2. OUR PRINCIPLES: RESPECTING YOUR PRIVACY AND SECURITY
Protecting privacy is part of our culture, values and everyday conduct at Teradata. Integrity, responsibility, being people-focused, and being dedicated to our customers are among the core values we apply to all aspects of our business, including with regard to PDP. Our management sets the tone regarding the importance, requirements, standards and practices applicable to PDP at Teradata.
Our Code of Conduct annual certification and other PDP-related training includes expectations of, and commitments by, all Teradata employees, contractors and business partners to protect data and comply with PDP laws. All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CPRA shall be informed of all the requirements in the CPRA and how to direct consumers to exercise their rights under the CPRA.
Teradata typically acts as a “data processor” with respect to PII we Use for one of our customers, and our customer typically serves as the “data controller” with respect to that PII.
Teradata typically acts as a “data controller” with respect to PII that we Use for ourselves, such as with regard to our own employees so we may administer their employment, compensation, benefits and human resources management (“HR data”) and with regard to customer contacts held in our various marketing databases and related applications and to visitors of our online Sites. Our service providers who Use PII for us typically serve as downstream “data processors” or “sub-processors” for u
2.1 "NOTICE" PRINCIPLE
- Notice of where we operate. We are a global multinational organisation. Our corporate headquarters is located in Rancho Bernardo (San Diego), California. We are incorporated in the State of Delaware in the U.S. We own our Rancho Bernardo complex, while all other facilities are leased. We have more than 7,000 employees worldwide, and as such, our information sources, data subjects, data flows and supply-chain spans the globe.
- Notice of what we do. Teradata Corporation is the leading connected multi-cloud data platform for enterprise analytics at scale. Our connected multi-cloud data platform, Teradata Vantage, allows customers to integrate and simplify their multi-cloud data and analytic ecosystems, streamline access and management of their data, and use analytics to derive business value from diverse data types. Our Teradata Vantage platform is designed and built to run across on-premises, private cloud and public cloud environments. This platform is supported by business consulting, support services and partner networks that enable customers to extract insights from across a company’s entire data and analytics ecosystem.
- Our consulting services include a broad range of offerings, such as consulting to help organizations establish an analytics vision, to enable an analytical ecosystem architecture, and to ensure value delivery of their analytical infrastructure.
- Teradata’s strategy is based on our differentiated value proposition for the top 10,000 largest organizations in the world, to provide a connected multi-cloud data platform, Teradata Vantage, that supports the needs of enterprises from start to scale. Teradata Vantage is an effective platform for driving business outcomes, with a partnering approach, embracing modern ecosystems and enabling users to build how they want.
- We serve customers around the world in a broad set of industries. Industry segments we serve include communications, ecommerce, financial services, government, gaming, healthcare, insurance, manufacturing, media and entertainment, oil and gas, retail, travel and transportation, and utilities.
- Teradata has a presence on the web that includes www.teradata.com
- Teradata social media links currently include:
Notice of when we may Use PII. We may Use PII:
- in the course of delivering our products and services, both in the cloud and on customer premises
- providing technical, maintenance, support, back-up, recovery, diagnostic, consulting, implementation, and other related services both in the cloud and on customer premises;
- for operating, managing and communicating about our own business, offerings and activities;
- through solutions we, or our technology providers, host, for the various Sources of PII detailed below.
- R&D (such as for benchmarking, testing, quality assurance, research, and product/offering strategy, development and integration);
- networking sites, such as Peer Advantage, customer or partner education or certification courses, for example via Teradata University/Teradata University for Academics or our Teradata Certified Professional Program, or via our customer education team.
Notice of Sources of PII we handle. We Use PII, in either or both electronic/digital form or physical/paper form, regarding a variety of people and entities. These include the following Sources:
- “Visitors” - including those who choose to visit the websites, web portals, information exchange sites, blogs, wikis, social media sites, domains, downloadable applications, apps, surveys, questionnaires, webinars, events, conferences, network systems, or facilities we host, own or operate, or that are hosted or operated for us, as well as those who communicate with us, including by e-mail or other electronic or digital means, and such as through help-lines, call-centers, telecommunications and the like (with the subset of those who do so through electronic or digital means being referred to as “Online Visitors”);
- “Employees” - including full and part-time employees, job applicants, temporary and contract employees, former employees, and retirees, and their qualifying family members, beneficiaries and insureds, such as those who receive or are eligible for benefits from or through us;
- “Customers” - including customers and prospective customers, and their representatives;
- “Partners” - including current and prospective suppliers, vendors, contractors, subcontractors, representatives, distributors, resellers, systems integrators, joint marketers, advertisers, sponsors and services providers;
- “Customer/Partner Constituents” - including people and entities who are the visitors, employees, customers, partners, constituents or other data subjects of our Customers or Partners, such as those about whom data is stored and processed on our solutions by or for our Customers; and
- “Others” - including people who are or may be influencers related to our business or technologies, such as analysts, academia, members of the media, investors, members of subject-area communities, industry communities and geographical or jurisdictional communities in which we operate, and those who do not fit into one or more of the preceding categories.
2.2 "CHOICE" PRINCIPLE
We also will respect your preferences and choices for how we contact you regarding marketing and promotional communications. We may provide you, for example, with opportunities to subscribe to e-mail distributions or newsletters. If you previously signed-up to receive e-mailed information about our products, services, or special offers, but no longer wish to receive those communications you may opt-out from receiving some or all of those types of communications by following the ‘unsubscribe’ or ‘preferences’ setting instructions appended to the communication or communicating with us through one of the e-mail addresses or mailing addresses set forth in the “Contact Us” section of this document.
There are other circumstances in which we may provide your PII to third parties. For example, we may disclose your PII to a third party: when we, in good faith, believe disclosure is appropriate or necessary to comply with the law or a regulatory requirement or to comply with a subpoena or court order; to prevent or investigate a possible crime, such as identity-theft, hacking, cyber-attacks, phishing-attempts or other cyber-crimes; to enforce a contract; to protect the rights, property, intellectual property or safety of Teradata or a third party; to protect other vital interests; and, to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to a potential buyer or its advisor(s) in connection with any sale or transfer of all or part of our business
2.3 "SECURITY" PRINCIPLE
We take reasonable physical, administrative, procedural and technical measures to protect PII under our control from loss, misuse and unauthorized access, disclosure, alteration and destruction. In particular, we employ the following security measures, among others:
- Security policies. We design, implement and support our IT infrastructure, data center operations, cloud operations, products and services according to documented security policies. At least annually, we assess our policy compliance and make necessary improvements to our policies and practices.
- Employee training and responsibilities. We take steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require Employees to sign confidentiality agreements. We also have assigned to a Chief Security Officer the ultimate responsibility to manage our global information security program.
- Access control. We limit access to PII only to those individuals who have an authorized purpose for accessing that information. We terminate those access privileges and credentials following job changes which no longer require such access and upon employment termination. We also have designated local or organizational data protection officers, stewards or managers for various locations and organizations of Teradata, and otherwise as and where required by applicable law.
- Data encryption. Our policies and procedures require that wherever practicable we use encrypted connections for any electronic transfers of PII.
Unfortunately, no security measures can be guaranteed to be 100-percent effective. It is important you understand that no site, system or network is completely secure or “hacker proof”, “cyber-attack proof” or “cyber-crime proof.” It is important for you to guard against unauthorized access to your passwords and the unauthorized use of computers and other electronic/data-access devices you own or control. You might find the following helpful and instructive: ,Stay Safe Online powered by the National Cyber Security Alliance, and its “Stop. Think. Connect.” initiative.
2.4 "ACCESS" PRINCIPLE
Teradata strives to maintain the accuracy of the PII we hold, and there are mechanisms allowing consumers and Employees to review and correct, and in some circumstances obtain deletion of, PII about themselves. You may review and correct, and (to the extent not limited or prohibited by applicable law in your country) have us delete, your PII – please see “Exercise Your Rights” below. We may ask you to verify your identity, and in some cases, we may limit or deny your request if the law permits or requires us to do so (for example, we may decline to delete data that we are required by law to retain, such as for tax withholdings and payments). We encourage you to promptly update your PII with us if and as it changes.
2.5 "ACCOUNTABILITY FOR ONWARD TRANSFER" PRINCIPLE
The EU standard contractual clauses, HIPAA and other countries’ laws, as and when valid and in force, and as may be amended from time to time (see more under Section 4 Cross-Border Data Processing), typically allow transfer of PII to a third party who is acting as a service provider, agent or “data processor” if the ultimate “data controller” takes certain steps to assure privacy and security protections. We may disclose PII to others, for example, in the following circumstances:
- to business Partners and subcontractors who need to access it in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need;
- to service providers who host or facilitate the delivery of technology services, online apps, training, seminars and webinars;
- to e-mail-delivery services and other technology providers;
- to third parties who may assist in the delivery of marketing materials, technical support services, or other products, services or other information;
- with authorized reseller/distributor/marketing Partners or our subsidiaries or branches so they may follow up with you regarding products and/or services;
- in connection with the sale or transfer of all or part of our business;
- as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a judicial proceeding, court order, law-enforcement or government request, or other legal process, or to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
- to any other third party, with your affirmative consent.
In these situations, we will take reasonable steps to require the recipient to protect your PII in accordance with relevant applicable principles of all applicable laws or framework, or otherwise take steps to help ensure your PII is appropriately protected.
Service Providers. In relation to the CPRA, to the limited extent that our service providers collect PII from or about a consumer on our behalf, we direct them that they shall not retain, use, or disclose PII obtained in the course of providing services to us except: i) to process or maintain or collect PII on our behalf and in compliance with the written contract for services and the Supplier or Business Partner Code of Conduct; ii) to retain or employ another service provider as a subcontractor, only where the subcontractor meets the requirements for a service provider under the CPRA; iii) for internal use by the service provider to build or improve the quality of its services, provided that the use does not include building or modifying household or consumer profiles to use in providing services to another business, or correcting or augmenting data acquired from another source; iv) to detect data security incidents, or protect against fraudulent or illegal activity; or for the purposes enumerated in Civil Code section 1798.145, subdivisions (a)(1) through (a)(7). A service provider is directed not to sell or share PII provided by, or collected on behalf of, Teradata. A service provider that receives a request to know or a request to delete from a consumer shall immediately inform Teradata using the contact details in the “Contact Us” section above, and the parties will timely decide whether the service provider will act on behalf of Teradata in responding to the request or whether the service provider will inform the consumer that the request cannot be acted upon because the request has been sent to a service provider.
2.6 "DATA INTEGRITY AND PURPOSE LIMITATION" PRINCIPLE
Teradata will limit the Use of PII to that which is reasonably needed for valid/legitimate business purposes or to comply with applicable laws. Any such data will be obtained by us only through lawful and fair means.
2.7 "RECOURSE, ENFORCEMENT AND LIABILITY" PRINCIPLE
2.8 COOKIES AND ONLINE TRACKING
Categories of cookies we use include:
- Strictly necessary (essential) cookies – These are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or help us to choose the right language for you.
- Analytical/performance cookies – These allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Sites work, for example, by ensuring that users are finding what they are seeking easily.
- Functionality cookies – These are used to recognise you when you return to our Site. This enables us to personalise our content for you and remember your preferences (e.g., language or country/region).
- Social Plug-Ins and Share Buttons. We also may use social plug-ins on or in connection with some of our Sites. When you visit a Site that contains a social plug-in and the social plug-in is selected or enabled, your browser establishes a direct connection to the social plug-in operator’s server. The social plug-in operator directly transfers the plug-in content to your browser. The social plug-in provider receives information about your access to sites. We have no influence on the data gathered by the plug-in operator. The Online Visitor is responsible for managing his or her privacy consents, settings and preferences, and addressing with the third-party operator, privacy issues that pertain to his or her use of, or plug-in with, third-party social media sites.
When visiting one of our Sites that contains a social plug-in, your browser will establish a direct connection to the respective social network’s servers enabling the respective social network to receive information about you having accessed our Site. We have no influence over the data gathered by the social plug-ins and have no knowledge of or control over the data gathered by the respective social network. To our knowledge, the embedded social plug-ins provide the respective social network with information that you have accessed our Site. If you are logged into the respective social network, your visit can be linked to your account. If you interact with the social plug-ins, the corresponding information will also be provided to the respective social network and linked to your account. Even if you are not logged into the respective network, there is the possibility that the social plug-ins transmit your IP-address to the respective social network.
For the purpose and scope of data collection and the further processing and use of data by the respective social network, as well as your rights and ways to protect your privacy, please see the privacy notices of the respective social networks. While every attempt is made to validate and screen outside links that may be provided through our online Sites, we are not responsible for the content of any outside third-party web sites. Bulletin boards, blogs, wikis, chat rooms, exchanges, share sites, social media venues and similar “forums” (whether operated by or for us, or otherwise) often are open or accessible to others in the forums and may be open to the public or those who otherwise gain access to information posted on or through the forum. Your participation in such forums and what you disclose in such forums is totally your own choice. If you make that choice and include your PII in your posts, it may lead to use of your PII by others, and we will not be responsible for any information you decide to make available on or through such forums, nor for any contacts of you by others as a result of your participation in, or your own disclosures on or through, such forums. We reserve the right to monitor such forums operated by, for or about us, and Use information legally posted on or through them. There should be no expectation of privacy by anyone with respect to the content of postings or disclosures he or she voluntarily makes on or through such forums.
IP addresses and “clickstream” information. Some online clickstream data includes User Information. User Information is information about computers that interact with our systems. This includes:
Web server logs. In the process of administering our Sites, we maintain and track usage through web server logs. These logs provide information such as what types of browsers are accessing our Sites, what pages receive high traffic, and the times of day our servers experience significant loads. We use Internet Protocol (“IP”) addresses to analyze trends, administer Sites, track users’ movements, and gather broad demographic information for aggregate use. We use this information to improve the content and navigation features of our Sites. Anonymous or aggregated forms of this data also may be used to identify future features and functions to develop for our Sites and to provide better service or a better user experience. We do not link this information with individually identifiable PII. We also reserve the right to, and may, provide aggregated and anonymous information to third parties.
Web beacons. We and third parties also may employ web beacons on or in connections with our Sites or in connection with e-mails and other electronic/digital communications we send, distribute, or have sent or distributed for us. Web beacons are tiny graphics with unique identifiers, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons typically are embedded invisibly on webpages and other online or electronic/digital documents and are about the size of the period at the end of this sentence. Web beacons also may be used, for example, in an e-mail, newsletter or other electronic communication to determine if it has been opened by the user or if web links contained in it have been selected by the user. Where required by law, we will ask you for your explicit consent to the usage of web beacons by us and will not use them without your consent. We are not, however, responsible for any third-party deployment or usage of web beacons.
We also may use User Information to help us prevent and detect security threats, fraud or other malicious activity, and to ensure the proper functioning of our solutions, products and services.
similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons typically are embedded invisibly on webpages and other online or electronic/digital documents and are about the size of the period at the end of this sentence. Web beacons also may be used, for example, in an e-mail, newsletter or other electronic communication to determine if it has been opened by the user or if web links contained in it have been selected by the user. Where required by law, we will ask you for your explicit consent to the usage of web beacons by us and will not use them without your consent. We are not, however, responsible for any third-party deployment or usage of web beacons.
We also may use User Information to help us prevent and detect security threats, fraud or other malicious activity, and to ensure the proper functioning of our solutions, products and services.