NortonLifeLock Product and Services Privacy Notices

The enrollment and billing privacy statement provides our customers with a detailed look at how personal data is collected and processed when enrolling for a NortonLifeLock service.

Norton Enrollment Process

The Norton Enrollment process applies to all customers who are purchasing their Norton products and standalone features through the Norton eStore or by calling into a Norton contact center. This information is only collected once and is used to set up the Norton Account. Additional information may be collected at the discretion of the customer in order to maintain the account during the subscription to the product.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information including:
  • Email Address
  • Norton Account Password
  • Name (if given)
  • Country (if given)
  • Phone Number (if given)
  • National ID (region specific, if outside the United States)
Additional subscriber information, if chosen to be provided by Subscriber, including:
  • Physical Address
  • Tax ID (region specific, if outside the United States)
Subscriber information is processed to administer the account including establishing and authenticating the Subscriber account as well as communicating with the Subscriber.

Additional subscriber information is provided by the Subscriber if they chose to and is collected for the purposes of maintaining the account and product subscription.
Subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation.

Additional subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Additional subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation
  • Cookies from websites
  • Device ID
Administrative information including:
  • Norton Account ID
Subscriber information is processed for the purposes of delivering the content in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User, and monitoring website activity from the User (cookies).

Administrative information is generated internally by NortonLifeLock for the purpose of tracking account activity between internal company systems, applications, and architecture.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation and Device ID are pseudonymized using internal identifications and not made available to the Subscriber. Cookies can be controlled via the Norton.com and NortonLifeLock.com sites by opting in and out of cookies based on customer preferences. *

Administrative information is available to the Subscriber by logging into their account. Administrative information is not personally identifiable to the User and cannot be requested to be forgotten/deleted with account cancellation.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Marketing/Advertising Suppliers (cookie specific)
Administrative information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: N/A - NortonLifeLock does not collect any other data for enrollment processes from any third parties. N/A - NortonLifeLock does not collect any other data for enrollment processes from any third parties. N/A - NortonLifeLock does not collect any other data for enrollment processes from any third parties. N/A - NortonLifeLock does not collect any other data for enrollment processes from any third parties.
* Cookies are placed on the Norton.com, LifeLock.com, and NortonLifeLock.com websites to monitor website activity, improve customer experience with the company sites and product and to deliver interest-based advertising. Cookies may be controlled via the Cookie Tool banner in some regions. You may control the use of interest-based advertising cookies by visiting the industry advertising choices site at http://optout.aboutads.info/?c=2&lang=EN. Please note that if cookies are cleared from devices that are accessing the sites, you may be required to input their cookie preferences again.

Norton Billings Process

The Norton Billing process applies to all customers who have purchased their Norton products and/or standalone features through the Norton eStore or by calling into a Norton contact center. This information is used to bill the customers for their services and products on a regular interval. For products purchased through other methods, such as Norton Mobile Security for Apple and Android, this information will not apply.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information including:
  • Name
  • Email
  • Norton Account Password
  • Phone Number (if given)
  • National ID (region specific, if outside the United States)
  • Billing Address
  • Payment Information (depending on method can include Credit/Debit Card Information or PayPal account)
  • VAT/Tax ID (region specific, if outside the United States)
Subscriber information is processed to bill the account for products and features purchased. Subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation. Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation
  • Cookies from websites
Administrative information including:
  • Wallet ID
  • Auto Bill ID
  • Payment Transaction ID
Provisioning Information
  • Browser Details
Subscriber information is processed for the purposes of delivering the content in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User, troubleshooting issues, generating appropriate diagnostics reports, and monitoring website activity from the User (cookies).

Administrative information is generated internally by NortonLifeLock for the purpose of tracking account activity between internal company systems, applications, and architecture.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) as well as for trade compliance and fraud check.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation and Device ID are pseudonymized using internal identifications and not made available to the Subscriber. Cookies can be controlled via the Norton.com and NortonLifeLock.com sites by opting in and out of cookies based on customer preferences. *

Administrative information provided during the billing process is not personally identifiable to the User and may not be made available to the Subscriber, depending on the type of information provided.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Administrative information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Data We Collect/Access from Third Parties: Subscriber information including:
  • Payment Information (depending on method can include Credit/Debit Card Information or PayPal account)
  • Billing Address
Security Information including:
  • Device Fingerprint ID from Third Party
Subscriber information is processed by third parties to bill the account for products and features purchased and authenticate the payment information used.

Security information is processed by third parties and NortonLifeLock to validate that an authenticated payment transaction occurred, and the payment card and account are appropriate for billing.
Subscriber information provided during billing process may not be made available to the Subscriber, depending on the type of information provided. Subscriber has the ability to request that subscriber information provided during account enrollment/maintenance be forgotten/deleted with account cancellation.

Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
* Cookies are placed on the Norton.com, LifeLock.com, and NortonLifeLock.com websites to monitor website activity, improve customer experience with the company sites and product and to deliver interest-based advertising. Cookies may be controlled via the Cookie Tool banner in some regions. You may control the use of interest-based advertising cookies by visiting the industry advertising choices site at http://optout.aboutads.info/?c=2&lang=EN. Please note that if cookies are cleared from devices that are accessing the sites, you may be required to input their cookie preferences again.

In our ongoing quest to be as transparent as possible, NortonLifeLock provides these product and service-specific privacy notices to provide detailed information about how our products and services collect, process and share your personal data. This transparency allows you to better understand how each product and service operates, as they relate to your personal data. These notices should be read in conjunction with the NortonLifeLock Global Privacy Statement which explains how our company as a whole processes your personal data. For example, the Member/Subscriber Information that is collected to provide a specific service may be used by the company to inform you of other or related services. Our goal is to be as transparent as possible and to provide you the level of detail you desire.

Norton Anti-Virus Products

Norton Anti-Virus Products (including Standard, Deluxe, Premium, Platinum, Ultra, Norton Internet Security, Norton One, Norton Antivirus, Norton Antivirus Basic, Norton 360, Norton 360PE and Norton 360MD) provide endpoint security which defends against ransomware, viruses, spyware, malware and other online threats. Norton Anti-Virus can also be offered as a bundled product with other NortonLifeLock products.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Security information including:
  • Emails reported as spam
  • Malware Detections chosen to be reported
  • File backups as selected by User (if purchasing/using Norton Online Backup)
Security information is processed for the purpose of delivering the product by evaluating for potential security risks and/or blocking emails, enforcing the rules and policies defined by the User for their controlled profiles, and helping the User detect any misuse of Personal Data associated with such profiles. Additionally, emails and malwares files provided by Users help in improving the product's detection rate by reducing false positives. Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Norton Online Backup data is encrypted with User's private key. NortonLifeLock does not have access to the contents of the backups and can be requested to be forgotten/deleted with account cancellation. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
Administrative information including:
  • Product Serial Number
Provisioning information including:
  • Operating system version and settings
  • Device manufacturer and model
  • Device names and/or assigned names
  • Device identifiers including MAC address
  • Norton Machine ID
Security information including:
  • URLs/Websites visit including search terms, keywords
  • Executable files identified as malware
  • Application names and versions
Diagnostics information including:
  • Internet usage time
  • Network connection activity
  • Failure diagnostics including crash dumps and system logs
Subscriber information is processed for the purposes of determining appropriate language settings for communicating with the User and determining country of origin for threats detected.

Administrative information is generated internally by NortonLifeLock for the purpose of tracking account activity between internal company systems, applications, and architecture.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) as well as tracking and determining trends in threats detected.

Security information is processed for the purposes of delivering the product by informing the User on site safety and blocking browsing to unsafe websites, improving the detection of malware and cyber-threats (e.g. through file sample analysis), and pursuing general cybersecurity research.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Administrative information is not made available to the User. Product Serial Numbers are kept in an encrypted form and cannot be deleted/forgotten request.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted or pseudonymized form and cannot be deleted/forgotten request.

Security Information may be made available to the User in the form of notifications when an incident is detected.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Administrative information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Security Information:
  • Security ratings of URLs and files
  • Executable files identified as potential malware
Diagnostics information including:
  • Failure diagnostics including crash dumps and system logs
Security information is processed for the purposes of delivering the product by informing the User on site safety and blocking browsing to unsafe websites.

Diagnostics information is processed for the purpose of understanding product usage and improving the product.
Security Information may be made available to the User in the form of notifications when an incident is detected.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Research Organization

Norton Password Manager

Norton Password Manager has four variants: 1) a component of the Norton Security product and plugin for Internet Explorer browser; 2) browser extensions for all major browsers except Internet Explorer; 3) mobile apps for Android and iOS; 4) a web application requiring no additional installation of software or browser extensions. All variants are a password manager which manages Usernames, passwords, and other information useful for performing online activities.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information, provided by User if chosen, including:
  • Username(s)
  • Password(s)
  • Phone Number
  • Physical Address(es) (including city, state and postal code)
  • Additional Payment Information (Credit/Debit Card Information, specifically account numbers, card type, and expiration dates; Bank account number and name of bank)
  • Gender (including Title)
  • Additional Email(s)
  • Date of Birth
  • Freeform notes / text
Subscriber information is provided by the Subscriber if they chose to and is collected for the purposes of delivering the product by providing additional protection on as many data elements as the User choses. Subscriber information is encrypted at the device level and is not accessible to NortonLifeLock. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation. N/A - Subscriber information is encrypted at the device level and is not accessible to NortonLifeLock and is not provided to other third parties.
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
Provisioning information including:
  • Web browser name
  • Version and Preferred Language
  • Operating system (Including version or platform)
  • Website domains for stored Logins
  • Free Form Text (as provided by User)
Diagnostics information including:
  • Metadata (including number of accounts stored with products and number of websites visited, number of product features used)
Subscriber information is processed for the purposes of determining appropriate language settings for communicating with the User and for reporting about product usage based on general location.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s) and by providing login services and analyzing Service usage.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Security Information including:
  • Potentially compromised passwords (specific Usernames/passwords are never known to NortonLifeLock services nor to third parties)
Security information is processed for the purposes of delivering the product by identifying and informing the User of potentially compromised passwords stored within device. Security information is partially hashed and is made available to the User when a potentially compromised password is identified. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Secure VPN

Norton Secure VPN protects the User’s devices and safeguards the User’s data by encrypting the User’s information on any internet connection and preserving the User’s privacy.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: N/A - Norton Secure VPN does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Secure VPN does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Secure VPN does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Secure VPN does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
  • Device ID Serial Number
Provisioning information including:
  • Device Name and Type
  • OS version (for mobile devices only)
  • Language
Security information including:
  • Aggregate Bandwidth Usage (limited to the number of bytes transferred using the service)
Diagnostics information including:
  • Temporary Usage Data to assist with debugging a problem with the service (serial number from app to give installation status)
  • Error state in installation/usage of app
Subscriber information is processed for the purposes of delivering the content in accordance to the Subscriber's device(s) and determining appropriate language settings for communicating with the User.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s)

Security information is processed for the purposes of billing the account of product used as well as network operations and support.

Diagnostics data is processed for the purpose of delivering the product by selecting the most appropriate server to connect to and for research and development to improve products and services and better to protect the User’s network, devices, data and identity.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation and Device ID are pseudonymized using internal identifications and not made available to the Subscriber.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Reporting metadata on product and application usage
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Privacy Manager

Norton Privacy Manager protects online privacy and limits your digital footprint by providing private communications, device and location services, anonymized Sudo identities, and private browsing within the app. Norton Privacy Manager also incorporates subsets of features from Norton Secure VPN and Norton Password Manager.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: N/A - Norton Privacy Manager does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Privacy Manager does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Privacy Manager does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Privacy Manager does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access: Subscriber information including:
  • Cellular Location (City and Country Code)
  • IP address/Geolocation (anonymized)
Provisioning information including:
  • Cellular carrier
  • Mobile device model
  • Operating System platform and version
Security information including:
  • Browser Usage (Bookmarks and History)
  • Log Information for email address
  • Transaction details performed on app
  • Metadata for text messages, phone calls and emails (limited to send times, message types and receiver)
Diagnostics information including:
  • App-related Usage Data
  • Applications Error Reports
  • Crash Dumps Logs
Subscriber information is processed for the purposes of delivering the product features such as telephone, email, app-to-app or SMS/MMS messaging services and search and web-browsing.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) and allowing the User to share their location with individuals chosen by them.

Security information is processed for the purpose delivering the product by providing secured environment to perform product features such as telephone, email, app-to-app or SMS/MMS messaging services and search and web-browsing.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and is made available to the User through their end device. Security information is kept within the app and can be deleted by the User at any time.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Subscriber information including:
  • Cellular Location (City and Country Code)
  • IP address
Provisioning information including:
  • Cellular carrier
  • Mobile device model
  • Operating System platform and version
Security information including:
  • Browser Usage (Bookmarks and History)
  • Log Information for email address
  • Transaction details performed on app
  • Metadata for text messages, phone calls and emails (limited to send times, message types and receiver)
Diagnostics information including:
  • App-related Usage Data
  • Applications Error Reports
  • Crash Dumps Logs
Subscriber information is processed for the purposes of delivering the product features such as telephone, email, app-to-app or SMS/MMS messaging services and search and web-browsing.

Provisioning information is processed for the purpose delivering the product to allow the User to share their location with individuals chosen by them.

Security information is processed for the purpose delivering the product by providing secured environment to perform product features such as telephone, email, app-to-app or SMS/MMS messaging services and search and web-browsing.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation are pseudonymized using internal identifications and not made available to the Subscriber.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and is made available to the User through their end device. Security information is kept within the app and can be deleted by the User at any time.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Utilities Premium

Norton Utilities helps analyze, configure, optimize and maintain a computer of the User to keep it running like new.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: N/A - Norton Utilities does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Utilities does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Utilities does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Utilities does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
  • Device ID
Provisioning information including:
  • Activation Data (limited to status of installation of product on device)
Diagnostics information including:
  • User reviews/feedback
Subscriber information is processed for the purposes of delivering the product in accordance to the Subscriber's device(s) and determining appropriate language settings for communicating with the User.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s).

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation and Device ID are pseudonymized using internal identifications and not made available to the Subscriber.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Metadata based on User reviews/feedback
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Family Premier

Norton Family Premier helps protect protected Users and their devices whom the subscriber chooses to protect with parental controls applied through subscriber-defined and subscriber-managed protection settings and features.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information, provided by User if chosen, including:
  • Free form text box (suggested data elements to provide are Child's Name, Child's Email Address Child's Phone Number, Child's Social Security Number, Child's Physical Address)
  • Child’s Age Range
  • Setting information as determined by parent
Subscriber information is provided by the User and is processed for the purposes of delivering the product by helping the User to supervise the online activities of the protected User’s device and helping to enforce User-defined rules on online activities of the protected User’s device. Subscriber information is available to the User by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation. Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
Data We Collect/Access: Subscriber information including:
  • Parent's Time Zone
  • Child's IP Address/Geolocation (based on policy configuration)
  • Picture (for avatar, if chosen)
Provisioning information including (based on policy configuration):
  • Child's operating system platform and version
  • Installation status of the Norton Family client software on subscriber or protected User device
  • Child Policy configurations as determined by parent
  • License ID, status, and entitlement information
  • Device name, type, language, hardware, software and application inventory (only applicable to Android mobile devices)
  • Browser type and version
Security information includes (based on policy configuration):
  • Application and database access configurations
  • Setting configurations deviations performed by Child
  • Application exception and workflow failure logs
  • URLs visited by Child and Search terms
  • Device usage time
  • Application usage time
Diagnostics information including:
  • Crash logs for PC
  • Product Usage Telemetry (limited to pages visited with Product)
Subscriber information is processed to determine appropriate language settings for communicating with the User and delivering the product by helping the subscriber to supervise the location of User's protected device.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s), helping the User to supervise the online activities of the protected User’s device and helping to enforce User-defined rules on online activities of the protected User’s device

Security information is processed for the purposes of delivering the product in accordance to the User's device(s) as well as improving the Product’s installation success rate by providing input for research and development to improve products and services to better protect the Subscriber’s and protected Users’ network, devices, data and identity.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is available to the User by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Crash logs for mobile devices
  • Metadata reports on product usage
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Ultimate Help Desk

Norton Ultimate Help Desk allows the User to contact an expert to assist with technical issues ranging from network setup to device diagnostics and troubleshooting.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Security information, provided by User if chosen, including:
  • Issue Description and Details
Security information is processed for the purpose of delivering the product by communicate with the User and identifying the root causes of the issues posed. Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Provisioning information including:
  • Operating system and settings
  • Security settings (e.g., active firewall, antivirus software)
  • System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file and registry data).
Diagnostics information including:
  • Scan Statistics (e.g. Number of scanned files; number of threats found, fixed, or remaining; data and time of scan)
Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) and identifying the root causes of the issues posed.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: N/A - Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services. N/A - Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services. N/A - Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services. N/A - Norton Ultimate Help Desk does not collect/access personal data from third parties as part of its services.

Norton Computer Tune-Up

Norton Computer Tune-Up is a feature within Norton Ultimate Help Desk, which helps to keep the User’s device running like new, using diagnostics.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Security information, provided by User if chosen, including:
  • Issue Description and Details
Security information is processed for the purpose of delivering the product by communicate with the User and identifying the root causes of the issues posed. Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Provisioning information including:
  • Operating system and settings
  • Security settings (e.g., active firewall, antivirus software)
  • System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory and CPU utilization, log file and registry data).
Diagnostics information including:
  • Scan Statistics (e.g. Number of scanned files number of threats found, fixed, or remaining, and data and time of scan)
Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) and identifying the root causes of the issues posed.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: N/A - Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services. N/A - Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services. N/A - Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services. N/A - Norton Computer Tune-Up does not collect/access personal data from third parties as part of its services.

Norton Mobile Security

Norton Mobile Security provides to protected Users’ and their devices whom the subscriber chooses to protect protection for smartphones and tablets against digital threats, lost or stolen device recovery and contact information restoration.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Norton Mobile Security can be purchased through the Norton eStore or through AppStore/PlayStore. If purchasing through the eStore, please see the Norton Enrollment Process. If purchasing through the Apple AppStore or Google PlayStore, please see the below information. Subscriber information including:
  • Email
  • Norton Account Password
  • Country
Subscriber information is processed to administer the account including establishing and authenticating the Subscriber account as well as communicating with the Subscriber. Subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation. Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Subscriber information including:
  • Mobile Device IDs (UDID, IMEI, and IDFA)
Provisioning information including:
  • Device name and type (including Wi-Fi Mac Address)
  • Operating System platform and version
Security information including:
  • File and Application Data (limited to app store data, applications downloaded, and browsing data. Android devices will also collect calendar and SD contents)
  • Web-browsing and URLs accessed
  • User interface and screen activity (limited to keyword tags and actions)
Diagnostic information including:
  • Usage Information (e.g., network service information, download and use frequency, log data)
  • Error reports/crash dumps
  • Device/Phone settings (including but not limited to device model and manufacturers)
Subscriber information is processed for the purposes of delivering the product in accordance to the Subscriber's device(s) and determining appropriate language settings for communicating with the User.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device as well as blocking incoming calls from contacts (call blocking is only available on the Android OS).

Security information is processed for the purposes of delivering the product by alerting the User to potentially malicious applications, malware, and links (including links in emails or data downloaded to SD cards) as well as improving the app security feature (malicious malware and applications blocking feature and SD card is only available on the Android OS).

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. Device IDs are pseudonymized using internal identifications and not made available to the Subscriber.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Reporting data based on metadata collected by product (limited to number of Users by general geolocations/regions, and operating systems)
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

NortonLive Spyware and Virus Removal

Norton Spyware and Virus Removal is a one-time product that remediates 1 virus per device to help get the device running again. Norton Spyware and Virus Removal is offered as a feature as part of the Norton Security products but may also be purchased as a separate one-time service.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Security information, provided by User if chosen, including:
  • Issue Description and Details
Security information is processed for the purpose of delivering the product by communicate with the User and identifying the root causes of the issues posed. Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Provisioning information including:
  • Application names and versions
  • Norton Machine ID (anonymized)
  • Operating system information
  • Security settings (e.g., active firewall, antivirus software)
  • System configurations (e.g., active ports, hosts file, installed programs, active processes, open memory, log file and registry data).
Diagnostics information including:
  • Crash dump information (specifically related to Norton product crash)
  • Scan Statistics (e.g. Number of scanned files; number of threats found, fixed, or remaining, and data and time of scan)
Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s) and identifying the root causes of the issues posed.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: N/A - Norton Spyware and Virus Removal does not collect/access personal data from third parties as part of its services. N/A - Norton Spyware and Virus Removal does not collect/access personal data from third parties as part of its services. N/A - Norton Spyware and Virus Removal does not collect/access personal data from third parties as part of its services. N/A - Norton Spyware and Virus Removal does not collect/access personal data from third parties as part of its services.

Norton Safe Web (Website and Browser Extension)

Norton Safe Web is a website that displays risk information for various websites. It includes latest updates from NortonLifeLock. It also manages a community of online Users, offering ability to submit their own website ratings and provide comments on website ratings. The community features also display statistics for the community and site rating (e.g. the most ratings by Users, the most-rated websites). The Norton Safe Web website also manages services for website owners to register their ownership and perform rating review requests. Users may use the website without supplying any data if they wish to browse and view website rating information. To participate in the User community or with the site owner features, Users must have a Norton Account (see Norton Enrollment process).

Norton Safe Web is a browser extension that monitors browsing activity and web page content for unsafe risks. It uses reputation services and web page content analysis to help protect the User from malicious website content, phishing, and other threats. This extension includes features that permit browsing of potentially-risky websites in a special isolation mode to help provide additional protection. This extension also helps protect you from unsafe website access when using your webmail and social media websites.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Norton Safe Web does not require Users to provide any information outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no Subscriber information is collected. N/A - Norton Safe Web does not require Users to provide any information outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no Subscriber information is used or processed. N/A - Norton Safe Web does not require Users to provide any information outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no Subscriber information is collected. N/A - Norton Safe Web does not require Users to provide any information outside of enrollment and billing processes. Norton Safe Web can be used as a free extension tool. If used as such, no Subscriber information is collected.
Data We Collect/Access: Subscriber information including:
  • IP address/Geolocation (anonymized)
Provisioning information including:
  • Version and Preferred Language
  • Operating system (Including version or platform)
  • Browser application and settings
Security information including:
  • Browsing activity
If User permission is given to enable product telemetry, the following Diagnostics information may be collected/accessed:
  • Metadata (limited to number of blocked websites and number of unsafe websites clicked)
Subscriber information is processed for the purposes of delivering the product in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User and reporting about product usage based on general location.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s).

Security information is processed for the purposes of delivering the product by informing the User on site safety and/or blocking unsafe websites.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is maintained in pseudonymized form and cannot be included in a request to be deleted/forgotten.

Security information is pseudonymized using internal identifications and not made available to the User. Security information maintained in pseudonymized form cannot be included in a request to be deleted/forgotten.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is maintained in pseudonymized form cannot be included in a request to be deleted/forgotten.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Reporting data based on metadata collected by product (e.g. number of Users by browser types, general geolocations/regions, and operating systems)
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Norton Safe Search (Website and Browser Extension)

Norton Safe Search (website) is a search website that helps protect the User from unsafe websites by filtering search results and providing website safety ratings to the User to provide a safer web browsing experience. Norton Safe Search (browser extension) has two variants. The first variant overrides the browser’s default search engine to the Norton Safe Search website. The second variant performs the same search engine override but also combines the features of the Norton Safe Web and Norton Home Page browser extensions into a single browser extension.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Norton Safe Search (website) does not require Users to provide any information.

Norton Safe Search (browser extension) does not require Users to provide any information outside of enrollment processes. Norton Safe Search can be used as a free product. If used as such, no Subscriber information is collected.
N/A - Norton Safe Search (website) does not require Users to provide any information. Norton Safe Search (website) does not require Users to provide any information. Norton Safe Search (website) does not require Users to provide any information.
Data We Collect/Access: Subscriber information including:
  • IP address/Geolocation (anonymized)
Provisioning information including:
  • Version and Preferred Language
  • Operating system (Including version or platform)
  • Browser application and settings
If User permission is given to enable product telemetry, the following information may be collected/accessed: Security information including:
  • Browsing activity
  • Search terms
  • Search suggestions
Diagnostics information including:
  • URL of blocked websites
  • Metadata (e.g. number of blocked websites and number of unsafe websites clicked)
Subscriber information is processed for the purposes of delivering the product in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User and reporting about product usage based on general location.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s).

Security information is processed for the purposes of delivering the product by informing the User on site safety and/or blocking unsafe websites.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is maintained in pseudonymized form and cannot be included in a request to be deleted/forgotten.

Security information is pseudonymized using internal identifications and not made available to the User. Security information maintained in pseudonymized form cannot be included in a request to be deleted/forgotten.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is maintained in pseudonymized form cannot be included in a request to be deleted/forgotten.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Reporting data based on metadata collected by product (e.g. number of Users by browser types, general geolocations/regions, and operating systems).
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

Password Generator

Norton Password Generator is a free service offered in select countries or as a feature to Norton Password Manager that generates a random strong password for any individual to use for their application, devices, or any other accounts.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: N/A - Norton Password Generator does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Password Generator does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Password Generator does not require Users to provide any information outside of enrollment and billing processes. N/A - Norton Password Generator does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
Provisioning information including:
  • Web browser name
  • Version and Preferred Language
  • Operating system (Including version or platform)
Subscriber information is processed for the purposes of delivering the product in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User and reporting about product usage based on general location.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s).
Password Generator only receives subscriber information as part of the Norton.com websites. IP addresses/Geolocation are anonymized.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
N/A - Norton Password Generator does not collect/access personal data from third parties as part of its services.
Data We Collect/Access from Third Parties: N/A - Norton Password Generator does not collect/access personal data from third parties as part of its services. N/A - Norton Password Generator does not collect/access personal data from third parties as part of its services. N/A - Norton Password Generator does not collect/access personal data from third parties as part of its services. N/A - Norton Password Generator does not collect/access personal data from third parties as part of its services.

LifeLock

LifeLock Products (including Standard, Advantage, Ultimate Plus, Defender, Defender Choice, Defender Preferred, and LifeLock products that are offered as an employee benefit provides basic identity monitoring, theft protection, and identity restoration services to customers. The LifeLock Product is also offered as a bundled deal with the Norton Security Products.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information including:
  • Name
  • Email
  • LifeLock Account Password
  • Phone Number
  • Social Security Number
  • Physical Address
  • Date of Birth
  • Billing Address
  • Payment Information (depending on method can include Credit/Debit Card Information or PayPal account)
Additional subscriber information, if chosen to be provided by Subscriber, including:
  • Alternate Physical Address
  • Alternate Phone Address
  • Bank Account Information
  • Driver's License Number
  • Alternate Credit/Debit Card Information
  • Mother's Maiden Name
  • Verbal Passcode
  • Insurance Number/Information
  • Child's Name (if purchasing LifeLock junior)
  • Child's Social Security Number (if purchasing LifeLock junior)
  • Child's Date of Birth (if purchasing LifeLock junior)
  • Child's Bank Account Information (if purchasing LifeLock junior)
  • Power of Attorney (if purchasing LifeLock Senior)
Subscriber information is processed to administer the account including establishing and authenticating the User account as well as communicating with the User.

Additional subscriber information is provided at the discretion of the Subscriber and is processed to deliver additional monitoring services and features as selected by the User.
Subscriber information is available to the Subscriber by logging into their account. Upon account cancellation, certain data elements (LifeLock Account Password and Payment Information) will be deleted at the request of the User. All other data elements will be retained by NortonLifeLock in order to provide product warranty (restorations services).

Additional subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Additional subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation
  • Cookies
Administrative Data including:
  • Member ID
  • Restorations Case Number (for filed Restorations cases only)
  • Complaint Case Number (for lodged complaints only)
  • Parent Case Number (for disputed alerts only)
Provisioning information including:
  • Device ID
  • Operating system version and settings
  • Device manufacturer and model
  • Device names and/or assigned names
  • Web browser name and version
  • Preferred Language
Security information including:
  • Credit Scores
  • Credit Reports
  • Bank Transactions
  • Alert Information (limited to Dark Web Monitoring and Credit Monitoring features)
Diagnostics information including:
  • Applications Error Reports
  • Crash Dumps Logs
  • App-related Usage Data
Subscriber information is processed for the purposes of delivering the content in accordance to the Subscriber's device(s), determining appropriate language settings for communicating with the User, and monitoring website activity from the User.

Administrative information is generated internally by NortonLifeLock for the purpose of tracking account activity between internal company systems, applications, and architecture.

Provisioning information is processed for the purposes of delivering the product in accordance to the User's device(s).

Security information is processed to monitor User identity and provide monitoring and protective alerts to User when potentially fraudulent activity is detected.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation are pseudonymized using internal identifications and not made available to the Subscriber. Cookies can be controlled via the NortonLifeLock.com sites by opting in and out of cookies based on customer preferences. *

Administrative information is available to the Subscriber by logging into their account. Administrative information is not personally identifiable to the User and cannot be requested to be forgotten/deleted with account cancellation.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is available to the Subscriber by logging into their account. Subscriber has the ability to request that security information be forgotten/deleted with account cancellation.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Marketing/Advertising Suppliers (cookie specific)
Administrative information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Subscriber information including:
  • Verified Name
  • Verified Social Security Number
  • Verified Physical Address
  • Verified Date of Birth
Security information including:
  • Credit Scores
  • Credit Reports
  • Bank Transactions
  • Alert Information (limited to Dark Web Monitoring and Credit Monitoring features)
Diagnostics information including:
  • Reporting metadata on product and application usage
Subscriber information is processed by third parties to verify and authenticate the individual enrolling in the account.

Security information is processed to monitor User identity and provide monitoring and protective alerts to User when potentially fraudulent activity is detected.

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is available to the Subscriber by logging into their account. Subscriber has the ability to request that subscriber information be forgotten/deleted with account cancellation.

Security information is available to the Subscriber by logging into their account. Subscriber has the ability to request that security information be forgotten/deleted with account cancellation.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
* Cookies are placed on the Norton.com, LifeLock.com, and NortonLifeLock.com websites to monitor website activity, improve customer experience with the company sites and product and to deliver interest-based advertising. Cookies may be controlled via the Cookie Tool banner in some regions. You may control the use of interest-based advertising cookies by visiting the industry advertising choices site at http://optout.aboutads.info/?c=2&lang=EN. Please note that if cookies are cleared from devices that are accessing the sites, you may be required to input their cookie preferences again.

Dark Web Monitoring

Dark Web Monitoring powered by LifeLock provides searching services to Users to identify and detect any personal information on the dark web and provide to Users in alert form. Dark Web Monitoring is also offered as a feature of the LifeLock Products.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: Subscriber information including:
  • Name
  • Email
  • Password
  • First Phone Number
  • First Physical Address
Additional subscriber information, if chosen to be provided by Subscriber, including:
  • Alternative Email Address
  • Alternate Phone Number(s)
  • Alternate Physical Address(es)
  • Bank Account Information
  • Credit/Debit Card Information
  • Mother's Maiden Name
  • Multiple Insurance Information(s)
  • Driver's License
  • Social Security Number (only if previously purchased through a LifeLock product offering)
  • Date of Birth (only if previously purchased through a LifeLock product offering)
Subscriber information is processed to administer the account including establishing and authenticating the User account as well as communicating with the User.

Additional subscriber information is processed to deliver additional searching criteria for the product within the dark web.
Subscriber information is available to the User by logging into their account. User has the ability to request that subscriber information be deleted/forgotten.

Additional information provided by the User can be viewed by logging into their account. User has the ability to request that subscriber information be deleted/forgotten.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Payment Processors
Additional subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized, if previously purchasing through a Norton product)
Administrative information including:
  • LifeLock Member ID (if previously purchasing through a LifeLock product)
  • Norton GUID (if previously purchasing through a Norton product)
  • Member GUID
Provisioning information including:
  • Web browser name and version
  • Preferred Language
  • Device ID
  • Operating system version and settings
Diagnostics information:
  • Applications Error Reports
  • Crash Dumps Logs
  • App-related Usage Data
Subscriber information is processed to determine appropriate language settings for communicating with the User.

Administrative information is generated internally by NortonLifeLock for the purpose of tracking account activity between internal company systems, applications, and architecture.

Provisioning information is processed for the purpose delivering the product in accordance to the User's device(s).

Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry.
Subscriber information is not made available to the User. IP addresses/Geolocation are anonymized.

Administrative information is available to the Subscriber by logging into their account. Administrative information is not personally identifiable to the User and cannot be requested to be forgotten/deleted with account cancellation.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
  • Marketing/Advertising Suppliers (cookie specific)
Administrative information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Security Information including:
  • Alert Information (limited to dark web monitoring)
  • Analytics reports
Security information is processed to provide alerts to the User of personal information that is found on the dark web. Security information is available to the Subscriber by logging into their account. Subscriber has the ability to request that security information be forgotten/deleted with account cancellation. Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers

SurfEasy

SurfEasy protects the User’s devices and safeguards the User’s data by encrypting the User’s information on any internet connection and preserving the User’s privacy.

  Data Access and Collection Data Use and Processing Data Subject Rights and Disclosure Third Parties Processors
Data You Provide: N/A - SurfEasy does not require Users to provide any information outside of enrollment and billing processes. N/A - SurfEasy does not require Users to provide any information outside of enrollment and billing processes. N/A - SurfEasy does not require Users to provide any information outside of enrollment and billing processes. N/A - SurfEasy does not require Users to provide any information outside of enrollment and billing processes.
Data We Collect/Access: Subscriber information including:
  • IP Address/Geolocation (anonymized)
  • Device ID Serial Number
Provisioning information including:
  • Device Name and Type
  • OS version (for mobile devices only)
  • Language
Security information including:
  • Aggregate Bandwidth Usage (limited to the number of bytes transferred using the service)
Diagnostics information including:
  • Temporary Usage Data to assist with debugging a problem with the service (serial number from app to give installation status)
  • Error state in installation/usage of app
Subscriber information is processed for the purposes of delivering the content in accordance to the Subscriber's device(s) and determining appropriate language settings for communicating with the User.

Provisioning information is processed for the purpose of delivering the product in accordance to the User's device(s)

Security information is processed for the purposes of billing the account of product used as well as network operations and support.

Diagnostics data is processed for the purpose of delivering the product by selecting the most appropriate server to connect to and for research and development to improve products and services and better to protect the User’s network, devices, data and identity.
Subscriber information may not be made available to the Subscriber, depending on the type of information provided. IP addresses/Geolocation and Device ID are pseudonymized using internal identifications and not made available to the Subscriber.

Provisioning information is pseudonymized using internal identifications and not made available to the User. Provisioning information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Security information is pseudonymized using internal identifications and not made available to the User. Security information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.

Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request.
Subscriber information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Provisioning information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Security information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers
Data We Collect/Access from Third Parties: Diagnostics information including:
  • Reporting metadata on product and application usage
Diagnostics information is processed for the purpose of understanding product usage to further develop and improve the product performance as well as telemetry. Diagnostics information is pseudonymized using internal identifications and not made available to the User. Diagnostics information is kept in an encrypted pseudonymized form and cannot be deleted/forgotten request. Diagnostics information may be provided to the following types of third parties in order to provide agreed upon services, as well as to comply with regulatory requirements.
  • Government-related Auditors
  • Services Providers