Cross-border data transfer

Teradata’s Privacy practices are designed to help protect Personal Data all over the world. At times, Personal Data may be transferred to service providers or systems in countries whose laws may not offer a level of data protection equivalent to that in your country. Where such cross-border transfers occur, we take reasonable steps to require the recipient to protect Personal Data in accordance with applicable Privacy laws and our Privacy standards.

We take a multi-dimensional approach to Privacy compliance by implementing at least one of several different legally recognized mechanisms for all cross-border data transfers. This includes mechanisms to permit the export of Personal Data from the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, among other countries.

Adequacy

Teradata may share Personal Data with its affiliates, subsidiaries, and third-party partners located in countries that have been deemed to ensure an adequate level of data protection. When we send or receive Personal Data to or from such “adequate” countries, we rely on these adequacy decisions as the basis for the cross-border transfer of Personal Data.

Data Privacy Frameworks

Teradata’s U.S. entities (Teradata Corporation, Teradata Operations, Inc., Teradata US, Inc., Teradata International, Inc., and Teradata Government Systems LLC) comply with and have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”). These frameworks are the cross-border data transfer mechanisms on which we rely when the Personal Data of individuals residing in the EU, EEA, UK, or Switzerland is transferred to Teradata in the United States.

Where we transfer Personal Data to a third party located in the United States that also certifies to these frameworks, we rely on these frameworks as the basis for those transfers as well.

If there is any conflict between this Privacy Statement and the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, or the Swiss-U.S. DPF Principles, the applicable DPF Principles will govern. To learn more about the Data Privacy Framework program and to view our participation status, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Teradata commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”), the UK DPAs, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning its handling of human resources data received in reliance on the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Teradata has committed to refer all unresolved DPF-related Privacy complaints/disputes from EU, EEA, UK, or Swiss citizens or residents to an independent dispute resolution services provider and dispute resolution mechanism. If you have a complaint, dispute, or problem related to the Data Privacy Framework that Teradata does not timely acknowledge or satisfactorily address within 45 days of receiving notice from you, you may initiate the independent dispute resolution process described in the Complaints section of this Privacy Statement.

Data Transfer Agreements and the Standard Contractual Clauses

Where Teradata sends or receives Personal Data to or from countries that do not have an adequacy decision, and we are unable to rely on an applicable Data Privacy Framework, we enter into government-approved data transfer agreements as the basis for the cross-border transfer of Personal Data. These data transfer agreements include the European Commission’s Standard Contractual Clauses (“EU SCCs”) and the UK Addendum to the EU SCCs (“UK Addendum”).

Where necessary, Teradata will take appropriate supplementary measures to ensure an essentially equivalent level of data protection to that guaranteed in the EEA, in accordance with European Data Protection Board ("EDPB") recommendations.

Transfers Within the Teradata Group of Companies

Teradata has executed written intra-group data protection agreements among various Teradata subsidiaries and entities around the world that incorporate the necessary government-approved data transfer agreements, including the EU SCCs and UK Addendum, to permit the cross-border transfer of Personal Data within the Teradata group of companies. We review and update these intra-group data protection agreements as our business and the requirements of applicable Privacy laws evolve.