Cross-Border Data Transfers
Teradata’s Privacy practices are designed to help protect Personal Data all over the world. At times, Personal Data may be transferred to service providers or systems in countries whose laws may not offer a level of data protection equivalent to that in your country. Where such cross-border transfers occur, we take reasonable steps to require the recipient to protect Personal Data in accordance with applicable Privacy laws and our Privacy standards.
We take a multi-dimensional approach to Privacy compliance by implementing at least one of several different legally recognized mechanisms for all cross-border data transfers. This includes mechanisms to permit the export of Personal Data from the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, among other countries.
Adequacy
Teradata may share Personal Data with its affiliates, subsidiaries, and third-party partners located in countries that have been deemed to ensure an adequate level of data protection. When we send or receive Personal Data to or from such “adequate” countries, we rely on these adequacy decisions as the basis for the cross-border transfer of Personal Data.
Data Privacy Frameworks
Teradata’s U.S. entities (Teradata Corporation, Teradata Operations, Inc., Teradata US, Inc., Teradata International, Inc., and Teradata Government Systems LLC) comply with and have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”). These frameworks are the cross-border data transfer mechanisms on which we rely when the Personal Data of individuals residing in the EU, EEA, UK, or Switzerland is transferred to Teradata in the United States.
Where we transfer Personal Data to a third party located in the United States that also certifies to these frameworks, we rely on these frameworks as the basis for those transfers as well.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Teradata commits to:
- resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Teradata at: privacy@teradata.com
- cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship
- refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the International Center for Dispute Resolution (“ICDR”) of the American Arbitration Association (“AAA”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR are provided at no cost to you. Consistent with the principles of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF there is the possibility, under certain conditions, for you to invoke binding arbitration.
If there is any conflict between this Privacy Statement and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF Principles, or the Swiss-U.S. DPF Principles, the applicable DPF Principles will govern. To learn more about the Data Privacy Framework program and to view our participation status, please visit https://www.dataprivacyframework.gov/.
Data Transfer Agreements and the Standard Contractual Clauses
Where Teradata sends or receives Personal Data to or from countries that do not have an adequacy decision, and we are unable to rely on an applicable Data Privacy Framework, we enter into government-approved data transfer agreements as the basis for the cross-border transfer of Personal Data. These data transfer agreements include the European Commission’s Standard Contractual Clauses (“EU SCCs”), Swiss SCCs, the UK Addendum to the EU SCCs (“UK Addendum”), and the Brazilian SCCs.
Where necessary, Teradata will take appropriate supplementary measures to ensure an essentially equivalent level of data protection to that guaranteed in the EEA, in accordance with European Data Protection Board ("EDPB") recommendations.
Transfers Within the Teradata Group of Companies
Teradata has executed written intra-group data protection agreements among various Teradata subsidiaries and entities around the world that incorporate the necessary government-approved data transfer agreements, including the EU SCCs, Swiss SCCs, UK Addendum and the Brazilian SCCs, to permit the cross-border transfer of Personal Data within the Teradata group of companies. We review and update these intra-group data protection agreements as our business and the requirements of applicable Privacy laws evolve.