Privacy Policy

This Privacy Statement is effective as of 13 February, 2025.

CDS, a Hewlett Packard Enterprise Company and its subsidiaries and affiliates (CDS or We) respect your privacy. This Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose, share, sell and transfer as well as choices you can make and rights you can exercise in relation to your personal data. This Privacy Statement is available from a link on the footer of every CDS web page.

This Privacy Statement applies to all CDS-owned websites, domains, services, applications, and products, and those of our subsidiaries, except that a privacy notice specific to a particular CDS activity, including but not limited to its programs, products or services may supersede or be supplemented by this Privacy Statement.

1. How we use personal data

We collect personal data if required to provide our programs, products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on your relationship with CDS we collect and process your personal data as follows:

  • Sales and marketing: contact details, identification information, information required to purchase our products and services online, including call recordings conducted by sales data collected through the use of video conferencing and other office tools, profile, role and preferences, login credentials, digital activity information and other information as may be relevant (e.g. information from publicly available sources) for the following main purposes: sales and marketing; advertising; creating and delivering personalized and targeted communications, adverts, invites and offers; conducting marketing campaigns; managing contacts and preferences and collection and processing of data received from data brokers; generating leads and opportunities; managing lead generation activities; sales engagement activities; organizing and managing events, including processing of customer and partner passport information to support issuing VISA letters for events, webinars, virtual meetings; and engaging in social media interactions.
  • Collection of your information when you interact with us online: digital activity information, preferences for the following main purposes: enabling efficient use of our websites, mobile applications, products, and services; collecting statistics to optimize the functionality of our websites, mobile applications, products and services; improving user experience through chatbots, session management and delivering content tailored to their interests; and improving marketing and advertising campaigns;
  • Online forums and surveys: contact details, login credentials, comments, and feedback for the following main purposes: engaging with potential recruitment candidates and event attendees including processing of sensitive personal data such as diversity and inclusion information.
  • Supplier programs: contact details for the following main purposes: managing relations with suppliers in which case we may receive personal data directly from our suppliers
  • Training and education: contact details, data collected through the use of video conferencing and other office tools, for the main purpose of conducting training and managing education programs for potential recruitment candidates and event attendees, customers, partners, and suppliers.
  • Due diligence screening: contact details, creditworthiness, and other information as may be relevant (e.g., information from publicly available sources), for the following main purposes: conducting anti-corruption due diligence on third parties and conducting required investigations, in compliance with applicable laws.
  • In the event we need to do brand-protection programs: contact details, login credentials and other relevant information (e.g., information from publicly available sources) for the main purpose of conducting investigations into HPE or CDS product and service-related fraud, compliance, grey marketing, theft and/or counterfeit.
  • Security and authentication: contact details, identification information and CCTV footage for the following main purposes: ensuring safety and security of CDS staff and premises; login credentials, protecting CDS’s network and other digital assets; providing access to restricted areas and information assets and protecting personal data from unauthorized access.
  • Whistleblowing: contact details and information about alleged misconduct for the main purpose of detecting, preventing, and investigating misconduct by CDS staff, customers, partners, and suppliers.
  • Enquiries and complaints contact details and information included in enquiries and complaints for the main purpose of addressing and resolving enquiries and complaints.
  • Recruitment: contact details for the purpose of sending job alert subscriptions managed by CDS or our recruitment partners; contact details and information made publicly available on professional social networks such as LinkedIn for the purpose of identifying and contacting potential job candidates. For information regarding personal data processed in connection with a job application or job offer, please refer to our Recruitment Notice.
  • Student virtual work experience programs (for students 18 and older): profile information (e.g., contact details, photo) education (e.g., school, degree, stage of degree), work preferences (e.g., location, type of work, skills), country and inferences.
  • Mergers, acquisitions and divestitures : contact details and information included in enquiries and pulse surveys and other relevant information for the following main purposes: managing mergers, acquisitions and divestitures; addressing queries, shaping and refining the on-boarding and integration experience.

In some cases, the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter or fulfil a contract with CDS. If you refuse to provide your personal data in such cases, we may not be able to provide you with the full functionality of our services.

Non-CDS web sites and social media features. CDS sites or services may provide links to third-party applications, products, services or websites for your convenience or information. We may also provide social media features that enable you to share information with your social networks and to interact with CDS on various social media sites. CDS does not control third party sites, or their privacy practices and we do not endorse or make any representations about third party sites. The personal data you choose to provide to or that is collected or shared by these third parties is not covered by this Privacy Statement. We encourage you to review the privacy notice of any site you interact with, before allowing the collection and use of your personal data.

2. How we share personal data

CDS does not share, sell, rent, or lease personal data to others, except as described in this Privacy Statement. We may share and/or disclose your personal data as follows:

Disclosure within the CDS group of entities. CDS has its headquarters in The Netherlands and operates worldwide. CDS may disclose your personal data as necessary within the CDS group of entities in connection with how we use your personal data.

Disclosure to service providers or third parties. CDS retains suppliers and service providers to manage or support its business operations, provide professional services, deliver programs, products, services, and customer solutions and to assist CDS with marketing and sales communication initiatives. Those third parties may receive and process your personal data under appropriate instructions, as necessary to support and facilitate how we use your personal data. Suppliers and service providers are required by contract to keep confidential and secure the information they process on behalf of CDS and may not use it for any purpose other than to carry out the services they are performing for CDS.

Where CDS engages with partners, resellers and/or distributors as part of its business operations, CDS may disclose your personal data to them to facilitate sales and delivery of its products and services. Partners, resellers and/or distributors are required by contract to keep confidential and secure the information received from CDS and may use it only for the said purposes, unless otherwise authorized by you or applicable laws and regulations.

Except as described in this Privacy Statement, CDS will not share your personal data with third parties without your permission, unless to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with law, regulation, subpoena, or court order; (iii) enforce/protect the rights and properties of CDS or its group entities; or (iv) protect the rights or personal safety of HPE, our employees, and third parties on or using CDS property when allowed and in each case in accordance with applicable law.

Circumstances may arise where, whether for strategic or other business reasons, CDS decides to sell, buy, merge, or otherwise reorganize its activities in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers of the relevant activity, or the receipt of it from sellers. It is CDS’s practice to seek appropriate contractual protection for personal data in these types of transactions.

3. How we transfer personal data internationally

CDS may transfer your personal data as necessary within the CDS group of entities and to other third parties. The recipients may be located in countries which do not provide the same level of data protection as the country in which you are located. CDS will take steps to ensure the personal data we transfer is adequately protected as required by applicable data protection laws. When required by local law, we will request your consent to transfer your personal data.

Transfers within CDS group of entities. CDS has an intra-company agreement on the transfer and processing of personal data within the CDS group of entities. This agreement also forms the basis of HPE’s Binding Corporate Rules for Controller and for Processor which have been approved by the Data Protection Regulators in the European Union and some other countries. The BCRs allow CDS to ensure that personal data transferred internationally within the CDS group is adequately protected in accordance with applicable data protection laws. If you would like to learn more about our BCRs and the countries that have approved them, please click here.

CDS HPE’s privacy practices described in this Privacy Statement comply with the APEC Cross Border Privacy Rules (CBPR) System, including transparency, accountability, and choice regarding the collection, sharing and use of personal data. The CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the CBPR framework can be found here. The CBPR certification does not cover information that may be collected through downloadable software on third party platforms. If you have an unresolved privacy or data use concern related to HPE’s APEC Certification that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution service here.

TRUSTe APEC Privacy Certification

Transfers to service providers or third parties. With respect to transfers to service providers or third parties located in countries which do not provide an adequate level of data protection, CDS will take appropriate safeguards such as signing EU Standard Contractual Clauses, or equivalent contractual mechanisms approved by the relevant data protection authority, with the recipient, relying on approved codes of conduct or certification mechanisms adopted by the recipient or binding and enforceable commitments of the recipient. If you would like to receive more information about the appropriate safeguards and/or receive a copy of the relevant mechanism for your review, please contact the CDS Privacy Office

4. Automatic Data Collection Tools (often referred to as cookies or other related technologies)

How CDS uses automatic data collection tools. To provide a more relevant experience to you, we use cookies and other related technologies to enable some website functionality. Cookies are small data files that are placed on your device and help us to see what interests you most about CDS and provide many other site benefits.

Types of Cookies

Required Provide basic functionalities as you browse our websites. These capabilities include cookie preferences, session management, secure log in and checkout processes.
Functional Used to capture and remember user preferences in CDS website, enhance their usability, analyze site usage and enable social interactions and site optimization.

For details on the specific functionalities and tools implemented and used on our website please visit our cookie consent management tool provided by TrustArc.

CDS also allows third-party companies to use automatic data collection tools on our web sites and applications to understand how you interact with our web sites and applications. The types of cookies used by these companies and how they use the information is governed by their privacy policies

Choices regarding automatic data collection & online tracking. You can set your privacy preferences through your web browser or device settings, and you can set your browser in most instances to notify you before you receive certain cookies, giving you the chance to decide, in advance, whether to accept them or not. You can also choose to set your browser or device to turn off certain cookies.

HPECDS.com sites offer you the choice to accept or refuse Functional cookies through a ‘cookie preference’ banner that appears on our web pages. The banner stops being displayed when you have made your choice, but it can be brought back on display by selecting the ‘Cookies’ link on the footer of every HPECDS.com web page.

5. How we keep personal data secure

CDS takes seriously the trust you place in us to protect your personal data. To protect your personal data from loss, or unauthorized use, access or disclosure, CDS utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. All systems used to support CDS’s business are governed by CDS’s corporate Cyber Security policies, which are built upon industry standards and best practices like the International Organization for Standardization (ISO) 27001 family of standards and National Institute of Standards and Technology (NIST) standards.

When collecting or transferring sensitive information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. The personal data you provide us with is stored on computer systems locked in controlled facilities which have limited access. Access to your information is restricted to CDS employees or authorized third parties who need to know that information to process it for us, and who are subject to strict confidentiality obligations. When we transmit sensitive information, we protect it through the use of encryption, such as the Transport Layer Security (TLS), Internet Protocol Security (IPSec), or Secure Socket Layer (SSL).

6. How long we keep personal data

We keep personal data for the length of the contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship, for as long as necessary to perform purposes set out in this Privacy Statement, to protect CDS from legal claims and administer our business. CDS expressly reserves the right to use the content on this website for commercial text and data mining with respect to use by artificial intelligence and machine learning query tools as set out in regional and national implementations. For the acquisition of a corresponding license of use, please contact privacy@hpecds.com.

When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymize the data unless we need to keep it longer to comply with a legal or regulatory obligation. If you would like to receive more information about our data retention policies, please contact privacy@hpecds.com.

7.How to exercise your rights and additional information

Our privacy practices are aligned with the requirements of applicable data protection laws of countries in which we operate. We respect the rights individuals have in relation to their personal data under these laws. Depending on what data protection laws you are subject to, this additional information may be relevant and applicable to you.

Data controllers. Companies from the CDS group of entities may act as data controllers or equivalent in relation to your personal data for the processing of personal data described in this Privacy Statement. You can find the up-to-date list of the CDS group of entities by clicking here. If you would like to receive more information about which CDS entity acts as data controller for your personal data, please contact privacy@hpecds.com.

Legal basis to process personal data. We process your personal data on the following legal bases:

  • Legitimate Interest. We may process your personal data as required to pursue our legitimate business interests (provided this is not overridden by interests or rights of relevant individuals). In particular, we use it to manage, develop and improve our programs, products and services; support our customers and sales operations; protect our staff and assets; communicate information that supplements our programs, products and services and ensure compliance with laws and regulations. Our legitimate business interests correlate with the purposes for processing set forth in the “How we use personal data” section above.
  • Performance of an agreement. We may process your personal data to enter into or fulfil agreements with you or your organizations, including to deliver and manage our programs, products, services and events and allow our customers to use our programs, products, services and events.
  • Legal obligation. We may process your personal data to comply with applicable laws and regulations, establish or exercise our legal rights. For example, this may be in connection with legal claims, compliance, regulatory and investigative purposes.
  • Consent. We may process your personal data where you have provided your consent, which you may withdraw at any time. Where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools, or surveys. At any time, you have a right to changing your communication choices, unsubscribing from CDS communications or contacting privacy@hpecds.com.

Your rights in relation to your personal data. Depending on what data protection laws you are subject to, you may have the right to:

  • Request confirmation of the processing of your data, access or obtain copies of personal data CDS processes about you;
  • Rectify your personal data, if inaccurate or incomplete;
  • Delete or anonymize your personal data, unless an exception applies. For instance, we may need to keep your personal data to comply with legal obligation;
  • Restrict the processing of your personal data in certain circumstances. For instance, if you contest the accuracy of your personal data, you may request that we restrict processing of your personal data for the time enabling us to verify the accuracy of your personal data;
  • Request to limit certain uses and disclosures of your sensitive personal information;
  • Opt-out of the sharing of your personal data for purposes of behavioral advertising;
  • Data portability, in certain circumstances. For example, you may request us to transmit some of your personal data to another organization if the processing is based on your consent or a contract;
  • O• Object to processing of your personal data, in certain circumstances. For example, you may object to direct marketing including use of your personal data for profiling for direct marketing or where we process your personal data because we have legitimate interest in doing so.
  • Obtain information about the entities with which CDS has shared your personal data;
  • Withdraw consent to the processing of your personal data.

California residents may opt-out from the “sale or share” of personal information, i.e. our use of optional Automatic Data Collection Tools, by visiting the “Do Not Sell My Personal Information” page.

These rights may be limited in some situations such as where CDS can demonstrate that CDS has a legal requirement or legitimate interest to process your personal data or can legitimately apply an exemption to the exercise of a right under applicable law.

To view and update the personal data you provided directly to CDS, you can return to the web page where you originally submitted your data and follow the instructions on that web page, using single sign on (SSO) where enabled. Otherwise, please contact us at privacy@hpecds.com. To protect your privacy and security, we will take reasonable steps to verify your identity before processing your request.

If you consider that the processing of your personal data infringes applicable data protection laws, you may have a right to lodge a complaint with a supervisory authority in the country where you live, or work, or where you consider that data protection rules have been breached.

Your rights under HPE Binding Corporate Rules. You may have additional rights under our BCRs. For example, where you believe your personal data has been transferred by an CDS entity and processed by that entity in breach of the BCR, you may have a right to:

  • Lodge a complaint with the CDS entity which transferred your personal data
  • Lodge a complaint with a supervisory authority located in the same country as the CDS entity which transferred your data;
  • Bring a court action against the CDS entity which transferred your personal data.

If CDS processes your personal data on behalf of an CDS customer, then we will, in the first instance, refer your complaint to our customer to handle.

FFor further information, please visit the HPE BCR web page available here.

8. How to contact us

If you have any questions about our Privacy Statement, any concerns or complaint regarding our collection and use of your personal data or wish to report a possible breach of your privacy, please contact the CDS Privacy Office by email or write to our worldwide corporate headquarters address below.

We will treat your requests and complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

CDS Corporate Headquarters
Hewlett-Packard CDS (Nederland) B.V.y
ATTENTION—PRIVACY OFFICE
Registered office: OfficeZ The Garden, Stroombaan 16, 1181 VX Amstelveen, Netherlands
Registered number: 30070462

9. Changes to this Privacy Statement

If we modify this Privacy Statement, we will publish a revised version with an updated revision date. The privacy link on the footer of every CDS web page will then point to that new version.