Last Updated: April 26, 2023
Our Website Privacy Notice explains how Musarubra US LLC (“Trellix” or “We”), collect and use personal data we collect through our websites that link to said Website Privacy Notice. We address this Supplemental EEA+ Privacy Notice to data subjects in the in the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Brazil (collectively EEA+).
If you are located in the EEA, the EU General Data Protection Regulation applies to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation applies to the processing of your personal data. If you are located in the EEA or UK, references to the “GDPR” below are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA. If you are located in Brazil, the provisions of Brazil’s General Data Protection Law (the “LGPD”) applies to the processing of your personal data.
1. Who is the Data Controller?
Musarubra US LLC is the responsible controller for personal data that you submit through our website at www.trellix.com. Musarubra US LLC's representative in the EU is Musarubra Ireland Limited and in the UK is Musarubra UK Ltd.
2. What are the legal bases for processing?
To the extent required by applicable law, we collect and process personal data of individuals located in the EEA+ only where there exists a legal basis for doing so. Such legal bases are as follows:
- It is in accordance with your consent, per Art. 6(1)(a) of the GDPR, when you accept nonessential cookies via our cookies banner.
- It is necessary for us to perform a contract with you—specifically, the terms and conditions that apply to our Services—or take steps at your request prior to entering into the contract, per Art. 6(1)(b) of the GDPR.
- It is necessary to comply with our legal obligations, per Art. 6(1)(c), such as if we are required by law to disclose personal data to law enforcement agencies or governmental authorities.
- It is necessary for us or third parties to pursue legitimate interests that are not outweighed by your privacy and other fundamental interests, per Art. 6(1)(f) of the GDPR. Those legitimate interests are to provide corporate customers and other users of our Services with a good and safe experience, administer and enforce our contractual and legal rights, develop new services and features that we can offer to you and others, and manage our business operations and relationships with you and third parties.
- It is necessary for our legitimate interests, per Art. 6(1)(f) of the GDPR, to exercise our legal rights or defend legal claims.
- It is necessary, per Art. 6(1)(f) of the GDPR, to give effect to a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider.
3. On What Basis Do We Transfer Personal Data Across Borders?
We operate our Services with the assistance of service providers in the United States, Canada, Australia, India, Colombia, Egypt, Jamaica, Malaysia, Philippines, Mexico, Serbia, UAE, Sweden, UK, Ireland, Bulgaria, Netherlands, Germany, Japan, and Singapore. We take measures to ensure that service providers and other recipients in the United States, Canada, Australia, India, Colombia, Egypt, Jamaica, Malaysia, Philippines, Mexico, Serbia, UAE, Sweden, UK, Ireland, Bulgaria, Netherlands, Germany, Japan, and Singapore and provide an adequate level of data protection by entering into appropriate data transfer agreements based on the EU Standard Contractual Clauses. Data transfer agreements are accessible upon request by contacting us at the details shown further below.
4. How Long Do We Retain Personal Data?
In general, we store personal data only as long as necessary to fulfil the purpose for which we collected it (the “General Retention Period”), except in the following situations:
- Where applicable laws require us to retain your personal data for a legally prescribed period beyond the General Retention Period, in which case we will keep that personal data for the legally prescribed time period before deleting it;
- Where your personal data is relevant to potential legal claims by or against us, in which case we will keep that personal data for as long as the legal claims can be made or, if it has been made, for as long as the personal data is relevant to the resolution of the claims or any appeal thereto;
- Where we are instructed by a court order, subpoena, or other legal directive to retain your personal data beyond the General Retention Period; and
- Where we need a reasonable period of additional time to verify that the purposes for which we collected your data no longer apply and to delete the data following such verification.
If none of these exceptions apply to certain personal data, we will retain personal data for as long as necessary to fulfil the purpose for which we collected it, which in most cases does not exceed twelve (12) months.
5. Do You Have to Provide Personal Data?
There is no law or contract stating that individuals in the EEA+ have to use our Services. We will try to tell you what personal data we need from you to provide certain Services or a certain level of quality of Services to you. In those cases, if you do not provide the personal data that we request from you, we will not be able to provide you with the Services or level of quality of Services that you request from us.
6. Your Rights
You have the following rights, subject to conditions and in some cases limitations under the data protection laws that apply to you:
- To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of your personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
- To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
- To transfer or receive a copy of your personal data in a usable and portable format if we process it on the basis of your consent or a contract with you.
- To obtain from us the rectification of inaccurate personal data concerning you.
- To ask us to erase your personal data to the extent it is not required for legally required purposes or an exception to erasure applies under applicable law.
- To withdraw your consent at any time with future effect if we process your personal data on the basis of consent.
- To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
You can exercise your rights by emailing privacy@trellix.com or sending mail to:
Postal address:
Musarubra US LLC
Attn: Legal Department –Privacy
6000 Headquarters Drive, Suite 600
Plano, Texas, 75024
or call us at +1 (888) 847-8766