Scribd
Upload
103 views

Cloud Data Protection CDP Transparency Notice en

Cloud Data Protection is an on-premise solution that identifies and replaces sensitive customer data with encrypted or tokenized values when transmitted through SaaS applications. The customer controls the product and its logs, and is the controller of any customer data, while Symantec only acts as a processor if logs are transmitted for troubleshooting. The product does not collect or process special categories of personal data but can tokenize any data defined by the customer.

Uploaded by

amit mittal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
103 views

Cloud Data Protection CDP Transparency Notice en

Cloud Data Protection is an on-premise solution that identifies and replaces sensitive customer data with encrypted or tokenized values when transmitted through SaaS applications. The customer controls the product and its logs, and is the controller of any customer data, while Symantec only acts as a processor if logs are transmitted for troubleshooting. The product does not collect or process special categories of personal data but can tokenize any data defined by the customer.

Uploaded by

amit mittal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Product Transparency Notice

For any queries, please contact privacyteam@symantec.com

Cloud Data Protection (CDP)

This Privacy Transparency Notice describes how Cloud Data Protection (CDP) (“Product”) collects
and processes Personal Data. Its purpose is to provide You (our current or prospective
“Customer”) the information You need to assess the Personal Data processing that is involved in
using the Product.

1. Product Description
Cloud Data Protection is a server solution deployed onsite within a customer's network, designed
to identify sensitive data (as defined by a customer policy) transacted by the customer when using
a SaaS application, and replace such data with encrypted or tokenized values as a real-time, inline
capability.
Further information about the Product is available at:
https://www.symantec.com/products/cloud-data-protection-security

2. Personal Data Collection And Processing


Sources of Data
CDP does not collect data from CDP customers. Symantec customers may - through the course of
a troubleshooting engagement with Symantec Customer Support - transmit application logs
manually for the purpose of issue resolution. This is beyond the scope of product operation.
Respective Roles of Symantec and Customer
With respect to Personal Data collected by the Product during its use, the customer is the
controller. The use of the Product does not involve Symantec as a data processor, except as may
regard application logs transmitted manually by the customer to Symantec Customer Support for
troubleshooting purposes. With respect to any Personal Data transmitted from the customer to
Symantec for this purpose, the customer is the controller, and your Symantec contracting entity
as specified in Your applicable Agreement (“Symantec”) acts as a processor. The rights and
obligations of both parties with respect to Personal Data processing are defined in the applicable
Data Processing Addendum available on the Symantec Privacy - GDPR Portal.
Personal Data Elements Collected and Processed, Data Subjects, Purpose of Processing

Personal Data Category Data Subject Category Purpose Of Processing


Individual identifiers (names, Customer employees and Product operation logging
usernames) and network contractors
activity data (session logs,
traffic data)
Any Personal Data which the Any individual whose Tokenization
customer decides to tokenize Personal Data the customers
using the Product decides to tokenize using the
Product

Document Version 1.1


Date of issue: May 12, 2018
Privacy Transparency Notice Cloud Data Protection (CDP)

The Product does not need and is not meant to collect or process any Special Categories of
Personal Data for its operation. It is however suitable for the enhanced protection of such data by
applying customer-defined tokenization policies to such data.
Personal Data Retention Schedule
The customer has full control over the product’s logging rollover configuration and can define size
of log file(s) and number of archived versions to retain. As regards any Personal Data transmitted
by the Customer to Symantec, for the duration of the contractual relationship with the Customer,
Personal Data is retained as described in the applicable product description. After the expiry or
termination of the contractual relationship, Personal Data is decommissioned except where its
retention is required by applicable law, in which case Personal Data covered by such requirement
will be further retained for the legally prescribed period.

3. Disclosure and International Transfer of Personal Data


Recipients of Personal Data
Symantec will send Personal Data to internal recipients (affiliated Symantec entities) and, if
applicable, external recipients (third party sub-processors), in the facilitation or provision of the
Product. The list of Symantec affiliated entities and their geographical locations are available on
the Symantec Privacy - GDPR Portal.
Third-Party Sub-Processors
No third-party sub-processor is involved in delivering the Product.
International Transfers of Personal Data
As regards any Personal Data transmitted by the Customer to Symantec, You are advised that
Symantec and its affiliated entities will transfer Personal Data to locations outside of the European
Economic Area, including potentially to external recipients, on the basis of European Commission
Decision C(2010)593 on Standard Contractual Clauses (processors), or of any alternate, legally
permitted means.

4. Exercise Of Data Subject Rights


The customer can delete system logs at any time. Further, pursuant to the applicable Data
Processing Addendum, and to the extent possible taking into account the nature of the
processing, Symantec will assist the Customer, insofar as this is feasible, with the fulfillment of the
Customer’s obligation to respond to requests for exercising Data Subjects’ rights such as the rights
of access, rectification, deletion and objection laid down in Chapter III of the EU General Data
Protection Regulation (GDPR).

5. Information Security
Technical and Organizational Measures
It is Symantec’s and all of its affiliated entities’ commitment to implement, and contractually
require all sub-processors to implement, appropriate technical and organizational measures to
ensure an appropriate level of security, taking into account the state of the art, the costs of
implementation and the nature, scope, context and purposes of processing as well as the risk for
the rights and freedoms of Data Subjects. Additional security documentation is available on the
Symantec Customer Trust Portal.

This notice is the sole authoritative statement relating to the Personal Data processing activities
associated with the use of this Product. It supersedes any prior Symantec communication or
documentation relating thereto.

Document Version 1.1


Date of issue: May 12, 2018

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy