HP recognizes that privacy is a fundamental human right and further recognizes the importance of privacy, security and data protection to our customers and partners worldwide. As a global organization, with legal entities, business processes, management structures, and technical systems that cross international borders, we strive to provide protections across all of our operations that exceed legal minimums and to deploy consistent, rigorous policies and procedures.
This Privacy Statement informs you of our privacy practices and of the choices you can make and rights you can exercise in relation to your personal data, including information that may be collected from your online activity, use of devices, and interactions you have with HP offline, such as when you engage with our customer support representatives. This Privacy Statement applies to all HP companies as well as HP-owned websites, domains, services (including device management), applications, subscriptions (e.g. Instant Ink) and products, and those of our subsidiaries (collectively “HP Services”).
This Privacy Statement does not apply to any personal data we process on behalf of our business customers when we provide services. The contracts we have with our business customers control how we process your persona data in this context. If you are a customer, employee or contractor of one HP’s business customers and have questions about your personal data we recommend that you contact HP’s business customer in the first instance and, if needed, will provide assistance to them in responding your questions.
We have an accountability-based program and are committed to the following principles, which are based on internationally-recognized frameworks and principles of privacy and data protection:
We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) in order to fulfill our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; or 4) otherwise in accordance with law.
We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles, our Privacy Statement or specific notices associated with HP Services.
We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.
We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law. We take reasonable steps to ensure that personal data is accurate, complete and current and we only collect personal data which is relevant and limited to what is necessary for the purposes for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected and then we will securely delete or destroy it.
To protect personal data against unauthorized use or disclosure we implement strong information security controls in our own operations and offer market-leading products and solutions with high levels of data security protection.
We acknowledge our potential liability for transfers of personal data among HP entities or to third parties. Personal data will only be shared when third parties are obligated by contract to provide equivalent levels of protection.
We are committed to resolving any concerns regarding your personal data. We voluntarily participate in several international privacy programs that provide recourse to individuals if they feel HP has not adequately respected their rights.
As a global company, it is possible that any information you provide may be transferred to or accessed by HP entities worldwide in accordance with this Privacy Statement and on the basis of the following International Privacy Programs.
EU-US PRIVACY SHIELD
HP has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your complaint is not resolved through the above channels, under limited circumstances you may be able to invoke binding arbitration before a Privacy Shield Panel.
HP is subject to the investigatory and enforcement powers of the US Federal Trade Commission, or any other US authorized statutory body.
The specific US-based HP companies participating in the EU-US Privacy Framework include: Compaq Information Technologies, LLC; Hewlett-Packard Company Archives LLC, Hewlett-Packard Development Company, L.P.; Hewlett-Packard Enterprises, LLC; Hewlett-Packard Products CV 1, LLC; Hewlett-Packard Products CV 2, LLC; Hewlett-Packard World Trade, LLC; Hewlett Packard Group LLC; HP Inc; HP R&D Holding LLC; HP US Digital LLC, HPI Bermuda Holdings LLC; HPI Brazil Holdings LLC; HPI Federal LLC; HPI J1 Holdings LLC; HPI Luxembourg LLC; HPQ Holdings, LLC; Indigo America, Inc.; PrinterOn America Corporation;Tall Tree Insurance Company; HP Jade Holding LLC; HP R&D Holding LLC.
BINDING CORPORATE RULES
HP’s Binding Corporate Rules (“BCR”) ensure that personal data transferred from the European Economic Area (“EEA”) is adequately protected while being processed by any of HP’s global entities. HP transfers of personal data from the EU are conducted in accordance with the following approved BCR.
More information about our BCRs can be found here.
APEC CROSS-BORDER PRIVACY RULES
HP’s privacy practices described in this Statement comply with the APEC Cross Border Privacy Rules System (“CBPR”), including transparency, accountability, and choice regarding the collection and use of your personal information. The CBPR certification does not cover information that may be collected through downloadable software on third-party platforms. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.
If you have an unresolved privacy or data use concern related to HP’s APEC Certification that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).
We collect and use personal data to manage your relationship with HP and HP Service and better serve you when you are using HP Services by personalizing and improving your experience. We use and otherwise process your data for the following business purposes:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, through a number of mediums including online message and chat centers, communicating with you about offering products, services, subscriptions and features that may interest you and enabling you to participate in contests, outbound satisfaction calls and surveys, customer incentives, benefits, and loyalty rewards. We also use your data to deliver a tailored experience, personalize the HP Services and communications you receive and create recommendations based your use of HP Services.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.
PRODUCT SUPPORT & IMPROVEMENT
Communicating with you to inform you or make you aware of non-transactional product features not addressed through Customer Service or Administrative Communications. Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service. For more information, please see the section on Information Automatically Collected.
Communicating with you about HP Services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, communications required by law or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research, analytics, planning and strategy, corporate reporting and management, sales related activities, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.
RESEARCH & INNOVATION
Innovating new and existing new products, features and services using research and development tools and incorporating data analysis activities.
MARKETING AND ADVERTISING
Providing personalized promotional offers (in accordance with your Privacy Preferences)) on HP Services through e-mail, SMS/text-messages, in application marketing and third party platforms and other selected partner websites (for example, you might see an advertisement for a product on a partner site that you have recently viewed on an HP site). In accordance with your stated communication preferences, we may also share some of your information with selected partners, marketing service providers and digital marketing networks to present advertisements that might interest you in other sites or mobile applications.
COMPLIANCE WITH LAW
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes. Information collected may also be used to investigate security incidents and potential breaches of personal information, notify individuals and third parties of the breach and to prepare to defend lawsuits.
ARTIFICIAL INTELLIGENCE / MACHINE LEARNING
As user interfaces become more complex and personalized, HP may use data to allow devices to better tailor services towards a customer in terms of the way information or tasks are presented. For example, using body and biometric data (with your consent) to enhance customer experience and services around our products and services, such as device security and virtual reality applications.
Where automatic data collection is strictly necessary for providing HP Services or delivering a product that you have requested. Without the collection of telemetry (such as Printer Usage Data) and personal data we cannot provide certain services of functionality we have agreed to provide to the customer. In addition, we may use automatic data collection to support and improve HP Services and support business operations relating to HP Services.
When using our products and services, including our online stores, you may create sign in credentials or an account with HP. When you create these credentials with your e-mail address and password, a unique identifier is created that allows you to use the same credentials for all our services. Depending on the services you are engaged with, the information associated with your credentials or account may also include delivery address, payment card information and history, details of purchased and connected devices, device and connection settings, device service usage data, as well as your preferences for recommendations and offers from HP.
Please see our Data Collection and Use Matrix for a quick-reference guide to how we use the data we collect and our basis for processing such data.
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of HP Services or during interactions with HP representatives.
The categories of personal data we collect from you depends on the nature of your interaction with us or on the HP Services you use, but may include the following:
INFORMATION COLLECTED ABOUT YOU
INFORMATION AUTOMATICALLY COLLECTED
Please note: Some web browsers incorporate “Do Not Track” features. Currently, no industry standard exists for handling “Do Not Track” requests, therefore at this time, our websites may not respond to “Do Not Track” requests or headers from these browsers.
INFORMATION FROM THIRD-PARTY SOURCES
We collect data from the following third parties:
In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. For example, we compare the geographic information acquired from commercial sources with the IP address to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.
Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance program and in accordance with our legal obligations.
IF YOU CHOOSE NOT TO PROVIDE DATA
You are not required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with HP Services, certain specialized features or be able to effectively respond to any queries you may have.
Unless otherwise stated for a specific product or service, HP Services are made for the general public. HP does not knowingly collect data from children as defined by local law without the previous consent of their parents or legal guardians or as otherwise permitted by applicable law.
To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. HP retains data as required or permitted by law and while the data continues to have a legitimate business purpose.
When collecting, transferring or storing sensitive information such as financial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. When we transmit highly-confidential information (such as credit card number or password) over the internet, we protect it through the use of encryption, such as later versions of the Transport Layer Security (“TLS”) protocol.
As part of real-time payment processing, we also subscribe to fraud management services. This service provides us with an extra level of security to guard against credit card fraud and to protect your financial data in accordance with industry standards.
We keep your personal data for as long as necessary to provide you with HP Services, for legitimate and essential business purposes, such as making data-driven business decisions, complying with our legal obligations, and resolving disputes. HP is committed to protecting the privacy of all personal data processed and aims to ensure that personal data is not kept for longer than is necessary for the purpose for which it was collected, held, and processed. The retention periods for HP held personal data varies depending on whether that data is held as part of a legally required business record. Personal Data contained in records, including records relating to customer and vendor transactions, are maintained while active and as required by local law. Personal data contained in non-records is managed in accordance with the Personal Data Retention Policy, which sets retention limits. Following the expiration of the relevant retention period, information is permanently erased destroyed in a manner where they cannot be reproduced.
At your request, we will delete or anonymize your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data.
We will only share your personal data as follows and, when applicable, only with the appropriate contractual obligations in place:
SHARING WITH HP COMPANIES
We may transfer your personal data to other HP entities in the US and worldwide for the purposes outlined in this Privacy Statement. To ensure that your personal data is secure and as part of our participation in the APEC Cross Border Privacy Rules, Binding Corporate Rules and Privacy Shield programs, HP entities are contractually bound to comply with our privacy requirements. Furthermore, our privacy guidelines are communicated to our HP employees on an annual basis as part of our mandatory trainings.
Where the international privacy programs identified above do not apply, when you agree to accept HP’s Privacy Statement when registering a product or for service, creating an account, or otherwise providing us with your personal data, you consent to the transfer of your personal data throughout the global HP network of entities.
SHARING WITH SERVICE PROVIDERS & PARTNERS
We engage service providers or partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the US or in other global locations and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfillment, product delivery, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, live-help, debt collection and management, customer satisfaction surveys or support of HP websites. Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by HP. In some cases, HP might contact you to measure your satisfaction with the delivery of our products and services provided by those service providers and partners.
SHARING OTHER INFORMATION WITH ADVERTISERS
We may also transfer information about you to advertising partners (including the ad networks, ad-serving companies, and other service providers they may use) so that they may recognize your devices and deliver interest based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or de-identified form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system and may combine information about you with information from other companies in data sharing cooperatives in which we participate. For more information, read HP Communications section.
SHARING WITH OTHER THIRD PARTIES
Circumstances may arise where, whether for strategic or other business reasons, HP decides to sell, buy, merge or otherwise reorganize businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
COMPLIANCE WITH LAW
We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of HP or its subsidiaries; or (v) protect the rights or personal safety of HP, our employees, and third parties on or using HP property when allowed and in line with the requirements of applicable law.
We do not, and will not, sell personal data to third parties. We do permit third parties to collect the personal data described above through our Services and share personal data with third parties for business purposes as described in this Privacy Statement, including but not limited to providing advertising on our Services and elsewhere based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”). The information practices of these third parties are not covered by this Privacy Statement.
Please see our Data Collection and Use Matrix for a quick reference on how and with whom we share your data.
You can make or change your choices regarding subscription or general communications from HP at the data collection point or by using other methods, which are described in the following section. These options do not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, driver updates, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
MARKETING & SUBSCRIPTION COMMUNICATIONS
HP marketing communications provide information about products, services, and/or support and you can select how these communications are delivered – e.g., via postal mail, email, telephone, fax or mobile device. Marketing communications may include new product or services information, special offers, personalized content, targeted advertising or invitations to participate in market research or compliance reviews. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive.
You may opt out of receiving these general communications by using one of the following methods:
You can also disable automatic data collection tools, such as web beacons, in email messages by not downloading images contained in messages you receive from HP (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable data collection in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider.
COOKIES AND CHOICES
HP provides you with choices about the setting of cookies and other automatic data collection tools through our Cookie Preferences Center. You can learn more about our use of these tools in our Cookies and Use of Cookie Statement. You can adjust your preferences by visiting our Cookie Preferences Center.
You have the right to ask us for a copy of any personal data that you have provided to us or that we maintain about you and to request an explanation about the processing. In addition, you have the right to withdraw any consent previously granted or to request correction, amendment, restriction, anonymization or deletion of your personal data; and to obtain the personal data you provide with your consent or in connection with a contract in a structured, machine readable format and to ask us to transfer this data to another data controller.
You also have the right to object to the processing of your personal data in some circumstances, including when we are using your data for direct marketing or to create a marketing profile. Please see the HP Communications Section for guidance on how to exercise your rights and to manage your preferences for marketing and subscription communications.
In addition to the privacy controls available to you via this Privacy Statement, you can control your device data collection. In some instances, product usage data (not content of files) is collected and processed in order to deliver you the essential functionality of an HP Service, such as remote printing, Instant Ink or other web-enabled service. You can control device data collection yourself through your device settings and preferences. HP is not in a position to adjust your data collection settings without your active participation. Disabling data collection may affect the availability or functionality of such services. Data collected for the fulfilment of such essential functionality will not be processed for direct marketing purposes. If you need assistance in adjusting your data collection settings, please contact HP Customer Support with your device details.
In certain cases, these rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on HP Services may change or no longer be available to you. Any difference in the Services are related to the value provided.
To exercise your rights, or if you have any questions or concerns about our Privacy Statement, our collection and use of your data or a possible breach of local privacy laws, you can contact HP’s Chief Privacy and Data Protection Officer or write to us at the appropriate address below:
HP France SAS
Global Legal Affairs
ATTN: Privacy Office
14 rue de la Verrerie
CS 40012 – 92197
Global Legal Affairs
ATTN: Privacy Office
Av. Vasco de Quiroga #2999
Col. Santa Fe Peña Blanca
Del. Alvaro Obregon
C.P. 01210 México D.F.
REST OF WORLD
Global Legal Affairs
ATTN: Privacy Office
1501 Page Mill Road
Palo Alto, California 94304
All communications will be treated confidentially. Upon receipt of your communication, our representative will contact you within a reasonable time to respond to your questions or concerns. In some cases, we may request further information in order to verify your identity. For more information about the verification process, click here. We aim to ensure that your concerns are resolved in a timely and appropriate manner.
If we are unable to resolve your concerns, you have the right to contact a data privacy supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached or seek a remedy through the courts. For questions, concerns or complaints related to our participation in the EU-US Privacy Shield, APEC CBPRs or application of HP’s BCRs, please read about our International Data Transfers.
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. If we make significant changes to our Privacy Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
Date Posted: March 2021.