NetApp's privacy principles
NetApp’s eight privacy principles are based on our core values, set out in our Code of Conduct. For years, they’ve been stated in our internal documentation and training. NetApp has also aligned them with principles set forth by the OECD and the GDPR, and we commit to these privacy principles in our Binding Corporate Rules.
Purpose specification and use limitation
Collection limitation and data minimization
NetApp implements policies, processes, and playbooks to ensure that the personal information collected is limited to that which is necessary to meet the specified purposes. This includes privacy-by-design reviews of data collection and use practices, records-retention and handling policies, global corporate training on the protection of personal information, and technical and organizational processes designed to restrict unauthorized processing of personal information.
NetApp maintains policies and systems designed to ensure that reasonable steps are taken to help maintain the accuracy and completeness of all personal information. We offer self-service tools that our employees, customers, stakeholders, and partners can use to correct data about themselves, as well as email and telephone support (1-877-263-8277) where self-service is not available.
NetApp maintains technical, administrative, and organizational measures designed to prevent accidental destruction, loss, alteration, and protect against unlawful processing of and unauthorized access to personal information. These include designing and implementing security safeguards that are appropriate for the nature of the personal information in a system and the harm that could occur if the system were breached. These measures include a detailed incident response policy and procedure designed to promptly respond to and notify individuals of breaches of personal data. These processes may be included and documented in our third-party compliance certifications.
Openness and transparency
Our commitment to openness goes beyond transparent publication of our business practices. It is also rooted in our corporate values of trust and integrity. Candor, honesty, and respect for the individual are core to our values, as expressed in the NetApp Code of Conduct. Openness in our treatment of personal information is one of the many ways in which we embody these values.
NetApp recognizes and respects individuals’ rights to participate in decisions about how their data is used and processed. Our commitment to individual participation is demonstrated in our self-service centers so that individuals can correct their data, and through multiple means of contact so that individuals can exercise their rights. It is also demonstrated in our privacy-by-design principles to help ensure that individual requests can be responded to appropriately and in a timely manner. The value we place on adaptability—our ability to evolve as global laws develop on the subject of individual participation rights—further testifies to this commitment.
All these principles would collapse without accountability for compliance. NetApp demonstrates our commitment to be accountable for protecting personal information through our Code of Conduct and global team of privacy specialists. Every employee at NetApp—all the way up to the CEO and the board of directors—is trained and held accountable for their role in protecting the personal information we control or process. We provide training and resources for our employees through our network of specialists, including our data protection officer in Europe and our chief privacy officer, who is responsible to our general counsel and board of directors.