OpenText Privacy Center

OpenText Privacy Statement

As the leader in Enterprise Information Management (EIM), OpenText takes information security and data privacy very seriously. We have long maintained industry best practices to incorporate data protection and privacy in our day-to-day practices, as well as helping our customers implement our solutions and expertise to build strong compliance programs of their own.

At OpenText, we strive to create personalized experiences for those who engage with us and maximize the value for customers at each interaction, at the same time balancing this objective with security, trust and respect.

OpenText has established a comprehensive privacy program to ensure the protection of personal data or personal information (Personal Information). To operate its current privacy program effectively, OpenText uses a privacy framework based on leading standards and regulations, including the General Data Protection regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Act (CPRA) as well as the industry standards, such as AICPA/CICA’s Privacy Maturity Framework, Nymity’s Privacy Framework and National Institute of Standards and Technology (NIST) Privacy Framework.

OpenText’s privacy program is built on an accountability framework and our mission statement is: “To build and maintain a sustainable data privacy & compliance program that incorporates customer rights, ethical use of data, and legal compliance obligations.”

Purpose

This Statement provides a summary of the OpenText Global Privacy Program, our governance, and the activities we undertake to ensure we process Personal Information fairly, lawfully, and securely when acting as a controller and as a processor on behalf of our customers or consumers.

For the purpose of this page, we are using the following General Data Protection Regulation (GDPR) terms to outline our strategy to meet our applicable obligations.

Controller: natural or legal person, public or private, who makes decisions on the processing of Personal Information.
Processor: natural or legal person, appointed by the controller, who performs the processing of personal information on behalf of the controller.
Personal Data and Personally Identifiable Information (PII) ‘Personal Information’ shall have the meaning as defined in the applicable data protection legislation.

Compliance with data protection and privacy laws

At OpenText, we are committed to ensuring compliance with applicable data protection and privacy laws to the extent they apply to OpenText either as a Controller or as a Processor. We recognize the importance of protecting the Personal Information entrusted to us by our customers, partners and website visitors. OpenText practices as detailed below are designed to adhere to the requirements set forth by relevant data protection and privacy laws, such as the General Data Protection regulation (GDPR) and other applicable regional or national legislation. The Privacy function is responsible for tracking and monitoring changes in regulations and law, and for ensuring the privacy program is regularly reviewed and up to date.

Summary of our approach

The pillars of the OpenText privacy program for protecting Personal Information include the following: the protection of data subjects’ rights, privacy by design, the incorporation of privacy terms in contracts, and implementing and maintaining appropriate security measures to protect Personal Information from authorized access, loss or misuse:

Data Subject Rights
OpenText has implemented policies and procedures that allow data subjects to exercise their individual rights easily. Any data subject may request from OpenText access to, correction of, updating of and/or deletion of their Personal Information, or object to the use or sharing of their Personal Information in certain circumstances and exercise other data subject rights in line with applicable data protection law. For details on how to exercise your privacy rights, refer to OpenText Privacy Policy.

Privacy By Design
OpenText builds privacy into every product or service and incorporates safeguards into the design and development of products, services, and systems from the very beginning. Our development and product management teams work closely with the security team and the Privacy function to ensure appropriate expertise is included in the development process. Additionally, Privacy Risk Assessments are carried out on applicable projects, new system acquisitions and process changes.

Contractual commitments
We work with our customer to ensure that the privacy obligations are included in the contractual commitments for our products and services, establishing a regulatory-compliant data handling framework. To learn more about the data processing agreements established by OpenText, we provide as access to both our Customer Data Processing Agreement and Supplier Data Processing Agreement.

Security
OpenText uses industry practice models, such as ISO/IEC 27001 Information Technology Security techniques and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. OpenText incorporates the ISO 27002 information security control set within the context of an information security management system (ISMS) based on ISO/IEC27001. For more details, please refer to Information Governance on the OpenText website. OpenText conducts regular audits such as the Service Organization Controls (“SOC”) reports. To ensure industry standards are continuously observed and reported, cybersecurity compliance attestations are available (as applicable to a service) for ISO 27001, ISO 27017, ISO 27018, SOC 1 Type II, SOC 2 Type II. Third-party audit reports for OpenText products and services may be available depending on the product or service selected.

Data retention
Where OpenText is a Controller, we have developed retention guidelines to provide guidance to our employees around how to manage OpenText’s records according to sound business, operational and legal practices. The purpose of these guidelines is to ensure that necessary OpenText records, documents, and other materials are adequately maintained, and, when no longer needed by OpenText, are securely discarded at the proper time (subject to any applicable legal or organizational retention requirements). Where OpenText is a Processor and has stored Personal Information as part of the services, at the end of the service(s) as required by applicable law upon the Customer’s written instruction, OpenText will return and/or delete the data (unless applicable law states otherwise). In some cases, the retention schedule will be defined in the customer contract in which case, that schedule will be followed.

Privacy Training and Awareness
OpenText has a long-standing practice of mandatory Corporate Information Security, Data Protection and Compliance, and Ethics training courses for all staff. Curriculums are regularly reviewed for new content necessary to raise awareness and educate employees about their obligations around the appropriate use and safeguarding of Personal Information. During the onboarding all new hires must complete these courses. An annual refresher course is mandatory for all staff.

Privacy Policies

OpenText continually reviews relevant internal and external policies to ensure they reflect new privacy requirements and are updating them to be compliant including those relating to Security, IT, Privacy, and HR. Please refer to OpenText Privacy Policy and Cookie Policy on the OpenText website.

Our internal Privacy Policy for our staff provides employees with an overview of what data is being collected on them, how that data is being used, and what their role is in keeping company data secure.

Records of Processing Activities

OpenText maintains records of processing activities (ROPA) for functional areas where OpenText processes Personal Information as a Controller and Processor on behalf of its customers. The ROPA provides an overview of types and categories of Personal Information processed by OpenText or by its (sub)processors, categories of recipients, data transfers, processing location(s), safeguards, et cetera. Processes are in place to ensure the ROPA is kept complete and accurate.

Privacy Impact Assessments

OpenText is fully committed to protecting the Personal Information of its customers, employees, suppliers, and other stakeholders. We take the privacy of Personal Information very seriously and have instituted a variety of methods and controls to ensure we know what data we collect and process, and how that data is protected. As part of this commitment, OpenText ensures that, where appropriate, business activities and projects that involve the use of Personal Information are subject to a data protection impact assessment (also referred to as a “Privacy Impact Assessment”). The purpose of this assessment is to ensure that:

The use of Personal Information is fully understood.
Risks to the rights and freedoms of natural persons resulting from the processing of Personal Information are carefully examined.
Appropriate measures are put in place to mitigate privacy risks throughout the lifecycle of the processing.

Consent Management

OpenText has a consent management process in place which includes collecting consent for any marketing initiatives including webforms, events, third party syndications, for countries where explicit consent is required for B2B marketing. OpenText provides opt-out options in all marketing communications from OpenText as well as including a link to our privacy policy when the entity collects Personal Information.

Cross Border Data Transfers

OpenText is a global company and performs some of its processing activities in countries outside of the EU including Canada, United States, India and Philippines. Where Personal Information is processed outside of a member state of the EEA, the United Kingdom and Switzerland, OpenText has ensured one of the following safeguards is in place: (1) an adequacy decision for the importing country, or (2) EU Model Clauses between the exporters and importers. To learn more about how OpenText operates regarding international transfers of data, customers can refer to OpenText position paper for a deeper understanding of our commitment to protecting Personal Information during cross-border transfers. The OpenText International Data Transfers position paper is available upon request.

Vendor Management

OpenText may share Personal Information with vendors working on our behalf as necessary to provide OpenText products and services. OpenText has a due diligence process when outsourcing services to vendors, which includes, performing a security/privacy risk assessment if Personal Information is shared and establishing the appropriate data protection clauses in the contract. If vendors operate in countries that are not considered to provide an adequate level of data protection as established by the General Data Protection Regulation ((EU) 2016/679) (GDPR), OpenText will implement appropriate measures with the vendor to secure the data transfers are in accordance with applicable data protection regulations.

Governance and responsibility

OpenText data privacy strategy is led by a dedicated global privacy team who reports to the Senior Vice President, Information Security (CISO). The team includes a Data Protection Officer (DPO). The DPO office can be reached at DPO@opentext.com.

Privacy Function
The average experience of Privacy team members in the field of data protection, privacy, and compliance is over 10 years and several members of the team have professional accreditations such as CIPP, CIPM, CISA, CISM or CISSP.

The organization is supported by a network of internal and external subject matter experts.

Registration with Data and Privacy Authorities
Where appropriate we are registered with country-specific data protection and privacy regulators, and the registrations are reviewed and maintained by the OpenText Privacy Function.

Changes to this Privacy Statement

OpenText reserves the right to update this Privacy Statement from time to time without prior consent to incorporate changes in our practices, technologies, privacy commitments, and any other relevant considerations. We recommend that you periodically review this Privacy Statement to stay updated on OpenText practices.

This Privacy Statement was last reviewed September 2023.

Policies & Procedures

OpenText privacy Policies & Procedures describe OpenText data processing practices and define OpenText role and responsibilities regarding the collection, use and disclosure of personal data. For further information, the following are the primary rules and principles that OpenText has implemented:

OpenText Privacy Policy applies to OpenText Corporation and its affiliates, which addresses the personal information that we collect, use and share. This includes personal information collected via our websites and portals (‘Website’), our products, services or personal information collected from you directly, such as in person, via telephone or email, or indirectly through third parties in the course of our business.

The OpenText China Privacy Policy addresses how we process personal information of Chinese Residents.

For more information concerning The OpenText China Privacy Policy, please refer to the following links:

OpenText Candidate Privacy Policy addresses information we may collect in connection with our online and/or offline recruiting.

OpenText Cookies Policy addresses how we use cookies and other similar technologies on our websites and mobile applications.

Privacy Incident Response Process: Open Text is committed to complying with local regulations to ensure incident and breach legislations are adhered to. Open Text has defined a Security Incident Response Process (SIRP) that governs and directs the response to Information Security Incidents. If an Information Security Incident is believed to involve the unauthorized access of personal data/information, the SIRP will invoke the Privacy Incident and Breach Response Process (PIBRP).

OpenText Government Access Request Policy: OpenText maintains a government access policy defining the standard operating procedures for responding to and, where appropriate, challenging public authority access requests.

Data Processing Addendum

To support customers with their global data protection compliance needs, OpenText has established a global data processing agreement (OpenText Global Data Processing Addendum) applicable to customers across all jurisdictions when OpenText processes personal data on behalf and under customers’ written instructions in the context of the services provided.

If it has been agreed at a services level (“Agreement”), the Global Data Processing Addendum will automatically supersede the previous online version of the OpenText Data Processing Addendum, becoming effective from September 1, 2024.

Customers to whom the above does not apply may wish (if applicable) to keep relying on the previous OpenText Data Processing Addendum if it still meets their compliance needs or can contact us to incorporate the Global DPA as appropriate. ‌

If you have questions or need more information, visit the Privacy Center or contact us at DPO@opentext.com.

Previous OpenText DPAs can be found here:

FeaturedFeatured

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery and Legal SolutionseDiscovery and Legal Solutions

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture Intelligent Document ProcessingCapture Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Data Privacy and ProtectionData Privacy and Protection

Threat Detection and ResponseThreat Detection and Response

Identity and Access ManagementIdentity and Access Management

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

Discovery & CMDBDiscovery & CMDB

AIOps and ObservabilityAIOps and Observability

Network ManagementNetwork Management

Cloud Management, FinOps & GreenOpsCloud Management, FinOps & GreenOps

AutomationAutomation

OpenText™ IT Operations Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

PortfolioPortfolio

Data ProtectionData Protection

Endpoint Management and Mobile Security Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data SecurityArchiving, eDiscovery, and Data Security

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Strategy & Advisory ServicesStrategy & Advisory Services

Consulting ServicesConsulting Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Featured

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery and Legal Solutions

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security

Data Privacy and Protection

Threat Detection and Response

Identity and Access Management

Digital Investigations and Forensics

Threat Intelligence

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

IT Operations Cloud

Service Management

Discovery & CMDB

AIOps and Observability

Network Management

Cloud Management, FinOps & GreenOps

Automation

OpenText™ Thrust

OpenText™ Thrust bundle

Portfolio

Data Protection

Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data Security

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Strategy & Advisory Services

Consulting Services

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator