Privacy Policy for Trend Micro Products and Services for the European Union, the European Economic Area (EEA) and the United Kingdom (March 2018 )

Effective March 2018 (any references to the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”) shall only apply as from 25 May 2018)

Trend Micro EMEA Limited, Median House, IDA Business and Technology Park, Model Farm Road, Cork, Ireland ("Trend Micro" or "we") provides this Privacy Policy to help you understand the types of personal data that you provide to Trend Micro, what we do with that personal data and how we protect that personal data when you use Trend Micro’s products and services, as well as your rights with respect to our processing of your personal data.

Trend Micro is the controller in the meaning of the General Data Protection Regulation of the European Union of 27 April 2016 (“GDPR”). Trend Micro is the representative for the European Union, the EEA and the United Kingdom (“representative”) who represents Trend Micro with regard to its obligations under the GDPR.

The contact details of the data protection officers designated by Trend Micro for the countries to which this Privacy Policy applies, where applicable, are:

Trend Micro (EMEA) Limited
Lianne Harcup
Median House
IDA Business & Technology Park
Model Farm Road
Cork
Ireland
Telephone: +44 203 54 93 304
E-Mail: gdpr@trendmicro.com

For Trend Micro Deutschland GmbH:
HEC Harald Eul Consulting GmbH
Harald Eul
Auf der Höhe 34
D-50321 Brühl
Germany
Telephone: +49 2232 200 879
E-Mail: H.Eul@HE-C.de

Description of the product/service

With Trend Micro products and services, you can increase the protection for your digital data from hackers, spammers, spyware, malware and other online threats. Because of the fast and constant evolving nature of online threats and malware, it is necessary to configure our products and services to constantly provide data and information from your devices to enable us to stay ahead of malicious activities and protect your devices and data. This data and information can also include personal data.

What personal data do you provide?

Product license data
When you install and activate our products, you provide personal data such as your:

  • name
  • phone number
  • email address
  • device ID
  • operating system
  • license key

We use and process this personal data to ensure that your license to our solutions is valid and to contact you regarding renewals and contractual and technical issues. This processing is necessary for the performance of the contract between you and Trend Micro regarding the use of our products and services pursuant to Article 6(1)(b) GDPR.

We may also use and process this personal data to provide you with new product information and to keep you informed about our products, services and promotions. The processing of personal data for such direct marketing purposes is based on Article 6(1)(f) GDPR since it is carried out for the legitimate interest of Trend Micro of informing its customers of new products which is also in the interest of the customer.

You have the right to object at any time to processing of your personal data for direct marketing purposes. Please address your objection to Trend Micro at the contact information stated below or to our representative stated above.

Information and personal data for using and interacting with Trend Micro’s products and services

You provide the following types of information and personal data when you use and interact with our products and services, including customer support. The specific information and personal data that you provide will depend on the particular product or services used. Providing these types of information and personal data enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment, as described in more detail below as well as enabling us to provide support that you request.

  • Product information, such as MAC address, device ID
  • Public IP address of the user’s gateway to the Internet
  • Mobile/PC environment
  • Metadata from suspicious executable files
  • URLs, Domains and IP addresses of websites visited
  • Metadata of client/device managed by gateway product
  • Application behaviors
  • Information from suspicious e-mail, including sender and receiver email address, and attachments
  • Detected malicious file information
  • Detected malicious network connection information
  • Debug Logs
  • Network Architecture/Topology
  • Screen capture of errors

 

How does Trend Micro use the personal data that you provide to us?

Our products use the personal data that you provide to perform security and threat detection related services and functions such as:

  • Analyze data sent to/from your device(s) to isolate and identify threats, vulnerabilities, suspicious activity, and attacks;
  • Assess the reputation of a device or file to advise you on whether access should be granted;
  • Analyze email to protect against spam and other suspicious content;
  • Virus protection;
  • Intrusion detection, prevention, and protection;
  • Threat prevention and prediction;
  • Network defense;
  • Identify sources and methods of targeted attacks
  • Deliver updated protection against malicious threats

 

The services and products of Trend Micro will support you to ensure your network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems. This could, for example, include preventing unauthorized access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems. The processing of personal data stated above provided by you to Trend Micro through the services and products of Trend Micro is necessary for the purposes of those legitimate interests pursued by both you and Trend Micro and thus lawful pursuant to Article 6(1)(f) GDPR.

We may use information that you provide to us for other business purposes, including

  • Internal record keeping in accordance with tax and accounting requirements under applicable law (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
  • Compliance with the law and requests from government bodies (processing is necessary for compliance with a legal obligation of Trend Micro pursuant to Article 6(1)(c) GDPR)
  • Product and service development which is necessary for the purposes of the legitimate interests pursued by both you and Trend Micro to improve our products and services provided to you pursuant to Article 6(1)(f) GDPR
  • Provide customer support, manage subscriptions, and respond to requests, questions, and comments (processing is necessary for the performance of a contract between Trend Micro and you pursuant to Article 6(1)(b) GDPR)

 

All the personal data stated above are necessary to enter into the contract with Trend Micro and to use Trend Micro’s products and services so that you are obliged to provide such personal data, otherwise, we can neither perform our contract with you nor provide our products and services to you. How do we protect your personal data?

We use appropriate administrative, organizational, technical, and physical safeguards, including access controls, premise security measures, secure data destruction and incident response plans to protect the personal data that you provide to us. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Where do we process your personal data?

We may process your personal data at data centers in the United States as well as other locations around the world operated by Trend Micro, affiliates of Trend Micro or data processors engaged by Trend Micro who carry out data processing on behalf of Trend Micro. When you connect to our services, you may be sending your information outside your country to a jurisdiction that may not provide equivalent levels of data protection as your home jurisdiction. However, in such case the data transfer will be subject to appropriate safeguards under Art. 46 GDPR, namely standard data protection clauses. Copies of the standard data protection clauses can be obtained by e-mail at gdpr@trendmicro.com.

Data retention

We will keep personal data that you provide to us for as long as you are a registered subscriber or user of our products or for as long as we have another business purpose to do so and, thereafter, for no longer than is required or permitted by law. How do we share your personal data?

We do not share personal data that you provide to us, except with service providers that help us perform and improve services for you which we engage as subcontractors; with your consent; as necessary to perform our contractual obligations to you; if necessary to protect your, our and others' rights and interests; in connection with a sale or reorganization of our business, if and to the extent permissible by the GDPR and applicable law and as required to cooperate with any legal process and any law enforcement or other government inquiry. This means that we may provide information that we collect from you if that information is relevant to a court subpoena or to a law enforcement authority or other government investigation, provided this is permissible under the GDPR and applicable data protection law.

Withdrawal of consent

Where we process your personal data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Please address your withdrawal to Trend Micro at the contact information stated below or to our representative stated above.

Changes to the Trend Micro Privacy Policy

This Privacy Policy was last updated on March 2018. Trend Micro will occasionally update this Privacy Policy to reflect changes in our products and services and customer feedback. When we make changes to the Privacy Policy, we will revise the date at the top of the Privacy Policy. If there are material changes to this Privacy Policy or in how Trend Micro will use your personal data or where Trend Micro intends to further process your personal data for a purpose other than that for which the personal data were collected, Trend Micro will notify either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification.

Your rights

Under the GDPR, you have inter alia the right to request from Trend Micro

  • access to your personal data pursuant to Article 15 GDPR
  • rectification of your personal data pursuant to Article 16 GDPR
  • erasure of your personal data pursuant to Article 17 GDPR
  • restriction of processing of your personal data pursuant to Article 18 GDPR
  • data portability pursuant to Article 20 GDPR

 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) – processing is necessary for the performance of a task carried out in the public interest – or (f) – processing is necessary for the purposes of the legitimate interests pursued by Trend Micro or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data – of Article 6(1) GDPR.

For exercising any of your rights, please contact Trend Micro at the contact information stated above or our representative stated above.

Trend Micro contact information and inquiries

If you have any questions, requests, comments or concerns regarding this Privacy Policy, if you exercise a right to object, if you withdraw a consent you have given, or if you exercise any of your rights stated in the paragraph above, please email us at gdpr@trendmicro.com.

Rights to complain to the Data Protection Authority

If you have a complaint or concerns about how we are processing your personal information or if you consider that the processing of your personal data by Trend Micro infringes the GDPR then we will endeavor to address such concerns. However, if you would like to direct your complaint/concerns to a Data Protection Authority, you have such right under Article 77 GDPR.