We are a company with global software operations and customers located in many different countries around the world. Depending on the actual use of our software by our customers and the services we provide we are considered a data processor under the General Data Protection Regulation (GDPR) or other applicable laws. As such we manage and ensure compliance with a unified corporate-wide and global approach.
Where we are a data processor, we act under our data processing addendum (DPA). This addendum sets out our commitment to privacy and security when processing personal data in connection with the provision of products and services and addresses the transfer of personal data outside of the EEA, United Kingdom and Switzerland.
Standard Contractual Clauses
As a data processor we have implemented intercompany Standard Contractual Clauses among the Broadcom entities located in the EEA (as data exporters) and affiliates located outside the EEA (as data importers) to safeguard personal data transfers as a data processor or Subprocessor. View our list of CA subsidiaries and third-party Subprocessors.
Former Privacy Shield
Broadcom used to self-certify under the EU-U.S. Privacy Shield Framework. After the Court of Justice of the European Union invalidated the Framework on July 16, 2020, we issued the following FAQ:
Our information security program is a holistic approach that considers every aspect of how we may collect, store, secure, use or dispose of your data.
Our Information Security Practices document outlines the current policies, procedures and safeguards we have implemented to achieve this as well as relevant certifications. As technology evolves these will be subject to change without further notice.
In the event that personal data is included in a support case, see below how it is typically processed when providing technical support for CA software.
See below how personal data is typically processed in a SaaS environment and learn more about our SaaS solutions.