HPE respects and is committed to protecting the personal data of individuals. We develop and follow privacy policies and data protection practices to comply with applicable laws and to earn trust and confidence in HPE and its business practices. HPE board members, employees, and those working on behalf of HPE are informed about these policies and practices and are expected to follow them. Failure to do so may result in disciplinary action, up to and including termination. HPE privacy policies and practices reflect and reinforce the HPE company values of trust, integrity, and quality.
Personal data means any information relating to an identified or identifiable living individual or as otherwise defined by applicable law. Sensitive personal information is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to the individual. In particular, sensitive personal data can include special categories of data which means data relating to a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a person's sex life or sexual orientation .
Personal data may be collected from covered individuals through a variety of means, including, as examples, websites, ordering channels, and sales, service or employment processes. HPE may also obtain personal data about individuals from other publicly or commercially available sources we deem credible.
All HPE employees, board members, and contracted parties working on behalf of HPE must comply with these policies, even if local law is less restrictive. Specific practices are tailored to meet the legal, regulatory, and cultural requirements of the countries and regions where HPE operates.
Our General Privacy Principles
HPE recognises that the personal data it receives is held in a position of trust. We seek to fulfil that trust by adhering to the following general principles regarding personal data.
Fair and Lawful Processing
- HPE collects and processes personal data fairly and lawfully.
- HPE processes personal data based on consent, to meet contractual obligations, for the legitimate purposes of operating our business, to comply with legal obligations, or otherwise in accordance with applicable law. HPE recognises that additional care is required to justify the processing of any sensitive or special categories of data and we will ensure that we have an appropriate lawful basis to justify our use of this type of data (for instance where this is necessary to meet employment law obligations).
- HPE does not sell, rent or lease personal information of covered individuals.
- HPE complies with its privacy commitments in contracts with its enterprise customers, suppliers and partners.
Transparency & Purpose Limitation
- HPE is transparent and provides notice and where required or appropriate choice to individuals regarding the type of personal data collected and its intended uses.
- HPE reviews the purposes for which personal data is to be collected from covered individuals to ensure that our data collection supports reasonable business requirements and is proportionate to our needs.
- HPE does not use personal data obtained from individuals for purposes that are incompatible with the purposes stated in our notices.
Data Access & Rights
- HPE provides individuals with reasonable access to the personal data it holds about them and the ability to review and correct it, as applicable.
- HPE respects individuals’ legal rights in relation to their personal data, as applicable (e.g. rights to object to certain types of processing activity or to erase certain types of data.
- HPE takes reasonable steps to ensure that all applicable personal data is accurate and adequate, relevant and limited to what is necessary for the purposes for which it is collected
- HPE retains personal data for no longer than is necessary for the purpose for which it was collected and then securely deletes or removes the data. This requirement is subject to other laws and obligations that require HPE to retain information for certain periods
- HPE is committed to implement appropriate security controls to protect personal data against unauthorised use or disclosure.
- HPE provides additional levels of protection for data considered to be sensitive personal data.
Data Sharing & Onward Transfer
- HPE does not disclose personal data about individuals to third parties unless those third parties commit to give the data the equivalent level of protection that HPE provides or as required by applicable laws and industry standard guidelines.
- As a global organisation, HPE transfers personal data internationally within and outside the HPE group of companies in compliance with applicable law. HPE participates in a number of International Privacy Programmes such as the APEC Cross Border Privacy Rules and EU Binding Corporate Rules to ensure that there is adequate protection for the personal data.
- HPE regularly audits compliance and will keep a record of its data processing activities in accordance with the requirements of applicable laws.
- We are committed to resolving any concerns regarding personal data. HPE addresses complaints or disputes regarding personal data promptly and courteously.
- HPE’s Privacy Office is managed by the Chief Privacy Officer and reports to the Chief Ethics and Compliance Officer. The Privacy Office handles complaints and oversees and ensures compliance with privacy policies, practices, International Compliance Programmes and applicable law.
Please contact the Privacy Office via our feedback form.
Version Date: July 2018