o    Overview

o    CA for Developers

o    Modern Software Factory Hub

o    Industry Solutions

o    Advanced Analytics

o    Agile Management

o    API Management

o    Automation

o    Cloud Solutions

o    Continuous Delivery

o    Continuous Testing

o    DevOps

o    IT Operations Management

o    Mainframe

o    Microservices

o    Security

o    Service Management

o    Veracode

o    Overview

o    Log in to Training Portal

o    Course Finder

o    Learning Paths

o    Free Training

o    CA Productivity Accelerator

o    Specialized Training

o    CA Agile Training

o    CA Agile Academy

o    API Academy

o    Mainframe Training

o    CA Certification

o    How to Buy

o    Locations and Contacts

o    CA+ Video Learning Library

o    Consulting

o    Implementing

o    Managing

o    Upgrading

o    CA Agile Transformation Consulting

o    CA Agile Coaching

o    CA Project & Portfolio Management Services

o    Overview

o    Partner Experience Platform

o    Become a Partner

o    CA Advantage Partner Program

o    Partner Locator

o    Managed Service Providers

o    Regional Resellers

o    Technology Partners


{{search ? 'Close':'Search'}}

Data Processing/Transfers

Privacy statement to customers and partners regarding data transfers and Data Processing Addendum.

Because CA is a global company with customers located in many different countries around the world, it’s important that we comply wtih data privacy laws in many jurisdictions. As a result of the recent changes in data privacy laws in Europe, CA has implemented various mechanisms to enable the lawful transfer of personal data from the European Economic Area (EEA) and Switzerland to other countries globally. Here is a quick chart showing how we use each of these mechanisms for data transfers. For more detailed information about each of these mechanisms, see below.






BCR (controller)  


Click here to see listing on EU Commission website.

Privacy Shield X  

Click here for details.

Standard Contractual Clauses (intercompany) X  

CA and CA Affiliates acting as Subprocessor have previously entered into The EU Standard Contractual Clauses for your benefit.

Standard Contractual Clauses (customer/CA) X  

See below for more details and click here to access.

Data Processing Addendum under EU General Data Protection Regulation 2016/679 (“GDPR”) X  

This DPA applies where we process personal data, within the scope of GDPR on your behalf. See below for more details

CA is generally a data processor when your company provides CA with access to personal data originating from your company, e.g. a file for product support or other Services, or data in a SaaS environment.

CA is generally a data controller when you provide your data as a Visitor, Attendee, or to register for a Service.

Binding Corporate Rules

CA Technologies holds Binding Corporate Rules for Controllers and this is its method for transferring data globally as a data controller, including but not limited to marketing contract data and HR information of our employees.

Click here to see CA’s listing on the European Commission’s BCR website and the categories of data it covers.

Privacy Shield

For personal data that is being transferred to CA Technologies in the United States, CA has self-certified to the principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce. CA participates in the Privacy Shield for the transfer of non-HR data where CA is a Data Processor. See CA’s Privacy Statement for more information and find CA’s Privacy Shield self-certification here.

Standard Contractual Clauses

CA Technologies has developed and implemented intercompany Standard Contractual Clauses among the CA entities located in the EEA (as data exporters) and CA entities located outside the EEA to which personal data is transferred (as data importers) and such mechanism is used to transfer personal data as a Data Processor.

Data Processing Addendum

Where CA is processing personal data on behalf of a Data Controller within the scope of GDPR, the processing shall be governed by a contract. CA is generally a data processor when a customer provides CA with access to personal data originating from their company, e.g. a file for product support or other Services, or data in a SaaS environment. For these instances CA has prepared a data processing addendum to download. This addendum sets out CA’s commitment to privacy and data protection when processing data in connection with the provision of products and services to our customers and partners, and dealing with the transfer of personal data outside of the EEA and Switzerland in connection with the provision of such products and services. Please click below for your region or for the CA Payment Security Suite.


North America

Latin America

Pick Language

Pick Language

Europe, Middle East and Africa

Asia Pacific and Japan

Pick Language

Pick Language

Data Processing for Payment Security

View the CA Payment Security Suite Agreement

If you have any questions please send an email to