The Privacy Policy Library

Your Privacy Rights
Effective: August 5, 1999
Last Updated: May 31, 2009

On June 4, 2009, we updated our Privacy Notice to reflect adoption of our new privacy policies and procedures, including presentation of a shorter Privacy Facts Statement, as well as a layered notice approach.
On January 5, 2006, we updated our Privacy Notice to include information regarding our new practice of using Web Beacons. Please see section 3.3 below for more information.

As a world leader in Internet security technology, Symantec understands your desire to have your personal information protected. Symantec respects your concerns about privacy and values its relationship with you. This Notice describes the types of information we collect via Symantec’s web sites as set out below, how we may use that information and with whom we may share it. Our Privacy Notice also describes the measures we take to protect the security of the information. We also tell you how you may contact us to update your information, remove your name from our mailing lists or get answers to questions you may have about our privacy practices at Symantec.

Symantec is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent initiative whose mission is to build users’ trust and confidence in the Internet by promoting the principles of disclosure and informed consent. TRUSTe certifies the following sites: www.symantec.com in North America; TRUSTe’s certification does not cover the Symantec Store (shop.symantecstore.com – see below). Because our sites want to demonstrate our commitment to your privacy, we have agreed to disclose our information practices and have our privacy practices reviewed for compliance by TRUSTe.

By displaying the TRUSTe “Trustmark,” we let you know that these web sites intend to tell you:

* What personal information is gathered, stored, tracked or used
* With whom the information may be shared
* How you can correct inaccuracies in the information

The TRUSTe program covers only information that is collected through this website, and does not cover information that may be collected through software downloaded from the website. You may contact Symantec directly using any of the communication means outlined at the end of this statement. If for any reason you are not satisfied with the response from Symantec to your inquiries regarding your right to privacy, you can contact TRUSTe at http://www.truste.com/consumers/watchdog_complaint.php.

This Privacy Notice applies to all Symantec Web sites, except for the sites referred to in section 1.2 below, and Web sites hosted by third parties on behalf of Symantec which are authorized to display the Symantec name and/or corporate logo.

Digital River is the authorized e-commerce merchant for the Symantec Store (shop.symantecstore.com), which is a co-branded site. When you submit information through the Shopping Cart on the Symantec Store, you are submitting it to Digital River in accordance with its privacy policies, and certain information as explained on the Shopping Cart will then transferred by Digital River to Symantec and handled in accordance with this privacy notice.

1.0 Privacy Notice Structure and Related Documents
1.1 Contents

Click on one of the links below to jump to the listed section: **// Librarian Note: included for completeness only, scroll down to read the various sections **//

1. Privacy Notice Structure and Related Documents
2. Symantec Privacy Practices
3. Personal Information We Collect About You and How We Use It
4. Managing Your Privacy
5. Transfers and Sharing Information
6. Security of Personal Information
7. Non-Personal Information We Collect About You and How We Use It
8. IP Addresses
9. Links to Business Partner and Co-Branded Sites
10. Policy Changes
11. Symantec Contact Information and Complaints
12. Regional Privacy Notices

1.2 Related Documents

There are related privacy notices which supplement this Privacy Notice; please note that this document prevails in the event of any inconsistency:

* Privacy Facts Statement: This is a short and less complicated summary of our privacy practices; in the event of any discrepancy, this Symantec Web Privacy Notice shall apply.
* Social Media Privacy Notice: This is a notice respecting the privacy of information in ‘user-generated content’ sites and services that Symantec may from time to time offer; it addresses the issues particular to sites where Symantec does not generate the content but allows users and customers to create content.
* Product and Services Privacy Notices: Symantec has notices that relate to the particular collection and use of personal information that occurs when users subscribe to, purchase, or use our software or services, and are dependent on the technologies and purposes of those products and services. In those cases, the specific privacy notices govern the collection, use, disclosure, and retention of personal information:
* Because of the manner in which LiveUpdate operates to collect and the type of information it collects, LiveUpdate has its own Privacy Notice: please visit http://www.symantec.com/legal/luprivacy.html.
* Norton Community Watch Privacy Notice: This is a notice respecting the collection of information through user submissions to the Norton Community Watch; it addresses issues relating to the collection of information including personally identifiable information.
* OnlineFamily.Norton Privacy Notice: This is a notice respecting the collection and use of personal information in respect to the OnlineFamily.Norton services.

2.0 Symantec Privacy Practices

Symantec has a set of policies which establish a foundation for the privacy of all personally identifiable information (PII) used by Symantec worldwide. They state Symantec’s operational principles for managing privacy, data protection risk and exposure as those activities relate to the processing of PII.

These policies also outline the principles applied by Symantec while assessing, collecting, using, disclosing and retaining the PII of Symantec’s past, present and prospective employees, customers, suppliers, and business associates.

2.1 Scope
These policies have the following scope:

* They apply to all Symantec employees, contractors, and third parties engaged by Symantec in its regional and local operations globally, as well as its subsidiaries (hereafter referred to simply as “Symantec”).
* They are to be used when considering the collection, use, and retention of PII by all departments and operations of Symantec, or when changing the processes and procedures for the collection, use, disclosure and retention of PII.
* They refer to all processing of files in an electronic form (including, for example, electronic mail, documents created with office software, and records retained in databases) and information held in physical files structured with reference to individuals.’

2.2 Privacy Policies

* a. Symantec’s strategy regarding privacy and personal information is to protect the personally identifiable information (PII) of its customers, business partners, and employees that is in its possession at any given time within its organization. This protection also applies to any PII collected, used or retained by Symantec in its dealings with third parties.
* b. Symantec has the responsibility to ensure compliance with applicable privacy legislation when identifying purposes, obtaining consent, providing notice, or responding to access requests or complaints regarding the collection, use, or disclosure of personal information.
* c. Symantec will act responsibly while collecting, using, and disclosing personal information, as this is a prerequisite to continued customer, partner, and employee confidence and loyalty.
* d. In accordance with the Generally Accepted Privacy Principles (GAPP) established by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), Symantec will demonstrate compliance with its privacy policies through the creation and enforcement of such policies and other supporting documentation.
* e. The GAPP requirements are derived from the Fair Information Practices of the Organization for Economic Co-Operation and Development (OECD).

3.0 Personal Information We Collect About You and How We Use       It
3.1 Personal Information Collection and Use

You may choose to provide personal information through our web sites. Here are the ways in which you may provide the information and the types of information you may submit. We also provide below some information on how we may use the information.

Contact Us

If you communicate with us through the “Contact Us” link on our web sites, we may ask you for information such as your name, email address and telephone number so we can respond to your questions and comments. We also may use the information you provide to evaluate the quality of our products.

Request a Quote

If you request a quote from us, we ask you to provide details such as your name, email address, telephone number and details of the relevant product. We use your details to prepare and send you a quote. You may also choose to provide additional comments and requests through our free text box.

Purchase, Registering a Product or Subscribe to a Product or a Service, or Creating an Account

If you submit an order on-line with us, we will ask you for information necessary to complete the transaction – such as your name, address, and credit card number, and to allow you to purchase and download products, obtain access to service and technical support, or otherwise utilize products or services that you have selected, as well as technical data concerning your computer or traffic data incidental to your Internet connection. Additionally, you may be asked in cases where software is sold pursuant to subscription, to establish an account with us in order to obtain the software, and establish entitlement to upgrades and updates required for the Symantec software to provide ongoing protection in accordance with its function. This information will be used by Symantec to ensure your entitlement for renewal, support and other services. The processing and transfer of the data are limited to the following purposes: fulfillment of your order(s)/contract(s), extension/delivering product updates/service-subscriptions or licenses, product registration and activation, customer and technical support as you may request it from time to time, processing license renewals as you may request it from time to time, automatically processing license renewals if you elect automatic renewal of your software license subscription and internal (compliance) audits and fraud prevention.

Request Technical Support

If you request technical support online, we will ask you for information necessary to complete the transaction – such as your name, address and information about your computer hardware, software and the nature of the problem you are experiencing. Additionally, if required to facilitate support, we may with your permission [conduct an interactive session in which a Symantec technical support assumes control of your computer. No information is retained from such sessions beyond information to substantiate that such session(s) took place. Information concerning technical issues may be retained to provide you with continuing support; generally, the information and knowledge obtained from such support, though not linked to you personally, may be made available to technical and product specialists in order to improve our products or provide similar solutions to similar technical issues encountered by other Symantec customers.

Subscribe to a Web-site Forum or Networking site

Symantec operates forums, web sites and related information services to better assist its customers in using its products and services, discuss technical issues, and share experience and knowledge. To permit you to obtain access to these information services, to assist us in creating content that is relevant to you, and to improve your experience on our Web site, including helping you quickly find software, services or product information important to you we collect information on your name and e-mail address, and keep track of your preferences concerning the display or location of relevant information. We utilize the information obtained from these sites to improve our products and services.

Subscribe to a Newsletter, Receive Product or Technical Alerts

You may wish to receive information about virus alerts, product upgrades, new products, services, newsletters, informative emails, and research on future product ideas or improvements. If so, you will be asked to provide your name and e-mail address. If there is any use beyond contacting you using such information, you will be advised of the intended uses at the point that you are being asked to provide such contact information.

Transactional Emails

We may from time to time send you transactional emails such as order confirmations or information on service related issues. Because these emails are not promotional in nature you are not able to unsubscribe from these transactional emails.

Enter a Contest, Receive Product or Service Information, Offers or Promotions

To provide you with contests, promotions or special offers that may be of interest to you, you may be asked to provide us with your name, address and e-mail address information, as well as to confirm that you are of the age of majority in the jurisdiction in which you reside. You may be asked to provide additional information to better understand you and possibly your organizations’ needs and experiences, opinions, as well as your experience or feedback in order to qualify for such contests or promotions. We will also use your personal information to award prizes if applicable. If there is any use beyond contacting you with such information, you will be advised of the intended uses at the point that you are being asked to provide such contact information.

Soliciting your Opinion, Feedback or Test Software

To assist us in creating better products and services to meet your needs, we may solicit your opinions and feedback concerning our software and services; you may be asked to provide e-mail address information, as well as name, postal address, occupation and the name of your organization, if you have not already done so, as well as the opinions and feedback itself.

Careers

You may be able to submit your resume and other information online to apply for a job with Symantec. The information you provide in connection with your job search will be maintained in a database that is managed by a third party service provider we have retained to help us conduct recruitment-related activities. Our service provider is authorized to use the information only in connection with hosting, managing and maintaining our resume database. We use the information you submit to evaluate your interest in employment and to contact you regarding possible employment with the company.

Refer-A-Friend

If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. Symantec does not store your friend’s name and email address after sending the one-time email. Note that this is not available in jurisdictions where this method of referral is prohibited, such as the European Union.

You make the decision whether to proceed with any activity that requests personal information. If you do not wish to provide the requested information, however, you may not be able to complete the transaction or functionality on the site if the information is essential to complete the transaction or functionality. .

3.2 Cookies

Symantec may use cookies from time to time. A cookie is a unique text file that a web site can send to your browser software. Cookies enable a web site to tailor information presented to you based on your browsing preferences. Symantec may use cookies to personalize web pages during your visit to our web sites, and/or to remember you for easy navigation and access during your return visits after registering for our products, services and other offers including but not limited to White Papers, Webcasts, events, evaluation software, e-books, etc. For these purposes, some cookies may be tied to your e-mail address.

Symantec may also use cookies to track your visit to our web sites in order to collect aggregate data.

However, this information will only be used for analytical purposes and will be limited to the minimum necessary to perform the analysis. If you do not want Symantec to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a web site tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of the products and/or services at our Web site.

3.3 Web Beacons

Symantec may use Web Beacons – also known as single pixel or clear GIFs – on its web sites to analyze traffic patterns such as the frequency of use of particular parts of the site. The data collected helps us learn what information is of most interest to our customers and what offers our customers would most like to see. If you do not want to assist Symantec in improving its Web sites, you can “opt-out” of this web sites analysis by disabling JavaScript on your computer. If you disable JavaScript, some of the features on our web sites will not work.

Symantec may also use web beacons in promotional email messages to determine whether the message was opened and acted on. We may use this information on email response to develop future promotions you may enjoy. For these purposes, some of our Web beacons are tied to your e-mail address.

Except for the email address you have previously provided, the information we collect does not identify you. To modify your privacy options, visit here.

Symantec may also use third party scripts on our sites to optimize the effectiveness of Symantec’s ads appearing on other parties’ sites. The information collected is not personally identifiable and is limited to the minimum information necessary to optimize effectiveness.

4.0 Managing Your Privacy
4.1 Opt-in and Opt-out

In jurisdictions where your consent is required at the point of collection before any sharing of your information can take place, you will be given the option to opt-in before such information is being shared, and to opt-in to the transfer of your contact information to a third party.

In other jurisdictions, we may offer you these choices at the time you give us your information, or subsequently through ‘opt-out’ mechanisms.

4.2 Communication Choices

If you are on a Symantec web page that requires personal information to be submitted but does not offer communication choices, or if you would like to change your preferences for information that you have previously provided, please complete the customer profile form at https://www-secure.symantec.com/custserv/cgi-bin/cs_privacy_dyn.cgi or use one of the other communication channels at the bottom of this statement.

If you are registering a version of a product that does not provide you the capability to indicate your communication preferences, please complete the customer profile form at https://www-secure.symantec.com/custserv/cgi-bin/cs_privacy_dyn.cgi.

4.3 Other Privacy Considerations
Please remember that information you submit in a discussion groups or forums, like “Ask Symantec”, will be deemed public information and will not be kept as confidential. There is a risk in such communication venues that information can be collected and used by others. Please be careful and responsible when you are participating in such discussion groups or forums. For further details, please see our Symantec Supplemental Web 2.0 Privacy Notice.

4.4 Updating or Correcting Your Personal Information
We make a sincere effort to respond to your requests to update or correct your personal information. If you believe that Symantec does not have your most current personal information, you can update it at www.secure.symantec.com/custserv/cgi-bin/cs_privacy_dyn.cgi, or use one of the other communication channels at the bottom of this notice. If requested, and to the extent permissible by applicable law relating to the retention of records or otherwise not required for valid business purposes (such as fulfillment of transactions), you may request that we use our best efforts to remove such data from Symantec repositories.

5.0 Transferring and Sharing Information
5.1 Transferring Information

Since Symantec is a global company, we provide company information to our worldwide offices, with information processing taking place in many countries. The personal information that you have provided to us, for the purposes set out above, will be transferred to servers in the United States, and there may be further transfers to other countries in which Symantec has operations or to our outside contractors for the collection, transferring, storage and processing of your information. In respect to transfers from the European Economic Area to the United States or elsewhere, Symantec has data transfer agreements in place if and as required by the data privacy authorities in European countries from where such transfers of personal information are being made.

Your consent is required for the provision of the products and services set out above as well as for the collection and transfer of your personal information for the purposes identified above.

When you submit your information via our web sites, you expressly consent to the collection and transfer of your personal information for the purpose identified above, and you understand, if you reside outside the United States, that this information may be transferred to other companies of the Symantec group in the United States or to other countries that may have less protective data protection standards than the region in which you are situated (including the European Union), in which case Symantec will have taken steps to ensure that the collected information, if transferred, receives an adequate level of protection.

5.2 Sharing Information

From time to time, and in jurisdictions where it is permitted, we may provide your information to Symantec Partners to communicate to you information or offers about products or services that they believe are important to you or your business. If you prefer that we not provide your information to our business partners, you may let us know using one of the methods described in this policy, Symantec provides a number of ways for you to ‘opt-out’ of receiving additional information from us or having us provide your personal information to our partners by ‘opt-out’ options provided at the point of collection, through e-mail notices, or through other preference management that may be available depending on the service or web-site.

If you do not wish to continue receiving our e-mail newsletters or bulletins you can opt-out of receiving these communications by replying to the “unsubscribe” address in the body of the email.

In jurisdictions where sharing personal information is prohibited without your ‘opt-in’, no information will be shared without your prior consent.

5.3 Third Parties

In addition, Symantec may retain the services of outside contractors to provide services for us (e.g. ship products, provide technical support, or handle order processing).

For example, you may decide to purchase a license to a number of Symantec software products online in a downloadable format by way of Electronic Software Delivery (ESD) or in a CD format from one of Symantec’s authorized online resellers. If you elect to purchase a software license through one of Symantec’s authorized online resellers, your personal data will need to be shared between the Symantec reseller (as your vendor) and Symantec (as the software manufacturer and licensor). Furthermore, in order to manage purchases and license renewals by Symantec customers, Symantec will need to share your personal information with a billing system service provider. Such service provider will process data of Symantec’s customers only on behalf of Symantec. (These examples are not exhaustive, and may change from time to time).

We require that all such contractors keep the personal information of our customers secure and confidential. We have contractually bound third parties to such restrictions and require that these contractors provide for appropriate technical and organizational measures to secure the data, that they use personal information only on behalf of Symantec and that they do not share personal information with others or use your personal information for their own marketing purposes.

5.4 Legal Disclosures
Please be advised that in certain instances, it may be necessary for Symantec to disclose your personal information to government officials or otherwise as required by applicable law. No personally identifiable information will be disclosed to any law enforcement agency or governmental agency except in response to:

* A subpoena, warrant or other process issued by a court of competent jurisdiction;
* A legal process having the same consequence as a court-issued request for information, in that Symantec would be in breach of local law were it to refuse to provide such information, and it or its officers, executive or employees would be subject to liability for failing to honor such legal process, or,
* Where such disclosure is necessary for Symantec to enforce its legal rights pursuant to the laws of the jurisdiction from which such information was gathered.

6.0 Security of Personal Information

We have taken appropriate security measures, consistent with international information practices, to protect your personal information. These measures include, on our web sites and Internet-enabled technologies, administrative, technical, physical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration, or destruction. These measures include:

Physical safeguards, such as locked doors and file cabinets, controlled access to our facilities, and secure destruction of media containing personal information;

Technology safeguards, such as use of Symantec anti-virus and endpoint protection software, encryption, and monitoring of our systems and data centers to ensure compliance with our security policies, and in particular, credit card information is transmitted using secure socket layer (SSL) encryption;

Organizational safeguards, through training and awareness programs on security and privacy, to ensure employees understand the importance and means by which they must protect personal information, as well as through privacy policies and policy standards that govern how Symantec treats personal information.

7.0 Non-Personal Information We Collect and How We Use It
7.1 Non-Personal Information We Collect

We collect certain aggregate and non-personal information when users visit our web sites. Aggregate and non-personal information does not relate to a single, identifiable visitor. It tells us information such as how many users visited our sites and the pages accessed. By collecting this information, we learn how to best tailor our web sites to our visitors.

We collect this information either through “cookie” technology or with “web beacons,” as explained below.

7.4 Web Site Traffic
Through our various tracking methods discussed above and using log files, we may track domain names, IP addresses, and browser types from people who visit our site. We use this information to track aggregate traffic patterns throughout Symantec’s Web site. Such information is not correlated with any personal information.

8.0 IP Addresses
Symantec collects and retains, for a limited period of time, internet protocol (IP) address information, of its customers, for the following purposes:

* subscription and registration,
* to provide technical support;
* to obtain geolocation information;
* and to secure our networks and systems.

IP addresses collected by Symantec are primarily traffic data, which is not necessarily personal information. Symantec does not have the means to reasonably and authoritatively link an IP address to an identifiable individual. Registration of a product does create a unique computer identifier, which is linked to an IP address at the time of registration; however, IP addresses are usually assigned dynamically and therefore are temporary, and may be behind network address translation, and are often capable of falsification (spoofing).

For LiveUpdate’s privacy policy, please see http://www.symantec.com/legal/luprivacy.html.

9.0 Links to Business Partner and Co-branded Sites

At the Symantec Web sites, there are a number of links to companies with whom we have a relationship. Symantec is not responsible for the privacy practices of our business partners. We encourage you to read their privacy statements, as they may differ from ours.

We also link to co-branded Web sites that are maintained by Symantec and one or more of our business partners who are collecting your information pursuant to their own policies and purposes.

We encourage you to read the privacy policies on any co-branded site to which you link for information on the privacy practices of that site.

10.0 Policy Changes
In the event there is a major change to Symantec’s privacy practices, a prominent notice will be posted on our Web site. If the change involves the use of your personally identifiable information, the notice will contain instructions on how you can opt-out of such use.

11.0 Symantec Contact Information
Symantec has appointed an Information Privacy Lead, who acts on behalf of Symantec’s Chief Information Officer which is the executive accountable for Symantec’s compliance with the privacy practices described in this notice. If you have any questions or comments concerning this notice, or if you would like to change your communication preferences, update or review the personal information we have about you, or withdraw your consent for the collection, use or disclosure of your personal information, please contact us using one of the options below:

1. Customer Profile Form at: https://www-secure.symantec.com/custserv/cgi-bin/cs_privacy_dyn.cgi
2. Customer Support in your country or region – by telephone, e-mail, or regular mail;
3. Through Symantec’s Privacy Department:

Postal Mail
Symantec Corporation – Privacy Lead
350 Ellis Street
PO Box 7011
Mountain View, CA 94043
U.S.A

Telephone: 1 650 527 8000

Email: priv...@symantec.com

12.0 Regional Privacy Notices
Different countries, states, and other entities may require specific notices to be provided, and so, will only apply to you provided you live in the jurisdiction set out in the sub-sections below.

12.1 North America

12.1.1 TRUSTe
Symantec is a licensee of the TRUSTe Privacy Program as noted above, which is applicable solely to North America.

12.1.2 Your California Privacy Rights
Beginning on January 1, 2005, California Civil Code Section 1798.83 permits customers of Symantec who are California residents to request certain information regarding Symantec’s disclosure of personal information to third parties for their direct marketing purposes. To request such information, please contact us using one of the options listed above in section 11.0.

12.2 European Economic Area
In respect to data transfers from the European Economic Area, to the United States or to other countries outside the European Economic Area, Symantec has taken steps to ensure adequate protection for such data transfers in accordance with European and national data protection legislation. For example, Symantec has entered into appropriate data transfer agreements approved by the European Commission to provide adequate protection for data transfers between Symantec entities and between Symantec and third parties located outside the European Economic Area.

12.2.1 Germany: Declaration of Consent

In transferring your information to Symantec, you understand that tour name, postal address, phone number, E-mail address, VAT ID (optional), company name (optional), and information about selected product(s), may be transferred from the vendor Digital River International S.a.r.l. (9b, Boulevard du Prince Henri, L-1724 Luxemburg), the IT-service provider of the vendor Digital River Ireland Limited. (Level 0, Block 4, Westpark, Shannon, Co Clare, Ireland), to the vendor Digital River, Inc., 9625 West 76th Street, Eden Prairie, Minnesota 55344, U.S.A., and to the producer and licensor Symantec Corporation (20300 Stevens Creek Boulevard, Cupertino, California 95014, U.S.A.), Symantec Limited (Ballycoolin Business Park, Blanchardstown, Dublin 15, Ireland) (Billing, Shipping) und Symantec (Deutschland) GmbH (Humboldstrasse 6, D-85609 Aschheim) (German consumer contact and support).

Further your payment details (including credit card number, expiry date, sort code, name and address of bank), and order ID may be transferred to Digital River International S.a.r.l. in Luxemburg, Digital River Ireland Limited in Ireland, and Digital River, Inc. in the United States, and then to Symantec Corporation in the United States and Symantec Limited in Ireland, as well as to Vindicia, Inc. (a Delaware corporation with its principal offices located at 1840 Gateway Drive, Suite 100, San Mateo, California 94404, U.S.A.). Vindicia provides hosting and management services of an automated billing and renewal system and backend infrastructure as part of Symantec’s online system to Symantec Corporation and Symantec Limited.