Data Privacy Binding Corporate Rules (BCR)
Safeguarding the privacy and security of personal information is a top priority for BMC Software in our data driven-economy. BMC, a global leader in innovative software solutions, has become the world's first enterprise IT management provider to secure EU accreditation for its Data Privacy Binding Corporate Rules (BCRs) as both a Controller and Processor of personal data. BCRs are considered to be the platinum standard for compliance in data privacy and personal data protection worldwide.
The BCR certification has been approved by the European Data Protection agencies. The approval covers both BMC's handling of personal data (Controller) as well as the personal data it handles on behalf of its customers (Processor).
The BMC’s BCR Policy is incorporated into a corporate wide policy, requiring all BMC entities, employees and third party providers to comply with and respect the BCR Policy which is governing the collection, use, access, storage and transfer of personal data among BMC entities and third-party sub-processors worldwide.
The BCR Policy applies to all personal data of past, current and potential employees, customers, resellers, suppliers, service providers and other third parties wherever it is collected and used in conjunction with BMC business activities and the administration of employment.
BMC will apply the BCR Policy universally in all cases where BMC processes personal data, whether the personal data relates to European individuals or not.
How does the BCR Policy apply to BMC and what are the benefits for our Customers?
European data protection law, in particular the General Data Protection Regulation (“GDPR”), prohibits the transfer of EU personal data to countries outside Europe (defined as the EEA (namely the EU Member States plus Norway, Iceland and Liechtenstein), and Switzerland), that do not ensure an adequate level of data protection. Some of the countries in which BMC operates are not regarded by European data protection authorities as providing an adequate level of data protection. Having the BCR in place allows BMC to transfer personal data in accordance with European data protection laws in any country in the world.
Being an alternative to the Privacy Shield and the EU Model Clauses, the BCR allows our Customers to contractually rely on our Processor BCR Policy to transfer their personal data to BMC in a safe manner and in accordance with European data protection laws, in any locations where BMC does business. The BCR requirements are indeed contractually flowed down to our subcontractors, so that Customer’s personal data are covered throughout the chain of subcontractors.
How does the BCR Policy apply to BMC Group of entities?
The BCR Policy describes the standards that BMC group members ("Group Members") must apply when they transfer personal data internationally, whether to other Group Members or to external service providers, and whether Group Members are transferring personal information for their own purposes or when providing services to a third party controller. The content of the BCR Policy is available below (“BCR Policy”) in several languages.
All Group Members have signed the BCR Intra-Group Agreement (“IGA”) and are therefore bound to comply with the BCR Policy. The list of Group Members is available below (“List of BMC Entities part of the BCR Intra-group Agreement”). In addition, a copy of the IGA can be provided upon written request to BMC’s Global Privacy Officer.
If you have any questions regarding the provisions of the BCR Policy, your rights under the BCR Policy or any other data protection issues, you can contact BMC’s Global Privacy Officer at the address below who will either deal with the matter or forward it to the appropriate person or department within BMC. To learn more about the BCR framework, and to view BMC's BCR Certification, please visit the European Commission website.
Global Privacy Office
Phone: +33 (0)1.57.00.63.81
Address: BMC Software France, Cœur Défense - Tour A, 10ème étage, 100
Esplanade du Général de Gaulle, 92931 Paris La Défense Cedex
List of BMC Entities Part of the BCR Intra-group Agreement
- EEA Entities
Jurisdiction NameAustriaBMC Software GmbHBelgiumBMC Software Belgium N.V./S.A.DenmarkBMC Software A/SFinlandBMC Software OYFranceBMC Software France SASGermanyBMC Software GmbHGreeceBMC Software Hellas MEPEIrelandBMC Software Ireland LimitedItalyBMC Software S.r.lNorwayBMC Software ASPolandBMC Software Sales (Poland) Sp.z.o.o.PortugalBMC Software Portugal Soc. Unipessoal LdaSpainBMC Software S.A.SwedenBMC Software ABSwitzerlandBMC Software GmbHThe NetherlandsBMC Software Distribution B.V.United KingdomBMC Software Limited
- Non EEA Entities
Jurisdiction NameArgentinaBMC Software de Argentina S.A.AustraliaBMC Software (Australia) Pty. Ltd.BrazilBMC Software do Brasil Ltda.CanadaBMC Software Canada Inc.ChinaBMC Software (China) LimitedColombiaBMC Software Colombia SASDubaiBMC Software Limited - Dubai BranchHong KongBMC Software (Hong Kong) LimitedIndiaBMC Software India Private LimitedIsraelBMC Software Israel LTDJapanBMC Software K.K. (Japan)KoreaBMC Software Korea, Ltd.MalaysiaBMC Software Asia Sdn BhdMexicoBMC Software de Mexico, S.A. de C.V.MexicoBMC Software Distribution de Mexico, S.A. de C.V.New ZealandBMC Software (New Zealand) Ltd.RussiaBranch of BMC Software LimitedSaudi ArabiaThe Branch of BMC Software LimitedSouth AfricaBMC Software Limited (Incorporated in England) - Branch entityShanghaiBranch Office of BMC Software (China) LimitedSingaporeBMC Software Asia Pacific Pte. Ltd.TaiwanRepresentative Office of BMC Software (Hong Kong) LimitedThailandBMC Software (Thailand) LimitedTurkeyBMC Software Yazilim Hizmetleri Limited SirketiUnited StatesBMC Software Federal, LLCUnited StatesBMC Software, Inc.
- Technical Disclosures
- Data Privacy Binding Corporate Rules (BCR)
- General Data Protection Regulation (GDPR)
- Cookie Notice
- Anti-Piracy/License Non-Compliance
- Country-Specific Disclosures
- Code of Conduct
- Export Compliance
- Ethics HelpLine
- Equal Employment Opportunity Policy