4 Cross-Border Data Processing
Our privacy practices are designed to help to protect your PII all over the world. We take a multidimensional approach to PDP compliance by at least one of several different legally-recognized mechanisms, even if one of those mechanisms becomes invalid, expired or inapplicable. As a multi-national group of companies, Teradata’s applicable US entities (namely Teradata Corporation, Teradata Operations Inc., Teradata US Inc., Teradata International, Inc. and Teradata Government Systems LLC) have certified to the Department of Commerce that they adhere to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework with regard to PII collected from or about residents or citizens of the European Economic Area (“EEA”), European Union (“EU”) or Switzerland and, following the withdrawal of the United Kingdom (“UK”) from the EU, will do so with regard to residents or citizens of the UK (or as may otherwise be required by UK law). Privacy Shield principles include: Notice; Choice; Security; Access; Accountability for Onward Transfer; Data Integrity and Purpose Limitation; and, Recourse, Enforcement and Liability. You can read how we address those principles above in “Our Principles: Respecting your Privacy and Security”.
Privacy Shield-Related Dispute Resolution. Teradata has committed to refer all unresolved Privacy Shield-related PDP complaints/disputes from EU, EEA or Swiss citizens or residents regarding their PII transferred to or for Teradata in the U.S. to an independent dispute resolution services provider and dispute resolution mechanism, and will do the same regarding UK citizens/residents after the UK leaves the EU (or as may otherwise be required by UK law). The provider for such PII-related complaints/disputes is the International Center for Dispute Resolution (“ICDR”), international division of the American Arbitration Association (“AAA”), and the dispute resolution mechanism is the ICDR/AAA International Arbitration Rules, based on documents only and as modified by applicable ICDR/AAA EU-U.S. Privacy Shield Procedures or applicable Swiss-U.S. Privacy Shield Administrative Procedures, and as such may be applied to the UK after it leaves the EU.
Consistent with the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, if you are subject to such a framework you may initiate and proceed with this dispute resolution mechanism without any filing fees or dispute-resolution-provider administrative costs being borne by you (i.e., Teradata will be responsible for all filing fees and dispute-resolution-provider administrative fees for such dispute resolution mechanism), and there is the possibility, under certain conditions, for you to invoke binding arbitration. If Teradata does not timely acknowledge or satisfactorily address your PII-related privacy complaint/dispute/problem within 45 days after our receipt of your notice, you may contact the ICDR/AAA and initiate that independent dispute resolution process.
For online access to information about the ICDR/AAA EU-U.S. Privacy Shield or U.S.-Swiss Privacy Shield programs or to initiate a complaint under the ICDR/AAA EU-U.S. Privacy Shield or U.S.-Swiss Privacy Shield Programs, please visit https://go.adr.org/privacyshield.html. For citizens and residents with unresolved privacy complaints/disputes in countries that are not subject to the EU-U.S. Privacy Shield Framework or U.S.-Swiss Privacy Shield Framework, or to the extent your home country does not recognize the above-described dispute resolution provider or dispute resolution process as valid, complaints/disputes may be referred to the AAA and resolved in accordance with the AAA’s Commercial Arbitration Rules (see https://www.adr.org), the U.S. Federal Trade Commission, U.S. Department of Commerce, or a data protection authority (“DPA”), court or other forum of competent jurisdiction over the applicable Teradata entity and the data subject. Irrespective of the foregoing, all complaints and disputes regarding HR data that includes employee PII is subject to jurisdiction of the applicable DPA for the country/location of the relevant Teradata employee (including applicants and former employees and their families and beneficiaries regarding whom PII is disclosed to or obtained by Teradata).
For more information about the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework, or to access information regarding the status of Teradata’s Privacy Shield certification registrations, please go to https://www.privacyshield.gov.
Teradata also takes measures to comply with EEA/EU/Swiss and other countries’ cross-border data transfer laws that pertain to PII by having in place express consents and written intra-group data transfer agreements among various Teradata subsidiaries and entities around the world (“Data Transfer Agreements” or “DTAs”). The intra-group DTAs incorporate EEA/EU/Swiss-approved “Standard Contractual Clauses” (also referred to as “Model Clauses”). We also comply with EEA/EU/Swiss data transfer laws regarding PII with respect to other countries that have been recognized by them as having adequate protections for PII (e.g., Israel, Argentina, Canada and New Zealand) by complying with and/or being subject to the jurisdiction of the applicable laws and regulations of those countries for PII that is transferred to those countries. We review and update the intra-group DTAs as our business evolves. Teradata’s multidimensional approach to PDP compliance with respect to EEA/EU/Swiss data transfer laws and regulations enables us to comply with EEA/EU/Swiss data transfer laws and regulations by at least one of several different legally-recognized mechanisms, even if one of those mechanisms becomes invalid, expired or inapplicable. After the United Kingdom leaves the European Union, PII transferred from the UK to the EEA and from the EEA to the UK will be processed in accordance with the DTAs or as may otherwise be required by UK law).