Hewlett Packard Enterprise privacy statement

This Privacy Statement is effective as of December 20, 2024.

Hewlett Packard Enterprise Company and its subsidiaries and affiliates (HPE or We) respect your privacy. This Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose, share, sell and transfer as well as choices you can make and rights you can exercise in relation to your personal data.

This Privacy Statement applies to all HPE-owned websites, domains, services, applications, and products, and those of our subsidiaries, except that a privacy notice specific to a particular HPE activity, including but not limited to its programs, products or services may supersede or be supplemented by this Privacy Statement.  

1. How we use personal data

We collect personal data if required to provide our programs, products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Where this concept is recognized under applicable law, the legal basis for processing in the following instances will be as a result of expectation of contractual arrangements, statutory or regulatory requirements and the furtherance of HPE’s legitimate interests. This may be supported by additional information to assist with obtaining specific consents where required. Depending on your relationship with HPE we collect and process your personal data as follows: 

 

Categories of Personal Data We Collect

Business Purposes for Processing Personal Data

Legal Basis Relied Upon, Where This Concept is Recognized Under Applicable Law
Contact details, login credentials and interactions with our digital assets and content

HPE activities, including programs, products and services: 

  • account creation and management;
  • entering into and performing agreements with you or your organization;
  • providing support and tools to activate licenses and request support; 
  • managing and fulfilling orders; 
  • deploying and delivering programs, products and services; 
  • conducting quality controls; 
  • managing returns of defective media;
  • operating and providing access to customer portals, hosted management services and mobile applications;
  • consulting;
  • notifications of contract expiry and renewal options and
  • developing and improving our programs, products and services and ensuring compliance with regulatory requirements.

Performance of an agreement:

We may process your personal data to enter into or fulfil agreements with you or your organizations, including to deliver and manage our programs, products and services and allow our customers to use our programs, products, services and supporting tools.
Contact details, driving license, passport, identity card details, records of good standing and other information as may be relevant (e.g., information from publicly available resources)

HPE Financial Services:

  • providing lease, loan, and other financial services; 
  • conducting anti-money laundering and other regulatory checks and obligations; 
  • initiating credit approval process and facilitating the purchase and resale of equipment for financial services and/or asset upcycling services.

Performance of an agreement

Compliance with legal obligations in respect of relevant banking laws and licenses
Contact details, identification information, information required to purchase our products and services online, including call recordings conducted by sales, data collected through the use of video conferencing and other office tools, profile, role and preferences, login credentials, digital activity information and other information as may be relevant (e.g. information from publicly available sources)

Sales and marketing:

  • sales and marketing;
  • advertising;
  • creating and delivering personalized and targeted communications, adverts, invites and offers;
  • conducting marketing campaigns;
  • managing contacts and preferences and collection and processing of data received from data brokers; 
  • generating leads and opportunities; 
  • managing lead generation activities; 
  • sales engagement activities; 
  • organizing and managing events, including processing of customer and partner passport information to support issuing VISA letters for events, webinars, virtual meetings; 
  • engaging in social media interactions and
  • ensuring valid access to information. 

Legitimate Interest:

We may process your personal data as required to pursue our legitimate business interests (provided this is not overridden by interests or rights of relevant individuals). In particular, we use it to manage, develop and improve our programs, products and services; support our customers and sales operations; protect our staff and assets; communicate information that supplements our programs, products and services and ensure compliance with laws and regulations.

Consent will form the legal basis for processing this category of personal data where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools, or surveys.
Internet or other electronic network activity information: login credentials, and digital activity information, preferences

Collection of your information when you interact with us online:

  • enabling efficient use of our websites, mobile applications, products, and services;
  • collecting statistics to optimize the functionality of our websites, mobile applications, products and services;
  • improving user experience through chatbots, session management and delivering content tailored to their interests and
  • improving marketing and advertising campaigns

Consent

We may process your personal data where you have provided your consent, which you may withdraw at any time and will seek explicit consent where we may need to process sensitive personal data. Your right to withdraw consent will not affect the lawfulness of processing based on consent before its withdrawal.
Contact details, login credentials, comments, and feedback

Online forms and surveys:

  • engaging with partners and suppliers in online forums and
  • conducting research and carrying out surveys to assess customer satisfaction and engagement including processing of sensitive personal data such as diversity, inclusion and accessibility information for UX research surveys.
 Consent
Contact details and expense information

Partner and supplier programs:

  • managing relations with partners and suppliers;
  • ensuring partner expense claims comply with internal polices and
  • engaging and delivering programs, products and services to customers in which case we may receive personal data directly from you or from our partners.
 Performance of an agreement
Contact details, data collected through the use of video conferencing and other office tools

Training and education:

  • conducting training and managing education programs for customers, partners, and suppliers.
 Performance of an agreement
Contact details, creditworthiness, and other information as may be relevant (e.g., information from publicly available sources)

Due Diligence Screening:

  • conducting anti-corruption due diligence on third parties and conducting required investigations, in compliance with applicable laws.
 Performance of an agreement
Contact details, login credentials and other relevant information (e.g., information from publicly available sources)

Brand-protection programs:

  • conducting investigations into HPE product and service-related fraud, compliance, grey marketing, theft and/or counterfeit.
 Legitimate Interest—consent will form the basis for processing this category of personal data where we cannot rely on an alternative legal basis such as legitimate interest or where we are required by law to ask for your consent in the context of our sales and marketing activities, online data collection tools, or surveys.
Contact details, identification information and CCTV footage

Security and authentication:

  • ensuring safety and security of HPE staff and premises;
  • login credentials, protecting HPE’s network and other digital assets;
  • providing access to restricted areas and information assets and protecting personal data from unauthorized access.

Legitimate Interest

Consent will form the legal basis for processing this category of personal data where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools, or surveys.
Contact details, information about alleged misconduct and other relevant information such as job roles, organizational alignment and relationships with others involved

Whistleblowing:

  • detecting, preventing, and investigating misconduct by HPE staff, customers, partners, and suppliers.
 Performance of an agreement
Contact details and information included in enquiries and complaints

Enquiries and complaints:

  • addressing and resolving enquiries and complaints.
 Consent

Contact details for the purpose of sending job alert subscriptions managed by HPE or our recruitment partners; contact details and information made publicly available on professional social networks such as LinkedIn. For information regarding personal data processed in connection with a job application or job offer, please refer to our Recruitment Notice.

Student virtual work experience programs (for students 18 and older): profile information (e.g., contact details, photo) education (e.g., school, degree, stage of degree), work preferences (e.g., location, type of work, skills), country and inferences.

Recruitment:

  • identifying and contacting potential job candidates

Consent

Additionally, we may process your personal data which is publicly available on professional social networks as required to pursue our legitimate business interests (provided this is not overridden by interests or rights of relevant individuals). In particular, we use it to manage, develop and improve our programs, products and services; support our customers and sales operations; protect our staff and assets; communicate information that supplements our programs, products and services and ensure compliance with laws and regulations.
Contact details and information included in enquiries and pulse surveys and other relevant information

Mergers, acquisitions and divestitures:

  • managing mergers, acquisitions and divestitures; 
  • addressing queries, shaping and refining the on-boarding and integration experience.

Consent

Performance of an agreement

 

In some cases, the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter or fulfil a contract with HPE. If you refuse to provide your personal data in such cases, we may not be able to provide you with the full functionality of our programs, services or products.

Non-HPE web sites and social media features. HPE sites or services may provide links to third-party applications, products, services or websites for your convenience or information. We may also provide social media features that enable you to share information with your social networks and to interact with HPE on various social media sites. HPE does not control third party sites, or their privacy practices and we do not endorse or make any representations about third party sites. The personal data you choose to provide to or that is collected or shared by these third parties is not covered by this Privacy Statement. We encourage you to review the privacy notice of any site you interact with, before allowing the collection and use of your personal data.   
2. How we share personal data

We may share and/or disclose your personal data as follows:

Disclosure within the HPE group of entities. HPE has its headquarters in the United States of America and operates worldwide. HPE may disclose your personal data as necessary within the HPE group of entities in connection with the section above, titled ‘How we use personal data’.  

Disclosure to service providers or other third parties. HPE works with service providers and other third parties to manage or support its business operations, provide professional services, deliver and develop programs, products, services, and customer solutions and to assist HPE with marketing and sales communication initiatives. 

For example, where HPE engages with certain partners, including resellers, suppliers, and/or distributors as part of its business operations, HPE may disclose your personal data to them to, for example, facilitate sales and delivery of its products and services.

HPE may also share your personal data with third parties to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with law, regulation, subpoena, or court order; (iii) enforce/protect the rights and properties of HPE or its group entities; or (iv) enforce/protect the rights or personal safety of HPE, our employees, and third parties on or using HPE property when allowed and in each case in accordance with applicable law. 

Circumstances may arise where, whether for strategic or other business reasons, HPE decides to sell, buy, merge, or otherwise reorganize its activities in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers of the relevant activity, or the receipt of it from sellers. It is HPE’s practice to seek appropriate contractual protection for personal data in these types of transactions.  

The below categories of Personal Data may be disclosed as set out below:

Categories of Personal Data Shared

Categories of Entities Receiving Personal Data

Personal identifiers, including:

  • Contact details
  • Identification information
  • Driving license
  • Passport and identity card details

 

 
  • Members of the HPE group of entities,
  • Government authorities and/or law enforcement officials
  • HPE suppliers or business partners
  • Other companies and their professional advisors
  • Third parties
  • Service providers

Commercial information, including:

  • Information required to purchase our products and services online
  • Information about profile, role and preferences
  • Members of the HPE group of entities,
  • Government authorities and/or law enforcement officials
  • HPE customers or business partners, HPE suppliers or business partners
  • Other companies and their professional advisors.

Internet or other electronic network activity information, including:

  • Login credentials
  • Digital activity information
  • Members of the HPE group of entities,
  • Government authorities and/or law enforcement officials
  • HPE customers or business partners, HPE suppliers or business partners
  • Other companies and their professional advisors.
Records of Good Standing 
  • Members of the HPE group of entities
  • Government authorities and/or law enforcement officials
  • Other companies and their professional advisors.
Comments and feedback from online forums and surveys
  • Members of the HPE group of entities, government authorities and/or law enforcement officials
  • HPE customers or business partners
  • HPE suppliers or business partners, event sponsors, customers
  • Third parties.
CCTV footage
  • Members of the HPE group of entities, partners
  • Government authorities and/or law enforcement officials
  • HPE customers or business partners, resellers
  • Third parties.
Information about alleged misconduct
  • Members of the HPE group of entities
  • Government authorities and/or law enforcement officials
  • HPE customers or business partners
  • Contractors (third party service providers)
  • Third parties
Information included in enquiries and complaints
  • Members of the HPE group of entities, government authorities and/or law enforcement officials, third parties.
Information made available on professional social networks
  • Members of the HPE group of entities
  • Government authorities and/or law enforcement officials
  • HPE customers or business partners
  • HPE suppliers or business partners
  • Other companies and their professional advisors
  • Event sponsors
  • Third parties.

 
3. How we transfer personal data internationally

HPE may transfer your personal data as necessary within the HPE group of entities and to other third parties. The recipients may be located in countries which do not provide the same level of data protection as the country in which you are located. HPE will take steps to ensure the personal data we transfer is adequately protected as required by applicable data protection laws. When required by local law, we will request your consent to transfer your personal data. 

Transfers within HPE group of entities. HPE has an intra-company agreement on the transfer and processing of personal data within the HPE group of entities. This agreement also forms the basis of HPE’s Binding Corporate Rules for Controller and for Processor which have been approved by the Data Protection Regulators in the European Union and some other countries.  The BCRs allow HPE to ensure that personal data transferred internationally within the HPE group is adequately protected in accordance with applicable data protection laws. If you would like to learn more about our BCRs and the countries that have approved them, please click here.

HPE’s privacy practices described in this Privacy Statement comply with the APEC Cross Border Privacy Rules (CBPR) System, including transparency, accountability, and choice regarding the collection, sharing and use of personal data. The CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the CBPR framework can be found here. The CBPR certification does not cover information that may be collected through downloadable software on third party platforms. If you have an unresolved privacy or data use concern related to HPE’s APEC Certification that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution service here.

TRUSTe APEC Privacy Certification

Transfers to service providers or third parties. With respect to transfers to service providers or third parties located in countries which do not provide an adequate level of data protection, HPE will take appropriate safeguards such as signing EU Standard Contractual Clauses, or equivalent contractual mechanisms approved by the relevant data protection authority, with the recipient, relying on approved codes of conduct or certification mechanisms adopted by the recipient or binding and enforceable commitments of the recipient. If you would like to receive more information about the appropriate safeguards and/or receive a copy of the relevant mechanism for your review, please contact the HPE Privacy Office.
4. How to manage communications and preferences

HPE may provide you with information that complements our programs, products and services and/or communications about our new programs, products, services and offers. If you or your organization purchased our programs, products or services, you may receive alerts, software updates or responses to support requests that are part of our programs, products and services. If you choose to receive HPE communications, you may also choose to subscribe to receive specific newsletters and publications. In some cases, you may also choose whether to receive the information and communication by email, telephone, or post.  

Manage communication choices. You can change your choices and preferences relating to HPE communications by: 

  • Accessing online - Get connected with updates from HPE, indicating or changing your preferences and providing your email address;
  • Accessing services via single sign on (SSO) that lets you register with HPE enabled websites using a single user identifier and password of your choice and allows you to set your privacy preferences for email and telephone contact from HPE.

Unsubscribe from communications. In the event you no longer wish to receive HPE communications, you can unsubscribe from such communications by: 

  • Following the opt-out or unsubscribe link and/or instructions included in each email subscription communication;
  • Accessing the Communication preference center, selecting “Unsubscribe” and providing your email address;
  • Indicating to the caller that you do not wish to receive calls from HPE anymore.   In the event your opt-out or unsubscribe request has not been resolved in a timely manner, please contact the HPE Privacy Office with details of your name, contact information, and description of the communications you no longer wish to receive from HPE. Please note that there might be a delay until your request is processed.  This may include needing to verify your request.
  • Sending us a communication via hpeprivacy@hpe.com that you no longer wish to receive direct mail.

Please note: where the primary purpose of our communications is not promotional in nature, such as contact relating to the administration of your relationship with us, such as through orders, contracts, support, product safety warnings, or other administrative and transactional notices, we may need to contact you. 
5. Automatic Data Collection Tools (often referred to as cookies or other related technologies)

How HPE uses automatic data collection tools. To provide a more relevant experience to you, we use cookies and other technologies to enable some website functionality. Cookies are small data files that are placed on your device and help us to see, for example, what interests you most about HPE; allow you to easily share articles on social media; permit us to deliver content, jobs and ads tailored to your interest and locations; and provide many other site benefits.

Types of Cookies and Other Technologies.

Required   Provide basic functionalities as you browse our websites. These capabilities include cookie preferences, session management, secure log in and checkout processes. You may be able to set your browser to block or alert you about these types of cookies, but some parts of the products and services may not then work.
Functional   Used to capture and remember user preferences in HPE websites, enhance their usability, analyze site usage and enable social interactions and site optimization. If you disable functional cookies, some of the product or services may not function properly.
Personalization             Improve the overall experience of your visit to HPE websites and to tailor content and advertising to your interests.

 

For details on the specific functionalities and tools implemented and used on our website please visit our cookie consent management tool provided by TrustArc at https://www.hpe.com/uk/en/legal/privacy.html#datacollection

Third-party advertising companies may use automatic data collection tools on our web sites and applications to understand how you interact with our web sites and applications, to optimize our advertisements and marketing and to serve advertisements specific to your interests on other web sites and applications you may visit or use.

Personalization cookies may also be used when you share information using a social media sharing button on our websites. The social network will record that you have done this and may use this information to send you targeted advertisements. The types of cookies used by these companies and how they use the information is governed by their privacy policies. 

When you enter your contact details on a web form on an hpe.com site, to subscribe to a service, download a white paper or request information about HPE’s products and services, your contact details may be stored in a cookie or other online tracking tools on your device. This information is then accessed on subsequent visits to hpe.com sites, allowing us to track and record the sites you have visited and the links you have clicked, to better personalize your on-line experience, and future HPE communications.

If you choose to receive marketing emails or newsletters from HPE, we may track whether you’ve opened those messages and whether you’ve clicked on links contained within those messages, through the use of personalized URLs embedded in these communications. This allows HPE to better personalize future communications and limit these communications to subjects that are of interest to you.

Choices regarding automatic data collection & online tracking.

While HPE websites do not currently recognize certain automatic browser signals regarding tracking mechanisms, such as “do not track” instructions, you can generally express your privacy preferences regarding the use of most automatic data collection tools through your web browser or device settings. You may be able to set your browser to notify you before you receive certain automatic data collection tools, giving you the chance to decide whether to accept them or not. You can also generally set your browser or device to turn off certain automatic data collection tools. In some countries , you may be given the choice to accept or refuse our use of Functional or Personalization cookies through a ‘cookie preference’ banner that appears on our web pages. The banner stops being displayed when you have made your choice, but you may be able to revisit these choices by selecting the ‘Ad Choices and Cookies’ link on the footer of relevant HPE web pages. US residents in certain states may have additional choices as described in the Specific information for U.S. State Privacy Laws page.

If you block, turn off or otherwise reject certain Required or Functional Cookies, some web pages or user experiences such as Chatbots and Session Replay may not display properly or you will not be able, for instance, to add items to your shopping cart, proceed to checkout, or use any web site services that require you to sign in.

HPE participates in the Digital Advertising Alliance (DAA and DAAC) self-regulatory program for digital online advertising (see http://www.aboutads.info/  or http://youradchoices.com/  in the US and http://youradchoices.ca/ in Canada). HPE advertisements that are targeted to you will be identified with the Ad Choices icon . If you do not want this information to be used for serving you targeted advertisements on web sites you may visit, you can click here to change your preferences. For applications, please update your device settings. This will allow you to access and update your preferences. Please note that this does not change your preferences in respect of non-targeted advertising.

Some of our websites use Google Analytics cookies. Information collected by Google Analytics cookies will be transmitted to and stored by Google on servers in the United States of America in accordance with its privacy practices. To see an overview of privacy at Google and how this applies to Google Analytics, visit https://www.google.com/policies/privacy/. You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
6. How we keep personal data secure

HPE takes seriously the trust you place in us to protect your personal data. To protect your personal data from loss, or unauthorized use, access or disclosure, HPE utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. HPE aligns with security by design principles in its cybersecurity program. All systems used to support HPE’s business are governed by HPE’s corporate Cybersecurity policies, which are built upon industry standards and best practices like the International Organization for Standardization (ISO) 27001 family of standards and National Institute of Standards and Technology (NIST) standards.  

When collecting or transferring sensitive information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. The personal data you provide us with is stored on computer systems locked in controlled facilities which have limited access. Access to your information is restricted to HPE employees or authorized third parties who need to know that information to process it for us, and who are subject to strict confidentiality obligations. When we transmit sensitive information, we protect it through the use of encryption, such as the Transport Layer Security (TLS), Internet Protocol Security (IPSec), or Secure Socket Layer (SSL).
7. How long we keep personal data

We keep personal data for the length of the contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship, for as long as is reasonably necessary to perform purposes set out in this Privacy Statement, to protect HPE from legal claims and administer our business.  HPE expressly reserves the right to use the content on this website for commercial text and data mining with respect to use by artificial intelligence and machine learning query tools as set out in regional and national implementations. For the acquisition of a corresponding license of use, please contact hpeprivacy@hpe.com.

When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymize the data unless we need to keep it longer to comply with a legal or regulatory obligation.  If you would like to receive more information about our data retention policies, please contact the HPE Privacy Office.

To determine the appropriate retention period for Personal Information, we will consider the amount, nature and sensitivity of the data, the purposes for which we process personal data and whether these purposes can be achieved through other means, as well as any applicable legal obligations. Retention periods will be determined on a case-by-case basis, in line with HPE’s standards of business conduct and risk management.
8. How to exercise your rights and additional information

Our privacy practices are aligned with the requirements of applicable data protection laws of countries in which we operate. We respect the rights individuals have in relation to their personal data under these laws. Depending on what data protection laws you are subject to, this additional information may be relevant and applicable to you.  

Data controllers. Companies from the HPE group of entities may act as data controllers or equivalent in relation to your personal data for the processing of personal data described in this Privacy Statement. You can find the up-to-date list of the HPE group of entities by clicking here. If you would like to receive more information about which HPE entity acts as data controller for your personal data, please contact the HPE Privacy Office.

Chief Privacy Officer. HPE has appointed a Chief Privacy Officer (CPO), who also acts as the local Data Protection Officer in many countries we operate in. We also have local Data Protection Officers in certain countries, such as Germany and Poland.  You can contact the CPO/DPO by completing the form available here or in writing to:

Hewlett Packard Enterprise
Office of Legal & Administrative Affairs – ATTENTION PRIVACY OFFICE
1701 E Mossy Oaks Rd
Spring, TX 77389

Legal basis to process personal data. Where this concept is recognized, we process your personal data on the following legal bases:

  • Legitimate Interest. We may process your personal data as required to pursue our legitimate business interests (provided this is not overridden by interests or rights of relevant individuals). In particular, we use it to manage, develop and improve our programs, products and services; support our customers and sales operations; protect our staff and assets; communicate information that supplements our programs, products and services and ensure compliance with laws and regulations.  Our legitimate business interests correlate with the purposes for processing set forth in the “How we use personal data” section above.
  • Performance of an agreement. We may process your personal data to enter into or fulfil agreements with you or your organizations, including to deliver and manage our programs, products and services and allow our customers to use our programs, products, services and supporting tools. 
  • Legal obligation. We may process your personal data to comply with applicable laws and regulations, establish or exercise our legal rights. For example, this may be in connection with legal claims, compliance, regulatory and investigative purposes. 
  • Consent. We may process your personal data where you have provided your consent, which you may withdraw at any time and will seek explicit consent where we may need to process sensitive personal data. Your right to withdraw consent will not affect the lawfulness of processing based on consent before its withdrawal. Consent will form the legal basis for processing personal data where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools, or surveys. At any time, you have a right to change your communication choices, unsubscribing from HPE communications or contacting the HPE Privacy Office.

Your rights in relation to your personal data. Depending on what data protection laws you are subject to, you may have the right to request to:

  • Confirm the processing of your data, access or obtain copies of personal data HPE processes about you;
  • Rectify your personal data, if inaccurate or incomplete;
  • Delete or anonymize your personal data, unless an exception applies. For instance, we may need to keep your personal data to comply with legal obligation;
  • Restrict the processing of your personal data in certain circumstances. For instance, if you contest the accuracy of your personal data, you may request that we restrict processing of your personal data for the time enabling us to verify the accuracy of your personal data;
  • Request to limit certain uses and disclosures of your sensitive personal information;
  • Opt-out of the sharing of your personal data for purposes of behavioral advertising;
  • Data portability, in certain circumstances. For example, you may request us to transmit some of your personal data to another organization if the processing is based on your consent or a contract;
  • Object to processing of your personal data, in certain circumstances. For example, you may object to direct marketing including use of your personal data for profiling for direct marketing or where we process your personal data because we have legitimate interest in doing so. 
  • Obtain information about the entities with which HPE has shared your personal data;
  • Withdraw consent to the processing of your personal data.

Certain US residents may be able to opt-out from the “sharing” of personal information, i.e. our use of optional automatic data collection tools, by visiting the “Do Not Sell My Personal Information” page.

These rights may be limited in some situations such as where HPE can demonstrate that HPE has a legal requirement or legitimate interest to process your personal data or can legitimately apply an exemption to the exercise of a right under applicable law. 

To view and update the personal data you provided directly to HPE, you can return to the web page where you originally submitted your data and follow the instructions on that web page, using single sign on (SSO) where enabled. Otherwise, please contact us by completing the form available here or by writing to the CPO at the address indicated in the Chief Privacy Officer section above. To protect your privacy and security, we will take reasonable steps to verify your identity before processing your request.

Complaint with a supervisory authority. If you consider that the processing of your personal data infringes applicable data protection laws, you may have a right to lodge a complaint with a supervisory authority in the country where you live, or work, or where you consider that data protection rules have been breached. 

Your rights under HPE Binding Corporate Rules. You may have additional rights under our BCRs. For example, where you believe your personal data has been transferred by an HPE entity and processed by that entity in breach of the BCR, you may have a right to: 

  • Lodge a complaint with the HPE entity which transferred your personal data;
  • Lodge a complaint with a supervisory authority located in the same country as the HPE entity which transferred your data; 
  • Bring a court action against the HPE entity which transferred your personal data.  

If HPE processes your personal data on behalf of an HPE customer, then we will, in the first instance, refer your complaint to our customer to handle. 

For further information, please visit the HPE BCR web page available here.
9. How to contact us

If you have any questions about our Privacy Statement, any concerns or complaint regarding our collection and use of your personal data or wish to report a possible breach of your privacy, please contact the HPE Privacy Office by email or write to our worldwide corporate headquarters address below.

We will treat your requests and complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. 

Worldwide Corporate Headquarters

Hewlett Packard Enterprise 
Office of Legal & Administrative Affairs
ATTENTION - PRIVACY OFFICE
1701 E Mossy Oaks Rd
Spring, TX 77389
United States
10. Changes to this Privacy Statement

If we modify this Privacy Statement, we will publish a revised version with an updated revision date. The privacy link on the footer of every HPE web page will then point to that new version.
11. Local language versions of this Privacy Statement and country supplements

Please click here to access translations of this Privacy Statement and any country specific supplements.  
12. Additional information for individuals under certain privacy laws in the United States

10 December 2024

Additional information for individuals under certain privacy laws in the United States

HPE’s privacy practices are aligned with the requirements of certain US Privacy laws.

We are required to provide additional information to you about how we use and disclose your personal data, and you may have additional rights with regard to how we use your personal data. This section describes those rights and explains how to exercise them as a supplement to our Privacy Statement.

Personal data. For a full list of personal information we collect please review,  the “How we use personal data” and “How we share your personal data” sections in our Privacy Statement.  We collect and process certain categories and specific pieces of information about individuals that are considered “personal information” under applicable state laws. Specifically, we may collect or process the following categories of personal data:

Categories of Personal Data We Collect and Process

Business Purposes for Processing Personal Data

How We Disclose Personal Information

Identifiers: contact details, identification information
  • For sales and marketing
  • To operate online forums and surveys
  • To manage partner and supplier programs
  • For training and education
  • For due diligence screening
  • For brand-protection programs
  • For security and authentication purposes
  • To respond to whistleblower claims
  • To respond to enquiries and complaints
  • In the event of a merger or acquisition
  • For recruitment lead generation
  • ·Student virtual work experience

We may disclose your personal information to:

Members of the HPE group of entities;

Government authorities and/or law enforcement officials;

HPE customers or business partners

HPE suppliers or business partners; and

Other companies and their professional advisors.

For more information, see the “How we share your personal data” section in our Privacy Statement.

Identifiers, driving license, passport, and identity card details.

For our Financial Services business:

  • To provide lease, loans and other financial services
  • To conduct anti-money laundering checks and other regulatory checks
  • Initiating the credit approval process
  • Facilitating the purchase and resale of equipment

We may disclose your personal information to:

Members of the HPE group of entities;

Government authorities and/or law enforcement officials;

HPE customers or business partners;

HPE suppliers or business partners; and

Other companies and their professional advisors.

For more information, see the “How we share your personal data” section in our Privacy Statement.

Commercial information: information required to purchase our products and services online, information about profile, role and preferences.
  • For sales and marketing

We may disclose your personal information to:

Members of the HPE group of entities;

Government authorities and/or law enforcement officials;

HPE customers or business partners;

HPE suppliers or business partners; and

Other companies and their professional advisors.

For more information, see the “How we share your personal data” section in our Privacy Statement.

Internet or other electronic network activity information: login credentials, digital activity information.
  • To provide our products and services
  • For sales and marketing
  • In connection with online data collection
  • To operate online forums and surveys
  • For brand-protection programs

We may disclose your personal information to:

Members of the HPE group of entities;

Government authorities and/or law enforcement officials;

HPE customers or business partners;

HPE suppliers or business partners; and

Other companies and their professional advisors.

For more information, see the “How we share your personal data” section in our Privacy Statement.

Other personal information: records of good standing, comments and feedback from online forums and surveys, CCTV footage, information about alleged misconducts, information included in enquires and complaints, information made publicly available on professional social networks.
  • For financial purposes
  • For sales and marketing
  • For recruitment lead generation
  • To operate online forums and surveys
  • For brand-protection programs
  • For security and authentication purposes
  • To respond to whistleblower claims

We may disclose your personal information to:

Members of the HPE group of entities;

Government authorities and/or law enforcement officials;

HPE customers or business partners;

HPE suppliers or business partners; and

Other companies and their professional advisors.

For more information, see the “How we share your personal data” section in our Privacy Statement.

Some personal information that we collect may be considered sensitive under these laws. We will seek explicit consent where we may need to process sensitive personal data to the extent required by applicable law. To the extent we collect sensitive personal information, we only use and disclose it for purposes that are recognized and are not subject to a right to limit. For example, we use sensitive information to conduct anti-money laundering and other regulatory checks and for purposes that do not infer characteristics about you.

By using automatic data collection tools on our websites and applications, we may share some of your identifiers and internet or other electronic network activity information with third parties. We do not knowingly sell or share for cross-context behavioral advertising the personal information of consumers who are less than sixteen years of age.

Sources. We may collect certain categories of personal data from you and other sources as described in the “How we use personal data” section in our Privacy Statement. The categories of sources from whom we may collect personal data may include the following:

  • From the HPE group of entities;
  • Partners, resellers and/or distributors;
  • Public authorities;
  • Third party applications (such as social networks);
  • Advertising networks; and
  • Other companies or organizations (such as market research firms and data aggregators).

Retention. To understand how we retain personal information, please review the “How long we keep personal data” section in our Privacy Statement. We keep personal data for the length of any contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship for as long as necessary to perform purposes set out in the Privacy Statement, to protect HPE from legal claims and administer our business. When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymize the data unless we need to keep it longer to comply with a legal or regulatory obligation.

To determine the appropriate retention period for personal data, we will consider the amount, nature and sensitivity of the data, the purposes for which we process personal data and whether these purposes can be achieved through other means, as well as any applicable legal obligations. Retention periods will be determined on a case-by-case basis, in line with HPE’s standards of business conduct and risk management.

Your rights in relation to your personal data.

Consumer Rights may vary depending on where you reside, and you may have the following privacy rights under applicable state laws:

  • Right to request an explanation of the categories and specific pieces of personal information collected; categories of sources from which personal information is collected; business or commercial purpose for collecting, selling, and sharing personal information; and categories of third parties to whom information is disclosed;
  • Right to request an explanation of the categories and specific pieces of personal information collected; categories of sources from which personal information is collected; business or commercial purpose for collecting, selling, and sharing personal information; or information about third parties to whom information is disclosed;
  • Right to Access: a right to request information on how we process your personal information and obtain a copy.
  • Right to Correct: a right to correct your personal information if inaccurate or incomplete
  • Right to Delete: a right to request the deletion of personal information collected about you (with some exceptions)
  • Right to  Opt Out of Sale,  Sharing, or Processing for Targeted Advertising: Certain state privacy laws provide eligible residents with the right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising, or processing for “targeted advertising” purposes as such terms are defined under applicable privacy laws.
  • Right to Opt Out of Profiling: Certain state privacy laws provide eligible residents with the right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you,
  • [[Rights Regarding Sensitive Personal Information: Certain pieces of personal information that we have about you may be considered “sensitive” under applicable laws. Depending on where you reside and subject to exceptions, you may have certain rights to request that HPE limit the processing of personal information that may be considered sensitive under applicable privacy laws.]]
  • Right to Portability. A right to obtain your personal information in a structured, commonly used machine-readable format and to have that information transmitted to another organization in certain circumstances.
  • Right to non- discrimination in exercising your rights. HPE will not discriminate when you exercise your privacy rights. 

If you wish to exercise any of the rights described in this section for data collected from sources other than automated data collection tools, you may use the following methods to submit a request in relation to your personal data:

  • Contact the HPE Privacy Office via an email;
  • Contact the HPE Privacy Office by completing the form available here;
  • Contact the HPE Privacy Office via the toll-free number 1-866-I-OPT-OUT (i.e., 1-866-4-678-688) and by choosing HPE code 115.

You must include your name, street address, city, state, and zip code in your request. You may be asked to provide additional proof of identification so that we can verify your identity and validate the request.

You may have additional rights with respect to our use of automatic data collection tools to “sell,” “share,” or process for “targeted advertising.” To exercise these rights please click the “Do Not Sell or Share My Personal Information” link and web page.  You also may be able to turn on the Global Privacy Control (GPC)  to exercise these choices for each participating browser system that you use.  Learn more at the Global Privacy Control website.

To the extent that you elect to designate an authorized agent to make a request on your behalf, the above methods to submit a request apply. Please note that you are limited by law in the number of requests you may submit per year.

Certain US state privacy laws allow residents to appeal a denial of a submitted privacy rights request. For additional information on how to appeal a submitted request, please email hpeprivacy@hpe.com. 

 

HPE logo

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.