Effective January 1, 2020
Additional privacy information may be provided in offer descriptions, contractual terms, supplemental privacy statements or notices provided prior to or at the time of data collection. Certain Broadcom products and services may have additional specific privacy notices. In case of conflict, such specific privacy notices shall derogate from this general policy.
What Information Do We Collect About You and Why?
We may ask you to provide us with Personal Data about yourself in order to provide services to you. If you choose not to provide Personal Data that we have asked for, it may delay or prevent us from providing services to you. “Personal Data” means any information relating to an identified or identifiable individual (including “Personal Information” in the meaning of the California Consumer Privacy Act, “CCPA”, as defined in Subdivision (o) of the California Civil Code § 1798.140) We may collect the following different categories of Personal Data about you:
Personal Data may be required to determine access eligibility for certain restricted parts of our Site or services. Personal Data about you collected on-line may be combined with information provided off-line or collected from trusted third party sources.
Information We Collect Directly From You or a Third Party. We collect Personal Data about you when you visit our website (“Site”), register or subscribe for our services, order our products or services, create an account on our Site, request marketing or publications to be sent to you, give us feedback on our services or our Site. We also may collect Personal Data about you from third party sources, such as someone authorized by you to act on your behalf, third party services that you use that utilize or interact with our services, or where Personal Data has been provided by you at an event. We may also collect your Personal Data from other sources as and when permitted by applicable laws, such as public databases, joint marketing partners, and social media platforms.
How Do We Use Your Information?
We use the information collected about you as appropriate and relevant for the following commercial purposes:
We use the information collected about you as appropriate and relevant for the following business purposes:
We will only process any special categories of Personal Data (“Sensitive Personal Data”) relating to you for specific purposes outlined above or in relevant supplemental notices, because either: 1. You have given us your explicit consent to process that information; or 2. The processing is necessary to carry out our obligations under employment, social security or social protection law; 3. The processing is necessary for the establishment, exercise or defense of legal claims; or 4. You have made the information public.
Legal Basis of Processing
In order to collect, use and otherwise process your Personal Data for the above listed commercial and business purposes, we may rely on the following legal bases as appropriate and relevant in the specific context:
If you have any questions or would like more information regarding the legal basis on which we collect your Personal Data, please review the supplemental privacy notice(s) of the products or services concerned, or contact us as explained below.
Processing Of Personal Data For The Purposes Of Fraud Prevention And Network and Information Security
On the basis of legitimate interest, we process Personal Data for fraud prevention and network and information security purposes. Pursuant to the EU General Data Protection Regulation (“GDPR”), organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of preventing fraud and ensuring network and information security. According to the GDPR, network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.
Both as an organization in our own right, and as a provider of payment security services and cybersecurity technologies and services, it is in our legitimate interests as well as in our customers’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of preventing “Fraudulent Payment Transactions” and ensuring the security of our own, and of our customers’ payment transactions and information networks and systems. This includes the development of payment transaction records and of threat intelligence resources aimed at maintaining and improving on an ongoing basis our ability to detect Fraudulent Payment Transactions, and the ability of networks and systems to resist unlawful or malicious actions and other harmful events affecting information networks and systems (“Cyber-Threats”).
The Personal Data we process for the prevention of Fraudulent Payment Transactions include, without limitation:
The Personal Data we process for network and information security purposes include, without limitation, network traffic data related to Cyber-Threats such as:
Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting and mitigating the Fraudulent Payment Transaction or Cyber-Threat of concern to you, and to all organizations relying on our products and services to secure their payment transactions, and information networks and systems. When processing Personal Data in this context, we will only seek to identify data subjects:
If you believe that your Personal Data was unduly collected or is unduly processed by Broadcom for such purposes, please refer to the “Your Rights” and “Contact Us” sections below. Please be aware that if it is determined that Personal Data concerning you is processed by Broadcom because it is critical for the prevention of Fraudulent Payment Transactions, or the detection, blocking or mitigation of Cyber-Threats, then in certain cases the legitimate interest to pursue such processing may be compelling enough to override access, objection, rectification or erasure requests related to the data concerned.
Automated Individual Decision-Making And Profiling
Where Broadcom processes payment transaction security or network traffic data for the purpose of fraud prevention, respectively network and information security, automated decisions concerning particular payment transactions or cyber events may occasionally be made. This could involve in particular assigning relative payment fraud risk, respectively cybersecurity risk scores to ongoing or recent payment transactions, information network activities or system behaviors. Such automatically-assigned risk scores may be leveraged by you, by Broadcom, by our partners and by other customers to detect, block and mitigate the detected Fraudulent Payment Transaction or Cyber-Threat. They could therefore result in our products and services blocking payment transactions deemed to be fraudulent, halting network traffic coming from or going to suspected or known malicious addresses. Such processing is not intended to produce any other effect than protecting you, Broadcom, our partners and our other customers from fraudulent payment transactions, respectively Cyber-Threats. Should you nevertheless consider that such automated processing is unduly affecting you in a significant way, please contact directly the relevant data controller whose use of our products and services is thus impacting you. In case that data controller is Broadcom, please refer to the “Your Privacy Rights” and “Contact Us” sections of this Policy to raise your concerns and to seek our help in finding a satisfactory solution.
With Whom Do We Share Your Information And Why?
Broadcom does not sell your personal information. We only share your information as described in this Policy. Broadcom processes your information for the purposes described in this policy, which include the above-listed commercial and business purposes in the meaning of the CCPA (see the “How Do We Use Your Information?” section above). We may share Personal Data collected about you as follows:
Broadcom Users. Your user name and any information that you post to our Site, including, without limitation, reviews, comments, pictures and text will be available to, and searchable by, all users of the Site.
Affiliates or Subsidiaries. Data we collect from you may be shared with our affiliates or subsidiaries.
Unaffiliated Third Parties. Certain data about you may be shared with select resellers and/or distributors, particularly if you or your company have purchased through a third party before.
Service Providers. Data we collect from you may be disclosed to third party vendors, service providers, contractors or agents who perform functions on our behalf. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research, or similar purposes.
Business Transfers. ata we have collected from you may be transferred to another company as part of a merger or acquisition by that company.
Legal Obligations and Rights. We may disclose your Personal Data to any legally entitled recipients: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of Broadcom or its employees; or (v) as otherwise permitted by applicable law.
If we disclose your Personal Data, to the extent reasonably practicable and permissible, we will require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
What About Links To Other Websites?
Our Site and services may contain links to third party websites for your convenience. Any access to and use of such linked websites will cause you to leave the Site. Third party websites, even if potentially serving content co-branded by Broadcom, are not governed by this Policy, but instead are governed by their own privacy statements/policies. We recommend that you check the privacy statements/policies of every third party website you visit before providing any Personal Data. We do not control those third party websites and are not responsible for their content or their privacy policies. Thus, we do not endorse or make any legal representations about them. If you decide to access any of the third party websites linked to our Site, you do so entirely at your own risk.
How Do We Secure Your Personal Data?
We have implemented administrative, technical, physical, electronic, and managerial procedures to safeguard and secure the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction and to help maintain data accuracy and ensure that your Personal Data is used appropriately. Broadcom has an internal Global Customer Privacy Program. Its charter is to ensure appropriate privacy processes are in place in order to meet the practices outlined herein. Where Personal Data is processed by service providers on behalf of Broadcom, we take steps to require those vendors to also comply with applicable data protection laws.
How Long Do We Retain Your Personal Data?
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Policy and/or in applicable supplemental notices, unless a longer retention period is required by law.
Depending on where you live, you may have the following rights described below with respect to your Personal Data. In particular if the California Consumer Privacy Act (CCPA) applies to your information, we provide these disclosures and the tools described in this Policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information. To exercise your rights, you may:
Email and Marketing. In most instances, we give you options with regard to the Personal Data you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of marketing emails; or (ii) checking certain boxes on our preference center which can also be found on certain forms we use to collect Personal Data.
Access. You may request information regarding Personal Data that we collect and hold about you and the source(s) of that information. To access your Personal Data, return to the product, service or web page where you originally entered it and follow the instructions in your user interface or on that web page. If you cannot access your information in this way, please submit your request through the appropriate Request Intake Portal indicated above. If none of these options applies, please contact us as described in the “How Can You Contact Us?” section below.
Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages particularly of the Site for a limited period of time. If you request a change to or deletion of your Personal Data, please note that we may still need to retain certain information for record-keeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.
You can request a copy of any Personal Data we hold about you, and of which you don’t already have a copy. This service is usually free of charge, although we have the right to charge a ‘reasonable fee’ in some circumstances;
Rectification. You have the right to request that we rectify any inaccuracies in relation to the Personal Data we hold about you;
Erasure. In some circumstances, you have the right to request the erasure of your Personal Data or object to the further processing of your information;
Restriction of Processing. In some circumstances, you have the right to require us to restrict processing of your Personal Data;
Objection. You have the right to object to any direct marketing or to other processing of your Personal Data based on our or on third parties’ legitimate interests, unless such interests are compelling enough to override your objection;
Not to be discriminated against for exercising any of your other privacy rights. You may exercise any of your rights in this section without us discriminating against you in any way. Note however that you may be subject to differentiated treatment if and to the extent that the exercise of your rights materially impacts our ability to provide certain services to you (e.g. if you request the deletion of your account information or access credentials, then we may no longer be able to grant you access to restricted areas of our websites). Such differentiated treatment is objectively justified and does not constitute discrimination.
Withdraw Consent. You have the right to withdraw consent to us processing your Personal Data. This will not affect the processing already carried out with your consent;
Not to be subject to decisions based on automated processing. In some circumstances, you have the right not to be subject to decisions based solely on automated processing, and to obtain the human review of any such decisions that significantly affect you (please refer to the earlier section on automated decision making); and
Complain. You have the right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach our supervisory authority so please contact us in the first instance.
Our Supervisory Authorities. We are a business that operates various activities across a number of jurisdictions in the EU.
If your concern relates to Personal Data processing operations of Broadcom’s Symantec Enterprise Division, please contact the Irish Data Protection Commission (“DPC”) at https://forms.dataprotection.ie/contact.
What Choices Do You Have Regarding Our Use Of Your Personal Data?
We will not use or share your Personal Data in ways unrelated to the ones described above without first notifying you and offering a choice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your Personal Data without your knowledge or consent where it is required, or to the extent it is permitted by law.
We will also provide you the opportunity to let us know if you wish to opt out at any time of certain or all contact from us, and we will do our utmost reasonably to honor such requests. This choice will be offered at the bottom of our on-line or off-line communications to you as well as on many of our web registration pages. If you have any difficulty exercising your choices, please contact us.
How Can You Contact Us?
You may exercise your access rights as described in the “Your Rights” section above, as well as by visiting our Data Subject Request Intake portals referenced above.
Californian Consumers may also submit their requests over the phone by calling the following toll-free number: +1 (888) 914-9661 and providing the following PIN: 904 474.
We have also appointed a Global Privacy Officer who is responsible for matters relating to privacy and data protection. If you have questions or concerns about this Policy, or the privacy practices relating to our Site or services or wish to contact our Global Privacy Officer, please contact us using the details below:
Company name: Broadcom Inc.
Email address: data.privacy (at) broadcom.com
Postal address: 1320 Ridder Park Drive, San Jose, CA 95131
EU residents may also lodge a complaint with the data protection authority in the EU member state where they live, work or where an alleged infringement of applicable data protection law occurred.
What About Children?
We do not knowingly collect Personal Data relating to children. If you believe that we may have collected Personal Data from someone under the age of thirteen (13), or under the applicable age of consent in your country, without parental consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
What About Californian “Shine the Light” Privacy Rights?
California law, under California Civil Code Section 1798.83 (known as the "Shine the Light" law), permits our established customers who are California residents to request information regarding the manner in which it shares certain categories of your Personal Data with third parties, for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to Broadcom at its designated address and receive the following information:
You are entitled to receive a copy of this information up to one request per calendar year in a standardized format and the information will not be specific to you individually. Broadcom’s designated email address for such requests is the one indicated in the contact details above. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please allow up to thirty (30) days for a response.
How Are Cross-Border Transfers of Data Performed?
Subject to your permission or as permitted by law, the Personal Data that you provide to us may be transferred within Broadcom across state or country borders. This may be done to consolidate data storage or to simplify the management of customer information. We have adopted globally recognized privacy principles and only collect and/or share your Personal Data to the extent it is necessary to conduct business and perform requested services. Broadcom in the United States and service providers comply with applicable legal requirements providing for adequate protection of Personal Data transferred to countries outside of the EEA and Switzerland.
In certain cases, where Personal Data originating from the European Economic Area is transferred to countries that are not recognized by the European Commission as offering an adequate level of Personal Data protection, such transfers are covered by alternate appropriate safeguards, specifically standard data protection clauses adopted by the European Commission. If applicable to you, you may obtain copies of such safeguards by contacting us.
EU-U.S. And Swiss-US Privacy Shield
We are responsible for the processing of Personal Data that we receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We remain liable for onward transfers of Personal Data to third parties who process Personal Data on our behalf in a manner that is inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event(s) giving rise to the damage.
Pursuant to the Privacy Shield Frameworks, if you are an EU, UK or Swiss individual, you have the right to request access to your Personal Data and limit the use and disclosure of your Personal Data (please also see above). Please direct your query to the email address indicated in the “How Can You Contact Us?” section above, and we will respond within a reasonable timeframe.
We are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks. We may be required, in certain circumstances, to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We commit to resolve complaints about our collection or use of your Personal Data under the Privacy Shield Frameworks. If you have a complaint about our use of your Personal Data under either Privacy Shield Framework, you should first contact us at the email address indicated in the “How Can You Contact Us?” section above. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at BBB EU Privacy Shield. If you do not receive timely acknowledgement of your complaint from us or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If neither Broadcom nor BBB EU Privacy Shield resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If your complaint involves human resources data transferred to the United States from the EU, the UK and/or Switzerland in the context of the employment relationship, and we do not address it satisfactorily, we commit to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or Commissioner, as applicable, with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Contact details for the UK data protection authority can be found at https://ico.org.uk/. Contact details for the Swiss data protection authority can be found at https://www.edoeb.admin.ch/. Complaints related to human resources data should not be addressed to BBB EU Privacy Shield.