Privacy Statement

Last Updated: May 18, 2018

At CA, Inc. and our global subsidiaries (“CA,” “our,” “us,” or “we”), we care about your privacy and we are committed to protecting your information.

This Privacy Statement governs personal information CA collects from customers, attendees and online visitors (“you” or “your”) in connection with your use of CA’s websites and CA’s products, applications and services (including support and education), and corporate meetings and other events (collectively, the “Services”) where we post or link to this Privacy Statement, as well as information we automatically collect from your online visits (e.g. data collected via cookies).

For the purposes of this Privacy Statement, “personal information” means any information that, by itself, can identify you or can be combined with other information to identify you.

Your continued use of the website and/or the Services indicates your acceptance of the terms and conditions of this Privacy Statement.

Please see our Code of Conduct for more information about CA’s high standard of ethics and our commitment to the protection of your personal information.

What personal information does CA collect about you?

Information You Provide

We may ask you to provide personal information when you:

• Purchase products or services;
• Register for webcasts, seminars, conferences or other events sponsored by us or a partner;
• Request quotes, services, product support, trials, white papers and related downloads or additional information;
• Join CA Communities;
• Register for courses or education;
• Subscribe to newsletters, promotional emails or other CA materials;
• Participate in surveys, sweepstakes or contests;
• Apply for a job and submit your resume/CV; or
• Contact us.

Personal information we request may include your name, email address, home address, phone number and other contact details. If you purchase a product or service or register for courses, we may also ask you for your credit card number or billing information.

When we ask you to provide your personal information, we will advise you upon collection whether the provision of your personal information is mandatory. If we ask for personal information through one of our registration pages on our website, you will have the option of not providing the information, in which case you may still be able to access other portions of the website, although you may not be able to access certain programs or services.

Information from Other Sources

We may also obtain information about you from other sources and combine that with information we collect through our Services. For example, we may aggregate your personal information with information that you make publicly available on social media or third-party websites to better market our Services to you.

Information Automatically Collected

When you visit our websites, we may automatically collect information about your visit, including pages you access, links you click and actions you take in connection with CA’s Services. We may also collect certain information from your web browser, such as your device’s operating system, application software, browser type and language, Internet Service Provider, Internet Protocol (IP) address, access times and the websites you visited before and after our website(s). For more information on information that we automatically collect, please see the “How does CA use cookies and other tracking technologies?” section.

How does CA use your personal information?

We may use your personal information for legitimate business purposes, including to:

• Provide and deliver the Services you request;
• Send you transaction information, including confirmations and transaction status, product and services information, updates, security alerts and support and administrative messages;
• Administer your account, including verifying your information;
• Respond to your comments and questions and provide customer support or other services;
• Offer Live Chat assistance to facilitate;
• Operate and improve our websites, products and services;
• Process and deliver sweepstakes and contest entries and rewards;
• Ask you to take part in surveys used to measure our performance and improve our products, services and customer experience;
• Communicate with you about new promotions and upcoming events;
• Provide you with information about products and services offered by CA and our selected partners;
• Plan and host corporate events, online forums, communities and social networks;
• Link or combine with other information we get from third parties, to help understand your needs, and customize our offerings and market our Services based on your needs; and
• Perform other functions or serve other purposes, as disclosed to you at the point of collection, or as otherwise required or allowed under applicable law.

Legal Basis of Processing

In order to collect, use and otherwise process your personal information, CA may rely on any of the following legal bases:

• CA’s legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.
• Your consent, where CA has obtained your consent to process your personal information for certain activities. You may withdraw your consent at any time by contacting privacyhelpline@ca.com. However, please note that your withdrawal of consent will not affect the lawfulness of any use of your personal information by CA based on your consent prior to withdrawal.
• To fulfill any contractual obligations, such as where you have purchased a product or service from CA. For example, we may require your contact details in order to deliver your order if you have purchased a product from us.
• For compliance with CA’s legal obligations where applicable laws require CA to process your personal information.

If you have any questions or would like more information regarding the legal basis on which we collect your personal information, please contact us at privacyhelpline@ca.com.

Retention of Data

CA may retain your personal information data as long as is necessary to fulfill the purposes for which it was collected and in accordance with CA’s record retention policy and applicable law. CA’s Support Policy may include additional terms related to the collection of personal information or confidential data provided as part of the provision of customer support.

Cross-Border Data Transfers

CA may transfer your personal information to other CA entities located in many different countries around the world if required for the purposes described in this Privacy Statement. This may include the transfer of your personal information to countries outside your home country, including outside the European Economic Area (EEA), which may not have the same level of protection as your home country. For example, since CA is headquartered in the United States (US), CA entities in the EEA may need to send your personal information to our servers located in the US for legitimate business purposes. In order to provide adequate protection for the transfer of your personal information, we rely on various mechanisms, including our Privacy Shield certifications, Binding Corporate Rules, EU Standard Contractual Clauses and/or the need to process your personal information in order to provide the requested products or services, as the bases for transferring your personal information. Please click here for more information on CA’s data transfer mechanisms.

How does CA share your personal information?

We may share your personal information with third parties for the purposes described below.

• CA Subsidiaries. We may share your personal information with our subsidiaries worldwide in order to improve our website and/or the Services and to manage our customer relationships.
• Third-Party Vendors/Service Providers. We may rely on third-party vendors, consultants and other service providers to perform functions on our behalf and under our instructions in order to make our websites and the Services available to you. For example, we may engage third parties to provide customer support relating to our products or cloud storage services or assist CA in protecting its systems.
• Business Partners. We may share your information with third parties with whom we do business, including in connection with your purchase of a CA product through a business partner or attendance at an event jointly hosted by CA and business partner. Depending on CA’s business model and its regional coverage, CA may not be able to provide the products or services directly to you. In those instances, CA may disclose information to its business partners for reselling, marketing and other business purposes related to your demonstrated interest in our products and services. We will only share your personal information with business partners who agree to abide by applicable laws and to protect your personal information and use it solely for the purposes specified by CA.
• Legal Obligations and Rights. We may disclose your personal information: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of CA or its employees; or (v) as otherwise permitted by applicable law.
• Business Reorganization. We may share your personal information in connection with a sale or business transaction (e.g., merger or acquisition).

CA may also use or share aggregate data (data from which personal information has been removed) for any purpose.

Except as described above, CA will not disclose your personal information to third parties for their own marketing purposes without your consent.

EU-US and Swiss-US Privacy Shield

CA participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and is committed to subjecting all personal information received from the European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework’s applicable Principles. To learn more about the Privacy Shield program and to view CA’s certification page, please visit https://www.privacyshield.gov/.

CA is responsible for the processing of personal information that it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. CA remains liable for onward transfers of personal information to third parties who process personal information on its behalf in a manner that is inconsistent with the Privacy Shield Principles, unless CA proves that it is not responsible for the event(s) giving rise to the damage.

CA commits to resolve complaints about our collection or use of personal information under the Privacy Shield Frameworks and we are subject to the regulatory and enforcement powers of the Federal Trade Commission with respect to Privacy Shield. CA may be required, in certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have a complaint about CA’s use of your personal information under either Privacy Shield Framework, you should first contact CA at privacyhelpline@ca.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third party dispute resolution provider (free of charge) at BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint from us or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

If neither CA nor the Council of Better Business Bureaus resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.

How does CA protect your personal information?

CA takes all reasonable steps to protect your information from loss, misuse, unauthorized access or disclosure, alteration or destruction, including through the use of encryption when collecting or transferring sensitive data such as credit card information.

Click here to learn more about how CA secures information.

What rights and choices do you have regarding your personal information?

Email and Marketing

In most instances, CA gives you options with regard to the personal information you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of CA marketing emails; or (ii) checking certain boxes on our preference center which can also be found on certain forms we use to collect personal information.

Exercising your Rights

Subject to applicable law in your jurisdiction (e.g. laws in the European Economic Area, United Kingdom and Switzerland), you may have certain rights with respect to your personal information that we are processing. These rights may include the right to access your personal data, correct inaccurate personal data, object to the processing of your personal data based on CA’s legitimate interests (e.g., direct marketing purposes), restrict or delete personal data that you have previously provided to us or to receive an electronic copy of your personal data for purposes of transmitting it to another company. Where the processing of your data is based on your consent, you have the right to withdraw your consent to data processing activities at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you would like to exercise any of these rights, please contact privacyhelpline@ca.com with the words “Data Subject Rights Request” in the subject line.

How does CA use cookies and other tracking technologies?

Cookies

CA uses “cookies” on its websites to enable you to sign in to CA’s services and personalize your online experience. A “cookie” is a small data file stored on your hard drive. By using cookies, the information you previously provided can be retrieved on your next visit to our website(s) so that your use of the website is more efficient.

Cookies are either session-based (which disappear after you close your browser) or persistent (which remain on your computer after you close your browser or turn off your computer). CA may use any of the following types of cookies:

• Required cookies are essential to core website functionality.
• Performance cookies collect information about website visits to improve performance, but do not collect personal information.
• Functional cookies track your preferences, such as your preferred language or display settings, and customize the website to you. Some of these cookies may be required cookies.
• Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our websites and our marketing campaigns.
• Advertising cookies may be set through our website(s) by our advertising partners. Data may be collected by these companies that enable them to deliver customized advertisements on other websites that are relevant to your interests.

Web Beacons

CA also uses web beacons alone or in conjunction with cookies to compile information about your usage of our websites and interaction with emails from us. A web beacon is an electronic image that can be used to recognize a cookie on your computer when you view a web page or email message. Web beacons may help CA measure the effectiveness of our websites and our advertising in various ways. For example, web beacons may count the number of individual who visit a particular web page after viewing an advertisement or identify the number of individuals who opened or acted upon a marketing email message.

Our third-party ad services providers may also use aggregated information collected through web beacons and cookies about your visit to the website(s) in order to deliver advertising relevant to your interests and to better understand the usage of our websites and the other sites tracked by these third parties. This Privacy Statement does not apply to, and we are not responsible for, third-party cookies, and CA encourages you to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other tracking technologies.

Managing Cookie Preferences

Many web browsers are set to accept cookies by default, and only you can manage your browser settings. To may see the list of CA and selected partner cookies on our website(s) and make choices about those cookies, please visit our Cookie Consent Tool here. In addition, the Help portion of your web browser, which is most often found on your browser’s toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Please not that if you choose to decline cookies, you may not be able to get the benefit of some of the features of this website or other websites that you visit.

Do Not Track

Certain browsers like Internet Explorer, Firefox and Safari offer a “Do Not Track” or “DNT” option that sends a signal to websites visited by the user about the user’s browser DNT preference setting. Because uniform standards for “Do Not Track” have not been established, CA does not process or respond to “Do Not Track” signals.

Social Media Accounts

Portions of our websites make chat rooms, forums, blogs, message boards and/or news groups available to you. Please remember that any information that is disclosed in these areas could be made public so exercise caution when deciding to disclose any personal information. Also, please note that use of these portions of our website may be subject to additional terms. Additional information about community and support sites can be found at our Terms for User Sites on ca.com.

In addition, CA’s website(s) may include social media features, including the Facebook “Like” button. These features may collect your IP address and identify the web page you are visiting on CA’s website and may set a cookie to enable the feature to function properly. You may be given the option by that social media site to post information about your activities on CA’s website(s) to your profile page on that social media site. Your interactions with these features are governed by the privacy policy of the company that is providing them.

Third-Party Websites

CA’s websites may contain links to other third-party websites. This Privacy Statement does not apply to, and CA is not responsible for, the privacy practices or the content of such third-party websites, including business partner websites, and their use of personal information will be governed by their own privacy policies.

How will you be notified about changes to this Privacy Statement?

CA may modify or update this Privacy Statement at any time without prior notice. If we make any changes to this Privacy Statement, we will change the “Last Updated” date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement that may impact individual rights, CA will make prominent note of such change on its website at least one month prior to the change taking place.

Who should you contact with inquiries?

If you have any questions, concerns or comments about this Privacy Statement or our privacy practices, please contact CA via email at privacyhelpline@ca.com with the words “PRIVACY STATEMENT” in the subject line.

You may also reach out by regular mail to:

CA Technologies
520 Madison Ave
New York, NY 10022
Attention: Chief Privacy Officer

EU residents may also lodge a complaint with the data protection authority in the EU member state where they live, work or where an alleged infringement of applicable data protection law occurred.