Our Principles

2. OUR PRINCIPLES: RESPECTING YOUR PRIVACY AND SECURITY

Protecting privacy is part of our culture, values, and everyday conduct at Teradata. Integrity, responsibility, being people-focused, and being dedicated to our customers are among the core values we apply to all aspects of our business, including with regard to PDP. Our management sets the tone regarding the importance, requirements, standards and practices applicable to PDP at Teradata.

Our Code of Conduct annual certification and other PDP-related training includes expectations of, and commitments by, all Teradata employees, contractors and business partners to protect data and comply with PDP laws. All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CPRA shall be informed of all the requirements in the CPRA and how to direct consumers to exercise their rights under the CPRA.

Our Supplier Code of Conduct and our Business Partner Code of Conduct incorporate the principles of this Privacy Policy, the Teradata Code of Conduct, global PDP laws and standards and the principles of the United Nations Global Compact and the Responsible Business Alliance (“RBA”, formerly the Electronic Industry Citizenship Coalition (“EICC”)) Code of Conduct. For more information, please see https://www.teradata.com/About-Us/Corporate-Governance/Code-of-Conduct and https://www.teradata.com/About-Us/Environmental-Social-Governance (see particularly the “Teradata Corporate Social Responsibility Report” linked to that webpage).

Teradata typically acts as a “data processor” with respect to PII we Use for one of our customers, and our customer typically serves as the “data controller” with respect to that PII. 

Teradata typically acts as a “data controller” with respect to PII that we Use for ourselves, such as with regard to our own employees so we may administer their employment, compensation, benefits and human resources management (“HR data”); with regard to customer contacts held in our various marketing databases and related applications for customer support and to visitors of our online Sites; or with regard to customer contacts collected during support portal registration, access and use. Our service providers who Use PII for us typically serve as downstream “data processors” or “sub-processors” for us.

2.1 "NOTICE" PRINCIPLE 

• Notice of where we operate. We are a global multinational organisation. Our corporate headquarters is located in Rancho Bernardo (San Diego), California. We are incorporated in the State of Delaware in the U.S. We own our Rancho Bernardo complex, while all other facilities are leased. We have more than 6,000 employees worldwide, and as such, our information sources, data subjects, data flows and supply-chain spans the globe.
• Notice of what we do. Teradata is the leading connected multi-cloud data platform provider for enterprise analytics at scale. Our connected multi-cloud data platform, Teradata Vantage, allows customers to integrate and simplify their multi-cloud data and analytic ecosystems, streamline access and management of their data, and use analytics to derive business value from diverse data types. Our Teradata Vantage platform is designed and built to run across on-premises, private cloud and public cloud environments. This platform is supported by business consulting, support services and partner networks that enable customers to extract insights from across a company’s entire data and analytics ecosystem.
• Our consulting services include a broad range of offerings, such as consulting to help organizations establish an analytics vision, to enable an analytical ecosystem architecture, and to ensure value delivery of their analytical infrastructure.
• Teradata’s strategy is based on our differentiated value proposition for the top 10,000 largest organizations in the world, to provide a connected multi-cloud data platform, Teradata Vantage, that supports the needs of enterprises from start to scale. Teradata Vantage is an effective platform for driving business outcomes, with a partnering approach, embracing modern ecosystems and enabling users to build how they want.
• We serve customers around the world in a broad set of industries. Industry segments we serve include communications, ecommerce, financial services, government, gaming, healthcare, insurance, manufacturing, media and entertainment, oil and gas, retail, travel and transportation, and utilities.
• Teradata has a presence on the web that includes www.teradata.com
• Teradata social media links currently include: 
  •  linkedin.com/company/Teradata
  • twitter.com/Teradata
  • facebook.com/Teradata
  • instagram.com/teradata
  • youtube.com/Teradata
• Notice of when we may Use PII.We may Use PII: 
  • in the course of delivering our products and services, both in the cloud and on customer premises;
  • providing technical, maintenance, support, back-up, recovery, diagnostic, consulting, implementation, and other related services both in the cloud and on customer premises;
  • for operating, managing and communicating about our own business, offerings and activities;
  • through solutions we, or our technology providers, host, for the various Sources of PII detailed below;
  • R&D (such as for benchmarking, testing, quality assurance, research, and product/offering strategy, development and integration); or
  • networking sites, such as Peer Advantage, customer or partner education or certification courses, for example via Teradata University/Teradata University for Academics or our Teradata Certified Professional Program, or via our customer education team. 
• Notice of Sources of PII we handle. We Use PII, in either or both electronic/digital form or physical/paper form, regarding a variety of people and entities. These include the following Sources: 
  • “Visitors” - including both those who visit our physical locations and those who choose to visit the websites, web portals, information exchange sites, blogs, wikis, social media sites, domains, downloadable applications, apps, surveys, questionnaires, webinars, events, conferences, network systems, or facilities we host, own or operate, or that are hosted or operated for us, as well as those who communicate with us, including by e-mail or other electronic or digital means, and such as through help-lines, call-centers, telecommunications and the like (with the subset of those who do so through electronic or digital means being referred to as “Online Visitors”);
  • “Employees” - including full and part-time employees, job applicants, temporary and contract employees, former employees, and retirees, and qualifying family members, beneficiaries and insureds, such as those who receive or are eligible for benefits from or through us;
  • “Customers” - including customers and prospective customers, and their representatives;
  • “Partners” - including current and prospective suppliers, vendors, contractors, subcontractors, representatives, distributors, resellers, systems integrators, joint marketers, advertisers, sponsors and services providers;
  • “Customer/Partner Constituents” - including people and entities who are the visitors, employees, customers, partners, constituents or other data subjects of our Customers or Partners, such as those about whom data is stored and processed on our solutions by or for our Customers; and
  • “Others” - including people who are or may be influencers related to our business or technologies, such as analysts, academia, members of the media, investors, members of subject-area communities, industry communities and geographical or jurisdictional communities in which we operate, and those who do not fit into one or more of the preceding categories.

2.2 "CHOICE" PRINCIPLE 

Teradata will not disclose PII to unaffiliated third parties (e.g., parties that are not subsidiaries, service providers, processors, contractors or other partners), unless any of the following are satisfied: (1) such disclosure is provided for in this Privacy Policy and/or under applicable internal privacy policies and the individual has been informed (which includes being informed by the public availability of this Privacy Policy at www.teradata.com/Privacy) about the possibility, scope and nature of such disclosure and has not opted-out of such disclosure (or where affirmative consent is required by applicable law, for example by means of double opt-in, has not provided that consent), (2) an individual requests it or expressly consents to it, or (3) the data is provided to help complete a transaction initiated by the individual.

We also will respect your preferences and choices for how we contact you regarding marketing and promotional communications. We may provide you, for example, with opportunities to subscribe to e-mail distributions or newsletters. If you previously signed-up to receive e-mailed information about our products, services, or special offers, but no longer wish to receive those communications you may opt-out from receiving some or all of those types of communications by following the ‘unsubscribe’ or ‘preferences’ setting instructions appended to the communication or communicating with us through one of the e-mail addresses or mailing addresses set forth in the “Contact Us” section of this document.

There are other circumstances in which we may provide your PII to third parties. For example, we may disclose your PII to a third party: when we, in good faith, believe disclosure is appropriate or necessary to comply with the law or a regulatory requirement or to comply with a subpoena or court order; to prevent or investigate a possible crime, such as identity-theft, hacking, cyber-attacks, phishing-attempts or other cyber-crimes; to enforce a contract; to protect the rights, property, intellectual property or safety of Teradata or a third party; to protect other vital interests; and, to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to a potential buyer or its advisor(s) in connection with any sale or transfer of all or part of our business

2.3 "SECURITY" PRINCIPLE

Teradata will take appropriate measures to ensure that PII is protected from access and disclosure not authorized through application of this Privacy Policy, including by limiting access to such information to Employees, service providers and Partners who have a legitimate business need to know it for a purpose permitted by this Privacy Policy, applicable Supplemental Privacy Terms, or with express consent.

We take reasonable physical, administrative, procedural and technical measures to protect PII under our control from loss, misuse and unauthorized access, disclosure, alteration and destruction. In particular, we employ the following security measures, among others: 

• Security policies. We design, implement and support our IT infrastructure, data center operations, cloud operations, products and services according to documented security policies. At least annually, we assess our policy compliance and make necessary improvements to our policies and practices.
• Employee training and responsibilities. We take steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require Employees to sign confidentiality agreements. We also have assigned to a Chief Security Officer the ultimate responsibility to manage our global information security program.
• Access control. We limit access to PII only to those individuals who have an authorized purpose for accessing that information. We terminate those access privileges and credentials following job changes which no longer require such access and upon employment termination. We also have designated local or organizational data protection officers, stewards or managers for various locations and organizations of Teradata, and otherwise as and where required by applicable law.
• Data encryption. Our policies and procedures require that wherever practicable we use encrypted connections for any electronic transfers of PII. 

Unfortunately, no security measures can be guaranteed to be 100-percent effective. It is important you understand that no site, system or network is completely secure or “hacker proof”, “cyber-attack proof” or “cyber-crime proof.”  It is important for you to guard against unauthorized access to your passwords and the unauthorized use of computers and other electronic/data-access devices you own or control.  You might find the following helpful and instructive: Stay Safe Online  powered by the National Cyber Security Alliance, and its “Stop. Think. Connect.” initiative.

2.4 "ACCESS" PRINCIPLE 

Teradata strives to maintain the accuracy of the PII we hold, and there are mechanisms allowing consumers and Employees to review and correct, and in some circumstances obtain deletion of, PII about themselves. You may review and correct, and (to the extent not limited or prohibited by applicable law in your country) have us delete, your PII – please see “Exercise Your Rights” below. We may ask you to verify your identity, and in some cases, we may limit or deny your request if the law permits or requires us to do so (for example, we may decline to delete data that we are required by law to retain, such as for tax withholdings and payments). We encourage you to promptly update your PII with us if and as it changes. 

2.5 "ACCOUNTABILITY FOR ONWARD TRANSFER" PRINCIPLE 

The EU standard contractual clauses, HIPAA and other countries’ laws, as and when valid and in force, and as may be amended from time to time (see more under Section 4 Cross-Border Data Processing), typically allow transfer of PII to a third party who is acting as a service provider, agent or “data processor” if the ultimate “data controller” takes certain steps to assure privacy and security protections. We may disclose PII to others, for example, in the following circumstances:

• to business Partners and subcontractors who need to access it in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need;
• to service providers who host or facilitate the delivery of technology services, online apps, training, seminars and webinars;
• to e-mail-delivery services and other technology providers;
• to third parties who may assist in the delivery of marketing materials, technical support services, or other products, services or other information;
• with authorized reseller/distributor/marketing Partners or our subsidiaries or branches so they may follow up with you regarding products and/or services;
• Applicant Information and Employee data may be provided to, on a confidential and use-restricted basis, our affiliates, subsidiaries, recruiting advisors and service providers, as well as other third parties such as background-screening organizations for the purposes described in this Privacy Policy and for employment-related activities as set forth elsewhere in this document and as reasonably necessary in connection with an Employee transaction or communication, compensation, benefits, tax and social-benefits reporting and withholding, and other legal, compliance and reporting obligations;
• in connection with the sale or transfer of all or part of our business;
• as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, comply with a judicial proceeding, court order, law-enforcement or government request, or other legal process, or to satisfy requirements to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
• to any other third party, with your affirmative consent.

In these situations, we will take reasonable steps to require the recipient to protect your PII in accordance with relevant applicable principles of all applicable laws or framework, or otherwise take steps to help ensure your PII is appropriately protected.

Where the the Data Privacy Framework applies (see section 4 below), Teradata shall remain liable if a third party, to which Teradata has transferred PII, processes such PII in a manner inconsistent with the the Data Privacy Framework Principles, unless Teradata proves that it is not responsible for the event giving rise to the damage.

Service Providers. In relation to the CPRA, to the limited extent that our service providers collect PII from or about a consumer on our behalf, we direct them that they shall not retain, use, or disclose PII obtained in the course of providing services to us except: i) to process or maintain or collect PII on our behalf and in compliance with the written contract for services and the Supplier or Business Partner Code of Conduct; ii) to retain or employ another service provider as a subcontractor, only where the subcontractor meets the requirements for a service provider under the CPRA; iii) for internal use by the service provider to build or improve the quality of its services, provided that the use does not include building or modifying household or consumer profiles to use in providing services to another business, or correcting or augmenting data acquired from another source; iv) to detect data security incidents, or protect against fraudulent or illegal activity; or for the purposes enumerated in Civil Code section 1798.145, subdivisions (a)(1) through (a)(7). A service provider is directed not to sell or share PII provided by, or collected on behalf of, Teradata. A service provider that receives a request to know or a request to delete from a consumer shall immediately inform Teradata using the contact details in the “Contact Us” section above, and the parties will timely decide whether the service provider will act on behalf of Teradata in responding to the request or whether the service provider will inform the consumer that the request cannot be acted upon because the request has been sent to a service provider.

2.6 "DATA INTEGRITY AND PURPOSE LIMITATION" PRINCIPLE  

Teradata will limit the Use of PII to that which is reasonably needed for valid/legitimate business purposes or to comply with applicable laws. Any such data will be obtained by us only through lawful and fair means.

• When you visit us online, we want you to feel secure that we are respecting your privacy. PII we collect about you when you visit us online is the information you choose to provide by Registering or by providing other feedback or consent to us, subject to this Privacy Policy and any applicable Supplemental Privacy Terms. We do not further distribute PII you provide other than for purposes and with other parties as permitted through this Privacy Policy, through applicable Supplemental Privacy Terms, and when you have granted consent (such as when necessary in connection with a transaction, employment or legal compliance obligations).

2.7 "RECOURSE, ENFORCEMENT AND LIABILITY" PRINCIPLE

Teradata maintains procedures for verifying compliance with the commitments we make in this Privacy Policy. To do this, we complete one or more relevant privacy compliance assessments at least annually, and make improvements based on the results thereof. We also provide the resources identified above in the “Contact Us” section of this Privacy Policy so you may raise privacy-related matters with us, and we provide the “dispute resolution” process noted in the “Cross-Border Data Processing” section of this Privacy Policy so that you have a process and mechanism to enforce compliance with the standards set forth in this Privacy Policy. As also noted above, we are subject to the jurisdiction of, and compliance monitoring and enforcement by, the U.S. Department of Commerce and U.S. Federal Trade Commission and by applicable national Data Protection Authorities with respect to certain PII, such as PII in HR data. Teradata commits to cooperate with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to HR data transferred from the EU and Switzerland in the context of the employment relationship.

2.8 COOKIES AND ONLINE TRACKING    

• We and some third parties we work with may use cookies on some pages of our Sites to help serve you better each time you return. A cookie is a small element of data that a website may send to your browser and is then stored on your system. The different types of cookies we use and why are described below. You may set your web browser to block cookies or warn you before you accept a cookie. Where required by law, we will ask you for your explicit consent to the usage of cookies and will not use them without your consent or for longer than necessary. If you would like to limit the use of cookies to those that are strictly necessary, you may do so by clicking this link and selection "Don't Personalize." If you use your browser settings to block all cookies or choose on first request not to allow cookies, then you may not be able to access all or parts of our Site(s). For more information about cookies, including how to set your internet browser to reject cookies, please go to www.allaboutcookies.org.

Categories of cookies we use include:    

• Strictly necessary (essential) cookies – These are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or help us to choose the right language for you.   
• Analytical/performance cookies – These allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Sites work, for example, by ensuring that users are finding what they are seeking easily.  
• Functionality cookies – These are used to recognize you when you return to our Site. This enables us to personalize our content for you and remember your preferences (e.g., language or country/region).
• Advertising cookies – These are used to allow us to provide more relevant advertisements to you and other visitors to our Site and when you use public search engines.

In addition, our website enables some third-party tracking pixels such as those from Google Analytics and Meta. For Online Visitors visiting from the EEA, tracking pixels are only used when the user gives their consent for the use of non-essential cookies and other tracking technologies first. For other visitors, if you would like to limit the use of these third-party tracking pixels, you may do so by clicking this link and selection "Don't Personalize."

We also collect information on the domains through which Online Visitors visit us. We use that data to track trends in Site traffic and as the basis for making improvements. Except for essential cookies, cookies will be set to expire after one year – unless you consent otherwise. Our advertisers may also use cookies, over which we have no control; if you do not wish to be exposed to advertiser cookies or other advertiser online tracking, do not select the advertiser’s link or content from our Site(s).