We are a company with global software operations and customers located in many different countries around the world. Depending on the actual use of our software by our customers and the services we provide we are considered a data processor under the General Data Protection Regulation (GDPR) or other applicable laws. As such we manage and ensure compliance with a unified corporate-wide and global approach.
Where we are a data processor, we act under our data processing addendum (DPA). This addendum sets out our commitment to privacy and security when processing personal data in connection with the provision of products and services and addresses the transfer of personal data outside of the EEA, United Kingdom and Switzerland.
As a data controller we hold Binding Corporate Rules for Controllers as a method for transferring data globally, including but not limited to marketing data, contract data and HR information of our employees.
As a data processor we have implemented intercompany Standard Contractual Clauses among the CA affiliates located in the EEA (as data exporters) and CA affiliates located outside the EEA (as data importers) as well as Broadcom’s affiliates to safeguard personal data transfers as a data processor or Subprocessor. View our list of CA subsidiaries and third party Subprocessors.
To cover transfers of personal data to the United States, we have self-certified to the principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce.
Our information security program is a holistic approach that considers every aspect of how we may collect, store, secure, use or dispose of your data.
Our Information Security Practices document outlines the current policies, procedures and safeguards we have implemented to achieve this as well as relevant certifications. As technology evolves these will be subject to change without further notice.
In the event that personal data is included in a support case, see below how it is typically processed when providing technical support for CA software.
See below how personal data is typically processed in a SaaS environment and learn more about our SaaS solutions.