Legal basis for processing personal data

There are only a few legal bases for data processing that we use in accordance with the applicable legislative framework regarding the protection of personal data. The processing of personal data at ESET is mainly necessary for the execution of the End User License Agreement (“EULA”) with the End User (Article 6 (1) (b) GDPR), which is applicable for the provision of ESET products or services, unless explicitly stated otherwise, for example:


The legal basis of legitimate interest (Article 6 (1) (f) GDPR), which allows us Phone Number List to process data about how our customers use our Services and their satisfaction in order to provide our users with the best possible protection, support and experience. Since marketing is also recognized as a legitimate interest by applicable law, we generally rely on it for our marketing communications with our customers.
Consent (Article 6(1)(a) GDPR), which We may ask you for in specific situations where We consider this legal basis to be the most appropriate or where required by law.
Compliance with legal obligations (Article 6 (1) (c) GDPR), for example by stipulating requirements for electronic communication, retention of invoicing documents.
Data sharing and privacy
We do not share your data with third parties. However, ESET is a company that operates worldwide through affiliates and partners in the ESET sales, service and support network. Licensing, billing and technical support information processed by ESET may be transferred to and from affiliates or partners for the purpose of fulfilling the End User License Agreement (for example, for the provision of services or support).





ESET prefers to process its data in the European Union (EU). However, depending on your location (use of our products and/or services outside the EU) and/or the service you choose, it may be necessary to transfer your data to a country outside the EU. For example, we use third-party services in the context of cloud computing. In these cases, we carefully select our service providers and ensure an appropriate level of data protection through contractual, technical and organizational measures. As a rule, we agree on the EU Standard Contractual Clauses and, if necessary, on additional contractual provisions.


For some countries outside the EU, such as the UK and Switzerland, the EU has already determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorisation or agreement.


Data Security
ESET implements adequate technical and organizational measures to ensure a level of security appropriate to the potential risks. We do our utmost to ensure the constant confidentiality, integrity, availability and resilience of processing systems and services. However, in the event of a data breach resulting in a risk to your rights and freedoms, We are ready to inform the competent supervisory authority as well as the affected end users as data subjects.


Rights of data subjects
The rights of each End User are important and We would like to inform you that all End Users (from any EU or non-EU country) have the following rights guaranteed at ESET. To exercise the rights of the data subject, you can contact us via the support form or by email at the following address: dpo@eset.sk. For identification purposes, we ask for the following information: Name, email address and - if applicable - license key or customer number and company affiliation. Please refrain from sending us other personal data, such as your date of birth. We would like to emphasize that in order to process your request, as well as for identification purposes, we will process your personal data.


Right to withdraw consent. The right to withdraw consent is applicable in case of processing based on consent only. If We process your personal data on the basis of your consent, you have the right to withdraw this consent at any time without giving reasons. The withdrawal of your consent is only effective for the future and does not affect the lawfulness of data processed before the withdrawal.