Privacy notice for our Website and Products (English)

TREND MICRO GLOBAL PRIVACY NOTICE FOR OUR WEBSITE AND PRODUCTS

(March 1, 2022)

Trend Micro Incorporated and its subsidiaries and affiliates (collectively, "Trend Micro" or "we") provides this Privacy Notice to help you understand the types of personal information that you provide to Trend Micro, what we do with that information and how we protect that information. We are committed to protecting your privacy and ensuring you have a positive experience on our websites ("Website") and in using the Trend Micro Products (which includes related services such as support) that our customers ("Customers") sign up for

This Privacy Notice covers personal information we collect in connection with our:

1.    Websites (Part 1)

2.    Products (Part 2)

3.    Prospects (Part 3)

Contents

We've listed the contents of each Part of our Privacy Notice below. If you want more information on a particular section, just click on the link in the contents list to jump directly to of that section.

· Websites Part 1: Contents

A. What information is processed by Trend Micro when using our Websites and how is it used by Trend Micro?

B. Legal basis for processing (EEA or UK only)

C. Sharing personal information

D. Transfers over the internet to countries located outside the  EEA or UK (EEA/UKonly)

E. Data Retention

F. Protection and security of personal information

G. Managing Personal Information

H. Third-party websites

I. Communication preferences

J. EEA/UK data protection rights (EEA/UK only)

K. Controller (EEA/UK only)

L. Contact and Data Protection Officer

 

· Products Part 2: Contents

A. What information is processed by Trend Micro when using our Products and how is it used by Trend Micro?

B. Legal basis for processing (EEA or UK only)

C. Sharing personal information

D. Transfers over the internet to countries located outside the EEA or UK (EEA/UK individuals only)

E. Data Retention

F. Protection and security of personal information

G. Communication preferences

H. EEA/UK data protection rights (EEA/UK only)

I. Controller (EEA/UK only)

J. Contact and Data Protection Officer

 

 

· Prospects Part 3: Contents

A. What information is processed by Trend Micro, how is it used by Trend Micro and why?

B. Legal basis for processing (EEA or UK only)

C. Sharing personal information

D. Transfers over the internet to countries located outside the EEA or UK (EEA/UK only)

E. Data Retention

F. Protection and security of personal information

G. Communication preferences

H. EEA/UK data protection rights (EEA/UK only)

I. Controller (EEA/UK only)

J. Contact and Data Protection Officer

 

·       Changes to the Trend Micro Privacy Notice

This Privacy Notice was last updated on March 1, 2022. Trend Micro will occasionally update this Privacy Notice to reflect changes in our Products and Customer feedback. When we make changes to the Privacy Notice, we will revise the date at the top of the Privacy Notice. If there are material changes to this Privacy Notice or in how we will use your personal information or where we intend to further process your personal information for a purpose other than that for which the personal information were collected, we will notify either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification.

 

1.         PRIVACY FOR OUR WEBSITES

This Part 1 of the Notice covers the personal information collected regarding visitors to our Website. We identify below subsections that are only applicable for the European Economic Area ("EEA") or United Kingdom ("UK").

This Part 1 covers, in relation to our Websites:

 

 

A. What information is processed by Trend Micro when using our Websites and how is it used by Trend Micro?

Information that is actively provided

Trend Micro collects personal information in many ways: when visitors download free evaluation software or upgrades, when visitors register online, when visitors contact Trend Micro through our “Contact Us” link on our Website, when visitors participate in a campaign or a website forum or referral promotions, when individuals register for or otherwise participate in a competition, when visitors request online a quote or technical support, when visitors cause information or data to be sent to Trend Micro as part of the Products, when visitors subscribe online to Trend Micro newsletters or receive Product updates or technical online alerts, when visitors enter an online contest, giveaway, promotion or special offer, when visitors provide us with feedback online, or when visitors apply for a job online with Trend Micro.

Where visitors visit our Websites and wish to download content, take part in a competition, purchase product or request information, visitors may be requested to provide details as follows:


If visitors do not provide their personal information stated above to us, their use of those sections of our Websites could be restricted or impossible.

Trend Micro does neither wish to receive nor need any sensitive personal information, i.e. personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation, or personal information relating to criminal convictions or offences.

Where minors participate in competitions, we ask for the consent of their parent or legal guardian where they are under a certain age (varying based on their country) as set out above. Other than for such competitions, Trend Micro does not knowingly collect personal information from minors under the age of 16. If we learn that we have collected the personal information of a minor under the age of 16, Trend Micro will promptly delete such personal information.

Information that is collected automatically

Trend Micro'sWebsite, certain Products, interactive applications and email messages may use "cookies" and other technologies such as web beacons to collect certain information automatically from visitors' device. This may also include cookies placed by third parties in addition to Trend Micro. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

The information we collect automatically may include information like visitors' IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how a visitor's device has interacted with our Website, including the pages accessed and links clicked. 

Trend Micro also collects log files of traffic that visit our Website. These log files may include information such as a visitor's Internet Protocol (IP) address, browser information and language, domain name, date and time of request. We use this information to track aggregate traffic patterns throughout our websites. Trend Micro may collect and retain for a certain period IP address information of Customers in order to provide technical support, obtain geo-location information, for subscription and registration purposes and to secure our networks and systems. To the extent that IP addresses or similar identifiers are considered personal information by applicable data protection law, we treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of our Privacy Notice.

For more information on the technologies used and to learn how to manage cookie preferences, please see Trend Micro’s Website “Cookie Notice” at trendmicro.com/cookie-notice.

How does Trend Micro use personal information?

Trend Micro Websites collect personal information to provide downloads of free evaluation software or upgrades, newsletters, respond to requests for contact, downloads of whitepapers and to provide its Products and support to its Customers and allow a visitor to register.

We may further use and process personal information provided to us through our Websites such as by visitors completing contact or information request forms to provide visitors with new Product information or technical alerts and keep visitors informed about our Products, promotions and special offers.

Cookies and other tracking technologies are used on our Website and in our Products for a variety of reasons including to better understand visitor and Customer behaviour and improving our Products and advertising.

We also collect and process personal information for the following other purposes:

 

B. Legal basis for processing (EEA or UK only)

We will only collect and process personal information of visitors to ourWebsite if we have a lawful basis to do so, for reasons explained in this Notice. We may process information that we have collected for legal bases including:

 

C. Sharing personal information

Trend Micro is a global organization and may share personal information with its affiliated companies, distributors or partners in order to provide the high quality, localized Products or offers or competition services visitors have requested, meet their needs or provide visitors with Customer support. Trend Micro may engage contractors to provide certain services in connection with Products, such as providing technical support, handling order processing or shipping Products, marketing, hosting and conducting Customer research or satisfaction surveys.

For example, if visitors choose to purchase a license to a Trend Micro Product on our Website, visitors will be directed to the website of one of Trend Micro’s e-commerce partner, such as Digital River, in order to purchase the license. Trend Micro and the pertinent e-commerce partner will need to share some personal information.

Trend Micro requires that all contractors keep personal information of our visitors secure and confidential and that they do not share such personal information with others or use it for their own marketing purposes.

It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities within or outside visitors' country of residence for Trend Micro to disclose visitors' personal information. We may also disclose personal information about visitors if we determine that for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate.

Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products or visitors. In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to the relevant third party.

D. Transfers over the internet to countries located outside the EEA or UK (EEA/UK only)

Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process visitors' personal information outside the country in which visitors are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share visitors' personal information among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate Rules or EU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

We may also transfer visitors' personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for visitors' personal information. However, in such cases the data transfer will be subject to appropriate safeguards, namely the EU Standard Contractual Clauses.

E. Data retention

Trend Micro will keep visitors' personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide a service a visitor has requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process visitors' personal information, we will either delete or pseudonymize it or, if this is not possible (for example, because visitors' personal information has been stored in backup archives), then we will securely store that personal information until deletion is possible.

F. Protection and security of personal information

As a global security leader, Trend Micro understands the importance of securing and protecting visitors' personal information. Trend Micro has taken appropriate security measures – including administrative, technical (e,g, encryption, hashing, etc.) and physical measures - to maintain and protect visitors' personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to visitors' personal information is restricted to authorized personnel only.

G. Managing own personal information

If visitors participate in a Trend Micro discussion forum or a Trend Micro competition that publishes entries online on our Website, visitors should be aware that the information visitors provide there will be made broadly available to others, and can be read (or watched), collected or used by other users of these forums/competition pages, inside or outside of Trend Micro. This information can be used to send individuals unsolicited messages. Visitors are responsible for the personal information visitors choose to submit in these instances. For example, if visitors list their name and email address in a forum posting, that information is public. Visitors should be careful and responsible when participating in any forum or discussion group or public competition on Trend Micro's Website and note that some of these forums or competitions may have additional rules and conditions. Each participant’s opinion on a forum or competition in our Website is his or her own and should not be considered as reflecting the opinion of Trend Micro. Trend Micro is not responsible for the personal information or any other information visitors choose to submit in these forums or competitions.

Where visitors have a password which enables them to access their account, they are responsible for keeping this password secure and confidential.

H. Third-party websites

Trend Micro’s Website contains a number of links to websites of Trend Micro business partners or to co-branded websites that are maintained by Trend Micro and one or more of our business partners who are collecting visitors' personal information pursuant to their own policies and purposes. Visitors should carefully read the privacy policies on such websites or co-branded websites as they may differ from Trend Micro’s Privacy Notice, especially as personal information collected on such websites are governed by the pertinent privacy policies. Trend Micro is not responsible for the content, their Products or privacy practices or misuse of any information visitors provide on those websites.

I. Communication preferences

Trend Micro gives visitors the choice of receiving a variety of information that complements our Products. Visitors can manage their communication preferences and unsubscribe in one of the following ways:

If visitors are based outside the EEA/UK: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Incorporated, c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Visitors should include their name, email address and specific relevant information about the material that they no longer wish to receive.

If visitors are based in the EEA/UK: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) if visitors are an Enterprise Customer they may unsubscribe via our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or (c) if visitors are consumer customers they may unsubscribe via the “My Account” https://www.trendsecure.com/my_account/signin/login or (d) unsubscribe by sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Visitors should include their name, email address and specific relevant information about the material that they no longer wish to receive.

 

J. EEA/UK data protection rights (EEA/UK only)

Visitors to Trend Micro's European Website and visitors located in the EEA or UK have certain data protection rights under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) or the GDPR as it is saved and incorporated into UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (and "GDPR" is used to refer to either or both these laws). These are briefly explained below. If visitors wish to contact us in relation to those rights, please see the contact information at section 1.L below. We will endeavour to assist visitors where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.

· Right to rectification of personal information - Visitors have the right to request that any inaccurate personal information held by or on behalf of Trend Micro is corrected.

· Right to access personal information– Visitors have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask visitors to verify their identity and to provide further details about their request. We will endeavour to respond without undue delay and, in any event, within the timescales required by law.

· Right to data portability– Visitors have the right to receive personal information they have provided to us or to ask us to transfer it to another company.

· Right to erasure (or "right to be forgotten")– Visitors have the right to request that Trend Micro delete all of the personal information that we hold about them.

· Right to restrict processing– Visitors have the right to restrict Trend Micro from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of these visitors' personal information during the review period.

· Right to object to processing– Visitors have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.

· Right to withdraw consent – If we are relying on visitors consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

· Right to make a complaint to a Data Protection Authority - If visitors have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.

· If visitors have any questions, comments or concerns regarding this Privacy Notice or if visitors would like to change their communication preferences, update or review personal information we have about them or if visitors exercise a right to object, if visitors withdraw a consent they have given, or if visitors exercise any of their rights stated in this section, they can contact us using the EEA/UK contact information at section 1.L below. Visitors can also withdraw their consent or to object to processing of their personal information for direct marketing purposes by (for Enterprise Customers) visiting our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html, or (for consumer customers) via their My Account: https://www.trendsecure.com/my_account/signin/login.

K. Controller [EEA/UK only]

Where the EU General Data Protection Regulation ("GDPR") or similar UK law applies, we must identify who the data controller is. When visitors are located inside the EEA or UK, Trend Micro EMEA Limited is the data controller of personal information that is collected through their use of our Website.

L. Contact and Data Protection Officer

· If visitors are based outside the EEA/UK, if they have any questions, requests, comments or concerns regarding this Privacy Notice, they can contact us using the details below:

Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
Texas 75062 USA
E-Mail: legal_notice@trendmicro.com

· If visitors are based inside the EEA or UK, the contact details of the data protection officers designated by Trend Micro are:

GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
E-Mail: gdpr@trendmicro.com

For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Harald Eul
Auf der Höhe 34
50321 Brühl
Deutschland
E-Mail: Datenschutz-TrendMicro@he-c.de

2. PRIVACY FOR USERS OF OUR PRODUCTS

This Part 2 of the Notice covers the personal information of individuals (users) collected when signing up for or using Trend Micro's Products

 

A. What information is processed by Trend Micro when using our Products and how is it used by Trend Micro?

Upon ordering, purchasing, installing, activating or using our Products, we receive personal information such as:


We use this personal information to ensure that the relevant Customer's license to our solutions is valid and to contact our Customers regarding renewals, technical issues and new Product information.

The types of information and personal information that may be processed when using and interacting with our Products, including Customer support, include the following. The specific information and personal information that is processed will depend on the particular Product used.

These types of information and personal information enables users to participate, share and leverage Trend Micro's global database of threat related intelligence to rapidly identify and defend against potential threats within each Customer's unique network environment, as described in more detail below, as well as enabling us to provide any support requested. You can find further details of the types of data that Trend Micro products collect, what this data is used for and detailed instructions on how to disable the specific features that feedback data to Trend Micro in the Privacy and Personal Data Collection Disclosure.[LINK/URL: https://success.trendmicro.com/data-collection-disclosure]

Security and threat detection functions relating to our Products and functions includes:


We may also use personal information for other business purposes, including:

 

Information that we obtain from third party sources

From time to time, we may receive personal information from third party sources such as distributors/ reseller or partners. The types of information we receive from these third parties includes contact information such as email addresses and telephone numbers and we use the information we receive from these third parties to contact individuals in relation to our products.

B. Legal basis for processing (EEA/UK individuals only)

We will only collect and process user personal information if we have a lawful basis to do so, for reasons explained in this Notice.

Products-related:

Many of our Products require an online account to be set up and purchases completed. The information collected and used by us at these points is necessary to provide the Products and support Customers expect from Trend Micro. In connection with Products, we may use personal information to renew or terminate a Customer's subscription or to complete a transaction or confirm or complete an order or offer. This processing of personal information is necessary for the conclusion and/or performance of the contract between the Customer and Trend Micro regarding the use of our Products and support and is in the Customer and Trend Micro's legitimate interests for the same reason.

We use and process personal information to ensure that the Customer's license to our solutions is valid and to contact Customers regarding renewals and contractual and technical issues. This processing is necessary for the performance of the contract between the Customer and Trend Micro regarding the use of our Products; and/or our legitimate interest in providing and improving our Products.

Where we use personal information provided through our Products to support Customers' network and information security, this processing is necessary for the performance of the contract between the Customer and Trend Micro and/or for the legitimate interest of the Customer in ensuring network and information security and our legitimate interest in providing and improving our Products.

Direct Marketing:

Where we use and process personal information provided to us on account registration and/or Product purchase/installation/activation to provide our Customers with new Product information or technical alerts and to keep Customers informed about our Products, promotions and special offers, the processing of personal information for such direct marketing purposes is based either on consent or legitimate interest grounds.

Other Purposes:

Where Trend Micro processes personal information for other purposes set out in this Privacy Notice, we rely on various legal bases:

 

C. Sharing personal information

Trend Micro is a global organization and may share personal information with its affiliated companies, resellers, distributors, vendors, service providers or partners in order to provide the high quality, localized Products or offers that Customers have requested, and/or to meet Customer needs or provide support. Trend Micro may engage contractors to provide certain services in connection with Products, such as providing technical support, hosting cloud services, handling order processing or shipping Products, conduct Customer research or satisfaction surveys. For example, if a Customer chooses to purchase a license to a TrendMicro Product on ourWebsite, the Customer will be directed to the website of one of Trend Micro’s e-commerce resellers, such as Digital River, in order to purchase the license. Trend Micro and the pertinent e-commerce reseller will need to share some personal information to complete the purchase.

Trend Micro requires that all contractors keep personal information of our Customers secure and confidential and that they do not share such personal information with others.

It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities in any country, region or territory where Trend Micro operates, or from international or inter-governmental authorities or organisations, for Trend Micro to disclose personal information received in relation to the registration and/or use of our Products, in particular malicious or suspicious IP addresses, URLs, email addresses and/or domain names. We may also disclose such personal information if we determine that, for purposes of national security, law enforcement or other issues of national, regional or international public importance, disclosure is necessary or appropriate.

Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products or their users. In addition, in the event of a reorganization, merger or sale, we may disclose and transfer any and all personal information we collect to the relevant third party.

D. Transfers over the internet to countries located outside the EEA or UK (EEA/UK individuals only)

Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process user's personal information outside the country in which they are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share personal information among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate Rules or EU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.

We may also transfer personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for personal information. However, in such case the data transfer will be subject to appropriate safeguards, namely the EU Standard Contractual Clauses.

E. Data retention

Trend Micro will keep personal information relating to the registration and use of our Products for as long as the relevant Customer remains a registered subscriber or for as long as we have another legitimate business purpose to do so and, thereafter, for no longer than is required or permitted by law. When we have no ongoing legitimate business need to process such personal information, we will either delete or pseudonymize it or, if this is not possible (for example, because the personal information has been stored in backup archives), then we will securely store the personal information until deletion is possible.

F. Protection and security of personal information

As a global security leader, Trend Micro understands the importance of securing and protecting personal information. Trend Micro has taken appropriate security measures – including administrative, technical (e.g. encryption, hashing, etc.) and physical measures - to maintain and protect personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to personal information relating to the registration and use of our Products is restricted to authorized personnel only.

Where a Customer has a password to enable access to the Customer's account, the Customer is responsible for keeping this password secure and confidential.

G. Communication preferences

Trend Micro gives individuals the choice of receiving a variety of information that complements our Products. Communication preferences can be managed, including terminating subscriptions or future communications, in one of the following ways:

Individuals based outside the EEA/UK: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Inc., c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Please include the name, email address and specific relevant information about the material which should no longer be sent out.

Individuals based in the EEA/UK: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) for enterprise customers unsubscribe via our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or (c) for consumer customers unsubscribe via the “My Account” https://www.trendsecure.com/my_account/signin/login or (d) unsubscribe by sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Please include name, email address and specific relevant information about the material/correspondence that should no longer be sent out.

 

H. EEA/UK data protection rights (EEA/UK individuals only)

Individuals in the EEA/UK, under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) or the GDPR as it is saved and incorporated into UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (and "GDPR" is used to refer to either or both these laws) have certain data protection rights. These are briefly explained below. To contact us in relation to those rights, please see the contact information in section 2.J below. We will endeavour to assist where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.

· Right to rectification of personal information - EEA/UK individuals have the right to request that any inaccurate personal information about them held by or on behalf of Trend Micro is corrected.

· Right to access personal information – EEA/UK individuals have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask to verify the requestor's identity and for further details about the request. We will endeavour to respond without undue delay and, in any event, within the timescales required by law.

· Right to data portability – EEA/UK individuals have the right to receive personal information they have provided to us or to ask us to transfer it to another company.

· Right to erasure (or "right to be forgotten") – EEA/UK individuals have the right to request that Trend Micro delete all of the personal information that we hold about them.

· Right to restrict processing – EEA/UK individuals have the right to restrict Trend Micro from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of the requestor's personal information during the review period.

· Right to object to processing – EEA/UK individuals have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.

· Right to withdraw consent – If we are relying on EEA/UK individuals' consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

· Right to make a complaint to a Data Protection Authority - If EEA/UK individuals have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.

If EEA/UK individuals have any questions, comments or concerns regarding this Privacy Notice or would like to change their communication preferences, update or review personal information we have about them or if they exercise a right to object, if they withdraw a consent they have given, or if they exercise any of the rights stated in this section, please contact us using the EEA/UK contact information in section 2.J below. Enterprise Users can also withdraw their consent or to object to processing of their personal information for direct marketing purposes by visiting our Preference Centre https://resources.trendmicro.com/MyPreferenceCentre-en_GB.html or Consumers via their My Account: https://www.trendsecure.com/my_account/signin/login.

I. Controller (EEA/UK individuals only)

Trend Micro Ireland Limited, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland is the data controller of personal information that is collected through use of our Products signed up for by EEA/UK Customers.

J. Contact and Data Protection Officer

· Individuals based outside the EEA/UK, with any questions, requests, comments or concerns regarding this Privacy Notice, can contact us using the details below:

Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
Texas
75062 USA
E-Mail: legal_notice@trendmicro.com

· For individuals based inside the EEA/UK, the contact details of the data protection officers designated by Trend Micro are:

GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
E-Mail: gdpr@trendmicro.com

For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Harald Eul
Auf der Höhe 34
50321 Brühl Deutschland
E-Mail: Datenschutz-TrendMicro@he-c.de

3.  PRIVACY IN RELATION TO PROSPECTS

This Part 3 of the Notice covers the personal information collected regarding individuals who attend events, individuals who provide us with their business contact information, individuals who contact us with enquiries and other individuals that we send marketing to (“Prospects”). We identify below subsections that are only applicable for the European Economic Area ("EEA") or United Kingdom ("UK").

This Part 3 covers, in relation to Prospects:

 

A. What information is processed by Trend Micro, how is it used by Trend Micro and why?

Information that is actively provided

Trend Micro collects personal information in many ways, such as when Prospects: register to attend one of our events, provide us with their business card information or when they request to receive information from us.

The personal information can include:

· Contact details including name, telephone numbers, email address and postal address;

· Where relevant employer and employment information such as job title, function, seniority, department, and the address/country/city of the individual's office; and

· Contact's preferences and interests, for instance which newsletters they would like to be subscribed to or what products they are interested in.

Trend Micro collects this information in order to:

· respond to correspondence and enquiries Prospects send us;

· to provide events and other services requested by Prospects or their employer;

· obtain Prospects' feedback;

· send Prospects tailored information on our Products that may be of interest to them; and

· tailor and develop our Products to ensure they are as relevant as possible.

Trend Micro does neither wish to receive nor need any sensitive personal information, i.e. personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation, or personal information relating to criminal convictions or offences.

Trend Micro does not knowingly collect personal information from children under the age of 16. If we learn that we have collected the personal information of a child under the age of 16, Trend Micro will promptly delete such personal information.

Information that is collected automatically

Trend Micro's email messages may use technologies such as web beacons to collect certain information automatically from individuals' devices. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

The information we collect automatically may include information like individuals' IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. 

To the extent that IP addresses or similar identifiers are considered personal information by applicable data protection law, we treat these identifiers as personal information. Similarly, to the extent that non- personal information is combined with personal information, we treat the combined information as personal information for the purposes of our Privacy Notice.

For more information on the technologies used and to learn how to manage cookie preferences, please see Trend Micro’s “Cookie Notice” at trendmicro.com/cookie-notice.

Information that we obtain from third party sources

From time to time, we may receive personal information from third party sources such as lead generating companies, event hosting companies and employers of individuals who for example, wish their employees/ individuals to attend our events.

The types of information we receive from third parties include: name, email address, contact details (and where appropriate employment details). We use the information we receive from these third parties for lead generation/ marketing purposes, to enable us to send Prospects tailored information on our Products (including events) that may be of interest to them and to tailor and develop our Products.

B. Legal basis for processing (EEA/UK only)

We will only collect and process personal information of Prospects if we have a lawful basis to do so, for reasons explained in this Notice. We may process information that we have collected for legal bases including:

 

C. Sharing personal information

Trend Micro is a global organization and may share personal information with its affiliated companies, distributors, vendors or partners in order to provide the high quality, localized Products or offers Prospects have requested, meet their needs or provide Prospects with support. Trend Micro may engage contractors to provide certain services, such as providing technical support, marketing, and conducting research or satisfaction surveys.

Trend Micro requires that all contractors keep personal information of Prospects secure and confidential and that they do not share such personal information with others or use it for their own marketing purposes.

It may be necessary by law, legal process, litigation and/or requests from public and governmental authorities within or outside Prospects' country of residence for Trend Micro to disclose Prospects' personal information. We may also disclose personal information about Prospects if we determine that for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate.

Trend Micro may also disclose personal information if we determine that disclosure is necessary to enforce our terms and conditions or protect our Products or Prospects. In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to the relevant third party.  

D. Transfers over the internet to countries located outside the EEA/UK (EEA/UK only)

Trend Micro is a global organisation, with affiliated legal entities, business processes, management structures, and technical systems that cross borders. We may process Prospects' personal information outside the country in which Prospects are located, including at data centers in the United States as well as other locations operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro. When we share Prospects' personal information among Trend Micro affiliates globally, we will do this on the basis of Binding Corporate RulesEU Standard Contractual Clauses available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.  

We may also transfer Prospects' personal information to our contractors based in various countries in the world where we do business, who carry out data processing on behalf of Trend Micro. Some of these countries may provide less legal protection than others for Prospects' personal information. However, in such case the data transfer will be subject to appropriate safeguards, namely the EU Standard Contractual Clauses.

E. Data retention

Trend Micro will keep Prospects' personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide a service or information that Prospects have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process Prospects' personal information, we will either delete or pseudonymize it or, if this is not possible (for example, because Prospects' personal information has been stored in backup archives), then we will securely store that personal information until deletion is possible.

F. Protection and security of personal information

As a global security leader, Trend Micro understands the importance of securing Prospects' personal information. Trend Micro has taken appropriate security measures – including administrative, technical and physical measures - to maintain and protect Prospects' personal information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Access to Prospects' personal information is restricted to authorized personnel only.

G. Communication preferences

Trend Micro gives individuals the choice of receiving a variety of information about our Products. Individuals can manage their communication preferences and unsubscribe in one of the following ways:  

If Individuals are based outside the EEA/UK: please email legal_notice@trendmicro.com or send a letter to Trend Micro Privacy Program, Trend Micro Inc, c/o Legal Department, 225 East John Carpenter Freeway, Suite 1500, Irving, TX 75062, USA. Individuals should include their name, email address and specific relevant information about the material that they no longer wish to receive.

If Prospects are based in the EEA/UK: (a) Trend Micro promotional emails include instructions on how to unsubscribe from that particular communication; or (b) sending a message via email to gdpr@trendmicro.com or via mail to Trend Micro EMEA Limited, c/o Data Protection Officer, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland. Prospects should include their name, email address and specific relevant information about the material that they no longer wish to receive.  

H. EEA/UK data protection rights (EEA/UK only)

Prospects located in the EEA/UK have certain data protection rights under the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) or the GDPR as it is saved and incorporated into UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (and "GDPR" is used to refer to either or both these laws). These are briefly explained below. If Prospects wish to contact us in relation to those rights, please see the contact information at section 3.J below. We will endeavour to assist Prospects where reasonably possible but please note that these rights may not apply in all circumstances and exceptions exist under the GDPR or applicable national law.

· Right to rectification of personal information  Prospects have the right to request that any inaccurate personal information held by or on behalf of Trend Micro is corrected.

· Right to access personal information – Prospects have the right to access their personal information held by Trend Micro. Please note that before we are able to respond to a request, we may ask Prospects to verify their identity and to provide further details about their request.

We will endeavour to respond without undue delay and, in any event, within the timescales required by law

· Right to data portability – Prospects have the right to receive personal information they have provided to us or to ask us to transfer it to another company.

· Right to erasure (or "right to be forgotten") – Prospects have the right to request that Trend Micro delete all of the personal information that we hold about them.

· Right to restrict processing – Prospects have the right to restrict Prospects from processing their personal information, where: (1) they believe that the personal information held by us about them is not accurate; (2) they believe that the processing of their personal information is unlawful; (3) they believe that we no longer have any reason to process their personal information; or (4) they object to the processing as described below. In these circumstances we will restrict use of these Prospects' personal information during the review period.

· Right to object to processing – Prospects have the right to ask Trend Micro to stop processing their personal information for direct marketing purposes or other purposes on grounds relating to their particular situation.

· Right to withdraw consent – If we are relying on Prospects' consent to use and process their personal information, they are free to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

· Right to make a complaint to a Data Protection Authority – If Prospects have a complaint or concerns about how we are processing their personal information or if they consider that the processing of their personal information by Trend Micro infringes the GDPR, then we will endeavor to address such concerns. However, if they would like to direct their complaint/concerns to a Data Protection Authority, they have such right under the GDPR.

· If Prospects have any questions, comments or concerns regarding this Privacy Notice or if Prospects would like to change their communication preferences, update or review personal information we have about them or if Prospects exercise a right to object, if Prospects withdraw a consent they have given, or if Prospects exercise any of their rights stated in this section, they can contact us using the EEA/UK contact information at section 3.J below.

I. Controller (EEA/UK only)

Where the EU General Data Protection Regulation ("GDPR") or similar UK applies, we must identify who the data controller is. Where Prospects' personal information is collected for Trend Micro EMEA Limited's purposes, Trend Micro EMEA Limited is the data controller of Prospects' personal information.

J. Contact and Data Protection Officer

· If Prospects are based outside the EEA/UK, if they have any questions, requests, comments or concerns regarding this Privacy Notice, they can contact us using the details below:

Trend Micro Privacy Program
Trend Micro Incorporated
c/o Legal Department
225 East John Carpenter Freeway
Suite 1500
Irving
Texas
75062 USA
E-Mail: legal_notice@trendmicro.com

· If Prospects are based inside the EEA/UK, the contact details of the data protection officers designated by Trend Micro are:

GDPR DPO:
Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
E-Mail: gdpr@trendmicro.com

For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Harald Eul
Auf der Höhe 34
50321 Brühl
Deutschland
E-Mail: Datenschutz-TrendMicro@he-c.de