Privacy policy for Trend Micro Toolbar
Trend Micro Toolbar by TrendMicro
TREND MICRO GLOBAL PRIVACY NOTICE FOR OUR WEBSITE, PRODUCTS AND SERVICES
Trend Micro Incorporated and its subsidiaries and affiliates (collectively, "Trend Micro" or "we") provides this Privacy Notice to help you understand the types of personal information that you provide to Trend Micro, what we do with that information and how we protect that information. We are committed to protecting your privacy and ensuring you have a positive experience on our websites ("Website") and in using the Trend Micro Products and Services that our customers ("Customers") sign up for.
This Privacy Notice covers personal information we collect in connection with our:
1. Websites (Part 1)
2. Products/Services (Part 2)
3. Prospects (Part 3)
Contents
We've listed the contents of each Part of our Privacy Notice below. If you want more information on a particular section, just click on the link in the contents list to jump directly to of that section.
• Websites Part 1: Contents
A. What information is processed by Trend Micro when using our Websites and how is it used by Trend Micro?
B. Legal basis for processing (EEA only)
C. Sharing personal information
D. Transfers over the internet to countries located outside the EEA (EEA only)
E. Data Retention
F. Protection and security of personal information
G. Managing Personal Information
H. Third-party websites
I. Communication preferences
J. EEA data protection rights (EEA only)
K. Controller (EEA only)
L. Contact and Data Protection Officer
• Products/Services Part 2: Contents
A. What information is processed by Trend Micro when using our Products and Services and how is it used by Trend Micro?
B. Legal basis for processing (EEA only)
C. Sharing personal information
D. Transfers over the internet to countries located outside the EEA (EEA individuals only)
E. Data Retention
F. Protection and security of personal information
G. Communication preferences
H. EEA data protection rights (EEA only)
I. Controller (EEA only)
J. Contact and Data Protection Officer
• Prospects Part 3: Contents
A. What information is processed by Trend Micro, how is it used by Trend Micro and why?
B. Legal basis for processing (EEA only)
C. Sharing personal information
D. Transfers over the internet to countries located outside the EEA (EEA only)
E. Data Retention
F. Protection and security of personal information
G. Communication preferences
H. EEA data protection rights (EEA only)
I. Controller (EEA only)
J. Contact and Data Protection Officer
• Changes to the Trend Micro Privacy Notice
This Privacy Notice was last updated on September 1, 2019. Trend Micro will occasionally update this Privacy Notice to reflect changes in our Products and Services and Customer feedback. When we make changes to the Privacy Notice, we will revise the date at the top of the Privacy Notice. If there are material changes to this Privacy Notice or in how we will use your personal information or where we intend to further process your personal information for a purpose other than that for which the personal information was collected, we will notify either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification.
1. PRIVACY FOR OUR WEBSITES
This Part 1 of the Notice covers the personal information collected regarding visitors to our Website. We identify below subsections that are only applicable for the European Economic Area ("EEA").
This Part 1 covers, in relation to our Websites:
• A. What information is processed by Trend Micro when using our Websites and how is it used by Trend Micro?
• B. Legal basis for processing (EEA only)
• C. Sharing personal information
• D. Transfers over the internet to countries located outside the EEA (EEA only)
• E. Data Retention
• F. Protection and security of personal information
• G. Managing Personal Information
• H. Third-party websites
• I. Communication preferences
• J. EEA data protection rights (EEA only)
• K. Controller (EEA only)L. Contact and Data Protection Officer
A. What information is processed by Trend Micro when using our Websites and how is it used by Trend Micro?
Information that is actively provided
Trend Micro collects personal information in many ways: when visitors download free evaluation
software or upgrades, when visitors register online, when visitors contact Trend Micro through our “Contact Us” link on our Website, when visitors participate in a campaign or a website forum or referral promotions, when individuals register for or otherwise participate in a competition, when visitors request online a quote or technical support, when visitors cause information or data to be sent to Trend Micro as part of the online Product Services, when visitors subscribe online to Trend Micro newsletters or receive Product updates or technical online alerts, when visitors enter an online contest, giveaway, promotion or special offer, when visitors provide us with feedback online, or when visitors apply for a job online with Trend Micro. Where visitors visit our Websites and wish to download content, take part in a competition, purchase product or request information, visitors may be requested to provide details as follows:
• Name
• Phone number
• Email address
• Postal address
• Company name
• Billing and shipping information
• Other relevant information about visitors and visitors' systems and visitors' company
• Date of birth (only for certain competitions)
• Parent's or legal guardian's name and email address (only for certain competitions where participants are minors under a particular age (such as under 18 in Australia, under 17 in the United States, and Canada, under 20 in Japan (due to be under 18 from April 2022), and under 16 in parts of Europe) in accordance with applicable data protection law);
If visitors do not provide their personal information stated above to us, their use of those sections of our Websites and Services could be restricted or impossible. Trend Micro does neither wish to receive nor need any sensitive personal information, i.e. personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Where minors participate in competitions, we ask for the consent of their parent or legal guardian where they are under a certain age (varying based on their country) as set out above. Other than for such competitions, Trend Micro does not knowingly collect personal information from minors under the age of 16. If we learn that we have collected the personal information of a minor under the age of 16, Trend Micro will promptly delete such personal information.
Information that is collected automatically
Trend Micro's Website, online Services, interactive applications and email messages may use "cookies" and other technologies such as web beacons to collect certain information automatically from visitors' device. This may also include cookies placed by third parties in addition to Trend Micro. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
The information we collect automatically may include information like visitors' IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how a visitor's device has interacted with our Website, including the pages accessed and links clicked.
Trend Micro also collects log files of traffic that visit our Website. These log files may include information such as a visitor's Internet Protocol (IP) address, browser information and language, domain name, date and time of request. We use this information to track aggregate traffic patterns throughout our websites. Trend Micro may collect and retain for a certain period IP address information of Customers in order to provide technical support, obtain geo-location information, for subscription and registration purposes and to secure our networks and systems. To the extent that IP addresses or similar identifiers are considered personal information by applicable data protection law, we treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of our Privacy Notice.
For more information on the technologies used and to learn how to manage cookie preferences, please see Trend Micro’s Website “Cookie Notice” at trendmicro.com/cookie-notice.
How does Trend Micro use personal information?
Trend Micro Websites collect personal information to provide downloads of free evaluation software or upgrades, newsletters, respond to requests for contact, downloads of whitepapers and to provide its Products, Services and support to its Customers and allow a visitor to register.
We may further use and process personal information provided to us through our Websites such as by visitors completing contact or information request forms to provide visitors with new Product information or technical alerts and keep visitors informed about our Products, Services, promotions and special offers.
Cookies and other tracking technologies are used on our Website and in our Products and Services for a variety of reasons including to better understand visitor and Customer behavior and improving our Products, Services and advertising.
We also collect and process personal information for the following other purposes:
• Responding to or addressing requests, enquiries, complaints, feedback or opinion;
• Improving visitors' experience of our Website;
• Recording visitor preferences regarding their use of our Website;
• Communicating with or notifying of, or providing them with updates on Trend Micro Products and Services or benefits available or technical news;
• Participating in competitions and awarding prizes;
• Evaluating a visitor's interest in employment in the case of employment applications submitted by them through our Website.
B. Legal basis for processing (EEA only)
We will only collect and process personal information of visitors to our Website if we have a lawful basis to do so, for reasons explained in this Notice. We may process information that we have collected for legal bases including:
• Where we process personal information for internal record keeping in accordance with tax and accounting requirements under applicable law, this processing is necessary for compliance with a legal obligation of Trend Micro.
• To access certain content on our website or receive services available through it, visitors may be required to set up an online account. The information collected and used by us at these points, is necessary to provide visitors the content or services. This processing of personal information is necessary for the performance of the contract between visitors and Trend Micro regarding such access or receipt.
• Where we use and process personal information visitors provided to us via Trend Micro Website to provide visitors with new Product information or technical alerts and to keep visitors informed about our Products, Services, promotions and special offers, the processing of personal information for such direct marketing purposes is based either on consent or on legitimate interest grounds.
• Where a visitor is a Customer of Trend Micro and we need to respond to or address the visitor's requests, enquiries, complaints or feedback, processing is necessary for the performance of the contract between the visitor and Trend Micro.
• If visitors have requests, enquiries, complaints, feedback or provide an opinion and visitors are not a Customer of Trend Micro, processing is necessary for the purposes of the legitimate interests pursued by Trend Micro to address their communications to us.
• We rely on our legitimate interests where we process visitors' personal information to improve visitors' experiences on our Website and to improve and develop our Products and Services.
• Where we process visitors' personal information to evaluate their interest in employment in the case of employment applications submitted by them, processing is necessary for the purposes of recruitment and in order to take steps at their request prior to entering into a potential employment contract.
• We may also need to carry out certain processing activities to comply with a legal obligation to which Trend Micro is subject.
• Where you enter a competition (on behalf of yourself or on behalf of a minor), the use of your personal information (or the relevant minor's personal information) is either (i) necessary for the performance of the contract (competition rules/terms and conditions) that you agree to or (ii) where applicable on the basis of your consent. It is the responsibility of the entrant to make sure that each participant (or their parent/legal guardian) is made aware and accepts the competition rules/terms and conditions and made aware of this and any competition specific privacy notice.
• Any involvement in market research will only be based on visitors' consent.
C. Sharing personal information
Trend Micro is a global organization and may share personal information with its affiliated companies, distributors or partners in order to provide the high quality, localized Services or offers or competition services visitors have requested, meet their needs or provide visitors with Customer support. Trend Micro may engage contractors to provide certain Services, such as providing technical support, handling
order processing or shipping Products, marketing, hosting and conducting Customer research or satisfaction surveys.
For example, if visitors choose to purchase a license to a Trend Micro Product on our Website, visitors will be directed to the website of one of Trend Micro’s e-commerce partner, such as Digital River, in order to purchase the license. Trend Micro and the pertinent e-commerce partner will need to share some personal information.
Trend Micro requires that all contractors keep personal information of our visitors secure and confidential and that they do not share such personal information with others or use it for their own marketing purposes.
It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities within or outside visitors' country of residence for Trend Micro to disclose visitors' personal information. We may also disclose personal information about visitors if we determine that for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate.
Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products or visitors. In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to the relevant third party.
D. Transfers over the internet to countries located outside the EEA (EEA only)
Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process visitors' personal information outside the country in which visitors are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share visitors' personal information among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate Rules or standard data protection clauses. We may also transfer visitors' personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for visitors' personal information. However, in such cases the data transfer will be subject to appropriate safeguards, namely EU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outsideeu/model-contracts-transfer-personal-data-third-countries_en.
E. Data retention
Trend Micro will keep visitors' personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide a service a visitor has requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process visitors' personal information, we will either delete or anonymize it or, if this is not possible (for example, because visitors' personal information has been stored in backup archives), then we will securely store that personal information until deletion is possible.
F. Protection and security of personal information
As a global security leader, Trend Micro understands the importance of securing visitors' personal information. Trend Micro has taken appropriate security measures – including administrative, technical and physical measures - to maintain and protect visitors' personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to visitors' personal information is restricted to authorized personnel only.
G. Managing own personal information
If visitors participate in a Trend Micro discussion forum or a Trend Micro competition that publishes entries online on our Website, visitors should be aware that the information visitors provide there will be made broadly available to others, and can be read (or watched), collected or used by other users of these forums/competition pages, inside or outside of Trend Micro. This information can be used to send individuals unsolicited messages. Visitors are responsible for the personal information visitors choose to submit in these instances. For example, if visitors list their name and email address in a forum posting, that information is public. Visitors should be careful and responsible when participating in any forum or discussion group or public competition on Trend Micro's Website and note that some of these forums or competitions may have additional rules and conditions. Each participant’s opinion on a forum or competition in our Website is his or her own and should not be considered as reflecting the opinion of Trend Micro. Trend Micro is not responsible for the personal information or any other information visitors choose to submit in these forums or competitions.
Where visitors have a password which enables them to access their account, they are responsible for keeping this password secure and confidential.
H. Third-party websites
Trend Micro’s Website contains a number of links to websites of Trend Micro business partners or to co-branded websites that are maintained by Trend Micro and one or more of our business partners who are collecting visitors' personal information pursuant to their own policies and purposes. Visitors should carefully read the privacy policies on such websites or co-branded websites as they may differ from Trend Micro’s Privacy Notice, especially as personal information collected on such websites are governed by the pertinent privacy policies. Trend Micro is not responsible for the content, their Products or privacy practices or misuse of any information visitors provide on those websites.
I. Communication preferences
Trend Micro gives visitors the choice of receiving a variety of information that complements our Products and Services. Visitors can manage their communication preferences and unsubscribe in one of the following ways:
• Non-EEA
If visitors are based outside the EEA: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Incorporated, c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Visitors should include their name, email address and specific relevant information about the material that they no longer wish to receive.
• EEA
If visitors are based in the EEA: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) if visitors are an Enterprise Customer they may unsubscribe via our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or (c) if visitors are consumer customers they may unsubscribe via the “My Account” https://www.trendsecure.com/my_account/signin/login or (d) unsubscribe by sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Visitors should include their name, email address and specific relevant information about the material that they no longer wish to receive.
J. EEA data protection rights (EEA only)
Visitors to Trend Micro's European Website and visitors located in the EEA have certain data protection rights under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”). These are briefly explained below. If visitors wish to contact us in relation to those rights, please see the contact information at section 1.L below. We will endeavour to assist visitors where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.
• Right to rectification of personal information - Visitors have the right to request that any inaccurate personal information held by or on behalf of Trend Micro is corrected.
• Right to access personal information– Visitors have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask visitors to verify their identity and to provide further details about their request. We will endeavour to respond without undue delay and, in any event, within the timescales required by law.
• Right to data portability– Visitors have the right to receive personal information they have provided to us or to ask us to transfer it to another company.
• Right to erasure (or "right to be forgotten")– Visitors have the right to request that Trend Micro delete all of the personal information that we hold about them.
• Right to restrict processing– Visitors have the right to restrict Trend Micro from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of these visitors' personal information during the review period.
• Right to object to processing– Visitors have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.
• Right to withdraw consent – If we are relying on visitors consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to make a complaint to a Data Protection Authority - If visitors have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.
• If visitors have any questions, comments or concerns regarding this Privacy Notice or if visitors would like to change their communication preferences, update or review personal information we have about them or if visitors exercise a right to object, if visitors withdraw a consent they have given, or if visitors exercise any of their rights stated in this section, they can contact us using the EEA contact information at section 1.L below. Visitors can also withdraw their consent or to object to processing of their personal information for direct marketing purposes by (for Enterprise Customers) visiting our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html, or (for consumer customers) via their My Account: https://www.trendsecure.com/my_account/signin/login.
K. Controller [EEA only]
Where the EU General Data Protection Regulation ("GDPR") applies, we must identify who the data controller is. When visitors are located inside the EEA, Trend Micro EMEA Limited is the data controller of personal information that is collected through their use of our Website.
L. Contact and Data Protection Officer
• If visitors are based outside the EEA, if they have any questions, requests, comments or concerns regarding this Privacy Notice, they can contact us using the details below:
Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
TX 75062
USA
E-Mail: legal_notice@trendmicro.com
• If visitors are based inside the EEA, the contact details of the data protection officers designated by Trend Micro are:
GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
Telephone: +44 203 54 93 304
E-Mail: gdpr@trendmicro.com
2. PRIVACY FOR USERS OF OUR PRODUCTS AND SERVICES
This Part 2 of the Notice covers the personal information of individuals (users) collected when signing up for or using Trend Micro's Products and/or Services
• A. What information is processed by Trend Micro when using our Products and Services and how is it used by Trend Micro?
• B. Legal basis for processing (EEA individuals only)
• C. Sharing personal information
• D. Transfers over the internet to countries located outside the EEA (EEA individuals only)
• E. Data Retention
• F. Protection and security of personal information
• G. Communication preferences
• H. EEA data protection rights (EEA individuals only)
• I. Controller (EEA individuals only)
• J. Contact and Data Protection Officer
A. What information is processed by Trend Micro when using our Products and Services and how is it used by Trend Micro?
Upon ordering, purchasing, installing, activating or using our Products, we receive personal information
such as:
• Name
• Phone number
• Email address
• Device ID
• Operating system
• License Key
We use this personal information to ensure that the relevant Customer's license to our solutions is valid and to contact our Customers regarding renewals, technical issues and new Product information.
The following types of information and personal information are processed when using and interacting with our Products and Services, including Customer support. The specific information and personal information that is provided automatically will depend on the particular Product or Services used. These types of information and personal information enables users to participate, share and leverage Trend Micro's global database of threat related intelligence to rapidly identify and defend against potential threats within each Customer's unique network environment, as described in more detail below, as well as enabling us to provide any support requested. You can find further details of the types of data that Trend Micro products collect, what this data is used for and detailed instructions on how to disable the specific features that feedback data to Trend Micro in the Privacy and Personal Data Collection Disclosure. [LINK/URL: https://success.trendmicro.com/data-collection-disclosure]
• Product information, such as MAC address, device ID
• Public IP address of the user's gateway to the internet
• Mobile/PC environment
• Metadata from suspicious executable files
• URLs, Domains and IP addresses of websites visited
• Metadata of user/device managed by gateway Product
• Application behaviours
• Personal information contained within email content or files to which Trend Micro is provided access
• Behaviours of Product users
• Information from suspicious email, including sender and receiver email address, and attachments
• Detected malicious file information
• Detected malicious network connection information
• Debug logs
• Network Architecture/Topology
• Screen capture of errors
Trend Micro does neither wish to receive nor need any sensitive personal information, i.e. personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Trend Micro's Products that have parental control features may, where parental consent is in place, collect personal information about minors as needed in order to provide the parental control services requested by the relevant parent or legal guardian. Such personal information may be collected from Customers who are the relevant parent or legal guardian, from the relevant minors or from devices and files that the Product is given access to. These Products may provide personal information regarding minors to their parent or legal guardian where needed in order to provide the requested parental control features. Trend Micro also uses the data collected for data analytics, service and feature improvement, and to offer support following initial activation or if an issue is detected.
Trend Micro's Products that scan emails and files to provide security and threat detection may inadvertently scan the personal information of minors to the extent these emails and files contain any such personal information.
Trend Micro's Products that monitor the use of a Customer's network, such as the Home Network Security product, will collect personal information (such as device information, IP address, browsing history and use of the Network by those devices) from any users of devices connected to the Customer's network. This personal information will be provided to the Customer to protect the security of their network, to enable them to manage the usage of connected devices in their home and to enable them to protect children using the network. You can find further details of the types of data that the Home Network Security product collects and what this data is used for in the Home Network Security Data Collection Disclosure [LINK/URL: https://esupport.trendmicro.com/en-US/home/pages/technicalsupport/home-network-security/1119873.aspx].
Our Products use the personal information provided by users to perform security and threat detection relating to our Services and functions such as:
• Analyse data sent to/from the user's device to isolate and identify threats, vulnerabilities, suspicious activity and attacks;
• Assess the reputation of a website, email sender’s IP address, device or file to advise the user on whether access should be granted;
• Analyse email to protect against spam, impersonation and other suspicious content;
• Virus protection;
• Intrusion detection, prevention and protection;
• Threat prevention and prediction;
• Network defence;
• Sand box testing (for certain cloud products);
• Storage of emails for back up purposes (certain cloud products);
• Identify, block and/or remove applications, messages, and files that may compromise productivity or the performance and security of computers, systems, and/or networks;
• Identify sources and methods of targeted attacks; and
• Deliver updated protection against malicious threats.
We may also use personal information for other business purposes, including:
• Internal record keeping;
• Compliance with the law and requests from government bodies;
• Product and Service development;
• Keeping existing and past Customers informed about our Products, Services and promotions;
• Providing Customer support;
• Managing subscriptions and billing; and
• Responding to requests, questions and comments.
Information that we obtain from third party sources
From time to time, we may receive personal information from third party sources such as distributors/reseller or partners. The types of information we receive from these third parties includes contact information such as email addresses and telephone numbers and we use the information we receive from these third parties to contact individuals in relation to our products.
B. Legal basis for processing (EEA individuals only)
We will only collect and process user personal information if we have a lawful basis to do so, for reasons explained in this Notice.
Products and Service related:
Many of our Products and Services require an online account to be set up and purchases completed. The information collected and used by us at these points is necessary to provide the Products and Services and support Customers expect from Trend Micro. In connection with Services we provide, we may use personal information to renew or terminate a Customer's subscription or to complete a transaction or confirm or complete an order or offer. This processing of personal information is necessary for the conclusion and/or performance of the contract between the Customer and Trend Micro regarding the use of our Products, Services and support and is in the Customer and Trend Micro's legitimate interests for the same reason.
We use and process personal information to ensure that the Customer's license to our solutions is valid and to contact Customers regarding renewals and contractual and technical issues. This processing is necessary for the performance of the contract between the Customer and Trend Micro regarding the use of our Products and Services; and/or our legitimate interest in providing and improving our Products and Services.
Where we use personal information provided through our Products and Services to support Customers' network and information security, this processing is necessary for the performance of the contract between the Customer and Trend Micro and/or for the legitimate interest of the Customer in ensuring network and information security and our legitimate interest in providing and improving our Products and Services.
Direct Marketing:
Where we use and process personal information provided to us on account registration and/or Product purchase/installation/activation to provide our Customers with new Product information or technical alerts and to keep Customers informed about our Products, Services, promotions and special offers, the processing of personal information for such direct marketing purposes is based either on consent or legitimate interest grounds.
Other Purposes:
Where Trend Micro processes personal information for other purposes set out in this Privacy Notice, we rely on various legal bases:
• Where we process personal information for internal record keeping in accordance with tax and accounting requirements under applicable law, this processing is necessary for compliance with a legal obligation of Trend Micro.
• Where we need to respond to or address the requests, enquiries, complaints or feedback, processing is necessary for the performance of the contract between the relevant Customer and Trend Micro, our or their legitimate interests and/or is based on consent.
• We rely on our legitimate interests where we process personal information to provide, improve and develop our Products and Services.
• We may also need to carry out certain other processing activities to comply with a legal obligation to which Trend Micro is subject.
• Any involvement in market research or beta programmes will only be based on consent.
C. Sharing personal information
Trend Micro is a global organization and may share personal information with its affiliated companies, resellers, distributors, vendors, service providers or partners in order to provide the high quality, localized Services and Products or offers that Customers have requested, and/or to meet Customer needs or provide support. Trend Micro may engage contractors to provide certain Services, such as providing technical support, hosting cloud services, handling order processing or shipping Products, conduct Customer research or satisfaction surveys. For example, if a Customer chooses to purchase a license to a Trend Micro Product on our Website, the Customer will be directed to the website of one of Trend Micro’s e-commerce resellers, such as Digital River, in order to purchase the license. Trend Micro and the pertinent e-commerce reseller will need to share some personal information to complete the purchase.
Trend Micro requires that all contractors keep personal information of our Customers secure and confidential and that they do not share such personal information with others.
It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities in any country where Trend Micro operates, for Trend Micro to disclose personal information received in relation to the registration and/or use of our Products or Services. We may also disclose such personal information if we determine that, for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate.
Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products, Services or their users. In addition, in the event of a reorganization, merger or sale, we may disclose and transfer any and all personal information we collect to the relevant third party.
D. Transfers over the internet to countries located outside the EEA (EEA individuals only)
Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process user's personal information outside the country in which they are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share personal information among Trend Micro affiliates globally, we will do this on the basis of standard data protection clauses.
We may also transfer personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for personal information. However, in such case the data transfer will be subject to appropriate safeguards, namely EU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contractstransfer-personal-data-third-countries_en.
E. Data retention
Trend Micro will keep personal information relating to the registration and use of our Products and Services for as long as the relevant Customer remains a registered subscriber or for as long as we have another legitimate business purpose to do so and, thereafter, for no longer than is required or permitted by law. When we have no ongoing legitimate business need to process such personal information, we will either delete or anonymize it or, if this is not possible (for example, because the personal information has been stored in backup archives), then we will securely store the personal information until deletion is possible.
F. Protection and security of personal information
As a global security leader, Trend Micro understands the importance of securing personal information. Trend Micro has taken appropriate security measures – including administrative, technical and physical measures - to maintain and protect personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to personal information relating to the registration and use of our Products and Services is restricted to authorized personnel only.
Where a Customer has a password to enable access to the Customer's account, the Customer is responsible for keeping this password secure and confidential.
G. Communication preferences
Trend Micro gives individuals the choice of receiving a variety of information that complements our Products and Services. Communication preferences can be managed, including terminating subscriptions or future communications, in one of the following ways:
• Non-EEA
Individuals based outside the EEA: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Inc, c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Please include the name, email address and specific relevant information about the material which should no longer be sent out.
• EEA
Individuals based in the EEA: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) for enterprise customers unsubscribe via our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or (c) for consumer customers unsubscribe via the “My Account” https://www.trendsecure.com/my_account/signin/login or (d) unsubscribe by sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Please include name, email address and specific relevant information about the material/correspondence that should no longer be sent out.
H. EEA data protection rights (EEA individuals only)
Individuals in the EEA, under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) have certain data protection rights. These are briefly explained below. To contact us in relation to those rights, please see the contact information in section 2.J below. We will endeavour to assist where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.
• Right to rectification of personal information - EEA individuals have the right to request that any inaccurate personal information about them held by or on behalf of Trend Micro is corrected.
• Right to access personal information – EEA individuals have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask to verify the requestor's identity and for further details about the request. We will endeavour to respond without undue delay and, in any event, within the timescales required by law.
• Right to data portability – EEA individuals have the right to receive personal information they have provided to us or to ask us to transfer it to another company.
• Right to erasure (or "right to be forgotten") – EEA individuals have the right to request that Trend Micro delete all of the personal information that we hold about them.
• Right to restrict processing – EEA individuals have the right to restrict Trend Micro from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of the requestor's personal information during the review period.
• Right to object to processing – EEA individuals have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.
• Right to withdraw consent – If we are relying on EEA individuals' consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to make a complaint to a Data Protection Authority - If EEA individuals have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.
If EEA individuals have any questions, comments or concerns regarding this Privacy Notice or would like to change their communication preferences, update or review personal information we have about them or if they exercise a right to object, if they withdraw a consent they have given, or if they exercise any of the rights stated in this section, please contact us using the EEA contact information in section 2.J below. Enterprise Users can also withdraw their consent or to object to processing of their personal information for direct marketing purposes by visiting our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or Consumers via their My Account: https://www.trendsecure.com/my_account/signin/login.
I. Controller (EEA individuals only)
Trend Micro EMEA Limited, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland is the data controller of personal information that is collected through use of our Products and/or Services signed up for by EEA Customers.
J. Contact and Data Protection Officer
• Individuals based outside the EEA, with any questions, requests, comments or concerns regarding this Privacy Notice, can contact us using the details below:
Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
TX 75062
USA
E-Mail: legal_notice@trendmicro.com
• For individuals based inside the EEA, the contact details of the data protection officers designated by Trend Micro are:
GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
Telephone: +44 203 54 93 304
E-Mail: gdpr@trendmicro.com
3. PRIVACY IN RELATION TO PROSPECTS
This Part 3 of the Notice covers the personal information collected regarding individuals who attend events, individuals who provide us with their business contact information, individuals who contact us with enquiries and other individuals that we send marketing to (“Prospects”). We identify below subsections that are only applicable for the European Economic Area ("EEA").
This Part 3 covers, in relation to Prospects:
• A. What information of Prospects is processed by Trend Micro, how is it used by Trend Micro and why?
• B. Legal basis for processing (EEA only)
• C. Sharing personal information
• D. Transfers over the internet to countries located outside the EEA (EEA only)
• E. Data Retention
• F. Protection and security of personal information
• G. Communication preferences
• H. EEA data protection rights (EEA only)
• I. Controller (EEA only)
• J. Contact and Data Protection Officer
A. What information is processed by Trend Micro, how is it used by Trend Micro and why?
Information that is actively provided Trend Micro collects personal information in many ways, such as when Prospects: register to attend one of our events, provide us with their business card information or when they request to receive information from us.
The personal information can include:
• Contact details including name, telephone numbers, email address and postal address;
• Where relevant employer and employment information such as job title, function, seniority, department, and the address/country/city of the individual's office; and
• Contact's preferences and interests, for instance which newsletters they would like to be subscribed to or what products and services they are interested in.
Trend Micro collects this information in order to:
• respond to correspondence and enquiries Prospects send us;
• to provide events and other services requested by Prospects or their employer;
• obtain Prospects' feedback;
• send Prospects tailored information on our Products and Services that may be of interest to them; and
• tailor and develop our Products and Services to ensure they are as relevant as possible.
Trend Micro does neither wish to receive nor need any sensitive personal information, i.e. personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Trend Micro does not knowingly collect personal information from children under the age of 16. If we learn that we have collected the personal information of a child under the age of 16, Trend Micro will promptly delete such personal information.
Information that is collected automatically Trend Micro's email messages may use technologies such as web beacons to collect certain information automatically from individuals' devices. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
The information we collect automatically may include information like individuals' IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
To the extent that IP addresses or similar identifiers are considered personal information by applicable data protection law, we treat these identifiers as personal information. Similarly, to the extent that nonpersonal information is combined with personal information, we treat the combined information as personal information for the purposes of our Privacy Notice.
For more information on the technologies used and to learn how to manage cookie preferences, please see Trend Micro’s “Cookie Notice” at trendmicro.com/cookie-notice.
Information that we obtain from third party sources
From time to time, we may receive personal information from third party sources such as lead generating companies, event hosting companies and employers of individuals who for example, wish their employees/ individuals to attend our events.
The types of information we receive from third parties include: name, email address, contact details (and where appropriate employment details). We use the information we receive from these third parties for lead generation/ marketing purposes, to enable us to send Prospects tailored information on our Products and Services (including events) that may be of interest to them and to tailor and develop our Products and Services.
B. Legal basis for processing (EEA only)
We will only collect and process personal information of Prospects if we have a lawful basis to do so, for reasons explained in this Notice. We may process information that we have collected for legal bases including:
• Where we process personal information for internal record keeping in accordance with tax and accounting requirements under applicable law, this processing is necessary for compliance with a legal obligation of Trend Micro.
• Information collected to enable Prospects to attend our events is necessary for the performance of the contract between such Prospects and Trend Micro for the provision of the event; or for the legitimate interests of Trend Micro and the employers of Prospects, where Prospects attend events on their employer's behalf.
• Where we use and process personal information to provide Prospects with new Product information or technical alerts and to keep them informed about our Products, Services, promotions and special offers, the processing of personal information for such direct marketing purposes is based either on consent or on legitimate interest grounds.
• If Prospects have requests, enquiries, complaints, feedback or provide an opinion and are not a Customer of Trend Micro, processing is necessary for the purposes of the legitimate interests pursued by Trend Micro to address their communications to us.
• We rely on our legitimate interests where we process Prospects' personal information to improve their experiences of our events, to request feedback and/or to improve and develop our Products and Services.
• We may also need to carry out certain processing activities to comply with a legal obligation to which Trend Micro is subject.
• The award of prizes and any involvement in market research will only be based on Prospects' consent.
C. Sharing personal information
Trend Micro is a global organization and may share personal information with its affiliated companies, distributors, vendors or partners in order to provide the high quality, localized Services or offers Prospects have requested, meet their needs or provide Prospects with support. Trend Micro may engage contractors to provide certain services, such as providing technical support, marketing, and conducting research or satisfaction surveys.
Trend Micro requires that all contractors keep personal information of Prospects secure and confidential and that they do not share such personal information with others or use it for their own marketing purposes.
It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities within or outside Prospects' country of residence for Trend Micro to disclose Prospects' personal information. We may also disclose personal information about Prospects if we determine that for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate.
Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products or Prospects. In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to the relevant third party.
D. Transfers over the internet to countries located outside the EEA (EEA only)
Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process Prospects' personal information outside the country in which Prospects are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share Prospects' personal information among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate Rules or standard data protection clauses. We may also transfer Prospects' personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for Prospects' personal information.
However, in such case the data transfer will be subject to appropriate safeguards, namely EU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/model-contracts-transfer-personal-data-third-countries_en.
E. Data retention
Trend Micro will keep Prospects' personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide a service or information that Prospects have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process Prospects' personal information, we will either delete or anonymize it or, if this is not possible (for example, because Prospects' personal information has been stored in backup archives), then we will securely store that personal information until deletion is possible.
F. Protection and security of personal information
As a global security leader, Trend Micro understands the importance of securing Prospects' personal information. Trend Micro has taken appropriate security measures – including administrative, technical and physical measures - to maintain and protect Prospects' personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to Prospects' personal information is restricted to authorized personnel only.
G. Communication preferences
Trend Micro gives individuals the choice of receiving a variety of information about our Products and Services. Individuals can manage their communication preferences and unsubscribe in one of the following ways:
• Non-EEA
If Individuals are based outside the EEA: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Inc, c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Individuals should include their name, email address and specific relevant information about the material that they no longer wish to receive.
• EEA
If Prospects are based in the EEA: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland.
Prospects should include their name, email address and specific relevant information about the material that they no longer wish to receive.
H. EEA data protection rights (EEA only)
Prospects located in the EEA have certain data protection rights under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”). These are briefly explained below. If Prospects wish to contact us in relation to those rights, please see the contact information at section 3.J below. We will endeavour to assist Prospects where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.
• Right to rectification of personal information – Prospects have the right to request that any inaccurate personal information held by or on behalf of Trend Micro is corrected.
• Right to access personal information – Prospects have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask Prospects to verify their identity and to provide further details about their request.
We will endeavour to respond without undue delay and, in any event, within the timescales required by law.
• Right to data portability – Prospects have the right to receive personal information they have provided to us or to ask us to transfer it to another company.
• Right to erasure (or "right to be forgotten") – Prospects have the right to request that Trend Micro delete all of the personal information that we hold about them.
• Right to restrict processing – Prospects have the right to restrict Prospects from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of these Prospects' personal information during the review period.
• Right to object to processing – Prospects have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.
• Right to withdraw consent – If we are relying on Prospects' consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to make a complaint to a Data Protection Authority – If Prospects have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.
• If Prospects have any questions, comments or concerns regarding this Privacy Notice or if Prospects would like to change their communication preferences, update or review personal information we have about them or if Prospects exercise a right to object, if Prospects withdraw a consent they have given, or if Prospects exercise any of their rights stated in this section, they can contact us using the EEA contact information at section 3.J below.
I. Controller (EEA only)
Where the EU General Data Protection Regulation ("GDPR") applies, we must identify who the data controller is. Where Prospects' personal information is collected for Trend Micro EMEA Limited's purposes, Trend Micro EMEA Limited is the data controller of Prospects' personal information.
J. Contact and Data Protection Officer
• If Prospects are based outside the EEA, if they have any questions, requests, comments or concerns regarding this Privacy Notice, they can contact us using the details below:
Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
21
TX 75062
USA
E-Mail: legal_notice@trendmicro.com
• If Prospects are based inside the EEA, the contact details of the data protection officers designated by Trend Micro are:
GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
Telephone: +44 203 54 93 304
E-Mail: gdpr@trendmicro.com