Effective March 2018 (any references to the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) shall only apply as from 25 May 2018)
Trend Micro is the controller in the meaning of the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”). Trend Micro is the representative for the European Union, the EEA and the United Kingdom (“representative”) who represents Trend Micro with regard to its obligations under the GDPR.
Trend Micro (EMEA) Limited
IDA Business & Technology Park
Model Farm Road
Telephone: +44 203 54 93 304
For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
Telephone: +49 2232 200 879
Description of the product/service
With Trend Micro products and services, you can increase the protection for your digital data from hackers, spammers, spyware, malware and other online threats. Because of the fast and constant evolving nature of online threats and malware, it is necessary to configure our products and services to constantly provide data and information from your devices to enable us to stay ahead of malicious activities and protect your devices and data. This data and information can also include personal data.
What personal data do you provide?
Product license data
When you install and activate our products, you provide personal data such as your:
- phone number
- email address
- device ID
- operating system
- license key
We use and process this personal data to ensure that your license to our solutions is valid and to contact you regarding renewals and contractual and technical issues. This processing is necessary for the performance of the contract between you and Trend Micro regarding the use of our products and services pursuant to Article 6(1)(b) GDPR.
We may also use and process this personal data to provide you with new product information and to keep you informed about our products, services and promotions. The processing of personal data for such direct marketing purposes is based on Article 6(1)(f) GDPR since it is carried out for the legitimate interest of Trend Micro of informing its customers of new products which is also in the interest of the customer.
You have the right to object at any time to processing of your personal data for direct marketing purposes. Please address your objection to Trend Micro at the contact information stated below or to our representative stated above.
Information and personal data for using and interacting with Trend Micro’s products and services
You provide the following types of information and personal data when you use and interact with our products and services, including customer support. The specific information and personal data that you provide will depend on the particular product or services used. Providing these types of information and personal data enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment, as described in more detail below as well as enabling us to provide support that you request.
- Product information, such as MAC address, device ID
- Public IP address of the user’s gateway to the Internet
- Mobile/PC environment
- Metadata from suspicious executable files
- URLs, Domains and IP addresses of websites visited
- Metadata of client/device managed by gateway product
- Application behaviors
- Information from suspicious e-mail, including sender and receiver email address, and attachments
- Detected malicious file information
- Detected malicious network connection information
- Debug Logs
- Network Architecture/Topology
- Screen capture of errors
How does Trend Micro use the personal data that you provide to us?
Our products use the personal data that you provide to perform security and threat detection related services and functions such as:
- Analyse data sent to/from your device(s) to isolate and identify threats, vulnerabilities, suspicious activity, and attacks;
- Assess the reputation of a device or file to advise you on whether access should be granted;
- Analyse email to protect against spam and other suspicious content;
- Virus protection;
- Intrusion detection, prevention, and protection;
- Threat prevention and prediction;
- Network defence;
- Identify sources and methods of targeted attacks
- Deliver updated protection against malicious threats
The services and products of Trend Micro will support you to ensure your network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems. The processing of personal data stated above provided by you to Trend Micro through the services and products of Trend Micro is necessary for the purposes of those legitimate interests pursued by both you and Trend Micro and thus lawful pursuant to Article 6(1)(f) GDPR.
We may use information that you provide to us for other business purposes, including
- Internal record keeping in accordance with tax and accounting requirements under applicable law (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
- Compliance with the law and requests from government bodies (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
- Product and service development which is necessary for the purposes of the legitimate interests pursued by both you and Trend Micro to improve our products and services provided to you pursuant to Article 6(1)(f) GDPR
- Provide customer support, manage subscriptions, and respond to requests, questions, and comments (processing is necessary for the performance of a contract between Trend Micro and you pursuant to Article 6(1)(b) GDPR)
All the personal data stated above are necessary to enter into the contract with Trend Micro and to use Trend Micro’s products and services so that you are obliged to provide such personal data, otherwise, we can neither perform our contract with you nor provide our products and services to you. How do we protect your personal data?
We use appropriate administrative, organisational, technical, and physical safeguards, including access controls, premise security measures, secure data destruction and incident response plans to protect the personal data that you provide to us. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Where do we process your personal data?
We may process your personal data at data centres in the United States as well as other locations around the world operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro who carry out data processing on behalf of Trend Micro. When you connect to our services, you may be sending your information outside your country to a jurisdiction that may not provide equivalent levels of data protection as your home jurisdiction. However, in such case the data transfer will be subject to appropriate safeguards under Art. 46 GDPR, namely standard data protection clauses. Copies of the standard data protection clauses can be obtained by e-mail at firstname.lastname@example.org.
We will keep personal data that you provide to us for as long as you are a registered subscriber or user of our products or for as long as we have another business purpose to do so and, thereafter, for no longer than is required or permitted by law. How do we share your personal data?
We do not share personal data that you provide to us, except with service providers that help us perform and improve services for you which we engage as subcontractors; with your consent; as necessary to perform our contractual obligations to you; if necessary to protect your, our and others' rights and interests; in connection with a sale or reorganisation of our business, if and to the extent permissible by the GDPR and applicable law and as required to cooperate with any legal process and any law enforcement or other government inquiry. This means that we may provide information that we collect from you if that information is relevant to a court subpoena or to a law enforcement authority or other government investigation, provided this is permissible under the GDPR and applicable data protection law.
Withdrawal of consent
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Please address your withdrawal to Trend Micro at the contact information stated below or to our representative stated above.
Under the GDPR, you have inter alia the right to request from Trend Micro
- access to your personal data pursuant to Article 15 GDPR
- rectification of your personal data pursuant to Article 16 GDPR
- erasure of your personal data pursuant to Article 17 GDPR
- restriction of processing of your personal data pursuant to Article 18 GDPR
- data portability pursuant to Article 20 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) – processing is necessary for the performance of a task carried out in the public interest – or (f) – processing is necessary for the purposes of the legitimate interests pursued by Trend Micro or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data – of Article 6(1) GDPR.
For exercising any of your rights, please contact Trend Micro at the contact information stated above or our representative stated above.
Trend Micro contact information and inquiries
Rights to complain to the Data Protection Authority
If you have a complaint or concerns about how we are processing your personal information or if you consider that the processing of your personal data by Trend Micro infringes the GDPR then we will endeavor to address such concerns. However, if you would like to direct your complaint/concerns to a Data Protection Authority, you have such right under Article 77 GDPR.