Last Updated: May 18, 2018
At CA, Inc. and our global subsidiaries (“CA,” “our,” “us,” or “we”), we care about your privacy and we are committed to protecting your information.
This Privacy Statement governs personal information CA collects from customers, attendees and online visitors (“you” or “your”) in connection with your use of CA’s websites and CA’s products, applications and services (including support and education), and corporate meetings and other events (collectively, the “Services”) where we post or link to this Privacy Statement, as well as information we automatically collect from your online visits (e.g. data collected via cookies).
For the purposes of this Privacy Statement, “personal information” means any information that, by itself, can identify you or can be combined with other information to identify you.
Your continued use of the website and/or the Services indicates your acceptance of the terms and conditions of this Privacy Statement.
Please see our Code of Conduct for more information about CA’s high standard of ethics and our commitment to the protection of your personal information.
Information You Provide
We may ask you to provide personal information when you:
Personal information we request may include your name, email address, home address, phone number and other contact details. If you purchase a product or service or register for courses, we may also ask you for your credit card number or billing information.
When we ask you to provide your personal information, we will advise you upon collection whether the provision of your personal information is mandatory. If we ask for personal information through one of our registration pages on our website, you will have the option of not providing the information, in which case you may still be able to access other portions of the website, although you may not be able to access certain programs or services.
Information from Other Sources
We may also obtain information about you from other sources and combine that with information we collect through our Services. For example, we may aggregate your personal information with information that you make publicly available on social media or third-party websites to better market our Services to you.
Information Automatically Collected
When you visit our websites, we may automatically collect information about your visit, including pages you access, links you click and actions you take in connection with CA’s Services. We may also collect certain information from your web browser, such as your device’s operating system, application software, browser type and language, Internet Service Provider, Internet Protocol (IP) address, access times and the websites you visited before and after our website(s). For more information on information that we automatically collect, please see the “How does CA use cookies and other tracking technologies?” section.
We may use your personal information for legitimate business purposes, including to:
Legal Basis of Processing
In order to collect, use and otherwise process your personal information, CA may rely on any of the following legal bases:
If you have any questions or would like more information regarding the legal basis on which we collect your personal information, please contact us at privacyhelpline@ca.com.
Retention of Data
CA may retain your personal information data as long as is necessary to fulfill the purposes for which it was collected and in accordance with CA’s record retention policy and applicable law. CA’s Support Policy may include additional terms related to the collection of personal information or confidential data provided as part of the provision of customer support.
Cross-Border Data Transfers
CA may transfer your personal information to other CA entities located in many different countries around the world if required for the purposes described in this Privacy Statement. This may include the transfer of your personal information to countries outside your home country, including outside the European Economic Area (EEA), which may not have the same level of protection as your home country. For example, since CA is headquartered in the United States (US), CA entities in the EEA may need to send your personal information to our servers located in the US for legitimate business purposes. In order to provide adequate protection for the transfer of your personal information, we rely on various mechanisms, including our Privacy Shield certifications, Binding Corporate Rules, EU Standard Contractual Clauses and/or the need to process your personal information in order to provide the requested products or services, as the bases for transferring your personal information. Please click here for more information on CA’s data transfer mechanisms.
We may share your personal information with third parties for the purposes described below.
CA may also use or share aggregate data (data from which personal information has been removed) for any purpose.
Except as described above, CA will not disclose your personal information to third parties for their own marketing purposes without your consent.
EU-US and Swiss-US Privacy Shield
CA participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and is committed to subjecting all personal information received from the European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework’s applicable Principles. To learn more about the Privacy Shield program and to view CA’s certification page, please visit https://www.privacyshield.gov/.
CA is responsible for the processing of personal information that it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. CA remains liable for onward transfers of personal information to third parties who process personal information on its behalf in a manner that is inconsistent with the Privacy Shield Principles, unless CA proves that it is not responsible for the event(s) giving rise to the damage.
CA commits to resolve complaints about our collection or use of personal information under the Privacy Shield Frameworks and we are subject to the regulatory and enforcement powers of the Federal Trade Commission with respect to Privacy Shield. CA may be required, in certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have a complaint about CA’s use of your personal information under either Privacy Shield Framework, you should first contact CA at privacyhelpline@ca.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third party dispute resolution provider (free of charge) at BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint from us or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If neither CA nor the Council of Better Business Bureaus resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
CA takes all reasonable steps to protect your information from loss, misuse, unauthorized access or disclosure, alteration or destruction, including through the use of encryption when collecting or transferring sensitive data such as credit card information.
Click here to learn more about how CA secures information.
Email and Marketing
In most instances, CA gives you options with regard to the personal information you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of CA marketing emails; or (ii) checking certain boxes on our preference center which can also be found on certain forms we use to collect personal information.
Exercising your Rights
Subject to applicable law in your jurisdiction (e.g. laws in the European Economic Area, United Kingdom and Switzerland), you may have certain rights with respect to your personal information that we are processing. These rights may include the right to access your personal data, correct inaccurate personal data, object to the processing of your personal data based on CA’s legitimate interests (e.g., direct marketing purposes), restrict or delete personal data that you have previously provided to us or to receive an electronic copy of your personal data for purposes of transmitting it to another company. Where the processing of your data is based on your consent, you have the right to withdraw your consent to data processing activities at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you would like to exercise any of these rights, please contact privacyhelpline@ca.com with the words “Data Subject Rights Request” in the subject line.
Cookies
CA uses “cookies” on its websites to enable you to sign in to CA’s services and personalize your online experience. A “cookie” is a small data file stored on your hard drive. By using cookies, the information you previously provided can be retrieved on your next visit to our website(s) so that your use of the website is more efficient.
Cookies are either session-based (which disappear after you close your browser) or persistent (which remain on your computer after you close your browser or turn off your computer). CA may use any of the following types of cookies:
Web Beacons
CA also uses web beacons alone or in conjunction with cookies to compile information about your usage of our websites and interaction with emails from us. A web beacon is an electronic image that can be used to recognize a cookie on your computer when you view a web page or email message. Web beacons may help CA measure the effectiveness of our websites and our advertising in various ways. For example, web beacons may count the number of individual who visit a particular web page after viewing an advertisement or identify the number of individuals who opened or acted upon a marketing email message.
Our third-party ad services providers may also use aggregated information collected through web beacons and cookies about your visit to the website(s) in order to deliver advertising relevant to your interests and to better understand the usage of our websites and the other sites tracked by these third parties. This Privacy Statement does not apply to, and we are not responsible for, third-party cookies, and CA encourages you to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other tracking technologies.
Managing Cookie Preferences
Many web browsers are set to accept cookies by default, and only you can manage your browser settings. To may see the list of CA and selected partner cookies on our website(s) and make choices about those cookies, please visit our Cookie Consent Tool here. In addition, the Help portion of your web browser, which is most often found on your browser’s toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Please not that if you choose to decline cookies, you may not be able to get the benefit of some of the features of this website or other websites that you visit.
Do Not Track
Certain browsers like Internet Explorer, Firefox and Safari offer a “Do Not Track” or “DNT” option that sends a signal to websites visited by the user about the user’s browser DNT preference setting. Because uniform standards for “Do Not Track” have not been established, CA does not process or respond to “Do Not Track” signals.
Social Media Accounts
Portions of our websites make chat rooms, forums, blogs, message boards and/or news groups available to you. Please remember that any information that is disclosed in these areas could be made public so exercise caution when deciding to disclose any personal information. Also, please note that use of these portions of our website may be subject to additional terms. Additional information about community and support sites can be found at our Terms for User Sites on ca.com.
In addition, CA’s website(s) may include social media features, including the Facebook “Like” button. These features may collect your IP address and identify the web page you are visiting on CA’s website and may set a cookie to enable the feature to function properly. You may be given the option by that social media site to post information about your activities on CA’s website(s) to your profile page on that social media site. Your interactions with these features are governed by the privacy policy of the company that is providing them.
Third-Party Websites
CA’s websites may contain links to other third-party websites. This Privacy Statement does not apply to, and CA is not responsible for, the privacy practices or the content of such third-party websites, including business partner websites, and their use of personal information will be governed by their own privacy policies.
CA may modify or update this Privacy Statement at any time without prior notice. If we make any changes to this Privacy Statement, we will change the “Last Updated” date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement that may impact individual rights, CA will make prominent note of such change on its website at least one month prior to the change taking place.
If you have any questions, concerns or comments about this Privacy Statement or our privacy practices, please contact CA via email at privacyhelpline@ca.com with the words “PRIVACY STATEMENT” in the subject line.
You may also reach out by regular mail to:
CA Technologies
520 Madison Ave
New York, NY 10022
Attention: Chief Privacy Officer
EU residents may also lodge a complaint with the data protection authority in the EU member state where they live, work or where an alleged infringement of applicable data protection law occurred.