CA Technologies is committed to protecting the privacy of personal data provided by its customers and partners and has done so under the Safe Harbor framework for many years. However, CA Technologies acknowledges the decision of the European Court of Justice of 6 October 2015 invalidating the Safe Harbor framework. CA Technologies holds Binding Corporate Rules for Controllers and this is its method for transferring data globally as a data controller. http://ec.europa.eu/justice/data-protection/international-transfers/binding-corporate-rules/bcr_cooperation/index_en.htm
CA Technologies has prepared a data processing agreement for you to download setting out CA’s commitment to privacy and data protection when processing customer data in connection with the provision of products and services to our customers and partners, and dealing with the transfer of personal data outside of the European Economic Area and Switzerland in connection with the provision of such products and services. If you have any questions, please see the following FAQs, and you can also send an email firstname.lastname@example.org
Q: What has happened?
On 6 October 2015, the European Court of Justice (ECJ) has declared the Commission Decision 2000/520/EC of 26 July 2000 on the adequacy of the protection provided by the Safe Harbor privacy principles and related frequently asked questions issued by the US Department of Commerce (the Decision) to be invalid (the Judgment).
Q: What is Safe Harbor?
Under the Data Protection Directive (Directive 95/46/EC, the Directive), the transfer of personal data to a third party country may take place only if that third party country ensures an adequate level of protection of the personal data.
In order to facilitate transfers of personal data from the EEA to eligible US companies and to provide a streamlined means for US organizations to comply with the Directive, the US Department of Commerce in consultation with the European Commission developed a Safe Harbor framework.
With the Decision, the European Commission stated that the Safe Harbor framework provided an adequate level of protection.
With the Judgment, the ECJ quashed the Decision and, consequently, the Safe Harbor framework no longer provide a valid legal basis for transfers of personal data from the EEA to the US.
A similar arrangement also existed for transfers of personal data from Switzerland to the US and this has arrangement has also been declared invalid.
Q: How does CA Technologies comply with data protection requirements?
CA Technologies is committed to protecting the privacy of its customers and partners’ personal data.
CA Technologies holds Binding Corporate Rules for Controllers and this is its method for transferring data globally as a data controller. CA Technologies also certifies to and complies with the Safe Harbor principles that, up to now, have been the legal framework under which it transferred data to the US as data processor.
In response to the Judgment, and in order to continue complying with the requirements set out under the Directive and the Swiss Federal Data Protection Act, CA Technologies has prepared a data processing agreement setting out CA Technologies’ commitment to privacy and data protection, when processing any personal data of its customers and partners in connection with the provision of products and services, and dealing with the transfer of personal data to the US in connection with the provision of such products and services (the Agreement).
The Agreement incorporates the set of standard contractual clauses issued by the European Commission for transfers from data controllers to data processors established outside the EEA, which are recognized, by the European Commission and Swiss Data Protection Authorities, as providing adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights.
Q: What customers and partners are expected to do?
Please download, complete, sign and return the data processing agreement to email@example.com.
For any further questions, please contact firstname.lastname@example.org.