For more information about the Safe Harbor Principles or to access SunGard’s certification statement, please visit the US Department of Commerce’s website at: http://www.export.gov/safeharbor/.
“Personal Information” means any information that (i) is transferred from the EEA or Switzerland to the United States (ii) is recorded in any form (iii) relates to an individual and (iv) identifies or can be used to identify the individual
“Sensitive Personal Information” means Personal Information that relates to race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, criminal offenses or that concerns an individual’s health.
What Personal Information SunGard Collects
SunGard may collect Personal Information in the limited circumstances mentioned below:
SunGard Customers purchasing services such as Recovery Services, Managed Services and Business Continuity Software Solutions and Consulting Services (“Services”) may transmit Personal Information to SunGard that SunGard may use to provide such Services and support related to such Services. The Personal Information SunGard collects includes the name, business and mobile telephone numbers and business email address of a customer’s employees, and potentially its vendors, agents and/or end-users.
This Personal Information will be stored within the Customer interface service management software used in connection with the SunGard's Customer Service Portals.
In addition, to the extent SunGard uses its own SunGard’s Business Continuity Management Software Solutions for business continuity planning and related notification purposes, some of the personal data SunGard collects will relate to its own employees. SunGard may upload this information into its Business Continuity Management Software Solutions hosted within SunGard’s technology infrastructure. The Personal Information SunGard collects from its employees includes name, business and mobile telephone numbers and business email address.
The collection of Personal Information as described above is covered by SunGard’s Safe Harbor certification statement.
In providing Services or support related to the Services, SunGard may process Personal Information owned and/or controlled by Customers. SunGard will process this Personal Information on behalf of its Customers consistent with the Customer’s instructions and the applicable Safe Harbor Principles.
SunGard’s compliance with the 7 Safe Harbor Principles
When SunGard collects Personal Information from individuals, it will give timely and appropriate notice to such individuals describing what Personal Information it is collecting, how it will use it, and the type of third-parties with whom SunGard may share it. SunGard will also provide information on how individuals whose Personal Information is collected can contact SunGard with any questions or complaints.
For SunGard’s Software Solutions customers, this information is found within SunGard’s help-desk support application. For SunGard’s Managed and Recovery Services customers, this information is found in the Customer Services Portals. To the extent individuals have access to these applications, they can edit, change or delete Personal Information within these applications at any time.
To the extent SunGard collects Personal Information of its employees when it uses its own Services, direct notification will occur through internal communication processes at the time of collection.
SunGard shall not use Personal Information for any purpose incompatible with the original purpose for which it was collected. When feasible and appropriate, SunGard will offer individuals an opportunity to choose (opt out) before their Personal Information will be disclosed to a third party or used for a purpose other than for which it was originally collected or subsequently authorized by the individual. SunGard does not collect Sensitive Personal Information from its customers.
For SunGard’s Software Solutions, this choice will be given within the help desk support application. For SunGard’s Managed and Recovery Services customers, this choice is given in the Managed and Recovery Services Customer Portals.
To the extent SunGard collects Personal Information from its employees, agents and/or vendors when it uses its own Services, this choice will be given to the SunGard employee through internal communication processes.
SunGard is a global organization and we may transfer the Personal Information we collect within SunGard’s global operations in order to implement and deliver the Services and to provide support related to these Services. SunGard may also transfer the Personal Information we collect with third parties we engage to process Personal Information on our behalf, such as IT service delivery partners, IT Outsourcers and Channel Partners.
Prior to disclosing Personal Information to a third party, SunGard shall obtain reasonable assurances from the third party that it will safeguard the Personal Information consistent with the applicable Principles and this Policy. When SunGard has knowledge that a third party is processing Personal Information covered by this Policy in a way that is contrary to the provisions set forth herein, it will take reasonable steps to prevent or stop such processing.
Please be advised that we may share Personal Information pursuant to applicable law or as necessary to defend the legal rights of SunGard, business partners or others when there are reasonable grounds to believe that such rights could be affected.
SunGard maintains reasonable physical, electronic and managerial procedures to safeguard and secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.
To the extent SunGard collects Personal Information as set forth herein, it shall take reasonable measures to ensure the accuracy of the Personal Information transmitted to SunGard. SunGard shall also take reasonable measures to ensure that the Personal Information is reliable, current and complete for the intended use for which it was collected.
SunGard provides reasonable access to an individual’s Personal Information to correct, amend or delete its Personal Information. For SunGard’s Software Solutions customers, access to Personal information is provided within the Help Desk Support Application. For SunGard’s Managed and Recovery Services customers, such access is provided within the Customer Services Portals. Individuals can change or delete Personal Information through this Application or these Portals at any time. Individuals can also direct inquiries about Personal Information supplied by contacting the Service Desk at 1-800-441-1181.
SunGard uses a self-assessment approach to ensure compliance with this Policy and periodically verifies that the Policy is accurate and in conformity with the Safe Harbor Principles. SunGard encourages interested persons to raise any concerns or complaints using the contact information provided below. SunGard will investigate and attempt to resolve any concerns about this Policy and/or SunGard’s use of Personal Information as described herein.
If a complaint or dispute cannot be resolved through our internal processes, SunGard agrees to cooperate with the Data Protection Authorities (DPAs) of the EEA countries or Switzerland in the investigation and resolution of complaints.
Inquiries or complaints about SunGard’s use of Personal Information should be directed to:
Attn: Legal Department
680 East Swedesford Road
Wayne, PA 19087
By contacting SunGard at 1-800-468-7483 or InformationSecurity-AS@sungard.com to report a complaint.
1 EEA stands for European Economic Area. Created in 1994, the EEA combines the countries of the European Union and member countries of EFTA (European Trade Association). Countries that belong to the EEA are: Austria, Belgium, Bulgaria, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom.