This document is designed to help you understand what information we collect about you when you use Office Communicator and what we do with this information.
Symantec Corporation is the data controller for personal data collected and processed by IM Manager and Data Loss Prevention. Symantec is located in the United States at 350 Ellis Street, Mountain View, CA 94043.
Office Communicator is a voluntary tool that can be used to communicate both internally with other Symantec employees and externally. IM Manager and Data Loss Prevention work with Office Communicator to consolidate all client-based and web-based IM traffic globally, so that all chats, regardless of the third party provider, will go through Office Communicator. Every time employees elect to use IM through Office Communicator, IM Manager automatically performs malware scans, performs SPAM Filtering, blocks malicious URL’s, blocks Real time Threats, and Data Loss Prevention scans for the following data (“triggered event”):
- ABA Routing Numbers
- Credit Card Information
- US Social Security Numbers
- Confidential Corporate Financial Information
- Confidential M&A Information
- Confidential Sales Opportunity Data
- Source Code
- Data Labeled as ‘Confidential’
When a triggered event occurs, IM Manager and Data Loss Prevention collect the following information from the IM conversation: Sender IM Name, Recipient IM Name, Sender IP address, and Recipient IP Address.
What do we do with the information? Data collected by IM Manager and Data Loss Prevention is transferred and stored on secure servers in Tucson, Arizona (United States), where the information stored is encrypted. The Information Security Threat Response team may review the recorded data and, if there are concerns that a policy breach or other violation has occurred, the team may notify select members of the Human Resources (HR) department and the legal department and may provide them with the data. Symantec may use this information to conduct investigations of policy breaches and take appropriate disciplinary action of employees, which can include coaching, verbal or written warnings or termination. We may also use this information to take other corrective measures such as requiring employees to take trainings or review relevant policies.
Sharing the information Symantec does not share or transfer the information to any third party. Access to the data is restricted to members of the Information Security Threat Response Team. If there is an incident or investigation that requires review of the data, the Threat Response Team may provide select members of the HR department and the legal department with the data.
Do you have to provide the information? IM is a voluntary tool. You are not required to use it, but if you do use it, IM Manager and Data Loss Prevention operate automatically and scan all traffic.
How long is this information stored? The information will be stored for 90 days. After 90 days, if no investigation is initiated, it will be deleted. In case of investigation, the information will be retained until required by the investigation.
How you can access and update your information
According to the laws of your country, you have the right to contact us and to ask us about the information we hold about you, to update it, or to delete it by sending a message to firstname.lastname@example.org
, or by writing to Symantec Corporation - Privacy Mailbox, 350 Ellis Street, PO Box 7011, Mountain View, CA 94043 U.S.A or by calling our customer support at +1 650 527 8000.