Effective: October 28, 2016

Purpose and Scope

This Privacy Notice explains what data Symantec collects or processes from You and what we do with this data when You use Symantec Endpoint Protection, and applies to data collected through or related to your use of the Symantec Endpoint Protection. Unless otherwise specified, this Privacy Notice does not apply to any other products/services or to data collected in any other way (online or offline) or for any other purpose.

Automatically Collected and Transmitted Information ("Transmitted Information")

Symantec Endpoint Protection collects from Your environment, and automatically transmits to Symantec, data, which may include, without limitation:

• Software configuration, product details and installation status
• License status, license entitlement information, license ID and license usage
• Device name, type, OS version, language, location, browser type and version, IP address and ID
• Device hardware, software and application inventory
• Application and database access configurations, policy requirements and policy compliance status, and application exception and workflow failure logs
• Information associated with possible threats including: client security event information, IP address, User ID (e.g., SID or username), path, device information such as device name and status, files downloaded, file actions
• File and application reputation information including file downloads, actions and executing application information, and malware submissions
• Application exception and workflow failure logs
• Personal information provided during configuration of the Service or any other subsequent service call.
• Licensing information such as name, version, language and licensing entitlement data
• Usage of protection technologies included in SEP
• Information that describes the configuration of SEP, such as operating system information, server hardware and software configuration specifics, CPU name, memory size, software version and features for installed packages
• Information on potential security risks, portable executable files and files with executable content that are identified as malware which may contain personal information, including information on the actions taken by such files at the time of installation
• Information related to network activity including URLs accessed and aggregate information on network connections (e.g., hostname, IP addresses and statistical info on a network connection)
• Status information regarding installation and operation of SEP, which may contain personal information only if such information is included in the name or file folder encountered by SEP at the time of installation or error, and indicates to Symantec whether installation of SEP was successfully completed, as well as whether SEP has encountered an error: and/or
• Anonymous general, statistical and status information.

SEP utilizes the LiveUpdate functionality. For information about the LiveUpdate functionality, please refer to the LiveUpdate Privacy Notice.

Transmission of certain of the above Transmitted Information may be deactivated during and after installation by following the instructions in the documentation for SEP. Submission of the Transmitted Information is not required and You will be able to use SEP even if You do not submit the Transmitted Information to Symantec.

For purposes of this Privacy Statement, "personal information" means information that can be used to reasonably identify an individual. We may also collect your personal information when you contact us about any Symantec product or service, such as for technical support.

Automatically Collected and Stored Data ("Stored Data")

Symantec Endpoint Protection collects from Your environment, and stores in Your environment, data, which may include, without limitation:

• IP address
• Domain name, user name and host name
• BIOS name and version
• Encrypted passwords
• Email Addresses
• Endpoint machine/device names
• Network domain names; and/or
• Conviction metadata as per the above.

The above Stored Data is used to enable the functionality of Symantec Endpoint Protection, and is not transmitted back to Symantec.

How We Use Your Transmitted Data or Personal Information (collectively, "Information")

Transmitted Information may be used as follows:

• Enabling and optimizing the performance of Symantec Endpoint Protection
• Limiting damage done by installed malwar
• Providing support or debugging assistance
• Sending you or others promotional information, in accordance with Your permission, as required by applicable law
• Deriving statistics from your data to track and publish reports on security risks/trends
• Research and development, such as improving Symantec's products or services (e.g., to better protect you, such as by using data analytics to protect your network/data)
• License administration
• Combating fraud or any other criminal activity
• For any other purpose with your consent
• Improving the detection of malware
• File sample analysis to discover advanced malware; and/or
• Statistical analysis of product deployment and usage, including analysis of trends and comparisons in our aggregated install base.

How We Transfer, Store and Disclose Your Transmitted Information

We are a global organization and may transfer your Information to other countries, including countries that may have less protective data protection laws than the country in which You are located (including the European Union). For the purposes described in this privacy statement, Your Information (i) may be stored and processed manually and/or electronically through global systems and tools, (ii) may be disclosed to vendors or third parties that process data on behalf of Symantec, (iii) may be disclosed in connection with any proposed or actual sale or other transfer of some or all assets of Symantec in the event of a reorganization, merger, acquisition, or sale of our assets; and/or (iv) may be disclosed as otherwise permitted by You.

To promote research, awareness, detection or prevention of security risks, Symantec may disclose Information to relevant public and private entities such as cybersecurity research organizations and security software vendors. In such cases, we will endeavor to anonymize such information or to minimize any personal information in it to the extent reasonably possible without defeating purposes of security risk research, awareness, detection or prevention.

Subject to applicable laws, Symantec reserves the right to cooperate with any legal process, or any law enforcement or other government inquiry, related to Your use of Symantec Endpoint Protection including disclosing Information if relevant to a court subpoena or to a law enforcement or other government investigation, or as otherwise required by our legal obligations.

How We Protect Your Information

To protect Information, we have taken reasonable and appropriate administrative, technical, organizational and physical security and risk management measures, in accordance with applicable laws.

Your Obligation to Personal Information

It is Your responsibility to ensure that any disclosure by You to Symantec of personal information of Your users or third parties is in compliance with applicable privacy and data security laws, including informing users and third parties that You are providing their personal information to Symantec, informing them of how it will be transferred, used or processed, and gathering appropriate consents and other legal measures required for such transfer, use or processing.

Data Access

Under certain circumstances, You may be able to request to access, update, correct or remove personal information we have about You. We may retain certain Information if necessary to prevent fraud or future abuse, or as otherwise required or permitted by law.

Contact Us

Please contact us at [email protected] if you have any questions.

Changes To This Privacy Notice

We reserve the right to revise or modify this Privacy Notice, and will note the date of its most recent revision above. If we make significant changes to this Privacy Notice, and where required by applicable law, we will either notify You either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification.