Effective January 1, 2021
Additional privacy information may be provided in offer descriptions, contractual terms, supplemental privacy statements or notices provided prior to or at the time of data collection. Certain Broadcom products and services may have additional specific privacy notices. In case of conflict, such specific privacy notices shall derogate from this general policy.
What Information Do We Collect About You and Why?
We may ask you to provide us with Personal Data about yourself in order to provide services to you. If you choose not to provide Personal Data that we have asked for, it may delay or prevent us from providing services to you. “Personal Data” means any information relating to an identified or identifiable individual (including “Personal Information” in the meaning of the California Consumer Privacy Act, “CCPA”, as defined in Subdivision (o) of the California Civil Code § 1798.140) We may collect the following different categories of Personal Data about you:
- personal and business identifiers and contact information such as name, job title, company name, contact, shipping and billing information, phone number, email address;
- internet or other electronic network activity, i.e. technical data such as domain name, browser type and operating system, web pages you view; links you click; your device’s IP address; login data e.g. username, account number, password; the length of time you visit our Site and/or use our services; the URL or the webpage that led you to our Site; performance and usage data about your use of our products and services; data you provide to us to receive technical assistance or during customer service interactions; your personal or professional interests, demographics, experience with our products and contact preferences; and
- commercial information, i.e. transactional data including credit card and payment data, transaction history.
Personal Data may be required to determine access eligibility for certain restricted parts of our Site or services. Personal Data about you collected on-line may be combined with information provided off-line or collected from trusted third party sources.
Information We Collect Directly From You or a Third Party. We collect Personal Data about you when you visit our website (“Site”), register or subscribe for our services, order our products or services, create an account on our Site, request marketing or publications to be sent to you, give us feedback on our services or our Site. We also may collect Personal Data about you from third party sources, such as someone authorized by you to act on your behalf, third party services that you use that utilize or interact with our services, or where Personal Data has been provided by you at an event. We may also collect your Personal Data from other sources as and when permitted by applicable laws, such as public databases, joint marketing partners, and social media platforms.
How Do We Use Your Information?
We use the information collected about you as appropriate and relevant for the following commercial purposes:
- to register you as a new customer;
- to enable you to order products or services, download software updates;
- to provide services to you, including programs, online services and customer support;
- to allow you to make requests, and register for customized communications programs;
- to customize the content and information that we may send or display to you to administer the careers portion of the Site and process your job application;
- for marketing and promotional purposes;
- to assist us in advertising our products and services on third party websites;
We use the information collected about you as appropriate and relevant for the following business purposes:
- to better understand how users access and use our Site, products, and services and for other research and analytical purposes, including data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Site, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
- to manage our relationship with you which will include notifying you about changes to our terms or this Policy;
- as we determine it to be necessary and appropriate, including:
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to enforce our terms and conditions;
- to protect our operations or those of any of our affiliates;
- to defend our legal claims; and
- to protect our rights, privacy, safety, security, property, and/or that of our affiliates, you or others.
We will only process any special categories of Personal Data (“Sensitive Personal Data”) relating to you for specific purposes outlined above or in relevant supplemental notices, because either: 1. You have given us your explicit consent to process that information; or 2. The processing is necessary to carry out our obligations under employment, social security or social protection law; 3. The processing is necessary for the establishment, exercise or defense of legal claims; or 4. You have made the information public.
Legal Basis of Processing
In order to collect, use and otherwise process your Personal Data for the above listed commercial and business purposes, we may rely on the following legal bases as appropriate and relevant in the specific context:
- Our legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.
- Your consent, where we have obtained your consent to process your Personal Data for certain activities. You may withdraw your consent at any time by using the contextual preference tools available in the communications or in the user interfaces of the products and services we provide to you. Absent those, please contact us as explained below. However, please note that your withdrawal of consent will not affect the lawfulness of any use of your Personal Data by Broadcom based on your consent prior to withdrawal.
- To fulfill any contractual obligations, such as where you have purchased a product or service from Broadcom. For example, we may require your contact details in order to deliver your order if you have purchased a product from us.
- For compliance with Broadcom’s legal obligations where applicable laws require us to process your Personal Data.
If you have any questions or would like more information regarding the legal basis on which we collect your Personal Data, please review the supplemental privacy notice(s) of the products or services concerned, or contact us as explained below.
Processing Of Personal Data For The Purposes Of Fraud Prevention And Network and Information Security
On the basis of legitimate interest, we process Personal Data for fraud prevention and network and information security purposes. Pursuant to the EU General Data Protection Regulation (“GDPR”), organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of preventing fraud and ensuring network and information security. According to the GDPR, network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.
Both as an organization in our own right, and as a provider of payment security services and cybersecurity technologies and services, it is in our legitimate interests as well as in our customers’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of preventing “Fraudulent Payment Transactions” and ensuring the security of our own, and of our customers’ payment transactions and information networks and systems. This includes the development of payment transaction records and of threat intelligence resources aimed at maintaining and improving on an ongoing basis our ability to detect Fraudulent Payment Transactions, and the ability of networks and systems to resist unlawful or malicious actions and other harmful events affecting information networks and systems (“Cyber-Threats”).
The Personal Data we process for the prevention of Fraudulent Payment Transactions include, without limitation:
- Information related to electronic means of payment and related entitlements;
- Information related to electronic payment transactions;
- Contextual signals and indicators of suspected fraud;
- Verification information to confirm or dispel suspected fraud; and
- Evidence of suspected, detected and/or confirmed fraud.
The Personal Data we process for network and information security purposes include, without limitation, network traffic data related to Cyber-Threats such as:
- sender email addresses (e.g., of sources of SPAM);
- recipient email addresses (e.g., of victims of targeted email cyberattacks);
- reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);
- filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);
- URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful contents); and/or
- IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting, caching or other storage of Cyber-Threats such as malicious or otherwise harmful contents).
Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting and mitigating the Fraudulent Payment Transaction or Cyber-Threat of concern to you, and to all organizations relying on our products and services to secure their payment transactions, and information networks and systems. When processing Personal Data in this context, we will only seek to identify data subjects:
- to the extent that it is an inherent part to the services that our customers hire us to perform for them, and as such it is strictly indispensable to the prevention of the fraud and/or the remediation of the Cyber-Threat concerned, or
- if and as required by law.
If you believe that your Personal Data was unduly collected or is unduly processed by Broadcom for such purposes, please refer to the “Your Rights” and “Contact Us” sections below. Please be aware that if it is determined that Personal Data concerning you is processed by Broadcom because it is critical for the prevention of Fraudulent Payment Transactions, or the detection, blocking or mitigation of Cyber-Threats, then in certain cases the legitimate interest to pursue such processing may be compelling enough to override access, objection, rectification or erasure requests related to the data concerned.
Automated Individual Decision-Making And Profiling
Where Broadcom processes payment transaction security or network traffic data for the purpose of fraud prevention, respectively network and information security, automated decisions concerning particular payment transactions or cyber events may occasionally be made. This could involve in particular assigning relative payment fraud risk, respectively cybersecurity risk scores to ongoing or recent payment transactions, information network activities or system behaviors. Such automatically-assigned risk scores may be leveraged by you, by Broadcom, by our partners and by other customers to detect, block and mitigate the detected Fraudulent Payment Transaction or Cyber-Threat. They could therefore result in our products and services blocking payment transactions deemed to be fraudulent, halting network traffic coming from or going to suspected or known malicious addresses. Such processing is not intended to produce any other effect than protecting you, Broadcom, our partners and our other customers from fraudulent payment transactions, respectively Cyber-Threats. Should you nevertheless consider that such automated processing is unduly affecting you in a significant way, please contact directly the relevant data controller whose use of our products and services is thus impacting you. In case that data controller is Broadcom, please refer to the “Your Privacy Rights” and “Contact Us” sections of this Policy to raise your concerns and to seek our help in finding a satisfactory solution.
With Whom Do We Share Your Information And Why?
Broadcom does not sell your personal information. We only share your information as described in this Policy. Broadcom processes your information for the purposes described in this policy, which include the above-listed commercial and business purposes in the meaning of the CCPA (see the “How Do We Use Your Information?” section above). We may share Personal Data collected about you as follows:
Broadcom Users. Your user name and any information that you post to our Site, including, without limitation, reviews, comments, pictures and text will be available to, and searchable by, all users of the Site.
Affiliates or Subsidiaries. Data we collect from you may be shared with our affiliates or subsidiaries.
Unaffiliated Third Parties. Certain data about you may be shared with select resellers and/or distributors, particularly if you or your company have purchased through a third party before.
Service Providers. Data we collect from you may be disclosed to third party vendors, service providers, contractors or agents who perform functions on our behalf. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research, or similar purposes.
Please be advised that personal data collected through and for the purposes of user-requested alerts and service notifications, including and not limited to short code text messages in the U.S. and Canada, will not be shared, sold or rented to any affiliated or unaffiliated third parties for marketing purposes.
Business Transfers. Data we have collected from you may be transferred to another company as part of a merger or acquisition by that company.
Legal Obligations and Rights. We may disclose your Personal Data to any legally entitled recipients: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of Broadcom or its employees; or (v) as otherwise permitted by applicable law.
If we disclose your Personal Data, to the extent reasonably practicable and permissible, we will require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
What About Links To Other Websites?
Our Site and services may contain links to third party websites for your convenience. Any access to and use of such linked websites will cause you to leave the Site. Third party websites, even if potentially serving content co-branded by Broadcom, are not governed by this Policy, but instead are governed by their own privacy statements/policies. We recommend that you check the privacy statements/policies of every third party website you visit before providing any Personal Data. We do not control those third party websites and are not responsible for their content or their privacy policies. Thus, we do not endorse or make any legal representations about them. If you decide to access any of the third party websites linked to our Site, you do so entirely at your own risk.
How Do We Secure Your Personal Data?
We have implemented administrative, technical, physical, electronic, and managerial procedures to safeguard and secure the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction and to help maintain data accuracy and ensure that your Personal Data is used appropriately. Broadcom has an internal Global Customer Privacy Program. Its charter is to ensure appropriate privacy processes are in place in order to meet the practices outlined herein. Where Personal Data is processed by service providers on behalf of Broadcom, we take steps to require those vendors to also comply with applicable data protection laws.
How Long Do We Retain Your Personal Data?
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Policy and/or in applicable supplemental notices, unless a longer retention period is required by law.
Depending on where you live, you may have the following rights described below with respect to your Personal Data. In particular if the California Consumer Privacy Act (CCPA) applies to your information, we provide these disclosures and the tools described in this Policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information. To exercise your rights, you may:
- make use of the self-serve tools available in the products or services you are using;
- submit your privacy request via our Request Intake Form; or
- contact your customer support representative.
It is our legal obligation to validate any request we receive before responding. The Request Intake Form linked above is specifically designed to ensure reliable and auditable request validation. Therefore we will not respond to requests that are not submitted and cannot be validated through this channel. If it is impossible for you to use any of the methods listed above, please contact the Privacy Office as indicated below to find a resolution.
Email and Marketing. In most instances, we give you options with regard to the Personal Data you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of marketing emails; or (ii) checking certain boxes on our preference center which can also be found on certain forms we use to collect Personal Data.
Access. You may request information regarding Personal Data that we collect and hold about you and the source(s) of that information. To access your Personal Data, return to the product, service or web page where you originally entered it and follow the instructions in your user interface or on that web page. If you cannot access your information in this way, please submit your request through the appropriate Request Intake Portal indicated above. If none of these options applies, please contact us as described in the “How Can You Contact Us?” section below.
Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages particularly of the Site for a limited period of time. If you request a change to or deletion of your Personal Data, please note that we may still need to retain certain information for record-keeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.
You can request a copy of any Personal Data we hold about you, and of which you don’t already have a copy. This service is usually free of charge, although we have the right to charge a ‘reasonable fee’ in some circumstances;
Rectification. You have the right to request that we rectify any inaccuracies in relation to the Personal Data we hold about you;
Erasure. In some circumstances, you have the right to request the erasure of your Personal Data or object to the further processing of your information;
Restriction of Processing. In some circumstances, you have the right to require us to restrict processing of your Personal Data;
Objection. You have the right to object to any direct marketing or to other processing of your Personal Data based on our or on third parties’ legitimate interests, unless such interests are compelling enough to override your objection;
Not to be discriminated against for exercising any of your other privacy rights. You may exercise any of your rights in this section without us discriminating against you in any way. Note however that you may be subject to differentiated treatment if and to the extent that the exercise of your rights materially impacts our ability to provide certain services to you (e.g. if you request the deletion of your account information or access credentials, then we may no longer be able to grant you access to restricted areas of our websites). Such differentiated treatment is objectively justified and does not constitute discrimination.
Withdraw Consent. You have the right to withdraw consent to us processing your Personal Data. This will not affect the processing already carried out with your consent;
Not to be subject to decisions based on automated processing. In some circumstances, you have the right not to be subject to decisions based solely on automated processing, and to obtain the human review of any such decisions that significantly affect you (please refer to the earlier section on automated decision making); and
Complain. You have the right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach our supervisory authority so please contact us in the first instance.
Our Supervisory Authorities. We are a business that operates various activities across a number of jurisdictions.
- If you are located in Europe and wish to contact a regulator regarding Broadcom’s handling of your Personal Data, please contact:
In the EU27: the Office for Personal Data Protection (“ÚOOÚ”) of the Czech Republic, where Broadcom’s main establishment in the EU is located;
In the United Kingdom: the UK Information Commissioner’s Office (“ICO”);
In Switzerland: the Federal Data Protection and Information Commissioner (“FDPIC”).
- If you are located outside of Europe:
In California, the Office of the Attorney General at the State of California’s Department of Justice;
In other locations around the world, please contact your local data protection authority.
What Choices Do You Have Regarding Our Use Of Your Personal Data?
We will not use or share your Personal Data in ways unrelated to the ones described above without first notifying you and offering a choice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your Personal Data without your knowledge or consent where it is required, or to the extent it is permitted by law.
We will also provide you the opportunity to let us know if you wish to opt out at any time of certain or all contact from us, and we will do our utmost reasonably to honor such requests. This choice will be offered at the bottom of our on-line or off-line communications to you as well as on many of our web registration pages. If you have any difficulty exercising your choices, please contact us.
How Can You Contact Us?
You may exercise your access rights as described in the “Your Rights” section above, as well as by visiting our Data Subject Request Intake portals referenced above.
Californian Consumers may also submit their requests over the phone by calling the following toll-free number: +1 (888) 914-9661 and providing the following PIN: 904 474.
We have also appointed a Global Privacy Officer who is responsible for matters relating to privacy and data protection. If you have questions or concerns about this Policy, or the privacy practices relating to our Site or services or wish to contact our Global Privacy Officer, please contact us using the details below:
Company name: Broadcom Inc.
Email address: data.privacy (at) broadcom.com
Postal address: 1320 Ridder Park Drive, San Jose, CA 95131
EU residents may also lodge a complaint with the data protection authority in the EU member state where they live, work or where an alleged infringement of applicable data protection law occurred.
What About Children?
We do not knowingly collect Personal Data relating to children. If you believe that we may have collected Personal Data from someone under the age of thirteen (13), or under the applicable age of consent in your country, without parental consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
What About Californian “Shine the Light” Privacy Rights?
California law, under California Civil Code Section 1798.83 (known as the “Shine the Light” law), permits our established customers who are California residents to request information regarding the manner in which it shares certain categories of your Personal Data with third parties, for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to Broadcom at its designated address and receive the following information:
- The categories of information Broadcom disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year;
- The names and addresses of third parties that received such information; and
- If the nature of a third party’s business cannot be reasonably determined from the third party’s name, examples of the products or services marketed.
You are entitled to receive a copy of this information up to one request per calendar year in a standardized format and the information will not be specific to you individually. Broadcom’s designated email address for such requests is the one indicated in the contact details above. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please allow up to thirty (30) days for a response.
How Are Cross-Border Transfers of Data Performed?
Subject to your permission or as permitted by law, the Personal Data that you provide to us may be transferred within Broadcom across state or country borders. This may be done to consolidate data storage or to simplify the management of customer information. We have adopted globally recognized privacy principles and only collect and/or share your Personal Data to the extent it is necessary to conduct business and perform requested services. Broadcom in the United States and service providers comply with applicable legal requirements providing for adequate protection of Personal Data transferred to countries outside of the EEA, the UK and Switzerland.
In certain cases, where Personal Data originating from the European Economic Area is transferred to countries that are not recognized by the European Commission as offering an adequate level of Personal Data protection, such transfers are covered by alternate appropriate safeguards, specifically standard data protection clauses adopted by the European Commission. If applicable to you, you may obtain copies of such safeguards by contacting us.