Safe Harbor Privacy Policy

McAfee, Inc. (“McAfee”) respects your concerns about privacy.  McAfee has certified that it abides by the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Personal Data transferred from the European Economic Area (“EEA”) or Switzerland to the United States.  This Policy outlines our general policy and practices for implementing the Safe Harbor privacy principles for Consumer and Employee Personal Data.

For Purposes of This Policy:
“Consumer” means any natural person who is located in the EEA or Switzerland, but excludes any individual acting in his or her capacity as an Employee.

“Customer” means any individual or entity that legally purchases, installs or activates McAfee’s products or services. 

“Employee” means any current, former or prospective employee of McAfee or any of its European affiliates, who is located in the EEA or Switzerland.

“Personal Data” means any information that (i) is transferred to McAfee in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer or Employee, and (iv) can be linked to that individual.

“Sensitive Personal Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

McAfee’s Safe Harbor certification can be found at http://safeharbor.export.gov/companyinfo.aspx?id=12498.  For more information about the Safe Harbor principles, please visit http://www.export.gov/safeharbor.  For more information about McAfee’s processing of Personal Data about Consumers, please visit McAfee’s Privacy Notice. For more information about McAfee’s processing of Personal Data about Employees, please see McAfee’s Employee Data Privacy Policy - EMEA, which is available on the McAfee Intranet and from the Privacy Office.

How McAfee Obtains Personal Data
McAfee obtains Consumer Personal Data in connection with various activities, such as (i) maintaining its Consumer relationships, (ii) operating its websites, and (iii) providing and administering its products and services.  McAfee’s license agreements with its Customers require McAfee’s Customers to comply with applicable national law governing the collection, use and other processing of Consumer Personal Data.  Together with its Customers, McAfee seeks to ensure that Consumer Personal Data are protected in accordance with the Safe Harbor privacy principles, as described in this Policy.

McAfee obtains and processes Personal Data about its Employees in connection with various activities, such as (i) carrying out and supporting its human resources functions and activities, (ii) carrying out its obligations under employment contracts and employment and benefits laws, (iii) administering Employee participation in benefits, compensation and human resources plans and programs, (iv) managing Employee performance, (v) implementing compliance and discipline procedures, and investigating and reporting on Employee compliance and discipline, and (vi) complying with legal obligations, carrying out investigations and for internal administrative purposes.  McAfee processes Sensitive Personal Data about its Employees to the extent necessary or appropriate for compliance with relevant legal or contractual obligations, including managing attendance, Employee records and Employee benefits.  

McAfee’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the Safe Harbor principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.

Notice
McAfee provides information in its Privacy Notice regarding its Consumer Personal Data practices, including the purposes for which McAfee collects and uses Consumer Personal Data, and also in privacy notices pertaining to specific processing activities.  For products or services obtained by McAfee Customers, McAfee informs its Customers that they may be responsible for providing appropriate notice to Consumers whose Personal Data are transferred to the U.S. 

McAfee notifies Employees about the purposes for which it collects and uses Employee Personal Data, the types of third parties to whom McAfee discloses the Personal Data, the choices Employees have for limiting the use and disclosure of their Personal Data, and how to contact McAfee about its practices concerning Personal Data.  Information regarding McAfee’s Employee Personal Data practices is contained in McAfee’s Employee Data Privacy Policy - EMEA, which is available on the McAfee Intranet and from the Privacy Office.  Relevant information also may be found in privacy notices pertaining to specific processing activities. 

Choice
In circumstances in which McAfee collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether McAfee may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information originally was collected or subsequently authorized by the individual.  Employees have the opportunity to make the same choices, subject to applicable law.  Consumers and Employees may contact McAfee as indicated below regarding the company’s use or disclosure of their Personal Data.   

In circumstances in which McAfee maintains Personal Data about Consumers with whom McAfee does not have a direct relationship because McAfee obtained or maintains the Consumers’ data as an agent for its Customers, McAfee informs its Customers that they are responsible for providing the relevant individuals with a choice as to whether their Personal Data may be disclosed by McAfee to certain third parties or used for a purpose that is incompatible with the purpose for which the information originally was collected or subsequently authorized by the individual. 

McAfee may disclose Personal Data without offering an opportunity to opt out (i) if it is required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, or (iii) when McAfee believes disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss or in connection with an investigation of suspected or actual illegal activity.  McAfee also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets.  Should such a sale or transfer occur, McAfee will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with McAfee’s privacy policies.

Onward Transfer of Personal Data
McAfee may share Consumer Personal Data with the types of third parties identified in the “Information We Share” section of McAfee’s Privacy Notice. The Employee Data Privacy Policy - EMEA, which is available on the McAfee Intranet and from the McAfee Privacy Office, describes the sharing of Employee Personal Data.  McAfee requires third parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Safe Harbor principles. 

Access
Where appropriate, McAfee provides Consumers and Employees with reasonable access to the Personal Data McAfee maintains about them.  McAfee also provides a reasonable opportunity for Consumers and Employees to correct, amend or delete that information where it is inaccurate.  McAfee may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles.  Consumers and Employees may request access to their Personal Data by contacting McAfee as indicated below.

In circumstances in which McAfee maintains Personal Data about Consumers with whom McAfee does not have a direct relationship because McAfee obtained or maintains the Consumers’ data as an agent for its Customers, McAfee informs its Customers that they are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate.  In these circumstances, Consumers should direct their questions to the appropriate McAfee Customer.  McAfee requires these Customers to establish appropriate procedures for handling requests by Consumers for access to and correction and deletion of Personal Data.  When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, McAfee will provide reasonable assistance in forwarding the individual’s request to the Customer.

Security
McAfee takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity
McAfee takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current.  McAfee depends on its Consumers, Customers and Employees to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals.  Consumers and Employees may contact McAfee as indicated below to request that McAfee update or correct their Personal Data.

In addition, McAfee informs its relevant Customers that they are responsible for taking reasonable steps to ensure that the Consumer Personal Data they process are reliable for their intended use and are accurate, complete and current.

Enforcement and Oversight
McAfee has established procedures for periodically verifying implementation of and compliance with the Safe Harbor principles.  McAfee conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the company’s privacy practices have been implemented as represented.

Consumers and Employees may file a complaint concerning McAfee’s processing of their Personal Data with McAfee’s Privacy Office, whose contact information is below.  McAfee will take steps to remedy any issues arising out of a failure to comply with the Safe Harbor principles.  Please contact McAfee as specified below to address any complaints regarding the company’s Personal Data practices. 

If a Consumer complaint cannot be resolved through McAfee's internal processes, McAfee will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at www.jamsadr.com/international-mediation-rules

JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules. The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Data of the Consumer who has brought the complaint. McAfee will assume the costs of the administrative fees if the mediator makes a written recommendation that finds McAfee in breach of its duties pursuant to the Safe Harbor. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over McAfee.

In circumstances in which McAfee maintains Personal Data about Consumers with whom McAfee does not have a direct relationship because McAfee obtained or maintains the Consumers’ data as an agent for its Customers, Consumers may submit complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer’s dispute resolution process.  McAfee will participate in this process at the request of the Customer or the Consumer.  If the issue cannot be resolved through the Customer’s internal dispute resolution mechanism, the Consumer may submit the complaint to the relevant data protection authority in the EU or Switzerland.

If an Employee complaint cannot be resolved through McAfee’s internal processes, McAfee will cooperate with the relevant EU or Swiss data protection authorities, as appropriate.

How to Contact McAfee
To contact McAfee about questions or concerns about this Safe Harbor Privacy Policy or McAfee’s practices concerning Personal Data:

Write to:

Privacy Office
c/o McAfee Legal Affairs
McAfee, Inc.
5000 Headquarters Drive
Plano, TX 75024
United States

Go to our online Privacy Feedback form http://home.mcafee.com/supportpages/privacyFeedback.aspx