Products

Solutions

Education & Training

Services & Support

Partners

Company

{{search ? 'Close':'Search'}}

Data Processing and Data Transfers

Understanding personal data and its lifecycle throughout our organization.

Personal Data Lifecycle

We are a company with global software operations and customers located in many different countries around the world. Depending on the actual use of our software by our customers and the services we provide we are considered a data processor under the General Data Protection Regulation (GDPR) or other applicable laws. As such we manage and ensure compliance with a unified corporate-wide and global approach.

Data Processing Addendum

Where we are a data processor, we act under our data processing addendum (DPA). This addendum sets out our commitment to privacy and security when processing personal data in connection with the provision of products and services and addresses the transfer of personal data outside of the EEA, United Kingdom and Switzerland.

Binding Corporate Rules, Standard Contractual Clauses, Privacy Shield

As a data controller we hold Binding Corporate Rules for Controllers as a method for transferring data globally, including but not limited to marketing data, contract data and HR information of our employees.

As a data processor we have implemented intercompany Standard Contractual Clauses among the CA affiliates located in the EEA (as data exporters) and CA affiliates located outside the EEA (as data importers) as well as Broadcom’s affiliates to safeguard personal data transfers as a data processor or Subprocessor. View our list of CA subsidiaries and third party Subprocessors here.

To cover transfers of personal data to the United States, we have self-certified to the principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce.

Information Security

Our information security program is a holistic approach that considers every aspect of how we may collect, store, secure, use or dispose of your data. Our Information Security Controls outline the current policies, procedures and safeguards we have implemented to achieve this as well as relevant certifications. As technology evolves these will be subject to change without further notice.

Support

In the event that personal data is included in a support case, see below how it is typically processed when providing technical support for CA software.

Personal Data Lifecycle: Support

SaaS

See below how personal data is typically processed in a SaaS environment and learn more about our SaaS solutions here.

Personal Data Lifecycle: SaaS

If you have any questions, please send an email to datatransfers@ca.com.