HEWLETT PACKARD ENTERPRISE PRIVACY STATEMENT
This Privacy Statement is effective as of December 10th, 2019
Hewlett Packard Enterprise Company and its subsidiaries (HPE or We) respect your privacy. This Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and rights you can exercise in relation to your personal data. This Privacy Statement is available from a link on the footer of every HPE web page.
HPE respects and takes into account the major privacy principles and frameworks around the world, including OECD Guidelines on the Protection of Privacy and Transborder Flows, EU General Data Protection Regulation 2016/679 (GDPR), and the APEC Privacy Framework. HPE’s privacy practices described in this Privacy Statement also comply with the APEC Cross Border Privacy Rules (CBPR) System.
1. How we use personal data
We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on your relationship with HPE we collect and process your personal data as follows:
- HPE products and services: contact details and login credentials for the following main purposes: entering into and performing agreements with you or your organisation; providing support and tools to activate licenses and request support; managing and fulfilling orders; deploying and delivering products and services; conducting quality controls; managing returns of defective media; operating and providing access to customer portals and hosted management services; consulting; notifications of contract expiry and renewal options; developing and improving our products and services and ensuring compliance with regulatory requirements.
- HPE Financial Services: contact details, records of good standing and other information as may be relevant (e.g. information from publicly available resources) for the following main purposes: providing lease, loan and other financial services; conducting anti-money laundering and other regulatory checks; initiating credit approval process and facilitating the purchase and resale of equipment.
- Sales and marketing: contact details, identification information, information required to purchase our products and services online, profile, role and preferences, login credentials, digital activity information and other information as may be relevant (e.g. information from publicly available sources) for the following main purposes: sales and marketing; advertising; creating and delivering targeted adverts and offers; conducting marketing campaigns; managing contacts and preferences; generating leads and opportunities; managing lead generation activities; organizing and managing events; and engaging in social media interactions.
- Online data collection tools: digital activity information for the following main purposes: enabling efficient use of our websites, products and services; collecting statistics to optimise the functionality of our websites, products and services; improving user experience and delivering content tailored to their interests; and improving marketing and advertising campaigns.
- Online forums and surveys: contact details, login credentials, comments and feedback for the following main purposes: engaging with partners and suppliers in online forums; conducting customer satisfaction and engagement surveys.
- Partner and supplier programs: contact details for the following main purposes: managing relations with partners and suppliers; engaging and delivering products and services to customers in which case we may receive personal data directly from you or from our partners.
- Training and education: contact details for the main purpose of conducting trainings and education programs for customers, partners and suppliers.
- Due diligence screening: contact details and other information as may be relevant (e.g. information from publicly available sources) for the following main purposes: conducting anti-corruption due diligence on third parties and conducting required investigations, in compliance with applicable laws.
- Brand-protection programs: contact details, login credentials and other relevant information (e.g. information from publicly available sources) for the main purpose of conducting investigations into HPE product-related fraud, compliance, theft and/or counterfeit.
- Security and authentication: contact details, identification information and CCTV footage for the following main purposes: ensuring safety and security of HPE staff and premises; login credentials, protecting HPE’s network and other digital assets; providing access to restricted areas and information assets and protecting personal data from unauthorised access.
- Whistleblowing: contact details and information about alleged misconducts for the main purpose of detecting, preventing and investigating misconduct by HPE staff, customers, partners and suppliers.
- Enquiries and complaints: contact details and information included in enquires and complaints for the main purpose of addressing and resolving enquiries and complaints.
- Recruitment: contact details for the main purpose of sending job alert subscriptions managed by HPE or our recruitment partners.
- Recruitment lead generation: contact details and information made publicly available on professional social networks such as LinkedIn for the purpose of identifying and contacting potential job candidates.
2. How we share personal data
HPE does not sell, rent or lease personal data to others except as described in this Privacy Statement. We may share and/or disclose your personal data as follows:
Disclosure within the HPE group of companies. HPE has its headquarters in the United States of America and operates worldwide. HPE may disclose your personal data as necessary within the HPE group of companies in connection with how we use your personal data.
Disclosure to third parties. HPE retains suppliers and service providers to manage or support its business operations, provide professional services, deliver products, services and customer solutions and to assist HPE with marketing and sales communication initiatives. Those third parties may receive and process your personal data under appropriate instructions, as necessary to support and facilitate how we use your personal data. Suppliers and service providers are required by contract to keep confidential and secure the information they process on behalf of HPE and may not use it for any purpose other than to carry out the services they are performing for HPE.
Where HPE engages with partners, resellers and/or distributors as part of its business operations, HPE may disclose your personal data to them in order to facilitate sales and delivery of its products and services. Partners, resellers and/or distributors are required by contract to keep confidential and secure the information received from HPE and may use it only for the said purposes, unless otherwise authorised by you or applicable laws and regulations.
Except as described in this Privacy Statement, HPE will not share your personal data with third parties without your permission, unless to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with law, regulation, subpoena, or court order; (iii) enforce/protect the rights and properties of HPE or its subsidiaries; or (iv) protect the rights or personal safety of HPE, our employees, and third parties on or using HPE property when allowed and in each case in accordance with applicable law.
Circumstances may arise where, whether for strategic or other business reasons, HPE decides to sell, buy, merge or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or the receipt of it from sellers. It is HPE’s practice to seek appropriate contractual protection for personal data in these types of transactions.
3. How we transfer personal data internationally
HPE may transfer your personal data as necessary within the HPE group of companies and to other third parties. The recipients may be located in countries which do not provide the same level of data protection as the country in which you are located. HPE will take steps to ensure personal data we transfer is adequately protected as required by applicable data protection laws. Where required by local law, we will request your consent to transfer your personal data.
Transfers within HPE group of companies. HPE has an intra-company agreement on the transfer and processing of personal data within the HPE group of companies. This agreement also forms the basis of HPE’s Binding Corporate Rules for Controller which have been approved by the Data Protection Regulators in the European Economic Area (EEA), the UK and Switzerland. The BCRs allow HPE to ensure that EEA and UK personal data which is transferred and processed by HPE companies outside the EEA and the UK, is adequately protected in accordance with applicable data protection laws. If you would like to learn more about our BCRs, please click here.
HPE’s privacy practices described in this Privacy Statement comply with the APEC Cross Border Privacy Rules (CBPR) System, including transparency, accountability, and choice regarding the collection and use of personal data. The CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the CBPR framework can be found here. The CBPR certification does not cover information that may be collected through downloadable software on third party platforms. If you have an unresolved privacy or data use concern related to HPE’s APEC Certification that we have not addressed satisfactory, please contact our U.S. based third party dispute resolution here.
Transfers to third parties. With respect to transfers to third parties located in countries which do not provide an adequate level of data protection, HPE will take appropriate safeguards such as signing EU Standard Contractual Clauses with the recipient, relying on their Privacy Shield certification, other approved codes of conduct or certification mechanisms or binding and enforceable commitments of the recipient. If you would like to receive more information about the appropriate safeguards and/or receive a copy of the relevant mechanism for your review, please contact the HPE Privacy Office.
4. How to manage communications and preferences
HPE may provide you with information that complements our products and services and/or communications about our new products, services and offers. If you or your organisation purchased our products or services, you may receive alerts, software updates or responses to support requests that are part of our products and services. If you choose to receive HPE communications you may also choose to subscribe to receive specific newsletters and publications. In some cases, you may also choose whether to receive the information and communication by email, telephone, or post.
Manage communication choices. You can change your choices and preferences relating to HPE communications by:
- Accessing Get connected with updates from HPE, indicating or changing your choices and providing your email address;
- Accessing HPE Passport, a single-login service that lets you register with HPE enabled websites using a single user identifier and password of your choice. HPE Passport allows you to set your privacy preferences for email and telephone contact from HPE.
Unsubscribe from communications. In the event you no longer wish to receive HPE communications, you can unsubscribe from such communications by:
- Following opt-out or unsubscribe link and/or instructions included in each email subscription communication;
- Accessing Communication preference center, selecting “Unsubscribe” and providing your email address;
- Indicating to the caller that you do not wish receive calls from HPE anymore.
In the event your opt-out or unsubscribe request has not been resolved in a timely manner, please contact the HPE Privacy Office with details of your name, contact information, and description of the communications you no longer wish to receive from HPE.
Please note that these options do not apply to communications relating to the administration of orders, contracts, support, product safety warnings, or other administrative and transactional notices, where the primary purpose of these communications is not promotional in nature.