HPE respects and is committed to protecting the personal data of individuals. We develop and follow privacy policies and data protection practices to comply with applicable laws and to encourage trust and confidence in HPE and its business practices. HPE board members, employees, and those working on behalf of HPE are informed about these policies and practices and are expected to follow them. Failure to do so may result in disciplinary action, up to and including termination. HPE privacy policies and practices reflect and reinforce the HPE group values of trust, integrity, and quality.
Personal data means any information relating to an identified or identifiable living individual or as otherwise defined by applicable law. Sensitive personal information is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to the individual. In particular, sensitive personal data can include special categories of data which means data relating to a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a person's sex identity.
Personal data may be collected from Covered Individuals through a variety of means, including, as examples, websites, online channels, and sales, service or employment processes. HPE may also obtain personal data about individuals from other publicly or commercially available sources we deem credible.
All HPE employees, board members, and contracted parties working on behalf of HPE must comply with these policies, even if local law is less restrictive. Specific practices are tailored to meet the legal, regulatory, and cultural requirements of the countries and regions where HPE operates.
Our General Privacy Principles
HPE recognizes that the personal data it receives is held in a position of trust. We seek to fulfill that trust by adhering to the following general principles regarding personal data.
Fair and Lawful Processing
- HPE collects and processes personal data fairly and lawfully.
- HPE processes personal data based on consent, to meet contractual obligations, for the legitimate purposes of operating our business, to comply with legal obligations, or otherwise in accordance with applicable laws. HPE recognizes that additional care is required to justify the processing of any sensitive or special categories of data and we will ensure that we have an appropriate lawful basis to justify our use of this type of data (for instance where this is necessary to meet employment law and other regulatory obligations).
- HPE does not sell, share, rent, or lease personal information of Covered Individuals except in predefined circumstances, such as disclosure within the HPE group of entities or to service providers or third parties for the legitimate purposes of operating our business or to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with law, regulation, subpoena, or court order; (iii) enforce/protect the rights and properties of HPE or its group entities; or (iv) protect the rights or personal safety of HPE, our employees, and third parties on or using HPE property when allowed and in each case in accordance with applicable law.
- HPE complies with its privacy commitments in contracts with its enterprise customers, suppliers and partners.
Transparency & Purpose Limitation
- HPE is transparent and provides notice and, where required or appropriate, choice to individuals regarding the type of personal data collected and its intended uses.
- HPE reviews the purposes for which personal data is to be collected from Covered Individuals, to ensure that our data collection supports reasonable business requirements and is proportionate to our needs.
Data Access & Rights
- HPE provides individuals with reasonable access to the personal data it holds about them and offers them the ability to review and correct it, as applicable.
- HPE respects individuals’ rights in relation to their personal data, as applicable (e.g. rights to object to certain types of processing activity, to erase certain types of data or request that it is no longer processed).
- HPE takes reasonable steps to ensure that all applicable personal data is accurate and adequate, relevant and limited to what is necessary for the purposes for which it is collected.
- HPE retains personal data for as long as it is necessary for the purpose for which it was collected and then securely ceases to process, deletes or removes the data. This requirement is subject to other laws and obligations that require HPE to retain information for certain periods.
- HPE is committed to implementing appropriate security measures to protect personal data against unauthorized use or disclosure.
- HPE provides additional levels of protection for data considered to be sensitive personal data.
Data Sharing & Onward Transfer
- HPE does not disclose personal data about individuals to third parties unless those third parties commit to give the data the equivalent level of protection that HPE provides or as is required by applicable laws and industry standard guidelines.
- As a global organization, HPE transfers personal data internationally within and outside the HPE group of entities in compliance with applicable laws and HPE’s Binding Corporate Rules (BCRs).
- HPE regularly assesses compliance and maintains appropriate records of its data processing activities.
- We are committed to addressing queries, complaints or disputes regarding our processing of personal data in a prompt and courteous manner.
- HPE’s Privacy Office is managed by the Chief Privacy Officer and reports to the Chief Ethics and Compliance Officer. The Privacy Office handles data subjects’ queries and complaints and supports the controller in its efforts to ensure compliance with privacy policies, practices, international compliance programs and applicable laws.
Should you have a privacy query, please contact the Privacy Office via our feedback form.
Version Date: November 2023