Data Privacy Binding Corporate Rules (BCR)

Safeguarding the privacy and security of personal information is a top priority for BMC Software in our data-driven economy. BMC, a global leader in innovative software solutions, has adopted Binding Corporate (“BCRs”) approved both by European Union and United Kingdom supervisory authorities.

BCRs are considered to be the platinum standard for privacy and personal data protection compliance worldwide.

EU and UK data protection laws restrict personal data transfers to third countries not recognized as ensuring an adequate level of data protection, unless legal instruments are adopted to provide for appropriate safeguards when data is transferred internationally.

Some of the countries where BMC operates and serve its Customers are not regarded as providing such adequate level of data protection. Having BCRs in place allows BMC to transfer personal data to any country where BMC operates and serve its Customers, in compliance with EU and UK data protection laws.

Being an alternative to EU Model Clauses and the UK international data transfer agreement (IDTA), BCRs allow our Customers to contractually rely on our BCR Processor policies to transfer their personal data to BMC in a safe manner and in accordance with EU and UK data protection laws. BCR requirements are contractually flowed down to BMC’s sub-processors, so that Customer’s personal data remain covered throughout the chain of sub-processing.

BMC’s BCR Policies are incorporated into a corporate-wide policy, requiring all BMC entities, employees and third party providers to comply with and respect BCR Policies governing the collection, use, access, storage and transfer of personal data among BMC entities and third-party sub-processors worldwide.

All BMC Group Members have signed BCR Intra-Group Agreements (“IGAs”) and are therefore bound to comply with the BCR Policies. The list of Group Members is available below (“List of BMC BCR Group Members”). In addition, a copy of the IGA can be provided upon written request to BMC’s Privacy Office.

BCR Policies apply to all personal data of past, current and potential employees, customers, resellers, suppliers, service providers and other third parties wherever it is collected and used in conjunction with BMC business activities and the administration of employment.

BMC applies BCR Policies universally in all cases where BMC processes personal data, whether the personal data relates to European Union or UK individuals or not.

BMC’s EU BCRs have been approved by European Union supervisory authorities in July 2015, making BMC the world's first enterprise IT management provider to secure EU accreditation for its EU Data Privacy Binding Corporate Rules (“EU BCRs”) both as a Controller and Processor of personal data.

9 years after receiving the EU approval, BMC’s UK BCR were approved by the Information Commissioner’s Office (ICO) in February 2024. BMC is first in its industry to hold both EU and UK BCRs, both as a Controller and Processor of personal data.

If you have any questions regarding BCR Policies, your rights under BCR Policies or any other data protection issues, you can contact BMC’s Privacy Office using the details below. The Privacy Office will deal with the matter and, if necessary, involve appropriate persons or departments within BMC. To learn more about the BCR framework and check BMC's BCRs approval, please visit the European Commission or the ICO’s websites.

Phone: +33 (0)1.57.00.63.81

Email: [email protected]

Address: BMC Software, Cœur Défense, 100, Esplanade du Général de Gaulle, 92931, Paris La Défense Cedex