HP recognizes that privacy is a fundamental human right and further recognizes the importance of privacy, security and data protection to our customers and partners worldwide. As a global organization, with legal entities, business processes, management structures, and technical systems that cross international borders, we strive to provide protections across all of our operations that exceed legal minimums and to deploy consistent, rigorous policies and procedures.
This Privacy Statement informs you of our privacy practices and of the choices you can make and rights you can exercise in relation to your personal data, including information that may be collected from your online activity, use of devices, and interactions you have with HP offline, such as when you engage with our customer support representatives. This Privacy Statement applies to all HP companies as well as HP-owned websites, domains, services (including device management), applications, subscriptions (e.g. Instant Ink) and products, and those of our subsidiaries (collectively HP Services). In most cases, HP Inc. will be the data controller. If you have any questions regarding the data controller for a specific HP Service, you can contact theHP Privacy Office.
Pleaseclick hereto access courtesy translations to the Privacy Statement. In case of inconsistencies between any courtesy translations and the English version of the Privacy Statement, the English version will prevail.
To download the current HP Privacy Statement, pleaseclick hereand to download previous version of HP Privacy Statement,click hereand for 2015 HP Privacy Statements,click here.
We have an accountability-based program and are committed to the following principles, which are based on internationally-recognized frameworks and principles of privacy and data protection:
Lawfulness, fairness & transparency
LAWFULNESS, FAIRNESS & TRANSPARENCY
We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) in order to fulfill our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; or 4) otherwise in accordance with law.
We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles, our Privacy Statement or specific notices associated with HP Services.
We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.
DATA INTEGRITY & PURPOSE LIMITATION
We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law. We take reasonable steps to ensure that personal data is accurate, complete and current and we only collect personal data which is relevant and limited to what is necessary for the purposes for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected and then we will securely delete or destroy it.
To protect personal data against unauthorized use or disclosure we implement strong information security controls in our own operations and offer market-leading products and solutions with high levels of data security protection.
We acknowledge our potential liability for transfers of personal data among HP entities or to third parties. Personal data will only be shared when third parties are obligated by contract to provide equivalent levels of protection.
We are committed to resolving any concerns regarding your personal data. We voluntarily participate in several international privacy programs that provide recourse to individuals if they feel HP has not adequately respected their rights.
As a global company, it is possible that any information you provide may be transferred to or accessed by HP entities worldwide in accordance with this Privacy Statement and on the basis of the following International Privacy Programs.
HP has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visitfor more information and to file a complaint.
If your complaint is not resolved through the above channels, under limited circumstances you may be able to invoke binding arbitration before a Privacy Shield Panel.
HP is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, or any other U.S. authorized statutory body.
*The specific U.S.-based HP companies participating in the EU-US Privacy Framework include: Compaq Information Technologies, LLC; Hewlett-Packard Company Archives LLC; Hewlett-Packard Development Company, L.P.; Hewlett-Packard Enterprises, LLC; Hewlett-Packard Products CV 1, LLC; Hewlett-Packard Products CV 2, LLC; Hewlett-Packard World Trade, LLC; HP Federal LLC; HP Hewlett Packard Group LLC, HP Inc.; HPI Bermuda Holdings LLC; HPI Brazil Holdings LLC; HPI Federal LLC; HPI J1 Holdings LLC; HPI J2 Holdings LLC; HPI Luxembourg LLC; HPQ Holdings, LLC; Indigo America, Inc.; Palm Latin America, Inc.; Palm, Inc.; PrinterOn America Corporation; Shoreline Investment Management Company; and Tall Tree Insurance Company.
HPs Binding Corporate Rules (BCR) ensure that personal data transferred from the European Economic Area (EEA) is adequately protected while being processed by any of HPs global entities. HP transfers of personal data from the EU are conducted in accordance with the following approved BCR.
HPs BCR for Controller (BCR-C) – Approved by the majority of Data Protection Regulators in the EEA and Switzerland, effective in 2011. HPs BCR-C cover transfers of the personal data of existing and prospective HP consumer customers, as well as HP employees and job candidates. More information about our BCR-C can be foundhere.
HP has received TrustArcs APEC Privacy Seal signifying that this Privacy Statement and our practices have been reviewed for compliance with the TrustArc program viewable on the validation page available by clicking the TrustArc seal. HPs privacy practices described in this Statement comply with the APEC Cross Border Privacy Rules System (CBPR), including transparency, accountability, and choice regarding the collection and use of your personal information. The CBPR certification does not cover information that may be collected through downloadable software on third-party platforms.
If you have an unresolved privacy or data use concern related to HPs APEC Certification that we have not addressed satisfactorily, please contactTRUSTArc.
We collect and use personal data to manage your relationship with HP and better serve you when you are using HP Services by personalizing and improving your experience. Examples of how we use data include:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services, subscriptions and features that may interest you and enabling you to participate in contests and surveys. We also use your data to deliver a tailored experience, personalize the HP Services and communications you receive and create recommendations based your use of HP Services.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.
Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service. For more information, please see the section onInformation Automatically Collected About Your Use of HP Services.
Communicating with you about HP Services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, communications required by law or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.
Innovating new products, features and services using research and development tools and incorporating data analysis activities.
Providing personalized promotional offers (in accordance with yourPrivacy Preferences) on HP Services and other selected partner websites (for example, you might see an advertisement for a product on a partner site that you have recently viewed on an HP site). We might also share some of your information with marketing service providers and digital marketing networks to present advertisements that might interest you. To learn more, readHow HP uses Automatic Data Collection Tools.
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes.
Please see ourData Collection and Use Matrixfor a quick-reference guide to how we use the data we collect and our lawful basis for processing such data.
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of HP Services or during interactions with HP representatives.
The personal data we collect from you depends on the nature of your interaction with us or on the HP Services you use, but may include the following:
We may collect personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address and other similar data.
We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information.
We collect information such as how you purchased or signed up for HP Services, your transaction, billing and support history, the HP Services you use and anything else relating to the account you create.
We collect geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website.
We collect user IDs, passwords, password hints, and similar security information required for authentication and access to HP accounts.
We collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.
We collect information about your preferences and interests as they relate to HP Services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites.
Other Unique Identifying Information
Examples of other unique information that we collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of HP Services and to respond to your inquiries. If you apply for instant credit, we may ask you to provide additional personal data such as salary, government-issued identification number, banking/financial account information, and other information (for example from credit reporting agencies) for authentication purposes and to verify credit worthiness
INFORMATION AUTOMATICALLY COLLECTED ABOUT YOUR USE OF HP SERVICES
We collect product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application.
We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.
We collect information related to HP applications such as location, language, software versions, data sharing choices and update details. In cases where we incorporate technologies from third parties, data may be shared between the third party and HP and appropriate notice will provided at the application level.
We collect information regarding the performance of individual device hardware components, firmware, software and applications. Examples of the data we collect include information relating to memory and processor performance, environmental conditions and systems failures, printing events, features, and alerts used such as Low on Ink warnings, use of photo cards, fax, scan, embedded web server, and additional technical information that varies by device.
We collect information about your visits to and your activity on our HP websites, applications or websites powered by another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior (such as the pages you view, the links you click or which items youve added to your shopping basket). Some of this information is collected using our Automatic Data Collection Tools which include, cookies, web beacons and embedded web links. To learn more, readHow HP uses Automatic Data Collection Tools.
We collect anonymous answers to surveys or anonymous and aggregated information about how our HP Services are used. In the course of our operations, in certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you through the use of that data with available technology.
INFORMATION FROM THIRD-PARTY SOURCES
We collect data from the following third parties:
Data brokers, social media networks and advertising networks
Commercially-available data such as name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media logins (i.e., logging in to our applications using your Facebook or other social media credentials). The basic details we receive may depend on your social network account privacy settings.
If you purchase HP Services from an HP partner, we may receive certain information about your purchase from that partner.
Fraud prevention or credit reporting agencies
Data collected to prevent fraud and in connection with credit determinations.
In order to provide certain HP Services at an enterprise level, your business contact data may be provided to HP by a designated entity within your business or enterprise (such as a member of your IT department).
We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
In order to provide certain HP Services at an enterprise level, your business contact data may be provided to HP by a designated entity within your business or enterprise (such as a member of your IT department). Where necessary, we may also use information provided by you or your employer, together with information from publicly-available and other online and offline sources, to conduct due diligence checks on business contacts as part of our anti-corruption compliance program.
We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. For example, we compare the geographic information acquired from commercial sources with the IP address collected by ourAutomatic Data Collection Toolsto derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.
Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance program and in accordance with our legal obligations.
You are not required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with HP Services, certain specialized features or be able to effectively respond to any queries you may have.
HP does not knowingly collect information from children as defined by local law, and does not target its websites or mobile applications to children.
To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. HP retains data as required or permitted by law and while the data continues to have a legitimate business purpose.
When collecting, transferring or storing sensitive information such as financial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. When we transmit highly-confidential information (such as credit card number or password) over the internet, we protect it through the use of encryption, such as later versions of the Transport Layer Security (TLS) protocol.
As part of real-time payment processing, we also subscribe to fraud management services. This service provides us with an extra level of security to guard against credit card fraud and to protect your financial data in accordance with industry standards.
We will only share your personal data as follows and, when applicable, only with the appropriate contractual obligations in place:
We may transfer your personal data to other HP entities in the US and worldwide for the purposes outlined in this Privacy Statement. To ensure that your personal data is secure and as part of our participation in theAPEC Cross Border Privacy RulesBinding Corporate RulesandPrivacy Shieldprograms, HP entities are contractually bound to comply with our privacy requirements. Furthermore, our privacy guidelines are communicated to our HP employees on an annual basis as part of our mandatory Integrity at HP training.
Where the international privacy programs identified above do not apply, when you agree to accept HPs Privacy Statement when registering a product or for service, creating an account, or otherwise providing us with your personal data, you consent to the transfer of your personal data throughout the global HP network of entities.
SHARING WITH SERVICE PROVIDERS & PARTNERS
We engage service providers or Partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the US or in other global locations and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfillment, product delivery, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, live-help, debt collection and management or support of HP websites. Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by HP. We also take steps to provide adequate protection for any transfers of your personal data in accordance with applicable law such as signing EU Standard Contractual Clauses with the service provider or partner, relying on their Privacy Shield certification, other approved codes of conduct or certification mechanisms or binding and enforceable commitments of the service provider. If you would like to receive more information about the appropriate safeguards, please contact theHP Privacy Office.
SHARING OTHER INFORMATION WITH ADVERTISERS
We may also transfer information about you to advertising partners (including the ad networks, ad-serving companies, and other service providers they may use) so that they may recognize your devices and deliver interest based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or de-identified form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system and may combine information about you with information from other companies in data sharing cooperatives in which we participate.
Circumstances may arise where, whether for strategic or other business reasons, HP decides to sell, buy, merge or otherwise reorganize businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of HP or its subsidiaries; or (v) protect the rights or personal safety of HP, our employees, and third parties on or using HP property when allowed and in line with the requirements of applicable law.
Please see ourData Collection and Use Matrixfor a quick reference on how and with whom we share your data.
You can find more information about Automatic Data Collection Tools at:
ONLINE AUTOMATIC DATA COLLECTION TOOLS
When you visit any HP website, it may store or retrieve information on your browser, mostly in the form of cookies, which are text files containing small amounts of information. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.
HP uses Automatic Data Collection Tools for the following reasons:
These are necessary for the website to function and cannot be switched off. Without these, the website or service you are requesting would be impossible to provide because we cannot enable appropriate content based on the type of device you are using.
These tools collect aggregated, anonymous, statistical-type information to enable HP to measure, optimize and improve the content, quality and performance of its websites.
We use our own and/or third-party Automatic Data Collection Tools to see how you use our websites and services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, Automatic Data Collection Tools may be used to: test different designs and to ensure that we maintain a consistent look and feel across our websites; track and provide trend analysis on how our users interact with our websites and communications; track errors and measure the effectiveness of our promotional campaigns. We use Adobe Analytics &Google Analytics, run by Google Inc., for example, to track website usage and activity.
The data collected will generally be aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics. Our Automatic Data Collection Tools or the resulting analysis may be also shared with our business partners. The type of information we collect includes how many visitors visit our websites, how many customers log in, when they visited, for how long and which areas of our websites and services but is generally not used to identify you individually. We may also receive similar information about visitors to our partner websites.
These allow us to remember choices you make o