EU U.S. Privacy Shield Framework Compliance

Effective on: October 6, 2017

Introduction and Scope

Compuware Corporation (“Compuware,” “we,” “us,” “our”) takes the protection of personal data very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose personal data we may receive from our customers or business partners in:

  • Our web-based software applications used for customer support, including Compuware FrontLine, located at go.compuware.com, and our internal ticketing application;
  • Our customer relationship management systems, including our Salesforce.com instance; and
  • Our export compliance verification system (collectively, the “Customer Data Systems”).

This Notice does not apply to personal data we collect by other means, such as personal data that we receive from prospective and current employees in the context of an employment or pre-employment relationship.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

With respect to personal data processed in the scope of this Notice, Compuware complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data. Compuware commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

To learn more about the Privacy Shield, and to view Compuware’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.

VeraSafe Privacy Program

Compuware is a member of the VeraSafe Privacy Program, meaning that with respect to personal data (“PII”) processed in the scope of this Notice, VeraSafe has assessed Compuware’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through Compuware’s internal processes, Compuware has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

Categories of PII Processed

Within the scope of this Notice, Compuware processes the following categories of PII:

  • Biographical information, such as first names, last names, and job titles; and
  • Contact information, such as email addresses, phone numbers, and office addresses.

Controllership

In the context of this Notice, Compuware acts as a data controller for the personal data of our customers and sales prospects. With respect to the personal data that may be contained within support tickets and requests (other than the contact information of the individual requesting support) Compuware acts as a data processor.

Basis of Processing

Within the scope of this Notice, where Compuware is a data controller we process PII on the basis of our legitimate interests (such as the desire to respond to sales inquiries, to convert prospects to paying customers, and the need to facilitate a purchase), and on the basis of the necessity to comply with a legal obligation to which Compuware is subject (i.e., to comply with trade or economic sanctions).

Purpose of Processing

We process PII for the purposes of:

  • Enabling your use of our technical support services;
  • Responding to your inquiries and requests, including in the context of sales, and in the context of technical support;
  • Contacting you regarding a purchase;
  • Ensuring that you are not subject to export restrictions, embargoes, or other trade or economic sanctions;
  • Sending you information and updates regarding a purchase;
  • Sending you invoices;
  • Collecting payments from your organization;
  • Sending you email notifications which you have specifically requested;
  • Sending you email messages containing company news, product, or service information; and

Compuware will delete PII within six months after the purposes of processing are satisfied.

Sharing PII with Third Parties

We share PII with our service providers, who process PII on behalf of Compuware. Such third parties include those providing:

  • Customer relationship management software as a service; and
  • Export compliance verification.

When we transfer PII with these third parties, we will require that they maintain at least the same level of confidentiality that we maintain for such PII. Compuware remains liable for the protection of your PII that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Other Disclosure of Your PII

We may disclose your PII (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any PII, about data subjects as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.

Data Integrity & Security

Compuware has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.

Access & Review

If you are a data subject about whom we store PII, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. To submit such requests or raise any other questions, please email us at privacy_concerns@compuware.com.

Changes to this Privacy Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.

Contact Us

If you have any questions about this Notice or our processing of your PII, please write to our Privacy Officer by email at privacy_concerns@compuware.com or by postal mail at:

Compuware Corporation
Attn: Privacy Officer
One Campus Martius
Detroit, MI 48226
USA

Please allow up to four weeks for us to reply.

Binding Arbitration

If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

Regulatory Oversight

Compuware is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.