until You transmit them to the Rightholder. By accepting this Statement, You confirm the absence of confidential data in the files with diagnostic information. You may open the files with diagnostic information and view their contents before You make the decision to send them to the Rightholder. With Your consent, the files with diagnostic information will be transmitted to the Rightholder, after which they will be deleted from your Computer. The transmission is performed using a secure channel. Processed Data Certain data which is processed under this Statement could be considered personal data according to laws of some countries. With Your consent, the following data will be sent to the Rightholder under this Statement: • Memory dump files Include the memory contents of application (software) processes at the moment the dump is created; information necessary for software operation: settings, reports, internal databases, configuration files, and other data. They also contain data from trace files. • Trace files – Information about the application: application ID; application version; application localization code; application name and type; application type ID; information about application customization; ID of the version of application settings. – Information about the computer: unique ID of the computer; ID of the computer type. – Information about the operating system (OS): OS name; OS version; OS type; OS bit type; the names and versions of installed updates. – Information about the application installation: unique ID of the application installation on the computer; application installation type (first installation, upgrade); indicator of successful completion of installation or installation error number; indicator of user interruption of application installation. – Information about apps started on the computer: hash (MD5) of the executable file and the number of file starts since the last time such information was submitted; full path to the executable file on the computer; identifier indicating whether or not the file has a valid digital signature; identifier indicating one of the standard paths to the location of the executable file in the system. – Information about the scanned object: hash (MD5); category assigned to the scanned object; ID of the categorization source; information about the object vendor (vendor name); version of the scanned object. – Information about the version of the file categorization databases used by the application; ID of the database record used during the scan; ID of the application component that requested the object category. – Information about the scanned URL: URL; IP address of the categorized host to which the URL is assigned (name of the categories to which the URL is assigned; version and ID of the component that requested the categorization; ID of the reason for the request). – Description of devices connected to the computer. – Information about operation of the Rightholder's software updater component being used: version of the update component; error code of task termination if an error occurred; ID of the update task type; ID of the application status after the update; number of uncompleted update tasks during the entire operating time of the component; number of component health scan errors; name of the user who started the update task; information about names of the Rightholder's software files being updated, local paths to those files; data for proxy server authorization (logins, passwords). – Information about the application status; information about user actions on the computer (start/stop of windows sessions, startup of apps) and application verdicts on actions; history of user actions and application activity. – Information about started applications and their modules: file size; attributes; creation date; information about the process that loaded the file; information from the header; region; name; location; packers. – Information about errors and use of the user interface of the installed Kaspersky Lab application. – Information about network connections: the IP address of the remote computer and the user's computer; numbers of ports used to establish the connection; network protocol of the connection; information about network packets received by the computer and transmitted by the computer over a telecommunication network. – Information about visited URLs (data on the user name and password used to access websites); contents of cookies; information about search queries. – Original names of files. – Names of categories of applications and websites. – Date and time of events occurring in the operation of applications. – Public certificate of the server. • Other files In addition to the information above, in order to increase the processing speed of the request associated with the technical problems, You may specify the description of the problem occurred. © 2021 AO Kaspersky Lab