Skip to Main Content
Norton Support
LifeLock Support
Norton Sign In
LifeLock Sign In

/

Gen Data Privacy Framework Notice

Gen Digital Inc. Data Privacy Framework Notice

  1. Privacy
  2. Global Privacy Statement
  3. Gen Data Privacy Framework Notice

Last updated: October 17, 2023

Gen Digital Inc. ("Gen Digital", "we", "our" or "us") has created this Data Privacy Framework Notice ("Notice") to describe its standards and procedures for handling Personal Information in accordance with the EU-U.S., the UK Extension to the EU-U.S. and the Swiss-U.S. Data Privacy Frameworks ("DPF").

Gen Digital Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Gen Digital Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Gen Digital Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We will not rely on the Swiss-U.S. Data Privacy Framework or the UK Extension to the EU-U.S. Data Privacy Framework until each enters into force, but we adhere to their required commitments in anticipation of their doing so.

This Notice supplements our Privacy Policies. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policies. In case of conflict between the Privacy Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.

How we obtain Personal Information

We obtain and process Personal Information from the European Economic Area ("EEA"), the United Kingdom and Switzerland as a Data Controller. We collect and process EEA, UK and Swiss Personal Information directly from individuals, either via our products and services, publicly available websites, or in connection with our customer, reseller, partner, and vendor relationships.

Gen Digital commits to subject to the Principles all Personal Information received from the EEA, the UK and Switzerland in reliance on the DPF as a Data Controller.

DPF Principles

  1. Notice. Our Privacy Policies, in combination with this Notice, describe our privacy practices, including the types of Personal Information collected and the purposes of the processing. We will adhere to the Principles for as long as we retain the Personal Information collected under the DPF.
  2. Accountability for Onward Transfer of Personal Information. Gen Digital may transfer Personal Information as described in the Privacy Policies, which explain the types of third parties to which our organization discloses Personal Information, the purposes for which it does so, and when we disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    We remain responsible for the processing of Personal Information received under the DPF and subsequently transferred to a third party acting as a Data Processor if the Data Processor processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. Gen Digital will only onward transfer personal information received in reliance on the DPF if the third-party recipient is also covered by the DPF or if it contractually ensures to provide the same level of protection for such data as is required by the Principles.
  3. Security. Gen Digital takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  4. Data Integrity and Purpose Limitation. Any Personal Information we receive may be processed by Gen Digital for the purposes indicated in our Privacy Policies or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

    We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Gen Digital up to date and may contact Gen Digital as indicated below or in the Privacy Policies to request that their Personal Information be updated or corrected.
  5. Access and Choice. If we intend to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a Data Controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.

    Where appropriate, you have the right to access to the Personal Information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in "Contact Us" below. We will review your request in accordance with the Principles and may limit or deny access to Personal Information as permitted by the Principles.
  6. Recourse, Enforcement and Liability. We conduct an annual self-assessment of our practices regarding Personal Information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.

    If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. We will respond to you within 45 days of receiving your complaint.

    If an issue cannot be resolved through Gen Digital’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to the EU Data Protection Authorities (for data covered by the EU-U.S. DPF), the Swiss Federal Data Protection and Information Commissioner (for data covered by the Swiss-U.S. DPF), and the UK Information Commissioner’s Office (for data covered by the UK Extension to the EU-U.S. DPF) which serve as Gen Digital’s alternative dispute resolution providers for both human resources data and all other types of personal data. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here for the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and here for the Swiss-U.S. DPF.

    Gen Digital is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Changes to this Notice

This Notice may be amended consistent with the requirements of the DPF. When we update this Notice, we will also revise the "Last Updated" date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.

Contact Us

If you have any questions, concerns or complaints regarding our privacy practices, you can contact us:

  • via email at nll_privacy@gendigital.com; or
  • by mailing to Gen Digital Inc. – Privacy Team, 60 East Rio Salado Parkway, Suite 1000, Tempe, AZ 85281, United States.

If you'd like to exercise your choices or rights, you can do so here.

click to top

Back to Top

About NortonLifeLock |
Careers |
News |
Sitemap |
Legal |
License Agreement |
Privacy |
Cookies |
Accessibility Policy |
Contact Us |
System Status

© 2019–2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries.

Other names may be trademarks of their respective owners.

Twitter Facebook Youtube Instagram LinkedIn
World mapUnited States

© 2019–2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries.

Other names may be trademarks of their respective owners.