Our Principles
2. OUR PRINCIPLES: RESPECTING YOUR PRIVACY AND SECURITY
Protecting privacy is part of our culture, values, and everyday conduct at Teradata. Integrity, responsibility, being people-focused, and being dedicated to our customers are among the core values we apply to all aspects of our business, including with regard to PDP. Our management sets the tone regarding the importance, requirements, standards and practices applicable to PDP at Teradata.
Our Code of Conduct annual certification and other PDP-related training includes expectations of, and commitments by, all Teradata employees, contractors and business partners to protect data and comply with PDP laws. All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CPRA shall be informed of all the requirements in the CPRA and how to direct consumers to exercise their rights under the CPRA.
Our Supplier Code of Conduct and our Business Partner Code of Conduct incorporate the principles of this Privacy Policy, the Teradata Code of Conduct, global PDP laws and standards and the principles of the United Nations Global Compact and the Responsible Business Alliance (“RBA”, formerly the Electronic Industry Citizenship Coalition (“EICC”)) Code of Conduct. For more information, please see https://www.teradata.com/About-Us/Corporate-Governance/Code-of-Conduct and https://www.teradata.com/About-Us/Environmental-Social-Governance (see particularly the “Teradata Corporate Social Responsibility Report” linked to that webpage).
Teradata typically acts as a “data processor” with respect to PII we Use for one of our customers, and our customer typically serves as the “data controller” with respect to that PII.
Teradata typically acts as a “data controller” with respect to PII that we Use for ourselves, such as with regard to our own employees so we may administer their employment, compensation, benefits and human resources management (“HR data”); with regard to customer contacts held in our various marketing databases and related applications for customer support and to visitors of our online Sites; or with regard to customer contacts collected during support portal registration, access and use. Our service providers who Use PII for us typically serve as downstream “data processors” or “sub-processors” for us.
2.1 "NOTICE" PRINCIPLE
- Notice of where we operate. We are a global multinational organisation. Our corporate headquarters is located in Rancho Bernardo (San Diego), California. We are incorporated in the State of Delaware in the U.S. We own our Rancho Bernardo complex, while all other facilities are leased. We have more than 6,000 employees worldwide, and as such, our information sources, data subjects, data flows and supply-chain spans the globe.
- Notice of what we do. Teradata is the leading connected multi-cloud data platform provider for enterprise analytics at scale. Our connected multi-cloud data platform, Teradata Vantage, allows customers to integrate and simplify their multi-cloud data and analytic ecosystems, streamline access and management of their data, and use analytics to derive business value from diverse data types. Our Teradata Vantage platform is designed and built to run across on-premises, private cloud and public cloud environments. This platform is supported by business consulting, support services and partner networks that enable customers to extract insights from across a company’s entire data and analytics ecosystem.
- Our consulting services include a broad range of offerings, such as consulting to help organizations establish an analytics vision, to enable an analytical ecosystem architecture, and to ensure value delivery of their analytical infrastructure.
- Teradata’s strategy is based on our differentiated value proposition for the top 10,000 largest organizations in the world, to provide a connected multi-cloud data platform, Teradata Vantage, that supports the needs of enterprises from start to scale. Teradata Vantage is an effective platform for driving business outcomes, with a partnering approach, embracing modern ecosystems and enabling users to build how they want.
- We serve customers around the world in a broad set of industries. Industry segments we serve include communications, ecommerce, financial services, government, gaming, healthcare, insurance, manufacturing, media and entertainment, oil and gas, retail, travel and transportation, and utilities.
- Teradata has a presence on the web that includes www.teradata.com
- Teradata social media links currently include:
- Notice of when we may Use PII.We may Use PII:
- in the course of delivering our products and services, both in the cloud and on customer premises;
- providing technical, maintenance, support, back-up, recovery, diagnostic, consulting, implementation, and other related services both in the cloud and on customer premises;
- for operating, managing and communicating about our own business, offerings and activities;
- through solutions we, or our technology providers, host, for the various Sources of PII detailed below;
- R&D (such as for benchmarking, testing, quality assurance, research, and product/offering strategy, development and integration); or
- networking sites, such as Peer Advantage, customer or partner education or certification courses, for example via Teradata University/Teradata University for Academics or our Teradata Certified Professional Program, or via our customer education team.
- Notice of Sources of PII we handle. We Use PII, in either or both electronic/digital form or physical/paper form, regarding a variety of people and entities. These include the following Sources:
- “Visitors” - including both those who visit our physical locations and those who choose to visit the websites, web portals, information exchange sites, blogs, wikis, social media sites, domains, downloadable applications, apps, surveys, questionnaires, webinars, events, conferences, network systems, or facilities we host, own or operate, or that are hosted or operated for us, as well as those who communicate with us, including by e-mail or other electronic or digital means, and such as through help-lines, call-centers, telecommunications and the like (with the subset of those who do so through electronic or digital means being referred to as “Online Visitors”);
- “Employees” - including full and part-time employees, job applicants, temporary and contract employees, former employees, and retirees, and qualifying family members, beneficiaries and insureds, such as those who receive or are eligible for benefits from or through us;
- “Customers” - including customers and prospective customers, and their representatives;
- “Partners” - including current and prospective suppliers, vendors, contractors, subcontractors, representatives, distributors, resellers, systems integrators, joint marketers, advertisers, sponsors and services providers;
- “Customer/Partner Constituents” - including people and entities who are the visitors, employees, customers, partners, constituents or other data subjects of our Customers or Partners, such as those about whom data is stored and processed on our solutions by or for our Customers; and
- “Others” - including people who are or may be influencers related to our business or technologies, such as analysts, academia, members of the media, investors, members of subject-area communities, industry communities and geographical or jurisdictional communities in which we operate, and those who do not fit into one or more of the preceding categories.
2.2 "CHOICE" PRINCIPLE
Teradata will not disclose PII to unaffiliated third parties (e.g., parties that are not subsidiaries, service providers, processors, contractors or other partners), unless any of the following are satisfied: (1) such disclosure is provided for in this Privacy Policy and/or under applicable internal privacy policies and the individual has been informed (which includes being informed by the public availability of this Privacy Policy at www.teradata.com/Privacy) about the possibility, scope and nature of such disclosure and has not opted-out of such disclosure (or where affirmative consent is required by applicable law, for example by means of double opt-in, has not provided that consent), (2) an individual requests it or expressly consents to it, or (3) the data is provided to help complete a transaction initiated by the individual.
We also will respect your preferences and choices for how we contact you regarding marketing and promotional communications. We may provide you, for example, with opportunities to subscribe to e-mail distributions or newsletters. If you previously signed-up to receive e-mailed information about our products, services, or special offers, but no longer wish to receive those communications you may opt-out from receiving some or all of those types of communications by following the ‘unsubscribe’ or ‘preferences’ setting instructions appended to the communication or communicating with us through one of the e-mail addresses or mailing addresses set forth in the “Contact Us” section of this document.
There are other circumstances in which we may provide your PII to third parties. For example, we may disclose your PII to a third party: when we, in good faith, believe disclosure is appropriate or necessary to comply with the law or a regulatory requirement or to comply with a subpoena or court order; to prevent or investigate a possible crime, such as identity-theft, hacking, cyber-attacks, phishing-attempts or other cyber-crimes; to enforce a contract; to protect the rights, property, intellectual property or safety of Teradata or a third party; to protect other vital interests; and, to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to a potential buyer or its advisor(s) in connection with any sale or transfer of all or part of our business
2.3 "SECURITY" PRINCIPLE
Teradata will take appropriate measures to ensure that PII is protected from access and disclosure not authorized through application of this Privacy Policy, including by limiting access to such information to Employees, service providers and Partners who have a legitimate business need to know it for a purpose permitted by this Privacy Policy, applicable Supplemental Privacy Terms, or with express consent.
We take reasonable physical, administrative, procedural and technical measures to protect PII under our control from loss, misuse and unauthorized access, disclosure, alteration and destruction. In particular, we employ the following security measures, among others:
- Security policies. We design, implement and support our IT infrastructure, data center operations, cloud operations, products and services according to documented security policies. At least annually, we assess our policy compliance and make necessary improvements to our policies and practices.
- Employee training and responsibilities. We take steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require Employees to sign confidentiality agreements. We also have assigned to a Chief Security Officer the ultimate responsibility to manage our global information security program.
- Access control. We limit access to PII only to those individuals who have an authorized purpose for accessing that information. We terminate those access privileges and credentials following job changes which no longer require such access and upon employment termination. We also have designated local or organizational data protection officers, stewards or managers for various locations and organizations of Teradata, and otherwise as and where required by applicable law.
- Data encryption. Our policies and procedures require that wherever practicable we use encrypted connections for any electronic transfers of PII.
Unfortunately, no security measures can be guaranteed to be 100-percent effective. It is important you understand that no site, system or network is completely secure or “hacker proof”, “cyber-attack proof” or “cyber-crime proof.” It is important for you to guard against unauthorized access to your passwords and the unauthorized use of computers and other electronic/data-access devices you own or control. You might find the following helpful and instructive: Stay Safe Online powered by the National Cyber Security Alliance, and its “Stop. Think. Connect.” initiative.
2.4 "ACCESS" PRINCIPLE
Teradata strives to maintain the accuracy of the PII we hold, and there are mechanisms allowing consumers and Employees to review and correct, and in some circumstances obtain deletion of, PII about themselves. You may review and correct, and (to the extent not limited or prohibited by applicable law in your country) have us delete, your PII – please see “Exercise Your Rights” below. We may ask you to verify your identity, and in some cases, we may limit or deny your request if the law permits or requires us to do so (for example, we may decline to delete data that we are required by law to retain, such as for tax withholdings and payments). We encourage you to promptly update your PII with us if and as it changes.
2.5 "ACCOUNTABILITY FOR ONWARD TRANSFER" PRINCIPLE
The EU standard contractual clauses, HIPAA and other countries’ laws, as and when valid and in force, and as may be amended from time to time (see more under Section 4 Cross-Border Data Processing), typically allow transfer of PII to a third party who is acting as a service provider, agent or “data processor” if the ultimate “data controller” takes certain steps to assure privacy and security protections. We may disclose PII to others, for example, in the following circumstances:
- to business Partners and subcontractors who need to access it in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need;
- to service providers who host or facilitate the delivery of technology services, online apps, training, seminars and webinars;
- to e-mail-delivery services and other technology providers;
- to third parties who may assist in the delivery of marketing materials, technical support services, or other products, services or other information;
- with authorized reseller/distributor/marketing Partners or our subsidiaries or branches so they may follow up with you regarding products and/or services;
- Applicant Information and Employee data may be provided to, on a confidential and use-restricted basis, our affiliates, subsidiaries, recruiting advisors and service providers, as well as other third parties such as background-screening organizations for the purposes described in this Privacy Policy and for employment-related activities as set forth elsewhere in this document and as reasonably necessary in connection with an Employee transaction or communication, compensation, benefits, tax and social-benefits reporting and withholding, and other legal, compliance and reporting obligations;
- in connection with the sale or transfer of all or part of our business;
- as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a judicial proceeding, court order, law-enforcement or government request, or other legal process, or to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
- to any other third party, with your affirmative consent.
In these situations, we will take reasonable steps to require the recipient to protect your PII in accordance with relevant applicable principles of all applicable laws or framework, or otherwise take steps to help ensure your PII is appropriately protected.
Where the the Data Privacy Framework applies (see section 4 below), Teradata shall remain liable if a third party, to which Teradata has transferred PII, processes such PII in a manner inconsistent with the the Data Privacy Framework Principles, unless Teradata proves that it is not responsible for the event giving rise to the damage.
Service Providers. In relation to the CPRA, to the limited extent that our service providers collect PII from or about a consumer on our behalf, we direct them that they shall not retain, use, or disclose PII obtained in the course of providing services to us except: i) to process or maintain or collect PII on our behalf and in compliance with the written contract for services and the Supplier or Business Partner Code of Conduct; ii) to retain or employ another service provider as a subcontractor, only where the subcontractor meets the requirements for a service provider under the CPRA; iii) for internal use by the service provider to build or improve the quality of its services, provided that the use does not include building or modifying household or consumer profiles to use in providing services to another business, or correcting or augmenting data acquired from another source; iv) to detect data security incidents, or protect against fraudulent or illegal activity; or for the purposes enumerated in Civil Code section 1798.145, subdivisions (a)(1) through (a)(7). A service provider is directed not to sell or share PII provided by, or collected on behalf of, Teradata. A service provider that receives a request to know or a request to delete from a consumer shall immediately inform Teradata using the contact details in the “Contact Us” section above, and the parties will timely decide whether the service provider will act on behalf of Teradata in responding to the request or whether the service provider will inform the consumer that the request cannot be acted upon because the request has been sent to a service provider.
2.6 "DATA INTEGRITY AND PURPOSE LIMITATION" PRINCIPLE
Teradata will limit the Use of PII to that which is reasonably needed for valid/legitimate business purposes or to comply with applicable laws. Any such data will be obtained by us only through lawful and fair means.
- When you visit us online, we want you to feel secure that we are respecting your privacy. PII we collect about you when you visit us online is the information you choose to provide by Registering or by providing other feedback or consent to us, subject to this Privacy Policy and any applicable Supplemental Privacy Terms. We do not further distribute PII you provide other than for purposes and with other parties as permitted through this Privacy Policy, through applicable Supplemental Privacy Terms, and when you have granted consent (such as when necessary in connection with a transaction, employment or legal compliance obligations).
2.7 "RECOURSE, ENFORCEMENT AND LIABILITY" PRINCIPLE
Teradata maintains procedures for verifying compliance with the commitments we make in this Privacy Policy. To do this, we complete one or more relevant privacy compliance assessments at least annually, and make improvements based on the results thereof. We also provide the resources identified above in the “Contact Us” section of this Privacy Policy so you may raise privacy-related matters with us, and we provide the “dispute resolution” process noted in the “Cross-Border Data Processing” section of this Privacy Policy so that you have a process and mechanism to enforce compliance with the standards set forth in this Privacy Policy. As also noted above, we are subject to the jurisdiction of, and compliance monitoring and enforcement by, the U.S. Department of Commerce and U.S. Federal Trade Commission and by applicable national Data Protection Authorities with respect to certain PII, such as PII in HR data. Teradata commits to cooperate with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to HR data transferred from the EU and Switzerland in the context of the employment relationship.
2.8 COOKIES AND ONLINE TRACKING
- We and some third parties we work with may use cookies on some pages of our Sites to help serve you better each time you return. A cookie is a small element of data that a website may send to your browser and is then stored on your system. The different types of cookies we use and why are described below. You may set your web browser to block cookies or warn you before you accept a cookie. Where required by law, we will ask you for your explicit consent to the usage of cookies and will not use them without your consent or for longer than necessary. If you would like to limit the use of cookies to those that are strictly necessary, you may do so by clicking this link and selection "Don't Personalize." If you use your browser settings to block all cookies or choose on first request not to allow cookies, then you may not be able to access all or parts of our Site(s). For more information about cookies, including how to set your internet browser to reject cookies, please go to www.allaboutcookies.org.
Categories of cookies we use include:
- Strictly necessary (essential) cookies – These are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or help us to choose the right language for you.
- Analytical/performance cookies – These allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Sites work, for example, by ensuring that users are finding what they are seeking easily.
- Functionality cookies – These are used to recognize you when you return to our Site. This enables us to personalize our content for you and remember your preferences (e.g., language or country/region).
- Advertising cookies – These are used to allow us to provide more relevant advertisements to you and other visitors to our Site and when you use public search engines.
In addition, our website enables some third-party tracking pixels such as those from Google Analytics and Meta. For Online Visitors visiting from the EEA, tracking pixels are only used when the user gives their consent for the use of non-essential cookies and other tracking technologies first. For other visitors, if you would like to limit the use of these third-party tracking pixels, you may do so by clicking this link and selection "Don't Personalize."
We also collect information on the domains through which Online Visitors visit us. We use that data to track trends in Site traffic and as the basis for making improvements. Except for essential cookies, cookies will be set to expire after one year – unless you consent otherwise. Our advertisers may also use cookies, over which we have no control; if you do not wish to be exposed to advertiser cookies or other advertiser online tracking, do not select the advertiser’s link or content from our Site(s).
- Social Plug-Ins and Share Buttons. We also may use social plug-ins on or in connection with some of our Sites. When you visit a Site that contains a social plug-in and the social plug-in is selected or enabled, your browser establishes a direct connection to the social plug-in operator’s server. The social plug-in operator directly transfers the plug-in content to your browser. The social plug-in provider receives information about your access to sites. We have no influence on the data gathered by the plug-in operator. The Online Visitor is responsible for managing his or her privacy consents, settings and preferences, and addressing with the third-party operator, privacy issues that pertain to his or her use of, or plug-in with, third-party social media sites.
When visiting one of our Sites that contains a social plug-in, your browser will establish a direct connection to the respective social network’s servers enabling the respective social network to receive information about you having accessed our Site. We have no influence over the data gathered by the social plug-ins and have no knowledge of or control over the data gathered by the respective social network. To our knowledge, the embedded social plug-ins provide the respective social network with information that you have accessed our Site. If you are logged into the respective social network, your visit can be linked to your account. If you interact with the social plug-ins, the corresponding information will also be provided to the respective social network and linked to your account. Even if you are not logged into the respective network, there is the possibility that the social plug-ins transmit your IP-address to the respective social network.
For the purpose and scope of data collection and the further processing and use of data by the respective social network, as well as your rights and ways to protect your privacy, please see the privacy notices of the respective social networks. While every attempt is made to validate and screen outside links that may be provided through our online Sites, we are not responsible for the content of any outside third-party web sites. Bulletin boards, blogs, wikis, chat rooms, exchanges, share sites, social media venues and similar “forums” (whether operated by or for us, or otherwise) often are open or accessible to others in the forums and may be open to the public or those who otherwise gain access to information posted on or through the forum. Your participation in such forums and what you disclose in such forums is totally your own choice. If you make that choice and include your PII in your posts, it may lead to use of your PII by others, and we will not be responsible for any information you decide to make available on or through such forums, nor for any contacts of you by others as a result of your participation in, or your own disclosures on or through, such forums. We reserve the right to monitor such forums operated by, for or about us, and Use information legally posted on or through them. There should be no expectation of privacy by anyone with respect to the content of postings or disclosures he or she voluntarily makes on or through such forums.
- IP addresses and “clickstream” information. Some online clickstream data includes User Information. User Information is information about computers that interact with our systems. This includes:
- Web server logs. In the process of administering our Sites, we maintain and track usage through web server logs. These logs provide information such as what types of browsers are accessing our Sites, what pages receive high traffic, and the times of day our servers experience significant loads. We use Internet Protocol (“IP”) addresses to analyze trends, administer Sites, track users’ movements, and gather broad demographic information for aggregate use. We use this information to improve the content and navigation features of our Sites. Anonymous or aggregated forms of this data also may be used to identify future features and functions to develop for our Sites and to provide better service or a better user experience. We do not link this information with individually identifiable PII. We also reserve the right to, and may, provide aggregated and anonymous information to third parties.
- Web beacons. We and third parties also may employ web beacons on or in connections with our Sites or in connection with e-mails and other electronic/digital communications we send, distribute, or have sent or distributed for us. Web beacons are tiny graphics with unique identifiers, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons typically are embedded invisibly on webpages and other online or electronic/digital documents and are about the size of the period at the end of this sentence. Web beacons also may be used, for example, in an e-mail, newsletter or other electronic communication to determine if it has been opened by the user or if web links contained in it have been selected by the user. Where required by law, we will ask you for your explicit consent to the usage of web beacons by us and will not use them without your consent. We are not, however, responsible for any third-party deployment or usage of web beacons.
- Web server logs. In the process of administering our Sites, we maintain and track usage through web server logs. These logs provide information such as what types of browsers are accessing our Sites, what pages receive high traffic, and the times of day our servers experience significant loads. We use Internet Protocol (“IP”) addresses to analyze trends, administer Sites, track users’ movements, and gather broad demographic information for aggregate use. We use this information to improve the content and navigation features of our Sites. Anonymous or aggregated forms of this data also may be used to identify future features and functions to develop for our Sites and to provide better service or a better user experience. We do not link this information with individually identifiable PII. We also reserve the right to, and may, provide aggregated and anonymous information to third parties.
In connection with our Sites (including e-mails and other electronic/digital communications), we also may use or allow analytics or third-party tracking services that also use cookies, flash-cookies, web beacons or other tracking technologies to track legally permissible non-individually identifiable PII about Online Visitors to our Sites. When these services and their cookies, flash cookies, web beacons or other tracking technologies are used, it is done in the aggregate to capture usage and volume statistics and to manage content, and, absent your advance affirmative consent, not for any other purpose. Some of our business Partners, Internet advertisers, ad servers and ad networks also may use cookies, flash cookies, web beacons and other tracking technologies to collect information about users’ online behavior and use that information for analytics and to serve advertising aimed to be relevant to particular users (e.g., behavioral advertising) in connection with our Sites or links or advertising connected with our Sites. Some of our Customers, and their business partners, also may use cookies, flash cookies, web beacons and other tracking technologies and analytics in connection with their sites, e-mails, online advertisements or other electronic/digital communications which we host, process or deliver for our customers. We have no access to or control over these third-party tracking technologies and no responsibility for them or with respect to deployment or use of those kinds of analytic technologies by or for another. This policy applies to and covers the use of such tracking and analytics technologies by and for Teradata only, and it does not cover or apply to the use of tracking or analytic technologies by any third party.
We also may use User Information to help us prevent and detect security threats, fraud or other malicious activity, and to ensure the proper functioning of our solutions, products and services.