About us

Privacy Policy

Introduction

Open Text Corporation (collectively with its affiliates hereinafter referred to as ‘OpenText’, ‘we’, ‘us’, ‘our’) supports the right to privacy and understands the importance of protecting personal information and complying with applicable data protection laws. OpenText’s Global Data Privacy Department is dedicated to assisting with questions regarding this privacy policy (‘policy’) and the processing of your personal information, and as part of such activities has developed this policy. This policy applies to our subsidiaries to the extent they have access to your personal information. A current listing of our subsidiaries is available in our Annual Report.

This policy provides information on the collection, use, and sharing of your personal data or information (personal information) when OpenText acts as a data controller (meaning where OpenText controls how and why your personal Information is processed), unless otherwise provided in a separate agreement or mandated by any applicable law.

This policy applies to the personal information collected from you directly when you visit our websites and portals (‘Website’); you communicate with us, including but not limited to emails, phone calls, texts, or faxes; you use our products, services, and applications; you engage in commercial transactions with us; and register for or participate in our webinars, events, programs, marketing, and promotional activities or indirectly through third parties, including our partners, in the course of our business.

Where we provide links to websites of other organizations, this policy does not cover how that organization processes personal information. We encourage you to read the privacy policies on the other websites you visit. Unless otherwise provided in a separate agreement, this policy does not apply to the extent we process your personal information in the role of a processor or service provider on behalf of our customers (meaning where OpenText acts on your instructions regarding how and why your personal information is processed).

For details on how to contact us, see the Contact Information section below.

Table of Contents

What personal information we collect and why we use it

The personal information we process about you and how we collect it is determined by the OpenText product(s) and/or service(s) you use, how you interacted with OpenText, and the personal information we have obtained from a third party with permission to share such information with us.

Refer to Table 1 below for more details on the categories of personal information collected and purposes we process it for. More detailed examples for each purpose are described in Table 2 below.

Table 1 - Purposes of processing personal information

Categories of information collected Purposes of processing
(for additional detail, please refer to Table 2 below)
Contact and account registration information
For example: Name, address, email, telephone number, username and password, country, and language (collectively “Account Information”)
  • Communicating with you
  • Providing services
  • Personalizing your experience
  • Protecting our services and users
  • User authentication and other legal purposes
Financial and transactional information
For example: Credit card, debit card, banking or other payment information
  • Providing services
  • Processing payments
  • Authentication and other legal purposes
Device information and identifiers
For example: The configuration of any device registered for use in connection with the products and services; also IP address, browser type and language, operating system, platform type, device type, software and hardware attributes, and unique device and application identifier
  • Providing services
  • Controlling access to our services and users
  • Personalizing your experience
  • User authentication and other legal purposes
Connection and usage data
For example: Information about files you download, domain names, landing pages, usage activity, content viewed and accessed, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, whether you open an email and your interaction with email content, access times, error logs, URL accessed, and other similar information
  • Providing services
  • Personalizing your experience
  • Controlling access to our services and users
  • User authentication and other legal purposes
Other information
For example: Any other information you choose to provide to us directly or indirectly in connection with your use of the products and services or Websites
  • Communicating with you
  • Providing services
  • Personalizing your experience
  • Controlling access to our services and users
  • User authentication and other legal purposes

Table 2 – Examples of processing activities

Purpose Examples
Communicating with you
  • Account set up and administration
  • Responding to your requests for information and providing you with more effective and efficient customer service and technical support
  • Monitoring communications for quality and training purposes
  • Providing you with transactional updates and information about products and services (e.g., updates to our products and services, information about your account, or information about transactions that you conduct on products and services)
  • In accordance with applicable legal requirements, contacting you by email, postal mail, phone, or other means for marketing purposes
  • Gathering feedback and opinions about our provided services (e.g., surveys)
  • When you download position papers or white papers
  • Event registration and participation
  • Notification to users of changes to our products and services
  • Communicating with you about our events, surveys, contests, sweepstakes, and other promotions
  • Allowing you to participate in discussion boards or other social media functions on the Website
Providing services
  • Processing and fulfilling your requests using products and services
  • Meeting our contractual commitments to you
  • Engaging in analysis, research, and reports to better understand how you use the products and services, so we can improve them
  • Backing up, restoring, and archiving data
  • Understanding and resolving reported problems with services or products
  • Recordkeeping and billing
Personalizing your experience
  • Customizing the user experience and showing customized content
  • Internal research and development to enhance our products, services, and user experience
  • Improving our Website to ensure content is presented in an appropriate manner for you and your computer, as well as improve product and service offerings
  • Administering our Website for internal operations, including but not limited to troubleshooting, data analysis, testing, research, statistical, and survey purposes
  • Measuring or understanding the effectiveness of our advertising to you, and delivering or allowing our service providers to deliver relevant advertising to you, including interest-based advertising (otherwise known as “online behavioral advertising”)
Protecting our services and users
  • Monitoring, preventing, and detecting fraud, such as through verifying your identity
  • Controlling access to our services and users
  • Combating spam, malware, or security risks
  • Monitoring, enforcing, and improving the security of our services
Defending our legal rights and compliance with the law
  • Complying with any applicable procedures, laws, and regulations
  • Establishing, exercising, or defending our legal rights (e.g., to enforce compliance with our Terms of Use, Privacy Policies, or to protect our services, users, or others)
  • Fulfilment of obligations outlined in any agreements

Choice/opting out of marketing: OpenText offers you the choice of receiving different types of communications and information related to our products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism in all our marketing communications or you may contact us directly.

Note that if you opt out of marketing, you may still receive service-related and market research messages from us (and you may still receive marketing messages for a short period after opting out while we update our records).

Choice/opting out of digital advertising: For details on how to manage advertising, visit Digital Advertising Alliance Consumer Choice. For your mobile device, you can review your device settings: Android devices allow you to opt out using “Opt-out of Ads Personalization” and Apple devices allow apps to include interest-based advertising only if you opt in using the app’s pop-up notice.

How we collect your personal information

We collect personal information through various means, for example, via our Website(s), order forms, and through provision of products or services, from third-party service providers, customer support activities, and at meetings, exhibitions, and events (both physical or digital). Your employer, as a customer or partner of OpenText, may provide your contact information as required to provide OpenText products or services. We also collect personal information where you or your employer is a customer of a business we may acquire. We may also collect information about you on CCTV and log books when you visit our premises or on other security cameras as part of our security and crime prevention measures.

The Website(s) may also collect information about your visits to the Website without you actively submitting such information through cookie technology.

Cookies and tracking technologies: OpenText uses cookies to collect information about the use of its Website(s), either directly or through third-party tracking providers. For more information refer to our Cookie Policy.

Do Not Track (DNT): Your browser setting may allow you to automatically transmit a "Do Not Track" (DNT) signal to websites and online services that you visit. There is no consensus among industry participants as to what DNT means in this context, and some browsers automatically apply DNT signals by default and therefore do not necessarily reflect our visitors' choice as to whether they wish to receive advertisements tailored to their interests. As a result, like many websites, our Website does not respond to a DNT signal from a visitor's browser. However, you may elect not to accept cookies by changing the designated settings on your web browser or opting out of the OpenText cookies. Please note that if you do not accept certain cookies, you may not be able to use all functions and features of our Website(s). Consent for use of cookies varies depending on the jurisdiction. For more information visit OpenText’s Cookie Policy and options on how to manage your cookies preferences. For more information visit OpenText’s Cookie Policy and options on how to manage your cookies preferences.

Personal information collected from third parties: OpenText obtains personal information from third parties. For example, OpenText may collect and receive personal information about you from companies that distribute OpenText products by way of co-branded or private-labeled websites. Companies with which OpenText partners to market, resell, and distribute its products and services, which may include the payment gateways we work with, also may supply us with personal information in order to help us fulfil orders and provide services. We may also collect your personal information from public sources or from data brokers (for example, LinkedIn, ZoomInfo, Dun & Bradstreet) to the extent the local regulations allow.

API Services: For certain limited services provided by OpenText, we use third-party API Services such as the YouTube API or Google API. Such third-party API services used in OpenText products only captures data you designate OpenText to access on third-party platforms. Such data may include your content stored on third-party sites, associated meta data, and account information related to those third-party sites. Data collected by OpenText using third-party API services may be used to archive content and certain associated meta data uploaded to those third-party sites by you. Additionally, such data may be used by OpenText as part of an authentication and authorization framework to access your data on third-party sites. Third-party email, social media, and other communication services are not offered, controlled, or provided by OpenText. OpenText is not responsible for how a third party transmits, accesses, processes, stores, uses, or provides data to OpenText. In addition, such third-party services are subject to the terms and conditions and privacy policies applicable to those services. We do not use any personal data processed by Google APIs for the purposes of developing, improving or train generalized / non-personalized AI and / or ML models. Depending on the service you are using, the Google privacy policy and/or the YouTube terms of service may apply.

In certain circumstances, if you do not provide us with personal information we need, we may not be able to provide certain products or services or comply with our legal obligations. The legal basis for collecting and using the personal information described above will depend on the personal information concerned, applicable privacy laws, and specific context in which we collect it, such as:

  • With consent where required by law.
  • Where the processing is necessary for the performance of a contract or a commitment under which you and/or we have made an undertaking.
  • Where necessary to comply with law.
  • Where the processing is necessary for the purposes of our legitimate interests, taking into account individual interests. Please refer to Table 1 for a list of legitimate interests.

How we share your personal information

OpenText may share your personal information with its affiliates, business partners (including those who resell or distribute our products and services), service providers (including website, software, infrastructure and application providers), payment gateways, customer service, event/campaign management, cloud hosting providers, credit reference agencies, debt agencies, professional advisers, marketing agencies (including event or promotion partners or sponsors), third-party networks and websites, database providers, backup and disaster recovery specialists, analytics and email providers, and agents working on our behalf.

We may be required to share personal information with a third party or body where such disclosure is required to satisfy applicable law or other legal or regulatory requirement, or to protect the rights or property of OpenText or others. This can include in response to lawful requests from a competent authority or body and to meet national security or law enforcement requirements.

If all or any part of our business is re-organized or sold to or there is a joint venture with another organization, we may need to provide your information to that organization. We may also be the recipient of personal information when we acquire another organization or a part of their business or enter into a joint venture with them.

Where third parties are performing processing on our behalf, OpenText will require these organizations to adopt adequate technical and organizational security measures to protect personal information and to ensure the processing of personal information is only performed as instructed by OpenText and for no other purposes.

Personal information may be processed outside the country of your residence by our affiliates, partners, or service providers, and agents working on our behalf. The transfer to other countries by OpenText and its affiliates shall be in accordance with applicable data protection legislation, which may include an adequacy decision or appropriate safeguards. Appropriate safeguards may include: OpenText and third parties entering into the Model Clauses approved by the relevant authorities (i.e., European Commission, Information Commissioner’s Office, Federal Data Protection, and Information Commissioner, etc.) or relying on any approved alternative mechanism.

Data Privacy Framework: EU-US, and UK Extension and Swiss-US: Open Text Inc. and its entities and subsidiaries that are, or may become the participants to the Data Privacy Framework (collectively hereinafter referred to as “OpenText US”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (together the "Data Privacy Framework") as set forth by the U.S. Department of Commerce. OpenText US has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenText US has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. These principles include Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, and Enforcement and Liability, along with any additional and supplemental principles specified in the framework (together called as the "DPF Principles"). If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

Within the Data Privacy Framework, OpenText US engages in the collection, utilization, and disclosure of all applicable personal information as indicated in this Policy. As outlined in “Your Privacy Rights” section below, within the Data Privacy Framework, individuals have the right to inquire whether OpenText is processing their personal information, request access to such data, and ask for correction, amendment, or deletion of inaccurate information or instances where processing violates DPF Principles. OpenText US is responsible for processing personal information it receives under the Data Privacy Framework and following transfers to third parties on OpenText US’s behalf. The Data Privacy Framework holds OpenText US accountable should its third-party parties process personal information inconsistently with DPF Principles. OpenText US adheres to DPF Principles for all onward transfers of personal data from the European Economic Area, United Kingdom, and Switzerland, including adherence to provisions regarding onward transfer liability.

In relation to the personal information received or transferred under the Data Privacy Framework, OpenText US is subject to oversight and enforcement by the US Federal Trade Commission (FTC). The FTC holds authority over OpenText US's adherence to the Data Privacy Framework. In specific circumstances, we may need to reveal personal information in response to lawful requests by public authorities, including those related to national security or law enforcement.

If you are subject to the EU or Switzerland Privacy Laws and believe we are not following the terms of this Privacy Policy or complying with the DPF Principles, please reach out using the provided contact information at the “Contact Information” section of this Privacy Policy.

Under certain conditions, as detailed on the Data Privacy Framework website, you may have the option to invoke binding arbitration once other dispute resolution avenues have been exhausted. For more details, visit https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

If you are dissatisfied with our response, OpenText US commits to cooperating with EU data protection authorities (DPAs), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

For more information on the recipients of your personal information and the mechanism in place for international transfers please contact us by using the information in the section (Contact Information) below.

How we protect your personal information

Protecting your personal information, both online and offline, is a priority for us. We have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, accidental loss, disclosure, or destruction and ensure a level of security appropriate to the risk. We have specialized and dedicated security teams who constantly review and improve our security measures to protect your personal information from unauthorized access, accidental loss, disclosure, or destruction.

All our employees are subject to confidentiality agreements and undergo annual training on the proper handling of personal information.

OpenText is committed to protecting all personal information and is cognizant of its obligations under applicable data protection laws.

How long we store your personal information

OpenText will retain personal information for as long as needed to provide the relevant products or services or to fulfill the purposes for which the personal information was collected or as per the specific contractual terms. OpenText may also retain and use this information for a longer period as permitted or required by law, to comply with our legal, tax or regulatory obligations (e.g., audit and accounting requirements), handle disputes, to exercise or defend claims, and enforce our agreements. We ensure that personal information we dispose of is de-identified or destroyed in a secure manner.

Your privacy rights

Customer data: If your personal information has been submitted to us by or on behalf of a customer of our products and services who is the controller of that personal information and we are the processor, you will need to contact them directly if you wish to exercise any rights you may have under applicable data protection laws. If you make your request to us, we will need the name of the customer who submitted your data to us, and we will refer it on to them.

Your local applicable law may provide certain rights regarding the collection, use, and sharing of your personal information. As a minimum standard, we aim to enable all individuals to exercise the privacy rights set out below, but please note that these rights and the conditions for exercising and processing them (including response times) may vary depending on the jurisdiction in which you reside.

Under the European Union (EU) data protection laws, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information:

  • Your right of access. You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
  • Your right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
  • Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing. You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
  • Your right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you. The right only applies if we are processing information based on your consent or under, or are in talks about entering into a contract and the processing is automated.

Jurisdiction-specific privacy rights:

Australia: We are committed to processing any personal information in accordance with the Privacy Act 1988 (Cth.) (the Privacy Act) including the Australian Privacy Principles (APPs).

This current policy describes how OpenText deals with personal information of individuals who interact with us or any personal information obtained through our operations as a professional services provider.

The nature of our business activities may require that personal information be disclosed to overseas recipients (including in Canada, India, the USA, and Europe and other countries from time to time) in order to provide the services contemplated under the terms of our engagement or prospective engagement. In such circumstances, we will use our best endeavors to ensure such parties are subject to a law, binding scheme, or contract that effectively upholds principles for fair handling of the information that are suitably similar to the APPs.

If you make a complaint about how OpenText has handled your personal information and we are unable to resolve your complaint or you are unhappy with the outcome, you can contact the Office of Australian Information Commissioner website or via its enquiries line 1300 363 992 to lodge a complaint.

California: In accordance with the California Consumer Privacy Act ("CCPA") as updated, amended, and expanded by the California Privacy Rights Act (CPRA), California residents benefit from the following additional rights.

Use of personal information

In compliance with its obligations under the CCPA, OpenText may provide your personal information to our affiliates, authorized service providers, and business partners, or allow them to collect personal information from our Website, products, or services in certain situations. Examples of such situations include where you consent to or direct us to disclose the personal information to those parties, if you use our Websites or services to interact with those third parties, or we are otherwise required to do so by law. We may also provide personal information to service providers, or allow service providers to collect personal information from our Websites and apps (for example, through the use of cookies or similar technologies) to help us deliver advertising to you and to provide a personalized experience. See our Cookies Policy for more information.

Access to personal information

As a California resident you may request and obtain from us once a year, free of charge, certain information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that were shared and the names and addresses of all third parties with which we shared information in the preceding calendar year.

For more details on what personal information we collect and how it is processed, please see the ‘What personal information we collect and why we use it’ section.

China: The OpenText China Privacy Policy governs how we process Personal Information of residents of mainland China who fall within the scope of the China Personal Information Protection Law (“PIPL”) and relevant laws, regulations, and national standards (“China Data Protection Law”).

For more information concerning The OpenText China Privacy Policy, please refer to the following links:

South Africa: Personal information as used in this privacy policy means Personal Information as such term is defined under the Protection of Personal Information Act, 2013 (“POPIA”). Therefore, “You” and “Your” as used in this privacy policy mean a natural person or a juristic person as such term is used under POPIA.

Japan: In accordance with Act on the Protection of Personal Information (APPI) and for data subjects residing in Japan:

Data Transfer to outside of Japan: As a personal information handling business operator as defined in the Act on the Protection of Personal Information N°57 (APPI) will operate in conformity with this policy.

Joint use: OpenText Affiliates may jointly use your data, as jointly used is defined under the APPI, under the following conditions:

  • The types of personal data jointly used: as listed in the table below section “What data we collect and why we use it.”
  • The purpose of the joint use: to respond to your requests, to provide you with OpenText products and services, including the purpose as listed in “Table 1” above.
  • The entities that engage in the joint use: the subsidiaries of OpenText, available in our Annual Report.
  • The entity responsible for the joint use: Open Text Corporation (Corporate HQ: 275 Frank Tompa Drive, Waterloo ON N2L 0A1, Canada).

As a rule, we do not share your data to third parties or transfer your data outside Japan except where such data processing is permitted by applicable laws, or where you have provided your consent, and when the foreign third party adheres to the necessary standards prescribed by the Personal Information Protection Commission (PPC) (as described in the “How we share your data”).

Children's privacy

OpenText encourages parents and guardians to take an active role in their children's online activities. Our services are not aimed at people under 18 and OpenText does not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe that we may have collected personal information from someone under the age of 13 (or the applicable age of consent) without proper consent, please submit your request in writing to the address found in the Contact Information section.

Contact information

If you have questions regarding this privacy policy or our privacy practices,
1) please contact OpenText’s Data Protection Officer or OpenText Global Data Privacy Department at DPO@opentext.com or by mail at:

OpenText Global Data Privacy
Department
Prof. E.M. Meijerslaan 1
1183 AV Amstelveen
The Netherlands

OpenText Global Data Privacy
Department
275 Frank Tompa Drive
Waterloo, Ontario
N2L 0A1
Canada

2) write to the OpenText entity of which you are a customer or interacting with, at the following addresses available at: Worldwide office locations | OpenText

To exercise your privacy rights, please fill out the Data Subject Request Form, email us at DPO@opentext.com, or call our toll free number 1-866-397-0207.

Open Text will request certain verification information from individuals for both access and deletion requests made under the CCPA as amended, to ascertain that any received request is valid. You can also designate an authorized agent to submit requests to exercise your data protection rights to OpenText. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

When you contact us, please indicate in which country and/or state you reside.

Furthermore, if you think your rights as stated in this privacy policy or under applicable data protection laws have been violated, you can at any time, to the extent required by applicable law, lodge a complaint with the relevant data protection authority.

Changes to this privacy policy

OpenText may update this policy from time to time. If we modify this policy, we will post the revised version here. You should review this page periodically for updates.

If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly change how or why we use personal information, we will notify you by way of a prominent notice or pop-up on our Website.

Note: In addition to the entities referenced above, this policy applies to:

  • The products and services of Total Defense, LLC (formerly known as Total Defense, Inc.), a subsidiary of Open Text Corporation, including its Total Defense Mobile Security product; and

  • The products and services of Webroot, LLC (formerly known as Webroot Inc.), a subsidiary of Open Text Corporation, including its Webroot Mobile Security and Webroot for Chromebook.

This policy was last updated in August 2024.

Philippines' Privacy Seal of Registration

Philippines Seal of Registration