US - EU Safe Harbor Policy
Approved: 27 December 2013
Pegasystems Inc. (“Pegasystems”) recognizes and acknowledges current data protection laws in the European Union (“EU”) and Switzerland, and has adopted this Safe Harbor Policy (“Policy”) governing certain personal data transferred from the EU and Switzerland to Pegasystems’ operations in the United States (“U.S.”). This Policy describes the standards under which Pegasystems will treat such personal data.
Pegasystems complies with the U.S.-EU Safe Harbor Framework and the U.S.-Switzerland Safe Harbor Framework administered by the U.S. Department of Commerce, and Pegasystems self-certifies, on an annual basis, to the U.S. Department of Commerce its adherence to the Safe Harbor Privacy Principles, with respect to personal data covered by this Policy. For more information about the Safe Harbor Privacy Principles, please visit the U.S. Department of Commerce’s website at http://www.export.gov/safeharbor/.
Scope & Responsibility
This Policy applies to the collection, use, retention, and disclosure in the U.S. of personal data of Pegasystems’ customers and business partners, as well as personal data that Pegasystems’ customers store on the Pega Cloud, to the extent that such personal data is transferred from countries in the EU or Switzerland to Pegasystems in the U.S. All employees of Pegasystems that have access to personal data covered by this Policy in the U.S. are responsible for following this Policy and for obtaining appropriate assurances from third parties in accordance with applicable laws.
If there is any conflict between the terms of this Policy and applicable law, the Policy may be limited to the extent required to meet legal, governmental, or national security obligations.
Safe Harbor Privacy Principles
Pegasystems follows the U.S. Department of Commerce’s Safe Harbor Privacy Principles of notice, choice, onward transfer, access, security, data integrity, and enforcement with respect to information transferred from the EU or Switzerland to the U.S. within the scope of its Safe Harbor certification.
Notice and Choice -- If and when Pegasystems collects personal data directly from individuals in the EU or Switzerland, Pegasystems will provide notice to them about the types of personal data it collects from them, the purposes for which Pegasystems collects and uses it, and the types of third parties to which Pegasystems discloses that information. Pegasystems will also provide notice to those individuals about the choices and means, if any, which Pegasystems offers to, limit the use or disclosure of their information. Where, on the other hand, Pegasystems processes personal data for a customer, Pegasystems instead may rely on the customer to comply with the legal requirements underlying the Safe Harbor Privacy Principles.
Pegasystems may provide notice and choice through this Policy or other means.
Specifically, Pegasystems may collect and use personal data covered by this Policy for, among other things:
- Providing services to our customers;
- Collecting and storing our customers’ data in compliance with our contractual and legal obligations;
- Providing training and support services to our customers’ employees;
- Complying with our legal obligations, policies, and procedures; and
- Performing other legal and business activities.
Pegasystems may share personal data covered by this Policy with vendors, suppliers, contractors, and other third parties it engages to assist with the provision of its services and/or performance of its legal and business activities.
Onward Transfer (transfers to third parties) – Pegasystems will only transfer or provide direct access to personal data covered by this policy to third party agents that (a) are located in a jurisdiction subject to the EU Data Protection Directive or with privacy laws considered to be adequate by the European Commission, (b) subscribe to the Safe Harbor Privacy Principles, or (c) have given Pegasystems reasonable assurances that the third party will process the personal data consistent with this Policy and the Safe Harbor Privacy Principles.
Access -- Individuals have the right, within reason, to request access to, correct, amend, or delete personal data about them that is covered by this Policy if they can demonstrate that it is inaccurate or incomplete.
Security -- Pegasystems takes reasonable precautions to protect personal data covered by this Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Data Integrity – Pegasystems will only use personal data covered by this Policy in a way that is compatible with and relevant for the purposes for which it was collected or subsequently authorized. Pegasystems will take reasonable steps to ensure that such personal data is accurate, complete, current and reliable for its intended use.
Enforcement – Pegasystems uses a self-assessment approach to verify compliance with this Policy and periodically confirm that the Policy is accurate and in conformity with the Safe Harbor Principles.
Any questions or complaints regarding this Policy or the collection, use, disclosure, or transfer of personal data covered by this Policy should be directed initially to the Chief Compliance Officer at firstname.lastname@example.org or at Pegasystems, One Rogers Street, Cambridge, MA 02142 USA .
In the event any question or complaint cannot be resolved by Pegasystems, an individual may contact TRUSTe by Internet here, fax to 415-520-3420, or mail to TRUSTe Safe Harbor Compliance Dept., click for mailing address If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, click here or request this information from TRUSTe at any of the addresses listed above.
Pegasystems will review and attempt to resolve complaints in accordance with the Safe Harbor Privacy Principles, and agrees to cooperate with TRUSTe for the purpose of handling any unresolved questions or complaints regarding this Policy.
Last Updated: 27 December 2013