Panda Security is committed to protecting your privacy. This privacy policy explains how your personal information is collected, used, and disclosed by Panda Security. In compliance with the conditions laid down in the European Union General Data Protection Regulation (“GDPR”), below we provide you with detailed information regarding the processing of your personal data.
I. Data controller
Panda Security, S.L.U. (the “Society”), with VAT number B-48435218, registered in the Mercantile Register of Bilbao, Tome BI-59, Book 134, Sheet BI-767-B, 1st inscription, with registered offices at Santiago de Compostela, 12, 1st floor, 48003 Bilbao, Bizkaia (Spain), and contact email panda.asuntos_legales@watchguard.com
II. Data Protection Officer (DPO)
The Data Protection Officer (DPO) is the person responsible for ensuring that the Society processes personal data in compliance with the applicable data protection rules. You may contact the DPO at the following email address panda.dpo@watchguard.com.
III. Purpose and legal basis for the processing
Your personal data will be processed for the following purposes:
To manage the pre-contractual and/or contractual relationship with you, including, if appropriate, to monitor and actively manage your devices for the purpose of providing the service, manage complaints and improve customer service, provide technical support, and send you reminders when the software license you have purchased is about to expire. In this respect, the fulfillment of the pre-contractual and/or contractual relationship with you constitutes the legal basis for the processing.
If you do not consent to providing the mandatory and indispensable personal data requested, it will not be possible to fulfill the pre-contractual and/or contractual relationship with you, resulting in the product provision not being formalized..
In any event, you have the right to object to the processing of your personal data for the purpose and in the manner set out above.
In particular, our products for Android require the following data for its operation:
User contact data. Email addresses are used to create the Panda Account for authorization on the Panda web portals, which enables users to manage their licenses and their devices for anti-theft, parental, and employee control purposes. Email addresses are also used to send welcome emails during the onboarding process and security messages to the users. They can also be used for marketing purposes. Contact information is provided by users at their own discretion.
Location. Anti-theft, Family, and Employee Control features obtain and store the location of the user’s devices to track them and send them alerts in case of entry/exit of control zones. The app needs to use the device's location to provide the said features even when it is closed or not in use. This location information is not shared with third parties or used for advertising purposes, and is only accessible by the account owner, the supervisor users from their devices, and the Web consoles of the Anti-Theft, Family and Employee Control features.
Installed apps. The product uses the list of apps installed on the device to perform an antivirus scan of them for threats and to get the list of installed apps to monitor their use and apply usage restrictions on them for parental/employee control purposes. Application usage statistics. Application usage statistics are obtained so that supervisors can monitor the use of the applications by the supervised devices.
Contacts. The user's contact information is used to block calls from unknown numbers and provide call block reports grouped by contact.
Statistic data/Analytics. Information about the user's interaction with the product is uploaded to optimize the user experience and to detect and correct possible errors when they appear.
Camera. A photo is taken when the user requests it in the context of an anti-theft action on a lost or stolen device.
Unique identifier of the mobile device. This ID is generated by Android and is unique per device up to Android 7, or per device and application signature from Android 8 onwards. It is required to manage and perform actions on a specific device (anti-theft, family, etc.).
Social Account information of new devices installed from Social Media campaigns.
To enable the Society to send you offers or advertising and promotional communications by any means (including email) concerning other products or services offered by Panda Security, or to carry out other marketing activities such as sending newsletters to registered users. In this respect, your expressed consent constitutes the legal basis for the processing, should you have granted it. If you do not consent to the processing of your personal data for the purpose set out above, you will not receive any marketing communications from Panda Security.
To retain your personal data in the event that the contractual relationship is not formalized, for the purpose of managing future requests you may make, and, if appropriate, sending you information improving the conditions of an offer you didn’t contract. In this respect, the Society's legitimate interest in managing and satisfying any future requests or queries you may have constitutes the legal basis for the processing. In any event, you have the right to object to the processing of your personal data if the contractual relationship is not formalized.
IV. Data retention period
The Society will store your personal data for as long as the contractual relationship with you is in force and, once it is terminated, for as long as the applicable fiscal, economic, civil and criminal regulations are in effect. In addition, in the event that the contractual relationship with you is finally not formalized, the data retention period will be six years.
V. Recipients of the personal data
We inform you that under no circumstances will your personal data be passed on to any third party, unless required by a legal obligation, and to the corresponding public bodies.
Furthermore, we inform you that your personal data may be accessed, as data processors, by the following parties: (i) Technology service providers (such as software or hardware developers as well as developers of applications related to the software license) in order to effectively provide the computing services related to the software license granted to you, as well as optimizing it; (ii) marketing and advertising service providers involved in the launch of product offers and promotions; (iii) companies belonging to the Society's group in order to effectively fulfill the contractual relationship with you; and (iv) product distributors.
VI. International transfers of personal data
To allow the aforementioned third-party providers to access your personal data, said data may be shared with the following international data processors outside of the EU:
Category of recipient
Enterprise
Country
Warranty
Marketing service provider
USI Techonologies, Inc.
USA
Ensures an adequate level of protection by signing the standard contractual clauses set out in Decision 2002/16/EC of February 5, 2010.
Technology service provider
CYREN Ltd.
Israel
Ensures an adequate level of protection in compliance with the EU Directive 2011/61/EC of January 31, 2011.
You can obtain a copy of the aforementioned safeguards by contacting the Data Protection Officer at panda.dpo@watchguard.com.
VII. Rights available to data subjects
We inform you that you are entitled to exercise the following rights:
(i) Right of access: Right to find out what kind of personal information is being processed, and the processing activities performed on said data;
(ii) Right of rectification: Right to ask for your information to be corrected;
(iii) Right to erasure: Right to have your personal information deleted;
(iv) Right to object: Right to object to the processing of your personal data, for reasons related to your personal situation;
(v) Right to withdraw your consent when your consent is the legal basis for the processing of your personal data;
(vi) Right to restriction of processing: Right to ask for your personal information to stop being processed in certain cases (e.g. If you believe that the personal information about you is incorrect, for a period enabling the controller to verify the accuracy of the personal data); and
(vii) Right to portability: Right to receive a copy of the information which you have provided to the Society in a structured, commonly used and machine-readable format, and right to transmit that data to another controller.
To exercise these rights, you must submit your request in writing to panda.asuntos_legales@watchguard.com, or to the Society's registered offices (indicated above.
Your request to exercise your rights must include your full name as well as the right to be exercised, along with a copy of your national ID card or equivalent personal identification document.
In addition, you are entitled to lodge a complaint with the Spanish Data Protection Agency, if you consider that you have not been satisfied when exercising your rights.
You may exercise any of these rights free of charge.