Last updated August 21, 2017
CA, Inc. and its global subsidiaries (sometimes referred to herein as CA or CA Technologies) are committed to protecting the privacy of individuals who visit CA’s websites and interact with CA online (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who provide information to CA to register for Company’s corporate meetings or other events (“Attendees”). This Privacy Statement describes CA’s privacy practices in relation to the use of CA’s websites and the related products, applications and services (including support and education) offered by CA (the “Services”).
You should also note that CA maintains the same privacy practices with respect to data that is collected off-line and this statement may be relied upon with respect to those methods of data collection and use.
Please see our Code of Conduct for more information about CA’s high standard of ethics and our commitment to the protection of your personal information.
CA may modify or update this privacy statement at any time without prior notice. You can check the “Last Updated” date above to see when the statement was last changed. Your continued use of the website and/or the Services constitutes your consent to the contents of this Privacy Statement.
In general, as a Visitor you will not need to identify yourself or reveal any personal information. However, CA does collect domain information from your visit to customize and improve your experience on our websites. The type of information CA may collect includes:
CA uses the information collected to operate our websites, to provide you with the Services requested and to contact you about your interest in the Services, to verify your information, to plan and host corporate events, online forums and social networks, and to populate online profiles for Attendees on CA’s websites. CA may also aggregate your information with data that is separately provided by you on social media and third party websites if visible to third parties. CA may also use data from Visitors, Customers and Attendees for marketing purposes. For example, CA may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding CA, its affiliates, and its partners, such as information about promotions or events.
When CA collects information about you, such as your name or other details, it is CA’s practice to provide you with information on how the data will be used at the time you are asked for it if that is not immediately apparent. When CA asks you to provide your information through a registration page or otherwise, you will have the option of not doing so, in which case you may still be able to access other portions of this website, although you may not be able to access certain programs or services.
See Question 7 “What other rights do you have in connection with the personal data CA collects?” for information on your rights, including rights to “opt out” of certain uses of your information.
Some CA products or services use the Google Maps APIs and CA therefore incorporates by reference the Google privacy policy located at http://www.google.com/privacy.html, as amended by Google from time to time.
CA’s Support Policy may include additional terms related to the collection of personal or confidential data provided as part of the provision of customer support.
Because CA is a global company with customers located in many different countries around the world, it’s important that we comply with data privacy laws in many jurisdictions. CA has many entities operating in the EEA (the EEA is an area made up of European Union Member States and other countries in Europe who adhere to similar rules). In order for CA to do business, CA entities in the EEA need to send personal data to CA, Inc., a US based company, and other CA companies around the world. CA has implemented various mechanisms to enable the lawful transfer of personal data from the EEA to other countries globally. Here is a quick chart showing how CA Technologies uses each of these mechanisms for data transfers.
Data Processor |
Data Controller | Comments | |
|---|---|---|---|
Binding Corporate Rules (controller)
|
x | Click here to see listing on EU Commission website. Click here to see more about our BCRs. |
|
Privacy Shield
|
x | Click here for details. | |
Standard Contractual Clauses (intercompany)
|
x | Contact CA for details. | |
Standard Contractual Clauses (customer/CA)
|
x | Click here to download CA’s Data Processing Agreement. |
CA is generally a data processor when your company provides CA with access to personal data originating from your company, e.g., a file for product support or other Services, or data in a SaaS environment.
CA is generally a data controller when you provide your data as a Visitor, Attendee or to register for a Service.
Binding Corporate Rules (CA as a Controller)
CA has developed a set of Binding Corporate Rules (BCRs) to ensure uniform, comprehensive data protection and privacy standards for the handling of personal data. CA relies on these BCRs for the transfer of data globally among CA entities in those cases where CA acts as the data controller.
Click here to see CA’s listing on the European Commission’s BCR website and the categories of data it covers. Click here to see more about our BCRs.
Privacy Shield (CA as Processor)
Where CA acts as a data processor, CA, Inc. and its U.S. subsidiaries, and all entities using the brand name CA Technologies, comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. CA, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. . If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view CA’s certification page, please visit https://www.privacyshield.gov/.
Personal data covered by the Privacy Shield Framework may be provided to a third party as described in Q4 below. CA is accountable for personal data that it receives under the Privacy Shield Framework and transfers to a third party as set forth in the Privacy Shield Principles. CA remains liable under the Privacy Shield Principles if third-parties engaged to process personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless CA proves that it is not responsible for the event(s) giving rise to the damage.
Note that compliance by CA with the Privacy Shield Principles will be administered and monitored by the Department of Commerce and will be enforced by the Federal Trade Commission (FTC).
If you have a complaint about CA’s use of your data under the Privacy Shield Framework, see Q11 “What should you do if you have a question or a complaint regarding how CA is handling your personal data?” for information on what to do.
CA’s participation in the Privacy Shield Framework applies to all personal data that it receives from the European Union and Switzerland which is processed by CA as a data processor. It excludes HR data.
Standard Contractual Clause (CA as Processor)
(i) For the transfer of personal data between CA entities in the performance of its customer contracts CA has executed an intercompany data processing agreement with attached Standard Contractual Clauses. Contact CA for details.
(ii) CA offers customers the right to enter into a customer specific data processing agreement with attached Standard Contractual Clauses. Click here to download CA’s Data Processing Agreement.
For information on CA’s data transfer mechanisms, click here.
CA may share your personal data with third-parties for the purposes described below. For example, your data may be shared with companies CA has hired to provide support or services relating to CA products or to assist CA in protecting its systems.
CA Subsidiaries
CA may share data about Visitors, Customers and Attendees with other companies in order to work with them, including subsidiaries or CA, Inc. For example, CA may need to share data about Visitors to help improve our website or share data about Customers for customer relationship management purposes.
Suppliers
CA Technologies may share data about Visitors, Customers and Attendees with CA’s contracted suppliers so that these suppliers can provide services on CA’s behalf, this may include those who are performing customer support and cloud service providers such as storage providers. In addition and not limiting the foregoing, CA may also share data about Visitors, Customers, and Attendees with CA’s suppliers to ensure the quality of information provided, and with third-party social networking and media websites, such as LinkedIn and Facebook, for marketing and advertising on those websites. Unless described in this Privacy Statement, CA does not share, sell, rent, or trade any information with third-parties for their promotional purposes.
CA maintains contracts with these companies that require them to abide by our data privacy and security provisions and such companies are not allowed to use the personal data they receive from CA for any other purpose.
Business Partners
CA may use partners (including without limitation resellers and managed service providers) to offer its Services and may also jointly host corporate meetings and events with partners. CA may share data about Customers collected in connection with your purchase with CA where a partner is used and about Attendees where you attend an event or meeting jointly hosted by CA and a partner. CA does not control its business partners’ use of the data about Customers and Attendees collected, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase using a partner or you may choose not to attend an event or meeting jointly hosted by a partner.
CA may also disclose data to its business partners for marketing and other purposes which CA believes may be beneficial to you.
Third Party Advertising
Q8 and Q9 of this Privacy Statement specifically address the use of third parties to advertise and third party links.
Disclosure
CA may disclose information it has collected about you if required or advisable to do so under law, pursuant to lawful requests by public authorities, including for national security or law enforcement requirements, or when CA believes it is reasonably necessary in order to protect the rights of CA or its employees or to comply with a judicial proceeding or process.
CA’s intent is to strictly protect the security of your personal information; honor your choice for its intended use; and carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. CA has taken appropriate steps to safeguard and secure information we collect, including the use of encryption when collecting or transferring sensitive data such as credit card information. However, you should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures, and therefore such information may be accessed by people other than those you intended to access it. Click here to learn more about how CA secures information.
You are entitled to know whether CA holds information about you and, if we do (subject to certain limitations), to have access to that information, have it corrected if it is inaccurate or out of date, or ask CA to delete it, if appropriate. Contact CA at privacyhelpline@ca.com for any questions or to update your information.
CA offers Visitors, Customers, and Attendees a means to choose how CA uses the personal data they provide. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located at the bottom of CA marketing emails. Additionally, you may send a request to privacyhelpline@ca.com.
This website contains links to other websites. CA is not responsible for the privacy practices or the content of such websites and their use of the information will be in accordance with their own privacy policies.
A “cookie” is a small amount of data transferred to your browser and read by the web server that placed it there. It records your preferences and information you entered. By using cookies, the information you previously provided can be retrieved on your next visit to the website so that your use of the website is more efficient. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.
Web beacons may be used to deliver the cookie and to compile statistics about our website, such as how many people visited a particular page or clicked on certain links or to ensure the integrity of the registration process. While your particular use of the site will not be revealed and no personally identifying information will be collected, this information may be used, in an anonymous fashion, for preference marketing purposes, and CA’s third party advertising companies may use the information about your visit to the website(s) in order to provide ads about goods and services of interest to you or to measure and improve the effectiveness of ads for their clients. This information can include: date/time of banner ad shown, related cookie, and the first three octets of the IP address. CA may share aggregated statistics about the use of the website with third parties.
Cookies are either session-based (which disappear after you close your browser) or persistent (which remain on your computer after you close your browser or turn off your computer).
You may see the list of CA and selected partner cookies on our website and make choices about those cookies by visiting our Cookie Consent Tool here. In addition to our Cookie Consent Tool, most browsers allow you to manage cookie preferences. If you choose to decline cookies, you may not be able to get the benefit of some of the features of this website or other websites that you visit.
The following chart describes the types of cookies you may find on the CA website and your options for managing them.
| Types of Cookies | Description | Settings |
|---|---|---|
| Required cookies | Required cookies enable you to navigate CA’s websites and use its features, such as accessing secure areas of the websites and using CA Services. If you have chosen to identify yourself to CA, CA uses cookies containing encrypted information to allow CA to uniquely identify you. Each time you log into the Services, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow CA to uniquely identify you when you are logged into the Services and to process your online transactions and requests.
|
Because required cookies are essential to operate CA’s websites and the Services, there is no option to opt-out of these cookies. |
| Performance cookies | These cookies collect information about how Visitors use CA’s website, including which pages visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how CA’s website functions and performs. From time to time, CA engages third parties to track and analyze usage and volume statistical information from individuals who visit CA’s websites. CA may also utilize Flash cookies for these purposes. |
To learn how to opt out of performance cookies using your browser settings click here. To learn how to manage privacy and storage settings for Flash cookies click here. |
| Functionality cookies | Functionality cookies allow CA’s websites to remember information you have entered or choices you make (such as your username, language, or your region) and provide more enhanced, more personal features. These cookies also enable you to optimize your use of CA’s Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. CA uses local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on CA’s websites to personalize your visit. |
To learn how to opt out of functionality cookies using your browser settings click here. Note that opting out may impact the functionality you receive when CA’s websites. To learn how to manage privacy and storage settings for Flash cookies click here. |
| Targeting or Advertising cookies | CA may engage third parties to track and analyze usage and volume statistical information from individuals who visit CA’s websites. CA sometimes uses cookies delivered by third parties to track the performance of CA advertisements, such as Google Analytics (click here for more information on how Google uses data). For example, these cookies remember which browsers have visited CA’s websites. The information provided to third parties does not include personal information, but this information may be reassociated with personal information after CA receives it. CA also contracts with third party advertising networks that collect IP addresses and other information from Web beacons (see below) on CA’s websites, from emails, and on third party websites. Ad networks follow your online activities over time and across different sites or other online services by collecting Web Site Navigational Information through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use, such as a desktop or laptop computer, smartphone or tablet. Third parties use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites or mobile applications on any of your devices. This process also helps CA manage and track the effectiveness of its marketing efforts. Third parties, with whom CA partners to provide certain features on its websites or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. |
To learn more about these and other advertising networks and their opt out instructions, click here and here. To learn how to manage privacy and storage settings for Flash cookies click here. |
Web Beacons
CA uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of CA’s websites and interaction with emails from CA. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the Web beacon, and a description of a website tied to the Web beacon. For example, CA may place Web beacons in marketing emails that notify CA when you click on a link in the email that directs you to one of CA’s websites. CA uses Web beacons to operate and improve CA’s websites and email communications.
IP Addresses
When you visit CA’s websites, CA collects your Internet Protocol (“IP”) addresses to track and aggregate information. For example, CA uses IP addresses to monitor the regions from which Customers and Visitors navigate CA’s websites. CA also collects IP addresses from Customers when they log into the Services as part of CA’s “Identity Confirmation” and “IP Range Restrictions” security features.
Do Not Track
Certain browsers like Internet Explorer, Firefox and Safari offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites’ visited by the user about the user’s browser DNT preference setting. CA does not currently commit to responding to browsers’ DNT signals with respect to CA’s websites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. CA takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Portions of this website make chat rooms, forums, blogs, message boards, and/or news groups available to Visitors. Please remember that any information that is disclosed in these areas could be made public so exercise caution when deciding to disclose any personal information.
Use of these portions of our website may be subject to additional terms. Additional information about community and support sites can be found at our Terms for User Sites on ca.com.
In addition, CA’s websites may use social media functionality like the Facebook “like” button which may collect your IP address and which page you are visiting on CA’s website, and may set a cookie to enable the feature to function properly. You may be given the option by that social media site to post information about your activities on CA’s websites to your profile page on that social media site. Your interactions with these features are governed by the privacy policy of the company that is providing them.
If you have any questions, concerns, or comments about our privacy statement or practices, please contact CA via email at privacyhelpline@ca.com with the words “PRIVACY POLICY” in the subject line. All emails will be read promptly and we endeavor to provide an initial response to the sender within 5-7 business days indicating the complaint will be investigated.
You may also reach out by regular mail to:
CA Technologies
520 Madison Avenue
New York, NY 10022
Attention: Bonnie Yeomans, Assistant General Counsel and Privacy Officer
To the extent you have a question, request, inquiry or complaint regarding personal data for which CA acts as a data processor (which may include information provided to CA by your company or other third party), CA may have to reach out to our corporate customers in order to comply with requests relating to the handling of such personal data. For these reasons, we ask that if you wish to request access, to limit use, or to limit disclosure to such personal data, please provide the name of the CA customer who provided your data to CA. CA will then work with that customer to help ensure that your request is addressed.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, CA commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Statement should first contact CA as set forth in the answer to Question 11 above. CA will provide an initial response to any Privacy Shield complaint within 45 days from the complaint. CA has further committed to refer unresolved Privacy Shield complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of the BBB EU PRIVACY SHIELD are provided at no cost to you.
If neither CA nor the Council of Better Business Bureaus resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
All issues raised will be investigated until completion, and all matters will be handled in compliance with the Principles of Privacy Shield.
Visit the Canadian Privacy Policy page for additional information about CA Canada.