Data Processing and Data Transfers

    Enterprise Software Products and Services

    Understanding personal data and its lifecycle throughout our organization.

    We are a company with global software operations and customers located in many different countries around the world. Depending on the actual use of our software by our customers and the services we provide we are considered a data processor under the General Data Protection Regulation (GDPR) or other applicable laws. As such we manage and ensure compliance with a unified corporate-wide and global approach.

    Customer CCPA Supplement


    Customers who are subject to the California Consumer Privacy Act (CCPA) and require entering into service provider terms with us should download and countersign our pre-executed CCPA Customer Supplement. This Supplement fulfills all the requirements of the CCPA and contains clauses that are specific to our lines of business. These specific terms are required to ensure that the use of our services will not under any circumstance be considered as involving any sale of data in the meaning of the CCPA. This is an important assurance both for our customers and for ourselves, which is why our Supplement should be used.


    Data Processing Addendum


    Where we are a data processor, we act under our data processing addendum (DPA). This addendum sets out our commitment to privacy and security when processing personal data in connection with the provision of products and services and addresses the transfer of personal data outside of the EEA, United Kingdom and Switzerland.


    Data Processing Addendum - GDPR


    International Data Transfers

    Standard Contractual Clauses

    As a data processor we have implemented intercompany Standard Contractual Clauses among the Broadcom entities located in the EEA (as data exporters) and affiliates located outside the EEA (as data importers) to safeguard personal data transfers as a data processor or Subprocessor. View our list of CA subsidiaries and third-party Subprocessors.

    Former Privacy Shield

    Broadcom used to self-certify under the EU-U.S. Privacy Shield Framework. After the Court of Justice of the European Union invalidated the Framework on July 16, 2020, we issued the following FAQ:

    Broadcom Post-privacy Shield Customer FAQ

    Information Security


    Our information security program is a holistic approach that considers every aspect of how we may collect, store, secure, use or dispose of your data.



    Our Information Security Practices document outlines the current policies, procedures and safeguards we have implemented to achieve this as well as relevant certifications. As technology evolves these will be subject to change without further notice.




    In the event that personal data is included in a support case, see below how it is typically processed when providing technical support for CA software.





    See below how personal data is typically processed in a SaaS environment and learn more about our SaaS solutions.



    If you have any questions, please send an email to