Introduction
Last Updated: March 6, 2026
Welcome to our privacy center. We are Gen™, a family of trusted brands built for the next generation of digital life.
At Gen, our mission is to create innovative and easy-to-use technology solutions that help people grow, manage, and secure their digital and financial lives.
While doing this, we always keep in mind that protecting your privacy must remain our priority. We want you to understand what information we collect and how we use it and share it. To get a full understanding, you should review this General Privacy Notice (this “Notice”), which includes information broadly applicable across all our brands and products, and brand-specific or product-specific privacy notices for any brands with which you have an account or relationship. To navigate to our brand privacy center for brand-specific privacy information, click the brand icon below.
General Privacy Notice
This Notice applies to the Gen services, products, content, websites, apps and tools (our “Services”) that link to or reference this Notice.
It is intended for you if you are a user of our products and services. If you are a business partner, please reach out to your Gen business contact for more information regarding the processing of your data. If you are applying for a job position, you can find relevant privacy information in our Applicants Privacy Notice.
This Notice applies only to the services offered by Gen Digital and its subsidiaries and affiliates. The services may contain links to other websites not operated or controlled by us (the “Third-Party Sites”). The policies and procedures we describe here do not apply to the Third-Party Sites. The links from the services do not imply that we endorse or have reviewed the Third-Party Sites. We suggest reviewing the privacy notices on those sites and contacting those sites directly for more information on their privacy practices.
Highlights
Here are some important categories of information you should know we process:
- Information collected through our Services including files, messages and URLs analyzed for potential security and privacy threats, financial account and transaction information, consumer report information or identity monitoring results
- Information related to how you use our Services (events such as activation, crashes, scans, or errors)
- Information about your devices, such as operating system and configuration
- Information you provide to us when you create an account, take a survey, provide feedback or communicate with us
- Information you provide when you make a payment for our Services
We organize personal data we process into these main categories:
Product Data includes two sub-categories:
- Service Data includes information collected to provide our Services and understand how you use them. This information includes security data (samples, detection details, information concerning URLs, texts and files used for malware and scam protection), identity data such as name, age, date of birth, contact details, social security number, identity documents, and family information (for certain financial, identity protection and dark web monitoring services), financial account information, consumer report data, information related to financial transactions, products and institutions (for financial and certain identity monitoring services) and social media accounts and transactions (for social media monitoring services), events, usage data and statistics (activation, crashes, scans, errors), information related to product licenses, support-related data and our internal identifiers associated with our services (e.g. installation ID, internal hardware ID).
- Device Data includes information about the operating system; hardware; browser; network; city/country location of device; IP address, device error logs; applications running on the device, and identifiers associated with your devices (e.g. MAC address or IDFA).
These sub-categories differ across the Services. Please refer to our brand privacy center to get the full detail about Device and Service Data we process for each Service.
For remote customer support (if offered as part of our Services), we process the information from your product and device (e.g. crash reports, usage data), your contact details, and any other information you may provide to us (e.g. description of the issue).
If you create an account with us, we collect information such as your name, mailing address, email address, phone number, and user credentials (login name, password, account ID). Your account allows you to see and manage your products, subscriptions, device details and service-related information. Additional information may be required in connection with specific services (such as identity protection services and financial services). If applicable, you may also provide your audio, electronic, visual, or similar information, such as your picture (or avatar, if chosen). For certain services, you may also have the option to register via Facebook, Google, and Apple ID services. For this purpose, we may redirect you to a page of the corresponding provider. Data from the provider (email, platform ID, optionally name) is then used to create the account.
If you complete a purchase for one of our Services, we collect your billing and contact data, including credit card, debit card, or PayPal payment data, National ID (regional specific, if outside the United States), and VAT/Tax ID (regional specific, if outside the United States), as well as commercial information, such as information about the items you have purchased, and device information associated with the payment (device fingerprint ID).
In certain cases, you purchase our products and services from a trusted third-party service provider, reseller, or app store. In those circumstances, your Payment data is processed by the relevant third party, and we only receive a subset of this data to keep proper business records. In particular, we only have a masked credit/debit card number, not your full payment details. If we move the sale of our products and services from this third-party service provider to us, we will receive from them all Payment data we need to continue the sale of our products and services.
If you contact us for support, request information,provide reviews and feedback, or follow us on social media, we collect personal data about you, such as your name, email address, phone number, the contents of any message or attachments that you may send to us, and any other information you choose to provide. We may retain audio calls, chat transcripts, or the contents of the messages. We will also collect your contact information such as email address or phone number, when you sign up to receive product updates, offers, and other promotional information or messages from us. When we send you emails, we may track certain metrics such as opt-out rates and click-through rates, as well as we may track whether you open them to learn how to deliver a better customer experience and improve our Services.
What are the sources of data?
We collect personal data about you from the following sources:
- You
- Device(s) you used to access our Services
- Our own activity
- Service Providers including for example consumer reporting agencies, where relevant for the Service and authorized by you
- Corporate affiliates or non-affiliated third-party partners
How can I check what information is collected by the Service I use?
The information we collect and process about you depends on which Services you use, and sometimes it also depends on what features you have enabled within the Services. For example, we collect different information if you use our security products than if you use our privacy or financial products. To find out more, visit the specific brand privacy center.
How do we use your personal data?
Highlights
Providing cybersecurity, privacy, financial and identity protection services is a complex undertaking requiring a variety of data processing activities. Here are some important ones:
- We use relevant information relating to you or your devices to provide, personalize and streamline our Services. Without this information our Services would not work as you expect them to work or would not be as relevant to you.
- We process payment information if you decide to purchase our Services.
- We analyze information about how you use our Services, and what is happening on your device to innovate and improve our Services and to keep them up-to-date, safe and free of errors.
- We send you messages about our Services and related marketing offers. We also use data to serve you with relevant advertising and content, both on our properties and on third-party properties.
- We use data both from our Services and from publicly available sources for research purposes, like to detect and block new online threats faster or advance technology.
Delivering you the best services is like a puzzle with many pieces that connect our systems, processes and people. To help you understand how this puzzle works we think it’s most useful, first, to describe the main ways we use the information:
We use the information to provide our Services, which includes updating, securing, and troubleshooting, as well as providing support and personalization. This also includes sharing data with third parties, when it is required to provide the service or carry out the transactions you request. If you decide to purchase Services from us, we will collect your payment data to carry out the necessary transactions.
We use data to continually improve our Services, including adding new features or capabilities, and to develop new services.
To do that, we need to:
- See if a service is working correctly.
- Troubleshoot and fix it when it’s not.
- Monitor and measure usage of services.
- Test out new products and features to see if they work.
- Get feedback on our ideas for products or features.
- Conduct analytics, such as usage trends.
- Conduct surveys and other research about what you like about our Services and brands and what we can do better.
- To monitor communications and interactions with you to ensure the quality of our support services and the appropriate training of our people, and to respond to and resolve your inquiries.
We use data to send you messages about our Services. For example, we may message you about possible security, privacy and performance improvements (e.g. VPN service when we detect a potential privacy threat on a website you visit), , and about products that supplement or improve the products you already purchased or products we think might be relevant for you (including products offered by other companies in our group).
We use data to serve you with relevant advertising and content, both on our properties and on third-party properties.
We may use your data to draw inferences to build a user profile reflecting your preferences, characteristics, or behavior, or to build aggregated user profiles and segments which improve our efforts to target appropriate advertising to you.
We may also share data and cooperate with partners such as social media providers who, if allowed in accordance with laws, can use information related to you to help us build more relevant “lookalike” audiences to target on various platforms.
Where possible we try to provide you with personalized discounts on our Services. To do this, we analyze what products you use along with your Product Data (e.g. interactions with our products or websites), Account Data (e.g. account activity, feature settings) and Payment Data (information related to your purchase history, product prices) to provide you with a compelling set of products at pricing that meets your needs. Our goal is to continue to serve our loyal customers and bring cyber safety to as many people as possible across the globe while helping our business to grow responsibly.
Our goal is to ensure our Services are safe for all users and comply with relevant laws. We take steps to identify and prevent security issues, as well as malicious, deceptive, fraudulent, or illegal actions—and we pursue legal action when needed. For certain Services, identity verification may be required before you can access them.
Our teams invest countless hours in the exploration, discovery and investigation of emerging trends in cybersecurity, financial services and other relevant areas such as AI and advanced technology. To stay current, we use data from our Services and public sources for research, surveys, and product testing, including for scientific, statistical, or public interest purposes.
If you're interested in learning more about our processing activities, the reasons behind them, and the related legal bases, please click here.
Additional information about personal data processing and legal bases
This supplements Gen’s General Privacy Notice to provide additional information about the purposes and legal bases for the processing of personal data.
Performance of a contract
We use personal data to provide you our Services as promised in accordance with your expectations and the contract we entered into with you. This legal basis covers the following processing activities:
- Create and manage your account;
- Provide you with information and Services that you request;
- Authenticate your identity prior to enrolling in our Services;
- Verify your identity and entitlement to Services, when you contact us or access our Services;
- Process your purchase transactions;
- Update you on the status of your orders and licenses;
- Send necessary service and transactional messages;
- Manage your subscriptions; and
- Provide you with technical and customer support including remote access to your device to better solve the issue.
Legitimate interests
We rely on our legitimate interests or the legitimate interests of a third party, where they are not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"). Your interests are a key part of our decision-making process and have been considered in all relevant processing activities. We believe we have achieved a fair balance between privacy and our operations. In any case, you have the right to object, on grounds relating to your particular situation, to those processing operations. For more details, please see section Your Privacy Rights in the General Privacy Notice.
Activities based on legitimate interests can be grouped to the following areas: improvements of Services and business processes (product and business improvement), customization of Services and communications, promotional communications, business operations, and security, legal and compliance activities.
In particular, we process the data to:
- Keep our products or services up-to-date, safe and free of errors;
- Improve our Services (including developing new Services and features), assess and understand the usability, performance, and effectiveness of our Services and websites, and communications to you, including troubleshooting, debugging, reviewing customer service interactions, data analytics, testing, product surveys, research, and statistical analysis.
- Develop and maintain cyber-threat intelligence resources – we analyze samples of files and URLs we detect on your devices or websites you visit, and we use them to maintain our malware and privacy protection at the highest level possible. We may also share threat intelligence with other security companies and experts to improve our threat detection models.
- Confirm sales conversions and conduct lead generation activities, analyze and improve user acquisitions, conversions and campaigns;
- Improve our campaigns in cooperation with social media providers who can use information related to you to help us build more relevant audiences;
- Record our phone conversation when you contact our tech support by phone to better respond to your requests.
- Customize and present content in the most relevant and effective manner for you and for your device, including suggestions and recommendations about things that may be of interest to you;
- Communicate commercial promotions for our Services including information about additional Services that provide solutions to detected issues and to optimize the content and delivery of this type of communication;
- Promote and administer co-branded offers with trusted partners;
- Maintain the effective performance of our business by ensuring necessary internal administrative and commercial processes (e.g. finance, business intelligence, legal & compliance, fraud check, information security etc.) including employee training;
- Otherwise keep our Services, business, and users safe and secure, including to prevent or stop an attack on our computer systems or networks
- Comply with applicable laws and regulations or judicial process or government agencies, and to protect or exercise our legal rights and defend against legal claims.
The list is not exhaustive and depending on the business and legal developments we may process data for other compatible purposes as applicable in accordance with relevant privacy regulations.
Balancing Legitimate Interests
Before relying on legitimate interests, we balanced them against your interests to ensure that we have sufficiently compelling grounds for processing your personal data. With respect to the purposes below, we describe these interests in detail.
Product and business improvement
We have a legitimate interest in using the necessary personal data to understand user conversions, acquisitions and campaign performance through various distribution channels, and users’ download, activation and interactions with our products. For example, we want to know how many users clicked on our offers or purchased our product after seeing one of our ads.
These analytics help us improve functionality, effectiveness, security and reliability of our products and prioritize relevant business activities as well as develop new products.
This processing includes using third-party tools. Please refer to our brand privacy center for the list of third-party tools used for the specific products and services related to these brands.
Product promotional messaging - In-product, Email and Text Messages
We have a legitimate interest in messaging our users about possible security, privacy, performance or other service-related improvements and about products that supplement or improve the products they have already purchased (e.g. VPN service when we detect a potential privacy threat on a website they visit). We can also message them with information and offers relating to new products we think might be relevant for them offered by other companies in our group (where legally permissible).
We present these offers because we feel a responsibility to inform you, as our customer, about security and utility improvements and possible problems with your device, software or digital profile, and provide you with effective solutions relevant to these problems. To achieve this, we optimize the content and delivery of this type of communication to you so that you are likely to find them relevant and non-intrusive at the same time. We use certain limited subsets of Payment Data, Account Data, and Product Data to deliver this communication.
Consent
Where required by applicable law, we rely on your consent to process personal data. Depending on the jurisdiction, examples of processing activities that are generally covered by consent may include:
- Sending newsletters, surveys and product updates;
- Sending marketing communications and information on new Services (if other legal bases are not applicable);
- Enabling the provision of third-party ads in product messages;
- Enabling the provision of personalized ads in support of certain free products;
- Communicating with you about, and managing, your participation in contests, offers, or promotions;
- Soliciting your opinion or feedback or providing opportunities for you to test Services; and
- As applicable, providing you with interest-based ads about Gen Services on sites other than our own.
When relying on consent, we comply with required just-in-time disclosures and confirmations from you in accordance with relevant privacy regulations. Therefore, the list above is only indicative.
Legal obligation
We use personal data to comply with our legal obligations. We may be obligated to, for instance, keep and process records for tax purposes, accounting purposes, or to satisfy other obligations, such as compliance with court or other legal orders, identity verification and KYC requirements, anti-money laundering diligence, and necessary disclosures.
How do we process children’s data?
Our websites, services and products are not directed to, nor do we knowingly collect data from, minors (as defined by applicable law), except as explicitly described in product privacy notices of Services designed specifically to assist you by providing child online protection features. In such cases, we will only collect, and process personal data related to any child under 13 years of age that you choose to disclose to us or otherwise instruct us to collect and process. We also do not sell or share (for cross-contextual advertising) the personal data of consumers under 16 years of age in connection with our Services. Please refer to the brand privacy center for additional information.
How do we share information with third parties?
Highlights
- We use third-party service providers to provide certain services we don’t have in-house – for example, payment services providers, distributors of our services, advertising partners or analytics services providers.
- These service providers process your personal data as necessary to perform services for us. In some cases, our own affiliates act as service providers to one another.
- We outsource portions of the services we offer to you to highly specialized providers, such as in the case of identity protection services (e.g. credit monitoring services) or dark web monitoring and cooperate with specific partners to offer you certain services or parts of them. We may disclose personal data to them for these purposes.
- Where permitted by applicable law, we may share personal data with third parties for advertising purposes.
The reality is, we can’t do everything on our own. We rely on third parties to provide us certain services, which may involve having those third parties process your personal data. When we employ another entity, we only provide them with the information that they need to perform their specific function, and we ensure that we have appropriate contractual provisions in place to protect your personal data.
We may share personal data with the following categories of recipients:
We may use contractors and service providers to help us provide our Services to you. This may involve conducting eligibility checks or performing other procedures required prior to entering into a contract, or those authorized by you. We may further share your information, for example, for services such as providing customer support, financial auditing, data storage and security, troubleshooting and debugging, improving the functionality and usability of our websites and Services, improving and operationalizing threat intelligence and counter-threat measures, conducting research and surveys, and for marketing and promoting our Services. In some cases, our affiliates may act as service providers to one another.
Service providers include, but are not limited to, the following categories of providers:
- Payment services providers. If you pay for our services, we may use a third-party payment provider to take payment from you. Your payment data is processed by the payment services provider from whom you purchased the product. Your data is processed according to the relevant provider’s privacy policy and besides the execution of the payment may include fraud prevention and credit risk reduction operations.
- Data analytics providers. Tools provided by these third parties allow us, among other things, to identify potential performance or security issues with our Services, to improve their stability and function, to understand how you use our Services, and websites so that we can optimize and improve your user experience, and to evaluate and improve our campaigns. The use of these tools may vary dependent on the specific service you use.
- Identity Restoration Services. To provide identity restoration services to you, we may, at your direction, share your Account data and Product data with financial institutions, financial services companies, and other authorized third parties.
- Third-Party Login Providers. We offer you the option to register with us or to log into our products via Google, Facebook and Apple ID services. For this purpose, we will redirect you to a page of the corresponding provider. You will share your log in data exclusively with the provider, who in turn exchanges data with us accordingly (email, platform ID, optionally name and avatar).
- Cookie Providers. Our websites use cookies to personalize your experience on our sites, to tell us which parts of our websites people have visited, to help us measure the effectiveness of our ad campaigns, and to give us insights into user interactions and our user base as a whole so that we can improve our products and communications. While using our websites, you will be presented with cookie notices which ask you to authorize, where required, the collection and use of data by cookies and other tracking technologies. Check our brand privacy center for more information.
In accordance with your cookie choices, we may combine information automatically connected through cookies with other information we collect about you. This data (e.g., internet or other electronic network activity information, commercial information, and inferences drawn from personal information about the individual web pages or products that you view, the purchases you make, what websites or search terms referred you to our Services, the dates and times of your visits, and other information about how you interact with our Services) may be used by cookie providers and advertising partners for cross-contextual advertising purposes. This use case may constitute ”sharing” as defined under California and other applicable U.S. state privacy laws, but no data is sold to these third parties. - Session Replay Service Providers. We may use research vendors, including session replay service providers, in order to better understand our users’ needs and to optimize our services. Such technologies and third-party-provided services may observe or record user activities when using our services, including certain movements, scrolling, visit duration, clicks, chatbot conversations and other interactions. These services may use cookies and other technologies to collect data on our users’ behavior and their devices.
This includes a device’s IP address , device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. You can adjust the use of cookies via our cookie settings.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to these providers: Account data, Product data, Payment data, Communications data.
Our distributors, resellers, or partners (including app stores) may communicate with you about the distribution, sale, or management of our services. In addition, you may purchase our products directly from them.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to these partners: Account data, Product data, Communications data.
Advertising allows us to provide, support, and improve some of our Services. We use data related to you or your devices to improve our advertising, both on our properties and on third-party properties. We may provide or “share” (as defined by the California Consumer Privacy Act (“CCPA”) or similar U.S. state laws, your personal data, including the data about your interests in our Services, to third parties for the purposes of serving you more relevant ads about our Services. For more information, please navigate to the brands’ privacy center and the cookie notices referred there.
In the past 12 months since this Notice was last updated, we disclosed the following categories of personal data to our advertising partners: Account data (online/cookie identifiers), Product data (in particular internet or other electronic network activity related to interaction with our websites, services and advertisements).
We may share those categories of personal data with these third parties for cross-contextual advertising purposes, as defined under California and other applicable U.S. state laws. “Cross-contextual advertising” in this context means showing you ads that we think may interest you on platforms other than our own, based on tracking your activity and engagement with our websites and apps.
Although we do “share” information for purposes of cross-contextual advertising, as defined by the CCPA and similar U.S. state laws, we do not “sell” your personal data, as defined by the CCPA and similar U.S. state laws.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to our data analytics partners: Account data, Product data.
When we partner with other businesses to provide content, products, or services to you or to such business partners, we may disclose relevant personal data in connection with such content, products, or services. Our business partners may use your personal data to communicate with you about our Services and/or their products and services, potentially for joint or co-branded offers, including to communicate and administer such offers (report sales conversions, provide purchase information, verify eligibility, assess effectiveness of joint offers, improve advertising content and targeting etc.). If you access third-party services through our Services, these third parties may be able to collect data about you in accordance with their own privacy policies.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to these partners: Account data, Product data
We may share the information we collect with our corporate parent entities and their wholly-owned subsidiaries and affiliates for internal administrative purposes, to target you with advertisements for products and services offered by our affiliates, in connection with sales and marketing initiatives, for internal analytics or other similar compatible purposes. Certain of these use cases may be considered “sharing” under the California Consumer Privacy Act and similarly structured U.S. privacy laws.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to corporate affiliates: Account data, Product data, Payment data.
In certain instances, it may be necessary for us to disclose any of the personal data we collect to comply with a legal obligation, at the request of public authorities, or as otherwise required by applicable law. No personal data will be disclosed except:
- In response to a subpoena, warrant, or other legal process issued by a court or other public authority of competent jurisdiction;
- In response to discovery requests or demands as part of a civil lawsuit or similar legal process;
- Where disclosure is required to comply with applicable laws, or necessary for us to enforce our legal rights pursuant to applicable law;
- In response to a request with the purpose of identifying or preventing credit card fraud or identity theft; or
- Where disclosure of personal data is necessary to prevent or lessen a serious and imminent threat of bodily or other significant harm to the data subject or other individuals potentially concerned.
In the past 12 months since this Notice was last updated, the following categories of personal data were disclosed to public authorities: User data, Product data.
We may disclose your personal data to actual or potential buyers (and their agents and advisors) in connection with any actual or proposed purchase, merger, acquisition, reorganization, financing, bankruptcy, receivership, sale of company assets, or transition of service to another provider. In this event, we will inform the transferee that it must use your personal data only for the purposes disclosed in thisNotice or the privacy and product notices in our brand privacy center.
We do not sell your personal data to third parties. We do not use or disclose sensitive personal information for the purpose of inferring characteristics about a consumer. Data obtained through short code programs will not be shared with any third-parties for their marketing reasons/purposes.
If you would like to view a summary of our data collection, use, and disclosure practices in table format, please click here.
You can check our current recipients of data here
We do not sell your personal data to third parties. We do not use or disclose sensitive personal information for the purpose of inferring characteristics about a consumer. Data obtained through short code programs will not be shared with any third-parties for their marketing reasons/purposes.
If you would like to view a summary of our data collection, use, and disclosure practices in table format, please click here.
CCPA
| Category of Personal Information Collected | Categories of Third Parties with Whom Personal Information is Disclosed | Categories of Third Parties with Whom Personal Information is Sold or Shared |
|---|---|---|
| Identifiers such as name, mailing address, email address , phone number, military status, Social Security number, driver’s license number, passport number, or other similar identifiers. |
|
We may share this information with our third-party business partners, including companies assisting us with targeted advertising and marketing, who may use this information combined with information collected via the use of cookies or internet activity information to deliver interest-based and personalized marketing to you. We may share this information with marketplace partners to improve efforts to target appropriate advertising content to you. This may include affiliates. |
| Online identifiers - Tracking Information collected through cookies, pixels, web beacons, fingerprinting and other tracking technologies, which may include information about how you use our services, such as the types and categories of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities on our websites. |
|
Although we place many of these tracking technologies on our websites ourselves, these technologies may also be placed by third party service-providers or business partners, including analytics partners and marketing and advertising partners, in order to support certain functionalities and to better target advertising to you on their services. In these cases, tracking information is shared with those third-party service providers or business partners. |
| Customer records - Information related to our Services including files, messages and URLs analyzed for potential security and privacy threats, financial account and transaction information, consumer report information or identity monitoring results, your devices and about how you use our services |
|
Where we have applicable permissions, we may share this information with our business partners and affiliates to better personalize your offers and to improve efforts to target appropriate advertising content to you. |
| Characteristics of protected classifications under California or federal law, such as age |
|
We do not sell or share this information. |
| Commercial information such as history of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies. |
|
Where we have applicable permissions, we may share this information with our business partners and affiliates to better personalize your offers and to improve efforts to target appropriate advertising content to you. |
| Internet or other similar network activity, including service-related data such as browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. , such as your IP address, device ID and mobile device ID, mobile carrier, browser type and language, and location data (based on your IP address). |
|
Where we have applicable permissions, we may share this information with our business partners and affiliates to better personalize your offers and to improve efforts to target appropriate advertising content to you. |
| Geolocation data (precise physical location or movements) such as your billing address. |
|
We do not sell or share this information |
| Inferences drawn from other Personal Information to create a consumer's profile reflecting personal preferences or characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
|
We may share this information for selected services with our business partners to improve efforts to target appropriate advertising content to you. This may include our affiliates. |
| Support Information, including audio, electronic or similar information, or the information collected when you email or call our customer support center, which may include your name, email address, voice recording, and any other content or communications you send to or share with us. |
We may engage service providers to help provide customer service to our users. We may disclose certain of the information that you contact us about to our corporate affiliates. |
We do not sell or share this information. |
| Sensitive data, such as your precise location, Social Security number, driver’s license number, passport number, or other similar identifiers, financial account numbers, and veteran or military status including for co-applicants if they apply with you for financial products. |
|
At your direction, we may share this data with our business partners to offer their products or services, we disclose this information to our marketplace partners so that they may provide you with personalized offers. |
Note that all of the below categories exclude text messaging originator opt-in data and consent; this information will not be shared with any non-affiliated third parties.
Mergers, Acquisitions and Corporate Restructurings
If we are involved in a reorganization, merger, acquisition, consolidation, initial public offering, sale of our assets, or in the unlikely event of bankruptcy we may disclose your personal data to parties to such corporate transaction, as well as their agents and advisors, as necessary in order to evaluate and consummate the transaction. These transfers of personal data would be subject to strict contractual confidentiality requirements, and, in the event that we ultimately transfer personal data to a corporate buyer or affiliate, we will inform the transferee that it must use your personal data only for the purposes disclosed in this Notice. Data obtained through short code programs will not be shared with any third-parties for their marketing reasons/purposes.
How long do we keep personal data?
Highlights
- We keep information to provide our Services and to comply with legal obligations or protect our or other’s interests
- We have processes to delete data when we don’t need it anymore
We keep your personal data as long as we need it to provide you with our Services, to comply with legal obligations and to protect our or other’s legitimate interests. When we are no longer required to retain the personal data as described above, we will destroy, erase, or de-identify it.
When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature of our relationship with you, and mandatory retention periods set by applicable laws and the relevant statute of limitations.
More specifically:
If we take payments from you, we store limited payment information related to transactions for the time periods mandated by applicable laws (with variations depending on your jurisdiction of residence). We also need this information to maintain proper business records, to satisfy our audit obligations, to detect and prevent fraud and to protect our legal rights in case of current or possible future disputes.
If you have an account with us, we keep your Account Data, for as long as you maintain an open account with us. We have processes in place to remove dormant and inactive accounts. We retain limited Account Data even after that when we have legitimate reasons or legal grounds to do so, and when we may need it to defend our legal rights;
If you communicate with us through one of our customer service channels, we retain these communications in order to respond properly, to improve our services, to archive how we resolved your requests or queries, and as needed in connection with existing or potential future disputes. Sometimes, applicable laws specify how long we need to archive this information. Other times, we follow the general statutes of limitations applicable to a dispute type before deleting the data.
Our Services keep different data for different periods depending on what they do. But we set mechanisms to delete data from them periodically. For more information on our data retention practices, see our brands’ privacy center.
Where do we store and process personal data?
Highlights
- We are a global company with multinational offices, data centers and cloud providers.
- We engage affiliates, third-party partners and service providers in locations throughout the world to help us provide our services.
- We keep your data safe, and we follow international regulations on data transfers.
We are a global company that processes personal data in many countries. As part of our business, we may transfer data across the Gen group of companies, between subsidiaries and affiliates, and to third-party vendors and service providers worldwide. Data may be located in any country where we offer our products or have offices, infrastructure or data centers, including Europe, the United States, and Malaysia.
Transfers of your personal data between Gen Digital subsidiaries and affiliates are effectuated pursuant to our intra-group data transfer agreement, which includes EU Commission-approved standard contractual clauses (SCCs). Intra-group transfers within the Gen Digital Group are also covered by the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom, and Switzerland to the United States. Click here to access the Gen Digital Inc. Data Privacy Framework Notice.
Before we transfer data to third parties, we evaluate the risks associated with such transfer. We require third parties to maintain the same protections over your data that we provide directly. For data originating from the European Economic Area, we rely on standard contractual clauses (SCCs), where applicable, to ensure your data rights are protected. To request a copy of the SCCs, please contact us here.
We may transfer Personal Data outside of the EEA in order to provision access to personal data stored in the cloud (such as Microsoft Azure, Amazon Web Services and Google Cloud Platform) to Gen personnel located outside the EEA, to provision our products and services and third-party services related to it, to process your transactions and payment details, and to deliver support services.
How do we protect your personal data?
Securing personal data is an important aspect of protecting privacy.
We take steps to ensure that your personal data is treated securely and in accordance with this Notice. We maintain commercially reasonable administrative, technical and physical safeguards (which vary depending on the sensitivity of the personal data) designed to protect against unauthorized use, disclosure or access to personal data, and we regularly adapt these controls to respond to changing requirements and advances in technology. However, no Internet or email transmission is ever fully secure or error free.
If you have any questions about the security of your personal data or the security of the site, or wish to report a potential security issue, please contact security@GenDigital.com. When reporting a potential security issue, please describe the matter in as much detail as possible and include any information that might be helpful.
What privacy rights do you have?
Highlights
These are some of the important rights we wanted to highlight:
- You have rights to know what personal data we have about you, and to get a copy of your personal data in our possession.
- You can request we delete your personal data.
- You can use the settings in your account or product to manage privacy.
There are a variety of data protection laws around the globe that provide you with certain privacy rights.
Depending on where you live, you may have any of the following rights:
You may have the right to be forgotten”, or the right to request deletion of personal data we have collected from or about you. Please note, however, that we may need to keep certain personal data, such as for our legitimate business purposes or as required to comply with retention requirements under applicable laws.
You may have the right to know and access the personal data we have collected about you, to receive a copy of your personal data as well as other information about our data processing practices. In particular, but not limited to, information related to:
- categories of personal data collected, sold, or disclosed by us;
- purposes for which categories of personal data are collected or sold;
- categories of sources from which we collect personal data;
- categories of third parties to whom we disclosed or sold personal data; and
- specific pieces of personal data we have collected about you during the past twelve months.
You may have the right to rectify, correct, update, or complement inaccurate or incomplete personal data we have about you. You may be able to do this yourself by simply editing your account information.
You may have the right to restrict the way we process your personal data in certain situations, for example:
- if you are contesting the accuracy of your personal data;
- if the processing is unlawful and you request the restriction of its use instead of deletion;
- if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- if there is a pending verification whether our legitimate grounds override your interests); or
- if you would like to limit the use of your sensitive personal data, as that (or similar) terms are defined under applicable privacy laws.
You may have the right to withdraw your consent to process your personal data. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
You may have the right to object to our processing of your personal data based on legitimate interests on grounds relating to your particular situation. In this case, we are required to assess the processing in order to ensure compliance with all legally binding rules and applicable regulations. In the event that you are objecting to the use of your personal data for direct marketing, we will cease processing personal data for such purposes after receipt of the objection.
You may have the right to object to our processing of your personal data for automated individual decision-making with legal or similarly significant effects, or having decisions made about you by automated means without any layer of human review, to the extent that we engage in this practice.
You may have the right not to receive discriminatory treatment for the exercise of your privacy rights, subject to certain limitations.
You may have the right to opt-out of the “sale” or “sharing” or your personal data, as defined under applicable laws. We do not “sell” your personal data (noting that a “sale” need not involve payment for money, but only receipt of something of value in exchange for personal data), but we do share your personal data for the purposes of cross-contextual behavioral advertising through our use of certain cookies and tracking technologies. For information on how to adjust your cookie settings to opt-out of sharing, click here. Depending on your state of residence, you may also be able to turn on the Global Privacy Control (GPC) to opt out of sharing for cross contextual advertising. You can learn more at the Global Privacy Control website.
You may have the right to obtain a machine-readable and portable copy of your personal data subject to conditions stipulated in relevant privacy laws.
You may have the right to lodge a complaint with a supervisory authority or other appointed body in accordance with applicable laws if you are not satisfied with the way we have handled your personal data or any privacy request, or other request that you have raised with us.
If we reject your request for exercise of your rights or refuse to take action on such request, some jurisdictions allow you to appeal that decision. In order to submit your appeal, please contact us through the channels listed below. If your appeal is denied, you may lodge a complaint with your state Attorney General.
How can you exercise your privacy rights?
To exercise your rights under applicable laws you can submit a request through channels specified on the pages of the brands with which you have a relationship (see brand privacy center).
To raise any other questions, concerns, or complaints please contact us here. Read more about how we handle your requests.
How we handle your requests
We are required to verify the requests we receive when you exercise privacy rights. Once we receive your request, we (or third-party service providers we engage to assist us) will verify your identity and your authorization to take the actions requested, at a level appropriate to the requested action. You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your privacy rights and choices on your behalf, please contact us here.
We will action your request within timeframes prescribed by applicable laws (typically 30-45 days).. When we are faced with an unusually large number of requests or particularly complicated requests, the time limit may be extended to a maximum of another two months.
Please note that there are exceptions and limitations to each of these rights, and that, while any changes will be reflected in active user databases within a reasonable and legally permissible period of time following a request, we may retain personal data for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, to the extent permitted by applicable law.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on a Service may change or no longer be available to you where the processing of certain data is essential to the use of the Service or feature. In addition, fulfilling a deletion request may mean that you a no longer able to maintain an account with us.
Where requests we receive are unfounded or excessive, in particular because they repeat, we may either: (a) charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request, where legally permissible.
There may be differences in the processes required to exercise privacy rights from one Gen Digital brand to another. For brand-specific information, consult the brand privacy center).
How can you contact us?
You can reach us using these contact details:
Email: dpo@GenDigital.com
By mail:
Gen Digital Inc. – Privacy Team
60 East Rio Salado Parkway, Suite 1000
Tempe, AZ 85281
United States
Independent EU GDPR Data Protection Officer
Pembroke Privacy Ltd
Email: DPO@GenDigital.com
If you are in the European Economic Area, and unless stipulated otherwise contractually, the Controller of your personal data is specified in each brand’s privacy Notice available here.
If you live in the United Kingdom, you can contact our representative NortonLiIfeLock UK Limited, 100 New Bridge Street, London, England EC4V 6JA.
For brand-specific contact information, see the brand privacy center.
How do we update the Notice?
We may update this Notice at any time, in our sole discretion, to reflect changes to our personal data processing practices or to applicable laws. If we make changes that are determined by us to be material, we will attempt to notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. In the case of a material change to our personal data processing practices, any such change will apply solely on a go-forward basis.
The most current version of this Notice governs our processing of your personal data, so we encourage you to periodically review this page for the latest information on our privacy practices. This Notice was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Notice indicate your agreement with the terms of such revised Notice.