Last Updated July 18, 2025
This Privacy Policy tells you about NetApp Inc. and its affiliated entities globally (together “NetApp”) and its policies and practices for the collection and use of your personal information.
The purpose of this Policy is to give you information about what personal information we collect, use, transfer and disclose, and our reasons for doing this. This Policy outlines the ways that you can manage your personal information. Certain privacy rights may be afforded to you based on where you are located. If you have any privacy related queries, you can contact the NetApp Privacy Legal team using the contact details listed in the Contact Us section below.
NetApp is committed to protecting your privacy and data protection rights and complying with our obligations under applicable privacy and data protection laws.
This Privacy Policy applies to all individuals for whom we collect and control their personal information in our role as a “data controller”. In other words, this Policy applies to personal information processed by NetApp for purposes determined by NetApp and explained in this Policy. NetApp may be the data controller of personal information such as customer or supplier contact details, certain limited device information when you access our digital properties, customer marketing leads or other data categories explained in this Policy where such personal information is processed by NetApp as a data controller.
The NetApp entity responsible for your personal information will depend on your location and the processing carried out. If you are based in the European Economic Area (“EEA”), United Kingdom (“UK”) or Switzerland, the controller of your personal information is NetApp Ireland Limited. In certain circumstances, for example, where you interact or engage with a European NetApp affiliate from this list, then that EU affiliate will be the controller of your personal information. If you are based outside the EEA, UK or Switzerland, the primary entity responsible for your personal information is NetApp, Inc.
If you are a job candidate applying for a role within NetApp, then our Candidate Privacy Policy is applicable to you.
NetApp is a data infrastructure company that provides unified data storage, integrated data services, and cloud operations solutions to enterprise customers (NetApp’s “Products and Services”). In the provision of these Products and Services, NetApp is a service provider. NetApp therefore acts as a ‘data processor’ or ‘sub-processor’ when processing personal data in order to provide its Products and Services. Where NetApp acts as a processor or sub-processor, NetApp will process customer personal information in accordance with NetApp’s Customer Data Processing Addendum or the applicable agreement in place between the parties designating the appropriate privacy and data protection safeguards.
Where our Products or Services are made available to you through an organization (eg, your employer), that organization may be the administrator of the Services and responsible for the accounts, website or systems over which it has control. In such circumstances, the privacy policy of NetApp’s customer or their customer in their capacity as a controller will apply to the processing of such personal information and you should direct privacy related queries or privacy rights requests to the data controller of your personal information.
In the course of your interaction or engagement with NetApp, NetApp may collect information about you. We refer to such information as “personal information” where the information relates (directly or indirectly) to an identified or identifiable living person. This includes information like your name, contact details, or device information. We usually collect personal information directly from you, but sometimes we will collect it automatically when you interact with our website, network or systems. We may collect the following categories of personal information:
You might provide us with your personal information in a number of ways:
In applicable jurisdictions, we rely on different legal bases to process personal information. For each legal basis below, we describe the purposes of our processing (why we process your personal information) and our processing operations (how we process your personal information to achieve each purpose). We also list the categories of your personal information that we process for each purpose.
We process personal information as necessary to conclude and perform our contract with you, such as end user, licensing or service terms. The categories of personal information used and why and how they are processed are set out below:
Why and how we use your personal information | Category of personal information processed |
Providing the functionality of the NetApp Platform
|
|
To fulfil your requests
|
Where permitted under applicable law, we rely on our legitimate interests or the legitimate interests of a third party, where they are not outweighed by your interests or fundamental rights and freedoms. Where we rely on a legitimate interest, we have also explained this legitimate interest below.
Why and how we use your personal information | Category of personal information processed |
Maintaining our websites
Legitimate interest: it is in our interest and the interest of our customers to seek to ensure that our customers can access our websites and maintain their accounts and that our websites are operating as optimally as possible. |
|
Protecting the integrity and security of our systems, facilities and premises
Legitimate interest: it is in our interest and the interest of our customers to ensure that the NetApp Platform is continuously available, functioning properly and securely and protected from willful attacks, fraud, criminal activity and misuse and to maintain the security of our facilities, offices and physical premises. |
|
Social Media
Legitimate interest: it is in our interests to be able to interact and engage with you on social media platforms to communicate with you and to respond to your queries. |
|
Customer support
Legitimate interest: it is in our interest and the interest of our customers to seek to ensure that any issues or technical difficulties are addressed appropriately and in good time. |
|
Product development
Legitimate interest: It is in our interest and the interest of our customers to evaluate the use of the NetApp Platform to inform the development of new features/programs/services. |
|
Analyzing and improving our Services
Legitimate interest: it is in our interest and the interest of our customers to evaluate the use of the NetApp Platform, and promotional campaigns to inform the development of improvements to ensure our Platform is continuously available and functioning optimally. |
|
Analysis of personal information for business reporting and providing personalized services
Legitimate interest: it is in our interest and the interest of our existing and prospective customers to manage our business relationships effectively and to understand how our customers interact with the NetApp Platform in order to provide our customers with an enhanced experience customized to their preferences. |
|
Marketing and Market Research
Legitimate interest: it is in our interest to conduct market research for product improvement purposes and to develop and advertise our Products and Services with a view to what is occurring in the market and to update you on our Products and Services. |
|
Aggregating and/or anonymizing personal information
Legitimate interest: it is in our interest to aggregate or anonymize personal information in order to generate other data that we may use for service and product improvement or general business reporting purposes. |
|
For legal reasons
Legitimate interest: it is in our interest and in the interest of our customers to prevent and address fraud, violations of our terms and conditions, or other harmful or illegal activity. It is also in our interest to protect ourselves (including our rights, personnel, property or products), our customers or others, including as part of investigations, regulatory inquiries or legal proceedings. |
|
In connection with a sale or business transaction
Legitimate interest: it is in our interest to disclose and transfer your personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors. |
|
Why and how we use your personal information | Category of personal information processed |
|
|
Market Development Fund (MDF) Purposes
|
|
We process personal information as described below when you have given us your consent to do so, which we may ask through in-product experiences, to enable particular features or to enable device-based settings. In applicable jurisdictions, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Why and how we use your personal information | Category of personal information processed |
Marketing and Market Research
|
|
To participate in surveys, contests, or other promotions
|
|
In relation to NetApp and Partner Events
|
|
NetApp uses third-party service providers to provide services on our behalf and we may share Personal Information with them to assist them in providing these services. These can include providers of services such as website hosting, cloud storage, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, cloud-based services, customer service, email delivery, auditing, and other services. We may share personal information with professional advisors such as accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in countries in which NetApp operates.
We also share Personal Information with channel partners or resellers if you inquire about our products or services typically fulfilled through channel partners or resellers. Depending on the circumstances, such partners or resellers may be a data controller of your personal information, where they determine the purposes and means of processing. In that case they are responsible for the protection of your personal information in respect of the processing activities that they carry out with your information.
Unless otherwise limited by the context in which it was collected, personal information collected by a NetApp entity can be disclosed to other NetApp affiliates within the NetApp group for the purposes described in this Privacy Policy.
If you use communities, blogs, or chat rooms on NetApp Services, you should be aware that any Personal Information you submit there can be read, collected, and used by other users of these forums, and could be used to send you unsolicited messages. You may also elect to disclose Personal Information through your social sharing activity.
The following chart details the categories of third parties with whom NetApp shares your personal information for the above-mentioned operational business purposes:
Categories of personal information | Disclosed to the following categories of third parties |
Contact Information and Individual Identifiers |
|
Customer Records, Partner/Supplier Records |
|
Commercial Information |
|
Support Information |
|
Electronic Network Information |
|
Geolocation Data |
|
Audio or visual information |
|
Communications and usage data |
|
Functional Data |
|
Other Information |
|
NetApp and our third-party partners, such as our advertising and analytics partners, may use cookies or other tracking technologies (eg, web beacons, device identifiers and pixels) to provide functionality on our websites and platforms and to recognize you across different Services and devices.
Contact information, individual identifiers, commercial information, electronic network information, geolocation data, and functional data may in certain circumstances be “shared” with third-party adverting networks for cross-context behavioral advertising purposes, including within the preceding 12 months. To opt-out of any such sharing, you can interact with the cookie banner on our websites and select “Do Not Share My personal information”. Similarly, you can select the “cookie settings” button on the footer of our websites to manage your cookie preferences. Please note that information about you, your devices, and your behavior collected through third-party cookies, pixels, tags, or other tracking technologies for purposes of cross-context behavioral advertising may be considered “sharing” personal information under certain US state laws. However, NetApp is not a data broker, and we do not sell personal information for monetary consideration.
For more information, please see the NetApp Cookie Policy, which includes information on how to control or opt-out of cookies and tracking technologies.
Depending on where you are located, you may have certain privacy rights. For example, personal Information may be accessed, corrected, or deleted depending on the context in which it was collected. For some of our Products and Services your personal information can be accessed, changed, or deleted directly through the features and functionality of those Products and Services. In the event, however, you cannot or if you would like to restrict the use of your Personal Information, object to the processing of your Personal information or request that we complete another applicable privacy right, you may contact us at dataprotection@netapp.com or by one of the methods described in the Contact Us section below. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Information you would like to have changed or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to respond to your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase, you may not be able to change or delete related personal information until after completing the purchase).
We may also exempt certain Personal Information from requests pursuant to applicable data protection laws or other laws and regulations.
You have the right to request access to, rectification of, or erasure of your personal information, or restriction of processing, or object to processing of your personal information, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
Our International Headquarters are located in Cork, Ireland and the applicable privacy regulator for Ireland is the Data Protection Commission, which can be contacted by email at: info@dataprotection.ie or by using the following online form. You can also find details of relevant supervisory authorities here if you are based in the EEA. If you are based in the UK, you can contact the Information Commissioner’s Office (ICO) here. You also have the right to seek a judicial remedy in respect of any complaints you may have.
While you may make a complaint in respect of our compliance with applicable data protection laws as outlined above, we request that you contact us in the first instance to give us the opportunity to address any concerns that you may have.
Pursuant to the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act (CPRA) (collectively, the “CCPA”), if you are a California resident, you have the right to make the following requests:
To make a Request to Know, Correct or Delete, please contact us at dataprotection@netapp.com or through any of the other methods listed under the Contact Us section below.
We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as email address, state of residency, or mailing address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information.
We do not sell and have not sold Personal Information, including Sensitive Personal Information, within the preceding 12 months, as “sale” is defined in the CCPA. No services on the NetApp Platform are directed to individuals under the age of sixteen (16), and we do not knowingly collect personal information from individuals under sixteen (16). You have the right to be free from unlawful discrimination or retaliation for exercising your rights under the CCPA.
If you want to make a request as an authorized agent on behalf of a California resident, you may contact us using the methods noted above. As part of our verification process, we may request that you provide, as applicable:
If you are making a Request to Know, Correct or Delete on behalf of a California resident and have not provided us with a power of attorney from the resident pursuant to Probate Code sections 4121-4130, we may also require the resident to: verify the resident’s own identity directly with us or directly confirm with us that the resident provided you permission to submit the request.
Privacy laws and regulations are constantly growing and evolving. Some US States have adopted and enacted privacy and data protection laws at a state level – for example Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia, as well as some other US States. These States allow for similar rights as are provided to California residents under the CCPA (as amended). To the extent, that you are resident of a one of these US States, or a privacy law otherwise applies in respect of you, then NetApp will abide by any applicable obligations and enforce your privacy rights.
Similarly, privacy laws in countries around the world are constantly being enacted. For example, India’s DPDP Act, Brazil’s LGPD, China’s PIPL, Indonesia’s PDP law, and Japan’s Act on the Protection of Personal Information, to mention a few. Where your country or jurisdiction affords you privacy rights, then NetApp will respect those rights and respond to them accordingly to meet any applicable privacy obligations to you.
To make a privacy rights request applicable to you in your respective country or US State, please contact us at dataprotection@netapp.com or through any of the other methods listed under the Contact Us section below.
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
If you would like further information about our data retention or deletion practices, you may contact us at dataprotection@netapp.com or through any of the other methods listed under the Contact Us section below.
NetApp uses reasonable and appropriate technical and organizational security measures to protect Personal Information within our organization. Details of our security practices can be found in our Information Security Addendum. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at dataprotection@netapp.com or notify your appropriate NetApp representative or point of contact.
The NetApp Platform may contain links to other websites or services. NetApp is not responsible for the privacy, information or other practices of third parties, including any third party operating any website or service to which the NetApp Platform links, or for the content of other websites. The inclusion of a link on the NetApp Platform does not imply endorsement by NetApp of the linked site or service.
Your Personal Information may be stored and processed in a country where we have offices or facilities or in which we engage service providers for the purposes described in this Privacy Policy. As NetApp is a global group of companies, by using the NetApp Platform you understand that your information may be transferred to countries outside of your country of residence, which may have data protection rules that are different from those of your country. For example, your Personal Information may be transferred to our headquarters in California, United Sates or to NetApp affiliates in Ireland, India, Australia, or Israel where such NetApp affiliates provide support functions and services to NetApp and its customers.
If you are located in the EEA, the UK or Switzerland, we will only transfer your personal information outside of those regions using an appropriate legal transfer mechanism, including:
We do not collect and ask that you not send us or disclose, any sensitive personal information (eg, social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the NetApp Platform.
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
NetApp may amend or update this Policy from time to time. If we make changes that are material, we will provide you with notice of such changes as appropriate. We will post changes to our Privacy Policy on our website and update the "Last Updated" date at the top of this Privacy Policy. Please check this page regularly to keep up to date.
If you have any questions or comments about this Privacy Policy, or would like to request information required to be disclosed under global privacy laws, please feel free to contact our Privacy Legal team. You can contact us at dataprotection@netapp.com or at the following addresses:
If you are based outside of Europe: | If you are based in Europe: |
NetApp, Inc. 3060 Olsen Drive San Jose, CA 95128 United States Tel: +1 408-822-6000 |
NetApp International Headquarters NSQ2 - Navigation Square Albert Quay Cork T12 W351 Ireland Tel: +353 21-236-8000 |
Please note that for certain offices, in compliance with local laws in that jurisdiction, we have appointed a data protection officer (DPO). The DPO for Germany can contacted at: kontakt@rmprivacy.de and the DPO for Singapore can be contacted at dataprotection@netapp.com