HP Privacy Statement
Our Privacy Principles
We have an accountability-based program and are committed to the following principles, which are based on internationally-recognized frameworks and principles of privacy and data protection:
International Data Transfers
As a global company, it is possible that any information you provide may be transferred to or accessed by HP entities worldwide in accordance with this Privacy Statement and on the basis of the following International Privacy Programs.
EU-US PRIVACY SHIELD
HP has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your complaint is not resolved through the above channels, under limited circumstances you may be able to invoke binding arbitration before a Privacy Shield Panel.
HP is subject to the investigatory and enforcement powers of the US Federal Trade Commission, or any other US authorized statutory body.
The specific US-based HP companies participating in the EU-US Privacy Framework include: Bromium Inc, Compaq Information Technologies, LLC;; Evanios, LLC; Gram, Inc; Hewlett-Packard Company Archives LLC, Hewlett-Packard Development Company, L.P.; Hewlett-Packard Enterprises, LLC; Hewlett-Packard Products CV 1, LLC; Hewlett-Packard Products CV 2, LLC; Hewlett-Packard World Trade, LLC; HP Federal LLC; HP Hewlett Packard Group LLC; HP Inc; HP R&D Holding LLC; HP US Digital LLC, HPI Bermuda Holdings LLC; HPI Brazil Holdings LLC; HPI Federal LLC; HPI J1 Holdings LLC; HPI Luxembourg LLC; HPQ Holdings, LLC; Indigo America, Inc.; PrinterOn America Corporation; Shoreline Investment Management Company; Tall Tree Insurance Company.
BINDING CORPORATE RULES
HP’s Binding Corporate Rules (“BCR”) ensure that personal data transferred from the European Economic Area (“EEA”) is adequately protected while being processed by any of HP’s global entities. HP transfers of personal data from the EU are conducted in accordance with the following approved BCR.
- HP’s BCR for Controller (“BCR-C”). Effective in 2011, HP’s BCR-C cover transfers of the personal data of existing and prospective HP consumer customers, as well as HP employees and job candidates as job candidates.
- HP’s BCR for Processor (“BCR-P”) – Approved by the majority of Data Protection Regulators in the EEA and Switzerland, effective in 2018. HP’s BCR-P is available to HP’s enterprise customers to facilitate the transfer of their personal data from the EEA.
More information about our BCRs can be found here.
APEC CROSS-BORDER PRIVACY RULES
HP’s privacy practices described in this Statement comply with the APEC Cross Border Privacy Rules System (“CBPR”), including transparency, accountability, and choice regarding the collection and use of your personal information. The CBPR certification does not cover information that may be collected through downloadable software on third-party platforms. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.
If you have an unresolved privacy or data use concern related to HP’s APEC Certification that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).
How We Use Data
We collect and use personal data to manage your relationship with HP and better serve you when you are using HP Services by personalizing and improving your experience. We use and otherwise process your data for the following business purposes:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services, subscriptions and features that may interest you and enabling you to participate in contests and surveys. We also use your data to deliver a tailored experience, personalize the HP Services and communications you receive and create recommendations based your use of HP Services.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.
PRODUCT SUPPORT & IMPROVEMENT
Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service. For more information, please see the section on Information Automatically Collected About Your Use of HP Services.
Communicating with you about HP Services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, communications required by law or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.
RESEARCH & INNOVATION
Innovating new products, features and services using research and development tools and incorporating data analysis activities.
COMPLIANCE WITH LAW
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes.
Please see our Data Collection and Use Matrix for a quick-reference guide to how we use the data we collect and our lawful basis for processing such data.
What Data We Collect
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of HP Services or during interactions with HP representatives.
The categories of personal data we collect from you depends on the nature of your interaction with us or on the HP Services you use, but may include the following:
INFORMATION COLLECTED ABOUT YOU
- Contact Data – We may collect personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address and other similar data and identifiers.
- Payment Data – We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information.
- Account Data – We collect information such as how you purchased or signed up for HP Services, your transaction, billing and support history, the HP Services you use and anything else relating to the account you create.
- Location Data – We collect geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website.
- Security Credentials Data– We collect user IDs, passwords, password hints, and similar security information required for authentication and access to HP accounts.
- Demographic Data – We collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.
- Preferences – We collect information about your preferences and interests as they relate to HP Services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
- Social Media Data – We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites.
- Body and biometric Data – When you use our products, you might provide us with information about your body, such as your height or weight, or gait to create personalized objects with our 3D Print technology. With your permission, some of our products may collect biometric information (such as a fingerprint) to perform functions on the device.
- Other Unique Identifying Information – Examples of other unique information that we collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of HP Services and to respond to your inquiries. If you apply for instant credit, we may ask you to provide additional personal data such as salary, government-issued identification number, banking/financial account information, and other information (for example from credit reporting agencies) for authentication purposes and to verify credit worthiness
- Specific HP-Service Data Collection – Select HP Services, such as HP Gaming and Immersive Applications may collect additional types of data to enable functionality and specialized features. To learn more about a specific HP Service, please click here.
INFORMATION AUTOMATICALLY COLLECTED ABOUT YOUR USE OF HP SERVICES
- Product Usage Data – We collect product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application.
- Device Data – We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.
- Application Data – We collect information related to HP applications such as location, language, software versions, data sharing choices and update details. In cases where we incorporate technologies from third parties, data may be shared between the third party and HP and appropriate notice will provided at the application level.
- Performance Data – We collect information regarding the performance of individual device hardware components, firmware, software and applications. Examples of the data we collect include information relating to memory and processor performance, environmental conditions and systems failures, printing events, features, and alerts used such as “Low on Ink” warnings, use of photo cards, fax, scan, embedded web server, and additional technical information that varies by device.
- Anonymous or Aggregated Data – We collect anonymous answers to surveys or anonymous and aggregated information about how our HP Services are used. In certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you through the use of that data with available technology.
Please note: Some web browsers incorporate “Do Not Track” features. Currently, no industry standard exists for handling “Do Not Track” requests, therefore at this time, our websites may not respond to “Do Not Track” requests or headers from these browsers.
INFORMATION FROM THIRD-PARTY SOURCES
We collect data from the following third parties:
- Data brokers, social media networks and advertising networks – Commercially-available data such as name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media logins (i.e., logging in to our applications using your Facebook or other social media credentials). The basic details we receive may depend on your social network account privacy settings.
- HP Partners – If you purchase HP Services from an HP partner, we may receive certain information about your purchase from that partner. We may also receive cookie data and insights.
- Fraud prevention or credit reporting agencies – Data collected to prevent fraud and in connection with credit determinations.
- HP Enterprise Customers – In order to provide certain HP Services at an enterprise level, your business contact data may be provided to HP by a designated entity within your business or enterprise (such as a member of your IT department).
- Analytics Providers – We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including select partners and companies that specialize in providing enterprise data, analytics and software as a service.
In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. For example, we compare the geographic information acquired from commercial sources with the IP address to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.
Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance program and in accordance with our legal obligations.
IF YOU CHOOSE NOT TO PROVIDE DATA
You are not required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with HP Services, certain specialized features or be able to effectively respond to any queries you may have.
HP Services are made for the general public. HP does not knowingly collect data from children as defined by local law without the previous consent of their parents or legal guardians or as otherwise permitted by applicable law.
How We Retain and Keep Your Data Secure
To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. HP retains data as required or permitted by law and while the data continues to have a legitimate business purpose.
When collecting, transferring or storing sensitive information such as financial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. When we transmit highly-confidential information (such as credit card number or password) over the internet, we protect it through the use of encryption, such as later versions of the Transport Layer Security (“TLS”) protocol.
As part of real-time payment processing, we also subscribe to fraud management services. This service provides us with an extra level of security to guard against credit card fraud and to protect your financial data in accordance with industry standards.
We keep your personal data for as long as necessary to provide you with HP Services, for legitimate and essential business purposes, such as making data-driven business decisions, complying with our legal obligations, and resolving disputes. The retention periods for HP business records vary depending on the type of record and is governed by HP’s records retention policy.
Business records including records relating to customer and vendor transactions are maintained while active and as required by law.
Following the expiration of the retention period, electronic records are permanently erased so as to ensure that they cannot be restored and physical records are destroyed in a manner where they cannot be reproduced (e.g., shredding).
If you request, we will delete or anonymize your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data.
How We Share Data
We will only share your personal data as follows and, when applicable, only with the appropriate contractual obligations in place:
SHARING WITH HP COMPANIES
We may transfer your personal data to other HP entities in the US and worldwide for the purposes outlined in this Privacy Statement. To ensure that your personal data is secure and as part of our participation in the APEC Cross Border Privacy Rules, Binding Corporate Rules and Privacy Shield programs, HP entities are contractually bound to comply with our privacy requirements. Furthermore, our privacy guidelines are communicated to our HP employees on an annual basis as part of our mandatory trainings.
Where the international privacy programs identified above do not apply, when you agree to accept HP’s Privacy Statement when registering a product or for service, creating an account, or otherwise providing us with your personal data, you consent to the transfer of your personal data throughout the global HP network of entities.
SHARING WITH SERVICE PROVIDERS & PARTNERS
We engage service providers or partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the US or in other global locations and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfillment, product delivery, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, live-help, debt collection and management or support of HP websites. Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by HP.
SHARING OTHER INFORMATION WITH ADVERTISERS
SHARING WITH OTHER THIRD PARTIES
Circumstances may arise where, whether for strategic or other business reasons, HP decides to sell, buy, merge or otherwise reorganize businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
COMPLIANCE WITH LAW
We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of HP or its subsidiaries; or (v) protect the rights or personal safety of HP, our employees, and third parties on or using HP property when allowed and in line with the requirements of applicable law.
We do not, and will not, sell personal data to third parties. We do permit third parties to collect the personal data described above through our Services and share personal data with third parties for business purposes as described in this Privacy Statement, including but not limited to providing advertising on our Services and elsewhere based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”). The information practices of these third parties are not covered by this Privacy Statement.
Please see our Data Collection and Use Matrix for a quick reference on how and with whom we share your data.
You can make or change your choices regarding subscription or general communications from HP at the data collection point or by using other methods, which are described in the following section. These options do not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, driver updates, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
MARKETING & SUBSCRIPTION COMMUNICATIONS
HP marketing communications provide information about products, services, and/or support and you can select how these communications are delivered – e.g., via postal mail, email, telephone, fax or mobile device. Marketing communications may include new product or services information, special offers, personalized content, targeted advertising or invitations to participate in market research or compliance reviews. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive.
You may opt out of receiving these general communications by using one of the following methods:
- Select the email’s “Opt out” or “Unsubscribe” link, or follow the instructions included in each email subscription communication.
- To unsubscribe from messages delivered to mobile phones, reply to the message with the words “STOP” or “END.”
You can also disable automatic data collection tools, such as web beacons, in email messages by not downloading images contained in messages you receive from HP (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable data collection in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider.
COOKIES AND CHOICES
HP provides you with choices about the setting of cookies and other automatic data collection tools through our Cookie Preferences Center. You can learn more about our use of these tools in our Cookies and Use of Cookie Statement. You can adjust your preferences by visiting our Cookie Preferences Center.Cookie Settings
Exercising Your Rights & Contacting Us
You have the right to ask us for a copy of any personal data that you have provided to us or that we maintain about you and to request an explanation about the processing. In addition, you have the right to withdraw any consent previously granted or to request correction, amendment, restriction, anonymization or deletion of your personal data; and to obtain the personal data you provide with your consent or in connection with a contract in a structured, machine readable format and to ask us to transfer this data to another data controller.
You also have the right to object to the processing of your personal data in some circumstances, in particular when we are using your data for direct marketing or to create a marketing profile. Please see the HP Communications Section for guidance on how to exercise your rights with regard to marketing and subscription communications.
In addition to the privacy controls available to you via this Privacy Statement, you can control your device data collection. In some instances, product usage data (not content of files) is collected and processed in order to deliver you the essential functionality of an HP Service, such as remote printing, Instant Ink or other web-enabled service. You can control device data collection yourself through your device settings and preferences. HP is not in a position to adjust your data collection settings without your active participation. Certain product usage data is necessary to provide HP Services and disabling data collection may affect the availability or functionality of such services. Data collected for the fulfilment of such essential functionality will not be processed for direct marketing purposes. If you need assistance in adjusting your data collection settings, please contact HP Customer Support.
In certain cases, these rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on HP Services may change or no longer be available to you. Any difference in the Services are related to the value provided.
To exercise your rights, or if you have any questions or concerns about our Privacy Statement, our collection and use of your data or a possible breach of local privacy laws, you can contact HP’s Chief Privacy and Data Protection Officer or write to us at the appropriate address below:
HP France SAS
Global Legal Affairs
14 rue de la Verrerie
CS 40012 – 92197
Global Legal Affairs
ATTN: Privacy Office
Av. Vasco de Quiroga #2999
Col. Santa Fe Peña Blanca
Del. Alvaro Obregon
C.P. 01210 México D.F.
REST OF WORLD
Global Legal Affairs
ATTN: Privacy Office
1501 Page Mill Road
Palo Alto, California 94304
All communications will be treated confidentially. Upon receipt of your communication, our representative will contact you within a reasonable time to respond to your questions or concerns. In some cases, we may request further information in order to verify your identity. For more information about the verification process, click here. We aim to ensure that your concerns are resolved in a timely and appropriate manner.
If we are unable to resolve your concerns, you have the right to contact a data privacy supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached or seek a remedy through the courts. For questions, concerns or complaints related to our participation in the EU-US Privacy Shield, APEC CBPRs or application of HP’s BCRs, please read about our International Data Transfers.
Changes to Our Privacy Statement
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. If we make significant changes to our Privacy Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
Date Posted: February 2020.