(Any references to the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) shall only apply as from 25 May 2018)
Trend Micro Incorporated and its subsidiaries and affiliates are committed to protecting your privacy and ensuring you have a positive experience on our websites and in using our products and services (“Trend Micro Products and Services”).
- A. Controller, Representative, Data Protection Officer
- B. Why and how does Trend Micro collect and process your personal data?
- C. Sharing your personal data
- D. Sensitive Personal Data
- E. Data Retention
- F. Communication Preferences
- G. Protection and security of your personal data
- H. Transfers over the Internet to countries located outside the European Union or the EEA
- J. Managing your personal data
- K. Third-Party websites, products and services
- L. Your Rights
- M. Children
- O. Trend Micro contact information and inquiries
- P. Rights to complain to the Data Protection Authority
A. Controller, Representative, Data Protection Officer
Trend Micro is the controller in the meaning of the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”). Trend Micro is the representative for the European Union, the EEA and the United Kingdom (“representative”) who represents Trend Micro with regard to its obligations under the GDPR.
Trend Micro (EMEA) Limited
IDA Business & Technology Park
Model Farm Road
Telephone: +44 203 54 93 304
For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
Telephone: +49 2232 200 879
B. Why and how does Trend Micro collect and process your personal data?
We will only collect and process your personal data if we have a legitimate interest to do so, i.e. for reasons explained in this policy, to perform a contract we have entered into with you, if you have given us your consent to use certain personal data or where we have a legal obligation to do so.
Trend Micro websites collect personal data primarily to process orders for Trend Micro Products and Services on our website, provide downloads of free evaluation software or upgrades, provide its products, services and support to its customers and allow you to register as a customer. Many of our services require you to set up an online account and complete your purchase. Setting up an account and making a purchase requires a valid e-mail address and password as a login, along with other information which will be of a personal nature, such as your name, company name, address, language preferences and time zone. This information is necessary in providing you the services and support you expect from Trend Micro. In connection with services we provide we may use your information to renew or terminate your subscription or to complete a transaction or confirm or complete an order or offer. This information may include but not be limited to name, company name, billing and shipping information, email address, phone number, and other relevant information about you and your systems. This processing of your personal data is necessary for the performance of the contract between you and Trend Micro regarding the use of our products, services and support pursuant to Article 6(1)(b) GDPR.
We may further use and process personal data you provided to us through the website to provide you with new product information or technical alerts and to keep you informed about our products, services, promotions and special offers. The processing of personal data for such direct marketing purposes is based either on your consent (Article 6(1)(a) GDPR) or in case you are a customer of Trend Micro on Article 6(1)(f) GDPR since it is carried out for the legitimate interest of Trend Micro of informing its customers of new products which is also in the interest of the customer.
You have the right at any time to withdraw your consent or to object to processing of your personal data for direct marketing purposes. Please either visit our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or address your objection to Trend Micro at the contact information stated in section O below or to our representative stated in section A above. Your withdrawal of consent or your objection, respectively, shall not affect the lawfulness of the processing before withdrawal or objection.
Trend Micro collects and processes collected personal data for the following other purposes:
- Responding to or addressing your requests, enquiries, complaints, feedback or opinion (if you are a customer of Trend Micro, processing is necessary for the performance of the contract between you and Trend Micro regarding the use of Trend Micro Products and Services pursuant to Article 6(1)(b) GDPR; if you have requests, enquiries, complaints, feedback or provide an opinion without being a customer of Trend Micro, processing is necessary for the purposes of the legitimate interests pursued by Trend Micro to address your requests, enquiries, complaints, feedback or opinion pursuant to Article 6(1)(f) GDPR)
- Improving your experience on our website (processing is necessary for the purposes of the legitimate interests pursued by Trend Micro to improve your use of our website pursuant to Article 6(1)(f) GDPR)
- Tracking customer preferences (processing is necessary for the purposes of the legitimate interests pursued by Trend Micro to improve your use of our website pursuant to Article 6(1)(f) GDPR)
- Communicating with or notifying you of, or providing you with updates of the Trend Micro Products and Services or services or benefits available or technical news (if you are a customer of Trend Micro, processing is necessary for the performance of the contract between you and Trend Micro regarding the use of Trend Micro Products and Services pursuant to Article 6(1)(b) GDPR; if you are no customer of Trend Micro such communication is based on your consent pursuant to Article 6(1)(a) GDPR)
- Awarding prizes (processing is based on your consent pursuant to Article 6(1)(a) GDPR)
- Evaluating your interest in employment in the case of employment applications submitted by you (processing is necessary for the purposes of recruitment and in order to take steps at your request prior to entering into a potential employment contract pursuant to Articles 6(1)(b), 88 GDPR and national data protection law)
- Compliance with the law and requests from government bodies (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
- Internal record keeping in accordance with tax and accounting requirements under applicable law (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
- Product and service development which is necessary for the purposes of the legitimate interests pursued by both you and Trend Micro to improve the Trend Micro Products and Services pursuant to Article 6(1)(f) GDPR)
- Market research (processing is based on your consent pursuant to Article 6(1)(a) GDPR)
In order to use certain parts of our websites we require that you provide us with some personal data as explained above. If you do not provide your personal data stated above to us, your use of those sections of our website, products and services could be restricted or impossible.
C. Sharing your personal data
Trend Micro is a global organisation and may share personal data with its affiliated companies, resellers, distributors or partners in order to provide the high quality, localised services or offers you have requested, meet your needs or provide you with customer support. Trend Micro may engage sub-contractors to provide certain services, such as providing technical support, handling order processing or shipping products, conduct customer research or satisfaction surveys. For example, if you choose to purchase a license to a Trend Micro product on our website, you will be directed to the website of one of Trend Micro’s e-commerce resellers, such as Digital River, in order to purchase the license. Trend Micro and the pertinent e-commerce reseller will need to share some of your personal data. This sharing of your personal data with resellers or distributors is necessary for the performance of the contract between you and Trend Micro regarding the use of Trend Micro Products and Services pursuant to Article 6(1)(b) GDPR. As regards our affiliated companies or our partners and sub-contractors we have entered into Binding Corporate Rules or data processing agreements with those affiliates or companies to which we transfer your personal data and which processes your personal data on our behalf.
Trend Micro requires that all contractors keep personal data of our customers secure and confidential and that they do not share such personal data with others or use your personal data for their own marketing purposes.
It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence for Trend Micro to disclose your personal data. We may also disclose personal data about you if we determine that for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate. Such disclosure is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR.
Trend Micro may also disclose personal data if we determine that disclosure is necessary to enforce our terms and conditions or protect our products or users. In addition, in the event of a reorganisation, merger or sale, we may transfer any and all personal data we collect to the relevant third party. Such disclosure or transfer of your personal data is necessary for the purposes of the legitimate interests pursued by Trend Micro to enforce our terms and conditions, to protect our products or users or to facilitate such reorganisation, merger or sale pursuant to Article 6(1)(f) GDPR.
D. Sensitive Personal Data
E. Data Retention
Trend Micro will keep your personal data for as long as you are a registered subscriber or user of our products or for as long as we have another business purpose to do so and, thereafter, for no longer than is required or permitted by law.
F. Communication Preferences
Trend Micro gives you the choice of receiving a variety of information that complements our products and services. You can manage your communication preferences and unsubscribe in one of the following ways: (a) Trend Micro promotional emails include instructions on how you can unsubscribe from that particular communication; or (b) via our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html (c) sending a message via email to email@example.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Please include your name, email address and specific relevant information about the material that you no longer wish to receive.
G. Protection and security of your personal data
As a global security leader, Trend Micro understands the importance of securing your personal data. Trend Micro has taken appropriate security measures – including administrative, technical and physical measures - to maintain and protect your personal data against loss, theft, misuse, unauthorised access, disclosure, alteration and destruction. Access to your personal data is restricted to authorised personnel only.
Where you have a password which enables you to access your account, you are responsible for keeping this password secure and confidential.
H. Transfers over the Internet to countries located outside the European Union or the EEA
Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. When we share your personal data among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate Rules or standard data protection clauses. We may also transfer your personal data to our subcontractors based in various countries in the world where we do business who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for your personal data. However, in such case the data transfer will be subject to appropriate safeguards under Art. 46 GDPR, namely standard data protection clauses. Copies of the Binding Corporate Rules and standard data protection clauses in place can be obtained by e-mail at firstname.lastname@example.org.
Trend Micro’s website, online services, interactive applications and email messages may use “cookies” and other technologies such as web beacons. Cookies are alphanumeric identifiers that Trend Micro transfers to your computer’s hard drive through your web browser to enable our systems to recognise your browser to provide services. Cookies help websites work or work more efficiently and can help provide us with business and marketing information. They also enable a website to tailor information presented to you based on your browsing preferences such as language and geographical region.
If you do not want Trend Micro to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of our products and/or services.
You can also visit http://www.coremetrics.com/company/privacy.php#optout for additional information on how to opt out of receiving marketing cookies.
J. Managing your personal data
If you participate in a Trend Micro discussion forum on our website, you should be aware that the information you provide there will be made broadly available to others, and can be read, collected or used by other users of these forums, inside or outside of Trend Micro. This information can be used to send you unsolicited messages. You are responsible for the personal data you choose to submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please be careful and responsible when you are participating in any forum or discussion group on Trend Micro websites and note that some of these forums may have additional rules and conditions. Each participant’s opinion on a forum in our website is his or her own and should not be considered as reflecting the opinion of Trend Micro. Trend Micro is not responsible for the personal data or any other information you choose to submit in these forums.
K. Third-Party websites, products and services
L. Your Rights
Under the GDPR you have certain data protection rights. These are briefly explained below. If you wish to contact us in relation to those rights, please see the contact information at section O below. We will endeavour to assist you where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.
Right to rectification of your personal data pursuant to Article 16 GDPR - You have the right to request that any inaccurate personal data held by or on behalf of Trend Micro is corrected.
Right to access your personal data pursuant to Article 15 GDPR – You have the right to access your personal data held by Trend Micro. Please note that before we are able to respond to your request we may ask you to verify your identity and to provide further details about your request. We will endeavour to respond without undue delay and, in any event, within the timescales required by law.
Right to data portability pursuant to Article 20 GDPR – You have the right to receive personal data you have provided to us or to ask us to transfer it to another company.
Right to erasure (or "right to be forgotten") pursuant to Article 17 GDPR – You have the right to request that Trend Micro delete all of the personal data that we hold about you.
Right to restrict processing pursuant to Article 18 GDPR – You have the right to restrict Trend Micro from processing your personal data, where: (1) you believe that the personal data held by us about you is not accurate, until we can verify the accuracy of such personal data; (2) you believe that the processing of your personal data is unlawful; (3) you believe that we no longer have any reason to process your personal data, except for the purposes of establishing, exercising or defending legal claims; or (4) you object to the processing as described below, unless and until we can establish that we have overriding legitimate grounds to continue processing your personal data. In these circumstances we will restrict use of your personal data during the review period.
Right to object to processing pursuant to Article 21 GDPR – You have the right to ask Trend Micro to stop processing your personal data for direct marketing purposes or other purposes on grounds relating to your particular situation, if processing of your personal data is based on point (e) – processing is necessary for the performance of a task carried out in the public interest – or (f) – processing is necessary for the purposes of the legitimate interests pursued by Trend Micro or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data – of Article 6(1) GDPR.
Right to withdraw consent – If we are relying on your consent to use and process your personal data, you are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
For exercising any of your rights, please contact Trend Micro at the contact information stated in section O below or our representative stated in section A above.
Trend Micro does not knowingly collect personal data from children under the age of 16. If we learn that we have collected the personal data of a child under the age of 16, Trend Micro will promptly delete such personal data.
O. Trend Micro contact information and inquiries
P. Rights to complain to the Data Protection Authority
If you have a complaint or concerns about how we are processing your personal data or if you consider that the processing of your personal data by Trend Micro infringes the GDPR then we will endeavor to address such concerns. However, if you would like to direct your complaint/concerns to a Data Protection Authority, you have such right under Article 77 GDPR.