Last Updated Dec 16, 2019
Personal Information In Context
NetApp collects personal information in a variety of contexts, each of which is defined below. The categories of information, types of information, sources of information and our purposes for collecting, processing, using, and sharing such information is determined based on this context.
- Websites NetApp collects Personal Information through our websites, including, but not limited to, the website or subdomains of www.netapp.com, (e.g., our Communities site, Training site, and Support site) or any website that posts this policy (collectively, the “Sites”). Personal Information collected through a website, but in a different context defined in this Policy, such as the Interactions with Job Applicants Context or Products and Services context, is treated in compliance with the stated context and not the Websites Context.
- Products and Services NetApp collects Personal Information through your use of products and services made available to you by us. This includes hardware, software (including software for mobile devices or “apps”), cloud data services, professional services, and support services.
- Interactions with Job Applicants NetApp collects Personal Information when you apply for a job at jobs.netapp.com, interact with our third-party partners’ (such as LinkedIn) postings of job openings at NetApp, or provide information to our internal or external recruiters via email or web forms.
- Market Research NetApp collects Personal Information from third party service providers for the purpose of market research, product research, and business development.
- Offline When you interact in person with representatives from NetApp, such as at an event we host or participate in or when you place an order over the phone or contact customer service by phone, you may disclose or we may observe or infer Personal Information about you that you did not directly state.
Categories of Types of Personal Information and Types of Information Defined
“Personal Information” is information relating to, directly or indirectly, an identified or identifiable natural person or household. This includes things like your name, postal address, telephone number, and email address, as well as less obvious information, which are included in the following defined categories:
- Individual Identifiers This includes information like your name, email address, physical address, telephone number, login alias, or Other Information that identifies you regardless of your relationship to NetApp.
- Inferences This includes customer profiles, usage preferences, or other information about an individual’s anticipated or assumed actions or behaviors.
- Customer Records This includes information like your company name, job title, account number, customer identifier, or Other Information that relates to you as a customer of NetApp.
- Education information This includes information about your educational history, such as the schools you have attended, the courses of study you followed, the status of any required continuing education for professional licensing, or Other Information relating to your education.
- Commercial Information This includes payment card data, financial account information, account information, records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies, and Other Information necessary to collect and process payment for products and services ordered by the customer.
- Electronic Network Information This includes information like browser and device data, data collected through cookies, pixel tags and other technologies, and Other Information that is generated through your use of the internet to access our websites.
- Geolocation Data This includes information such as your precise location or city, state, county, or country, if you have such geolocation data enabled when using the applicable social media application. For example, if you use Facebook to “Check In” at a NetApp-run event, we can collect that information.
- Audio, electronic, visual, or similar information This includes information that is captured on audio or video recording, such as if a telephone or video call is recorded, or simply observable in such interaction or in an Offline Context.
- Professional and Employment Related Information This includes information about your current or past employers, memberships in professional associations or trade unions, and professional licensing status if you make such information publicly available in the context from which the Personal Information is collected, such as in your publicly available social media accounts, through a resume submitted to us, or by attending a professional event associated with an affinity group.
- Sensitive Information Protected under Law This includes information about your race, religion, gender, gender identity, sexual preference, disability, political preference, trade union membership, philosophical views, marital status, medical or health information, genetic or biometric information, biometric templates, veteran status, background check information, judicial data or information on other judicial or administrative proceedings, or other pieces of information of particularly sensitive nature, if you make such information publicly available in the context from which the Personal Information is collected, such as in your publicly available social media accounts, through a resume submitted to us, or by attending a professional event associated with an affinity group
“Other Information” means any information that does not reveal your specific identity or does not directly relate to an identifiable individual, such as: browser and device data, App usage data, data collected through cookies, pixel tags and other technologies, demographic information and other data provided by you that does not reveal your specific identity, or other types of information that has been aggregated in a manner such that it no longer reveals your specific identity.
Categories of Sources of Information Defined
- Original Sources Information provided by an individual about that individual.
- Customer Sources Information provided about an individual by a customer, such as when one employee of a customer provides information about a colleague in the course of setting up services. For example, a storage administrator for a customer entity may set up administrative accounts for their colleagues that include providing their colleagues’ email addresses and telephone numbers.
- Third Party Sources Information provided by an individual about that individual to third parties, including public postings in third party social media platforms, where the individual has consented to the third party sharing such information with parties such as NetApp, affiliates, joint marketing partners, other business partners, and internet service providers who may provide Electronic Network Information.
- Product Sources Information sent to NetApp by our products because you use our products. NetApp products are defined in our General Terms.
- Services Sources Information sent to NetApp by our services because you use our services. NetApp services are defined in our General Terms.
Sale of Personal Information
Collection, Use, and Disclosure of Personal Information
The following disclosures reflect our treatment of personal information collected in the defined Contexts in which we do business
- Categories and Types of Personal Information We Collect We collect Personal Information about you when you use the Sites, including Individual Identifiers, Customer Records, Inferences, and Electronic Network Information.
- Categories of Sources of Information Personal Information collected in the Website context is collected from Original Sources, Customer Sources, and Third-Party Sources.
Products and Services
NetApp products and services send a variety of information to NetApp in accordance with the product documentation and contracts for sales. This information is classified as follows, and as further defined in the sales contracts:
- Customer Content Any information provided by Customer that NetApp may operate on, where such operation is on the Customer's behalf as part of providing Products or Services.
- Functional Data Data, which does not contain Customer Content, which is generated by NetApp’s providing the Product or Service, and which informs NetApp in the development, deployment, operations, maintenance, and securing of the Product or Service.
- Support Information Information, which is not Customer Content, provided to NetApp by or for a Customer for the purpose of providing technical support pertaining to the Product or Service and/or maintaining a Customer’s Product or Service.
Personal Information may be included in any of these data classifications. However, NetApp only collects Functional Data and Support Information because Functional Data and Support Information are necessary for us to provide the products and services to you. We will process Customer Content in accordance with the applicable service terms, but this data is not specifically collected by NetApp.
Categories and Types of Personal Information We Collect We collect Personal Information about you when you use the Products or Services, including Individual Identifiers, Customer Records, Electronic Network Information, Inferences, and Commercial Information.
Categories of Sources of Personal Information Personal Information collected in the Products and Services context is collected from Original Sources, Customer Sources, Product Sources, Services Sources, and Third-Party Sources.
Categories of Third Parties with Whom We Share Personal Information NetApp uses third-party service providers and subprocessors to provide services on our behalf and may share Personal Information collected by the Products and Services with them to assist them in providing these services. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services. We also may share Personal Information with channel partners or resellers if you inquire about our products or services typically fulfilled through channel partners or resellers. These channel partners or resellers may also use this information to inform you about third-party products or services that may be of interest.
NetApp uses third-party service providers and subprocessors in the provision of the Products and Services.
Third Party Advertisement Personal Information collected through the Products and Services is not used for advertisement purposes.
Categories and Types of Personal Information We Collect We collect Personal Information about you in Social Media context including Individual Identifiers, Customer Records, Inferences, Electronic Network Information, Geolocation Data, Professional and Employment Information, and Sensitive Information Protected under the Law.
Categories of Sources of Information Personal Information collected in the Social Media context is collected from Original Sources, Third-Party Sources, and Customer Sources.
Third Party Advertisement In addition to the third-party advertising companies we use to serve advertisements regarding goods and services that may be of interest to you when you access and use social media, a third-party social media provider may provide further advertising. Please review third party social media privacy policies for their advertisement and privacy policies.
Interactions with Job Applicants
Retention In addition to our standard Retention practices, we keep Personal Information collected in the Interactions with Job Applicants context for a reasonable period to consider you for other relevant openings.
Law Applicable to Job Application The Careers Site allows you to apply for jobs worldwide, as a benefit of NetApp’s centralized global recruitment function. This Careers Site is operated from the United States. Accordingly, any Personal Information you submit to the Careers Site will be collected in the United States and will be subject to U.S. laws. However, if we share your Personal Information with an affiliate located in another country in the Interactions with Job Applicants context, the affiliate will handle your personal information in accordance with this Policy. Any hiring or other employment-related decisions will be made by the hiring affiliate in accordance with the law of the country where the job will be located.
Categories and Types of Personal Information We Collect We collect Personal Information about you when you interact with NetApp or our service providers or contractors in the context of exploring or applying for job openings at jobs.netapp.com, submitting applications for employment, attending job fairs or recruiting events, or otherwise engaging in employment and job application activities with NetApp, including Individual Identifiers, Inferences, Employment Records, Education information, Electronic Network Information, Geolocation Data, audio, electronic, visual, or similar information, Professional and Employment Related Information, and Sensitive Information Protected under Law.
- We will only collect this information where permitted by law.
- If you provide us with Personal Information of a reference or any other individual as part of your application, it is your responsibility to obtain the consent from that individual prior to providing that information to us.
- Providing Personal Information to us through the Careers Site is voluntary. However, if you do not provide sufficient data, NetApp may be unable to consider your employment application or, if you are hired, your subsequent promotion, transfer, or relocation.
- The Careers Site is operated from the United States. Accordingly, any Personal Information you submit to the Careers Site will be collected in the United States.
Categories of Sources of Information Personal Information collected in the Interactions with Job Applicants context is collected from Original Sources and Third-Party Sources.
Purpose for Collecting and Basis for Processing of Personal Information Personal Information collected in the Interactions with Job Applicants context is used soley for the purposes of identifying, evaluating, screening, recruiting, and hiring candidates for employment and for business and commercial purposes ancillary to those purposes.
As discussed below, in certain cases we will ask questions about Sensitive Personal Information Protected under Law for monitoring equal opportunity. We can also inquire about criminal records. We will do so only where permitted by applicable law. Otherwise, we ask that you avoid submitting data which may qualify as Sensitive Personal Information protected under Law, except where such data is legally required.
NetApp is an equal opportunity employer, which means we offer equal treatment to all applicants. NetApp does not discriminate, either directly or indirectly, on legally protected grounds: race, color, sex, gender identity, sexual orientation, nationality, national origin, ethnic origin, religion, beliefs or creed, age, disability, marital status, veteran status, or genetic information in any area or recruitment.
We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose.
Third Party Advertisement NetApp does not use Personal Information collected in the Interactions with Job Applicants context to provide advertisements regarding goods and services.
Categories and Types of Personal Information We Collect We may collect or otherwise observe Personal Information from individuals in the market research context, including Individual Identifiers, Inferences, Employment Records, Education information, Geolocation Data, Audio, electronic, visual, or similar information, Professional and Employment Related Information, and Sensitive Information Protected under Law
Categories of Sources of Information Personal Information collected in the Market Research context is collected from Original Sources, Third-Party Sources, and Customer Sources.
Categories and Types of Personal Information We Collect We may collect or otherwise observe Personal Information from individuals offline, including Individual Identifiers, Inferences, Employment Records, Education information, Geolocation Data, Audio, electronic, visual, or similar information, Professional and Employment Related Information, and Sensitive Information Protected under Law.
Categories of Sources of Information Personal Information collected in the Offline context is collected from Original Sources, Third-Party Sources, and Customer Sources.
Third Party Advertisement We do not use third-party advertising companies to serve advertisements based on Personal Information we collected Offline.
Purpose for Collecting and Basis for Processing Personal Information
Unless otherwise limited by the context in which it was collected, Personal Information collected by NetApp is used for our legitimate business purposes, including:
Accomplishing our business purposes
- For improving the content of the NetApp Platform, for example, by incorporating information that is relevant to our clients;
- For preventing fraud or other illegal activities, such as willful attacks on NetApp information technology systems or the NetApp Platform;
- For data analysis, for example, to improve the efficiency of the NetApp Platform
- For audits, to verify that our internal processes function as intended and address compliance with legal, regulatory or contractual requirements;
- For developing new products and services;
- For enhancing, improving, or modifying our current products and services;
- For identifying usage trends, for example, understanding which parts of the NetApp Platform are of most interest to users;
- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;
- For operating and expanding our business activities, for example, understanding which parts of the NetApp Platform are of most interest to our users so we can focus our energies on meeting our users’ interests.
- For identifying candidates for employment.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
Providing the functionality of the NetApp Platform and fulfilling your requests
- To send administrative information to you, such as changes to our terms, conditions and policies and to notify customers about updates to the NetApp Platform;
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you request to be registered for an event or a NetApp training course;
- To process your orders, and provide you with related customer service;
- To help you manage your Community, Support and/or NOW accounts, at your request;
- To allow you to send messages to another person through the Services if you choose to do so.
Providing you with our newsletter and/or other marketing materials and facilitating social sharing
- To contact you for marketing and sales purposes, including notifications related to product enhancements, warranties, and renewals, that are related specifically to customer needs and interests;
- To contact you about a NetApp offer in support of your business needs or to conduct online surveys to better understand our customers’ needs;
- To facilitate social sharing functionality that you choose to use.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
Analysis of Personal Information for business reporting and providing personalized services
- To analyze or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services;
- To better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests;
- To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.
We will provide personalized services either with your consent or because we have a legitimate interest.
Allowing you to participate in surveys, contests, or other promotions
- To offer you the opportunity to participate in surveys, contests or other promotions. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information.
We use this information to manage our contractual relationship with you.
Aggregating and/or anonymizing Personal Information
- We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose.
Categories of Third Parties with Whom We Share Personal Information
NetApp uses third-party service providers and subprocessors to provide services on our behalf and may share Personal Information with them to assist them in providing these services. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services. We also may share Personal Information with channel partners or resellers if you inquire about our products or services typically fulfilled through channel partners or resellers. These channel partners or resellers may also use this information to inform you about third-party products or services that may be of interest.
If you use communities, blogs, or chat rooms on NetApp Services, you should be aware that any Personal Information you submit there can be read, collected, and used by other users of these forums, and could be used to send you unsolicited messages. You may also elect to disclose Personal Information through your social sharing activity.
How you can access, change or delete your Personal Information
Personal Information may be accessed, changed, or deleted directly by through the context it was collected. For example, Personal Information collected in the Products and Services context can be accessed, changed, or deleted through the features and functionality of the Products and Services, and Personal Information collected in the Interactions with Job Applicants context may be accessed, changed, or deleted through the job application tools. In the event, however, you cannot access, change, or delete Personal Information through the context in which it was collected, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at firstname.lastname@example.org write to us at the address at the end of this document, or via our Site Feedback form. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to respond to your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Information provided until after the completion of such purchase).
We may exempt certain Personal Information from requests pursuant to applicable data protection laws or other laws and regulations.
Third Party Advertisement
Unless otherwise limited by the context in which it was collected, we use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use social media.
You may receive advertisements based on information relating to your access to and use of social media on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. This is in addition to any advertisement that a third-party social media provider may provide. Please review third party social media privacy policies for their advertisement and privacy policies.
Other Uses and Disclosures
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
- To comply with applicable law.
- This can include laws outside your country of residence
- To respond to requests from public and government authorities
- These can include authorities outside your country of residence.
- To cooperate with law enforcement.
- For example, when we respond to law enforcement requests and orders.
- For other legal reasons.
- To enforce our terms and conditions; and
- To protect our rights, privacy, safety or property, and/or that of our subsidiaries, you or others.
- In connection with a sale or business transaction.
- We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) Such third parties may include, for example, an acquiring entity and its advisors.
Collection of Other Information
Communications or Utilization Information
Through your use of telecommunications services to access the NetApp Platform, your communications data (e.g. Internet protocol (“IP”) address) or utilization data (e.g. information on the beginning, end and extent of each access, and information on the telecommunications services you accessed) are technically generated. Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the NetApp Platform, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the NetApp Platform. We may also derive your approximate location and your company from your IP address.
Information Collected Automatically Through Your Browser or Device
When you access the NetApp Platform, we may automatically collect information such as: type of Internet browser and operating system used, domain name of the Web site from which you came, number of visits, average time spent on the site, pages viewed. We use this information to ensure the NetApp Platform function properly, monitor the relevancy of the NetApp Platform and improve their performance or content.
“Cookies” - Information Stored Automatically on Your Computer
A cookie is a piece of Electronic Network Information that is stored on your computer’s hard drive by your Web browser. When you revisit www.netapp.com, our server recognizes the cookie, giving us information about your prior visits. Most browsers accept cookies automatically, but you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you can still use most of the features of the NetApp Platform, including ordering items. We do not currently respond to browser do-not-track signals.
Clear Gifs (Web Beacons, Web Bugs)
Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies
We may use Flash LSOs and other technologies to, among other things, collect and store Electronic Network Information about your use of the NetApp Platform. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also go to the Global Storage Settings Panel and follow the instructions (which may explain, for example, how to delete existing Flash LSOs (referred to as “information”), how to prevent Flash LSOs from being placed on your computer without your being asked, and how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the NetApp Platform to you (for example, for as long as you have an account with us or keep using the NetApp Platform);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
No services on the NetApp Platform are directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under sixteen (16).
NetApp uses reasonable and appropriate technical and organizational security measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Questions and Comments” section below.
Third Party Web Sites and the NetApp Platform
The NetApp Platform may contain links to other Web sites or services. NetApp is not responsible for the privacy, information or other practices of third parties, including any third party operating any website or service to which the NetApp Platform links, or for the content of other Web sites. The inclusion of a link on the NetApp Platform does not imply endorsement of the linked site or service by us or by our subsidiaries.
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the NetApp Platform you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information
If you are located in the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures such as Binding Corporate Rules to protect your Personal Information. You may obtain a copy of these Binding Corporate Rules by viewing them online or by contacting email@example.com
Except as noted in specific contexts, we do not collect and ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the NetApp Platform or otherwise to us.
“Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), if you are a California resident, you may request that we:
- Disclose to you the following information covering the 12 months preceding your request:
- The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
- The specific pieces of Personal Information we collected about you;
- The business or commercial purpose for collecting (if applicable) Personal Information about you; and
- The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
- Delete Personal Information we collected from you
To make a request for the disclosures or deletion described above, please contact us via the Questions and Comments resources. We will respond to your request consistent with applicable law.
You have the right to be free from unlawful discrimination for exercising your rights under the CCPA. We have not sold Personal Information, as “sale” is defined in the CCPA.”
Questions and Comments
1395 Crossman Ave
Sunnyvale, CA 94089
We can be reached via the Web, by telephone at +1 877 263 8277
If you are located in the EEA, you also may lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs