Education & Training

Services & Support



{{search ? 'Close':'Search'}}

Data Transfers

Privacy statement to customers and partners regarding data processing.

Because CA is a global company with customers located in many different countries around the world, it’s important that we comply wtih data privacy laws in many jurisidctions. As a result of the recent changes in data privacy laws in Europe, CA has implemented various mechanisms to enable the lawful transfer of personal data from the European Economic Area (EEA) and Switzerland to other countries globally. Here is a quick chart showing how we use each of these mechanisms for data transfers. For more detailed information about each of these mechanisms, see below.






BCR (controller)   X

Click here to see listing on EU Commission website.

Privacy Shield* X  

Click here for details.

Standard Contractual Clauses (intercompany) X  

Contact CA for details.

Standard Contractual Clauses (customer/CA) X  

       Click here for more details. 

*US-Swiss Safe Harbor Framework for transfers between Switzerland and the US.

CA is generally a data processor when your company provides CA with access to personal data orginating from your company, e.g. a file for product support or other Services, or data in a SaaS environment.

CA is generally a data controller when you provide your data as a Visitor, Attendee, or to register for a Service.

Binding Corporate Rules

CA Technologies holds Binding Corporate Rules for Controllers and this is its method for transferring data globally as a data controller, including but not limited to marketing contract data and HR information of our employees.

Click here to see CA’s listing on the European Commission’s BCR website and the categories of data it covers.

Privacy Shield

For personal data that is being transferred to CA Technologies in the United States, CA has self-certified to the principles of the Privacy Shield. CA participates in the Privacy Shield for the transfer of non-HR data where CA is a Data Processor. See CA’s Privacy Statement for more information and find CA’s Privacy Shield self-certification here.

Standard Contractual Clauses

CA Technologies has developed and implemented intercompany Standard Contractual Clauses among the CA entities located in the EEA (as data exporters) and CA entities located outside the EEA to which personal data is transferred (as data importers) and such mechanism is used to transfer personal data as a Data Processor.

If a customer or partner specifically requires the implementation of Standard Contractual Clauses directly with a CA entity outside of the EEA, where appropriate and where CA is a Data Processor for the customer or partner, CA has prepared a data processing agreement to download. This agreement sets out CA’s commitment to privacy and data protection when processing data in connection with the provision of products and services to our customers and partners, and dealing with the transfer of personal data outside the EEA and Switzerland in connection with the provision of such products and services.

If you have any questions please send an email to

Click here for more details. 

Contact Us

We're here to help move your business forward.

Email Us >

View more ways to contact us >