EU – US Data Privacy Framework (EU-US DPF), and Swiss-US Data Privacy Framework (Swiss-US DPF) Notice
Pegasystems (“Pega”, “we”, “our”, or “us”) complies with the EU-U.S. Data Privacy Framework, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.
Pega will certify to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU- U.S. DPF . Pega will certify to the U.S. Department of Commerce that it adheres to
We have certified in 2023 to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to such information. Based on this certification, the Department of Commerce has added Pega to the Data Privacy Framework list at : https://www.dataprivacyframework.gov . Pega will certify to its adherence to the EU- US DPF Principles upon recertification due in 2024. If there is any conflict between the terms in our Privacy Notice available here: https://www.pega.com/privacy, this notice and the EU-US DPF Principles, and the Swiss-US DPF Principles, the latter (each to the extent applicable) shall govern.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. Individuals in the European
contact [email protected]. We will respond to your inquiry promptly. We have further committed to cooperate with EU, and Swiss data protection authorities (DPAs) with regard to unresolved EU-US DPF, or Swiss DPF complaints concerning data transferred from the European Union, and/or Switzerland, as applicable. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU, or the Swiss DPAs for more information or to file a complaint. The services of EU, and Swiss DPAs are provided at no cost to you.
If we transfer personal information received under the EU-US DPF, or the Swiss-US DPF to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with our EU-US DPF, or Swiss-DPF obligations, and we will remain liable under the EU-US DPF, or the Swiss-US DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. Our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, an individual can invoke binding arbitration. We will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.