CA cares about your privacy
CA, Inc. and its global subsidiaries (sometimes referred to herein as CA or CA Technologies) are committed to protecting the privacy of individuals who visit CA’s websites and interact with CA online (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who provide information to CA to register for Company’s corporate meetings or other events (“Attendees”). This Privacy Statement describes CA’s privacy practices in relation to the use of CA’s websites and the related products, applications and services (including support and education) offered by CA (the “Services”).
You should also note that CA maintains the same privacy practices with respect to data that is collected off-line and this statement may be relied upon with respect to those methods of data collection and use.
Please see our Code of Conduct for more information about CA’s high standard of ethics and our commitment to the protection of your personal information.
CA may modify or update this privacy statement at any time without prior notice. You can check the “Last Updated” date above to see when the statement was last changed. Your continued use of the website and/or the Services constitutes your consent to the contents of this Privacy Statement.
Q1: What personal information does CA collect or maintain?
In general, as a Visitor you will not need to identify yourself or reveal any personal information. However, CA does collect domain information from your visit to customize and improve your experience on our websites. The type of information CA may collect includes:
- the date and time of your access
- the pages you have accessed
- the name of the Internet Service Provider and the Internet Protocol (IP) address that you use to access the Internet
There are times when CA may collect personal information from you as a Visitor, Customer or Attendee. This may include your name, email address, phone number and other contact information. In some cases CA may request additional information in which case you may receive a separate privacy statement at that time. Some of the ways in which CA may collect information from you are:
- Registrations for webcasts, seminars, conferences, etc. sponsored by CA or a partner
- Product support registration (for employee and/or customer log-ins)
- CA Communities registration
- Registering for courses or education
- Subscription to newsletters or other CA content-related materials
- Services purchases or trials (either on your own or on behalf of your company)
- White paper or other downloads
- Sweepstakes or contests
Q2: How does CA use your information?
CA uses the information collected to operate our websites, to provide you with the Services requested and to contact you about your interest in the Services, to verify your information, to plan and host corporate events, online forums and social networks, and to populate online profiles for Attendees on CA’s websites. CA may also aggregate your information with data that is separately provided by you on social media and third party websites if visible to third parties. CA may also use data from Visitors, Customers and Attendees for marketing purposes. For example, CA may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding CA, its affiliates, and its partners, such as information about promotions or events.
When CA collects information about you, such as your name or other details, it is CA’s practice to provide you with information on how the data will be used at the time you are asked for it if that is not immediately apparent. When CA asks you to provide your information through a registration page or otherwise, you will have the option of not doing so, in which case you may still be able to access other portions of this website, although you may not be able to access certain programs or services.
See Question 7 “What other rights do you have in connection with the personal data CA collects?” for information on your rights, including rights to “opt out” of certain uses of your information.
CA’s Support Policy may include additional terms related to the collection of personal or confidential data provided as part of the provision of customer support.
Q3: How does CA address data transfers from the European Economic Area (EEA)?
Because CA is a global company with customers located in many different countries around the world, it’s important that we comply with data privacy laws in many jurisdictions. CA has many entities operating in the EEA (the EEA is an area made up of European Union Member States and other countries in Europe who adhere to similar rules). In order for CA to do business, CA entities in the EEA need to send personal data to CA, Inc., a US based company, and other CA companies around the world. CA has implemented various mechanisms to enable the lawful transfer of personal data from the EEA to other countries globally. Here is a quick chart showing how CA Technologies uses each of these mechanisms for data transfers.
Binding Corporate Rules (controller)
||Click here to see listing on EU Commission website.
||Click here for details.
Standard Contractual Clauses (intercompany)
||Contact CA for details.
Standard Contractual Clauses (customer/CA)
||Click here to download CA’s Data Processing Agreement.
Binding Corporate Rules (CA as a Controller)
CA has developed a set of Binding Corporate Rules (BCRs) to ensure uniform, comprehensive data protection and privacy standards for the handling of personal data. CA relies on these BCRs for the transfer of data globally among CA entities in those cases where CA acts as the data controller.
Click here to see CA’s listing on the European Commission’s BCR website and the categories of data it covers.
Privacy Shield (CA as Processor)
Personal data covered by the Privacy Shield Framework may be provided to a third party as described in Q4 below. CA is accountable for personal data that it receives under the Privacy Shield Framework and transfers to a third party as set forth in the Privacy Shield Principles. CA remains liable under the Privacy Shield Principles if third-parties engaged to process personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless CA proves that it is not responsible for the event(s) giving rise to the damage.
Note that compliance by CA with the Privacy Shield Principles will be administered and monitored by the Department of Commerce and will be enforced by the Federal Trade Commission (FTC).
If you have a complaint about CA’s use of your data under the Privacy Shield Framework, see Q11 “What should you do if you have a question or a complaint regarding how CA is handling your personal data?” for information on what to do.
CA’s participation in the Privacy Shield Framework applies to all personal data that it receives from the EEA which is processed by CA as a data processor. It excludes HR data.
CA, Inc. abides by the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce. CA, Inc. has certified that it adheres to the Safe Harbor Principles. For more information on the U.S.-Swiss Safe Harbor Framework, including the Safe Harbor Principles, and to view the scope of CA’s certification, please visit http://www.export.gov/safeharbor/.
Standard Contractual Clause (CA as Processor)
(i) For the transfer of personal data between CA entities in the performance of its customer contracts CA has executed an intercompany data processing agreement with attached Standard Contractual Clauses. Contact CA for details.
(ii) CA offers customers the right to enter into a customer specific data processing agreement with attached Standard Contractual Clauses. Click here to download CA’s Data Processing Agreement.
For information on CA’s data transfer mechanisms, click here.
Q4: How does CA share your information?
CA may share your personal data with third-parties for the purposes described below. For example, your data may be shared with companies CA has hired to provide support or services relating to CA products or to assist CA in protecting its systems.
CA may share data about Visitors, Customers and Attendees with other companies in order to work with them, including subsidiaries or CA, Inc. For example, CA may need to share data about Visitors to help improve our website or share data about Customers for customer relationship management purposes.
CA Technologies may share data about Visitors, Customers and Attendees with CA’s contracted suppliers so that these suppliers can provide services on CA’s behalf, this may include those who are performing customer support and cloud service providers such as storage providers. In addition and not limiting the foregoing, CA may also share data about Visitors, Customers, and Attendees with CA’s suppliers to ensure the quality of information provided, and with third-party social networking and media websites, such as LinkedIn and Facebook, for marketing and advertising on those websites. Unless described in this Privacy Statement, CA does not share, sell, rent, or trade any information with third-parties for their promotional purposes.
CA maintains contracts with these companies that require them to abide by our data privacy and security provisions and such companies are not allowed to use the personal data they receive from CA for any other purpose.
CA may use partners (including without limitation resellers and managed service providers) to offer its Services and may also jointly host corporate meetings and events with partners. CA may share data about Customers collected in connection with your purchase with CA where a partner is used and about Attendees where you attend an event or meeting jointly hosted by CA and a partner. CA does not control its business partners’ use of the data about Customers and Attendees collected, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase using a partner or you may choose not to attend an event or meeting jointly hosted by a partner.
CA may also disclose data to its business partners for marketing and other purposes which CA believes may be beneficial to you.
Third Party Advertising
Q8 and Q9 of this Privacy Statement specifically address the use of third parties to advertise and third party links.
CA may disclose information it has collected about you if required or advisable to do so under law, pursuant to lawful requests by public authorities, including for national security or law enforcement requirements, or when CA believes it is reasonably necessary in order to protect the rights of CA or its employees or to comply with a judicial proceeding or process.
Q5: What are CA’s security levels for your data?
CA’s intent is to strictly protect the security of your personal information; honor your choice for its intended use; and carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. CA has taken appropriate steps to safeguard and secure information we collect, including the use of encryption when collecting or transferring sensitive data such as credit card information. However, you should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures, and therefore such information may be accessed by people other than those you intended to access it.
Q6: Can you update the information you provide to CA?
You are entitled to know whether CA holds information about you and, if we do (subject to certain limitations), to have access to that information, have it corrected if it is inaccurate or out of date, or ask CA to delete it, if appropriate. Contact CA at email@example.com for any questions or to update your information.
Q7: What other rights do you have in connection with the personal data CA collects?
CA offers Visitors, Customers, and Attendees a means to choose how CA uses the personal data they provide. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located at the bottom of CA marketing emails. Additionally, you may send a request to firstname.lastname@example.org.
Q8: What about other 3rd party links?
This website contains links to other websites. CA is not responsible for the privacy practices or the content of such websites and their use of the information will be in accordance with their own privacy policies.
Q9: What are CA’s practices regarding cookies and web beacons?
A “cookie” is a small amount of data transferred to your browser and read by the web server that placed it there. It records your preferences and information you entered. By using cookies, the information you previously provided can be retrieved on your next visit to the website so that your use of the website is more efficient. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.
Web beacons may be used to deliver the cookie and to compile statistics about our website, such as how many people visited a particular page or clicked on certain links or to ensure the integrity of the registration process. While your particular use of the site will not be revealed and no personally identifying information will be collected, this information may be used, in an anonymous fashion, for preference marketing purposes, and CA’s third party advertising companies may use the information about your visit to the website(s) in order to provide ads about goods and services of interest to you or to measure and improve the effectiveness of ads for their clients. This information can include: date/time of banner ad shown, related cookie, and the first three octets of the IP address. CA may share aggregated statistics about the use of the website with third parties.
Cookies are either session-based (which disappear after you close your browser) or persistent (which remain on your computer after you close your browser or turn off your computer).
You may see the list of CA and selected partner cookies on our website and make choices about those cookies by visiting our Cookie Consent Tool here. In addition to our Cookie Consent Tool, most browsers allow you to manage cookie preferences. If you choose to decline cookies, you may not be able to get the benefit of some of the features of this website or other websites that you visit.
The following chart describes the types of cookies you may find on the CA website and your options for managing them.
|Types of Cookies
Required cookies enable you to navigate CA’s websites and use its features, such as accessing secure areas of the websites and using CA Services.
|Because required cookies are essential to operate CA’s websites and the Services, there is no option to opt-out of these cookies.
These cookies collect information about how Visitors use CA’s website, including which pages visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how CA’s website functions and performs.
From time to time, CA engages third parties to track and analyze usage and volume statistical information from individuals who visit CA’s websites. CA may also utilize Flash cookies for these purposes.
To learn how to opt out of performance cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here.
Functionality cookies allow CA’s websites to remember information you have entered or choices you make (such as your username, language, or your region) and provide more enhanced, more personal features. These cookies also enable you to optimize your use of CA’s Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.
CA uses local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on CA’s websites to personalize your visit.
To learn how to opt out of functionality cookies using your browser settings click here.
Note that opting out may impact the functionality you receive when CA’s websites.
To learn how to manage privacy and storage settings for Flash cookies click here.
|Targeting or Advertising cookies
To learn more about these and other advertising networks and their opt out instructions, click here and here.
To learn how to manage privacy and storage settings for Flash cookies click here.
CA uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of CA’s websites and interaction with emails from CA. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the Web beacon, and a description of a website tied to the Web beacon. For example, CA may place Web beacons in marketing emails that notify CA when you click on a link in the email that directs you to one of CA’s websites. CA uses Web beacons to operate and improve CA’s websites and email communications.
When you visit CA’s websites, CA collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, CA uses IP addresses to monitor the regions from which Customers and Visitors navigate CA’s websites. CA also collects IP addresses from Customers when they log into the Services as part of CA’s “Identity Confirmation” and “IP Range Restrictions” security features.
Do Not Track
Certain browsers like Internet Explorer, Firefox and Safari offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites’ visited by the user about the user’s browser DNT preference setting. CA does not currently commit to responding to browsers’ DNT signals with respect to CA’s websites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. CA takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Q10: What if you post on CA's social media pages?
Portions of this website make chat rooms, forums, blogs, message boards, and/or news groups available to Visitors. Please remember that any information that is disclosed in these areas could be made public so exercise caution when deciding to disclose any personal information.
Use of these portions of our website may be subject to additional terms. Additional information about community and support sites can be found at our Terms for User Sites on ca.com.
Q11: What should you do if you have a question or complaint regarding how CA is handling your personal data?
To the extent you have a question, request, inquiry or complaint regarding personal data for which CA acts as a data processor (which may include information provided to CA by your company or other third party), CA may have to reach out to our corporate customers in order to comply with requests relating to the handling of such personal data. For these reasons, we ask that if you wish to request access, to limit use, or to limit disclosure to such personal data, please provide the name of the CA customer who provided your data to CA. CA will then work with that customer to help ensure that your request is addressed.
Privacy Shield Complaints
CA will provide an initial response to any Privacy Shield complaint within 45 days from the complaint. If we fail to respond within that time, or if our response does not address your concern, CA has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If neither CA nor the Council of Better Business Bureaus resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
All of the above recourses are free of charge for the individual raising the complaint.
All issues raised will be investigated until completion, and all matters will be handled in compliance with the Principles of the EU-U.S. Privacy Shield.
US-Swiss Safe Harbor Complaints
CA complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. CA has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. If there is any conflict between the policies in this Privacy Statement and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page please visit http://www.export.gov/safeharbor/swiss.
In compliance with the US-Swiss Harbor Principles, CA commits to resolve complaints about your privacy and our collection or use of your personal data. Swiss citizens with inquiries or complaints regarding this policy should first contact CA at:
520 Madison Avenue
New York, NY 10022
Attention: Bonnie Yeomans, Assistant General Counsel and Privacy Officer
CA has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.