Your Cart is Empty

Processor Obligations FAQs

 

  1. Does your company have a published privacy notice/statement that is available for our review?

    • HP’s official Privacy Statement is available on all hp.com pages. Listings in several languages can be found here.

  2. Do you maintain a record of processing for all activities carried out?

    • HP has implemented privacy management and recordkeeping tools to maintain Records of Processing, Data Protection Impact Assessments, and Privacy by Design.

  3. From which geographical locations will you provide the services? Do you transfer personal data to any countries outside of the EEA?

    • HP is a global company and many business processes follow a global operational model. Personal data processed by HP as a processor may be transferred across borders for purposes such as data consolidation, storage, and customer information management. Any such transfer complies with applicable laws and contractual requirements. More information is available in the HP Privacy Statement.

  4. Do you rely on lawful mechanisms for data transfer?

    • HP relies on adequacy decisions from authorities such as the UK Government, European Commission, and Swiss Federal Council.
    • HP is self-certified under the EU-US Data Privacy Framework (DPF). More information is available in the HP Privacy Statement.
    • International transfers to countries without an adequacy decision are governed by HP’s Binding Corporate Rules (BCRs):
      • BCR-Controller: Protects personal data of HP employees, suppliers, and consumer customers.
      • BCR-Processor: Protects personal data handled by HP on behalf of customers.
      • More details are available here. You can verify HP’s BCR approval here.
    • Where applicable, HP uses EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
    • APEC Cross-Border Privacy Rules (CBPR) HP complies with the APEC CBPR System, which provides privacy protections for transfers across 21 economies. More information and verification are available here.

  5. Do you have an assigned Data Protection & Privacy Officer or equivalent?

    • The HP Trust and Privacy Organization ensures compliance with global privacy laws. HP’s Data Protection Officer acts as the point of contact for individuals and regulatory authorities.

  6. Do you have a formally documented security incident management plan including personal data breach?

    • HP maintains global security and privacy procedures to promote information, physical, and cybersecurity awareness.
    • Security incidents are handled through a global incident-reporting process following industry best practices and legal requirements.
    • Cybersecurity incidents are reported 24x7 through HP’s escalation process. If personal data is involved, the incident is escalated to the Trust and Privacy Organization.

  7. Are you in a position to assist your customers with data subject requests?

    • Individuals may exercise their rights or submit inquiries through the HP Privacy Office.
    • When acting as a processor, HP assists customers in responding to data subject rights requests in accordance with contractual obligations.

  8. Does your company have a data privacy standard/policy in compliance with applicable laws?

    • HP has a strong privacy and data protection framework based on industry standards and legal requirements, with internal policies ensuring security, access control, and proper handling of personal data.

  9. Does your company provide privacy training to its employees?

    • HP employees and contingent workers receive annual training covering privacy and data protection. Additional mandatory training applies to roles that handle personal data.

  10. Are HP’s vendors required to protect personal data handled on behalf of HP?

    • Yes. Vendors and partners that process personal data for HP are contractually required to safeguard that data and are prohibited from using it for other purposes.

  11. Do you implement Privacy by Design & Data Privacy Impact Assessments?

    • HP incorporates Privacy by Design across products, services, and systems. Data Protection Impact Assessments are used to evaluate risks and ensure compliance.

  12. What is HP doing to support customers in protecting personal data and addressing compliance?

    • HP applies strict security measures to protect customer data and is aligning services to ISO 27001, including Managed Print Services and Device-as-a-Service.
    • HP’s Privacy Controls Framework contains more than 100 GDPR-aligned activities and is reviewed by an independent third party.

If there is any inconsistency or conflict between this version and translations, the English version shall prevail.
Related links
Cyber Monday 2025 Top Deals Publishing, Books, Newspapers - HP PageWide Web Presses Home Printers for Family Use and Photo Printing HP PageWide C550 Press – Sheet Fed Digital Press for Printing... Learn About Laptops & 2-in-1 Computers Learn About Desktops & All-in-One Computers InkJet Presses for Corrugated Packaging SHOP HP MONITORS Shop HP Ink or Toner Cartridges HP PageWide Web Press a2200 HD
Country/Region :   United States

Select Your Country/Region and Language

About Us
Ways to buy Ways to buy
Support
HP Partners HP Partners
Stay connected Stay connected

©2025 HP Development Company, L.P. The information contained herein is subject to change without notice.