Privacy Statement

We collect and use personal data that you provide in order to operate our business, provide our products and services, send marketing and other communications, and comply with applicable laws and regulations. In addition to the data you provide to us directly, we may also process personal data about you that we receive from our clients or third parties.

The types of personal data we process will depend on the purpose, including:

• Provide products and services - contact details (such as name, email, address, company name, phone number and other information necessary) to provide services to our clients and our client’s customers, including providing warranty and repair services and product support updates;
• Improve our products and services - contact details to conduct quality controls and evaluate the performance of our products and services, including conducting customer satisfaction surveys;
• Conduct due diligence – contact details and publicly available information about financial or reputational status of a client or third party supplier/partner;
• Generate sales and marketing leads – contact details, marketing preferences, publically available social media information to maintain a client relationship management database and send relevant newsletters, solution updates, event notifications and other marketing communications;
• Customize your website experience – contact details and information obtained through the use of digital collection tools such as cookies (for more information about the way we use cookies, click here);
• Manage relationships with our clients, suppliers and partners – contact details and payment information in order to execute contracts, generate invoices and make payments;
• Respond to inquiries or requests for information – contact details for electronic communication; and
• Secure our premises and networks – contact details for authentication to use guest networks, collaboration tools and visit our offices; images captured through our CCTV systems set up for security purposes in our offices.

When we receive personal data about you from our clients in order to provide our services, Unisys processes the personal data as instructed by our clients and in accordance with our contractual obligations. Our clients are responsible for complying with regulations or laws regarding notice, disclosure, and/or obtaining consent prior to transferring the personal data to Unisys for processing.

We use reasonable security procedures and technical and organizational measures to protect against accidental or unlawful destruction, loss, disclosure or use of personal data we handle. Our network and systems used to provide services are governed by Unisys corporate Information Security policies, which are based upon standards, including International Organization for Standardization (ISO) 27001 and National Institute of Standards and Technology (NIST).

We limit access to and use of your personal data to authorized persons and trusted third parties who have a reasonable need to know the information in order to perform our services and business operations and who are bound by confidentiality obligations.

We retain your personal data only for as long as is necessary to fulfill the purpose for which the data was collected from you and in consideration of and compliance with applicable legal or regulatory requirements to maintain the data for legitimate purposes. For example, where required by law for audits or accounting requirements, to enforce our agreements or handle disputes.

When personal data is no longer needed for the purpose it was collected or processed or to comply with a legal obligation, we securely destroy it.

We do not sell or otherwise disclose personal data about our website visitors or others that interact with Unisys or our products or services, except as described herein.

We may share your personal data with authorized Unisys personnel in our subsidiaries with a need to know the information in order to process the personal data for the purpose we collected it. We also share personal data with third parties who are acting on our behalf in order to provide the products or services you request or to support our relationship with you. These third parties are not authorized by us to use or disclose the information except as necessary to perform services on our behalf pursuant to a contractual obligation or to comply with legal requirements. Unisys requires such third parties to comply with applicable data protection and privacy laws and agree to implement and maintain appropriate technical and organizational security measures to safeguard the personal data.

Our sharing may include:

• With any of our Unisys subsidiaries and trusted third party suppliers/partners in order to perform our services or business operations;
• With our professional advisors and insurers to run our business;
• With competent legal authorities when required by applicable laws or regulations;
• With law enforcement authorities or other government officials when we are required to do so by law or pursuant to legal process (including for national security purposes);when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual fraud or illegal activity; or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others;
• With appropriate third parties in connection with the sale, transfer or financing of all or part of a Unisys business or its assets, including any such activities associated with a bankruptcy proceeding.

Unisys is a global enterprise based in the United States with operations in countries around the world. Authorized Unisys personnel and third parties acting on our behalf may access, use and process personal data collected from you in a country that is different from the country where you entered the personal data, which may have less stringent data protection laws.

As an IT and security services company, Unisys has implemented global privacy practices for processing personal data protected under various data protection laws. Unisys transfers personal data between the countries in which we operate in accordance with the standards and conditions of applicable data privacy laws, including standards and conditions related to security and processing and acceptable transfer mechanisms.

On July 16, 2020 the Court of Justice of the European Union invalidated the adequacy finding for the EU-U.S. Privacy Shield. On September 8, 2020 the Swiss Federal Data Protection and Information Commissioner followed suit, issuing an opinion paper stating the Swiss-U.S. Privacy Shield did not provide an adequate level of protection for data transfer from Switzerland to the U.S.

For transfers of data from the EU, Unisys relies on Standard Contractual Clauses approved by the EU Commission and verifies the adequacy of personal data protection in the recipient country.

While the Privacy Shield Framework may no longer be relied upon, Unisys has self-certified and will continue to comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Unisys will continue to be subject to Federal Trade Commission enforcement and investigatory powers and regulation by the Department of Commerce until such time as a Privacy Shield replacement is enacted for EU-U.S. data transfers. In compliance with the Privacy Shield Principles, Unisys commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Unisys as provided for below under “How To Contact Us.”

Under certain circumstances, you may be able to invoke binding arbitration. In accordance with Privacy Shield, Unisys has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield Dispute Resolution, an alternative dispute resolution provider located in the [United States]. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit File An E.U.-U.S. Privacy Shield or Safe Harbor Claim JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Unisys uses various means of communication and tools to market its products and services. We provide commercial marketing email to persons who consent or where we have a legitimate interest and it is otherwise permissible under applicable law. You may opt-out of our commercial marketing emails by using the “Unsubscribe” or “Opt-out” link in the commercial email or by contacting us at unisysglobalprivacy@unisys.com.

We strive to make your Unisys experience the best it can be by using various tools that provide us with information about how you and other visitors interact with our website so that we can tailor your Unisys experience and improve our web properties. These tools include Cookies and other automatic data collection tools. For information on these tools, please click here.

We rely on you to provide accurate, complete and current personal data to us.

If you need to correct or update the personal data you provided to us, in many cases, you can edit your data from the location where you provided the personal data to us. If you are not able to access it yourself, we will respond in a timely manner to all reasonable requests to access, correct or delete your personal data. Requests and questions can be submitted to unisysglobalprivacy@unisys.com.

• Additional Rights if You Reside in Brazil, the EU, EEA or Switzerland

Unisys and its subsidiaries are Data Processors for our clients where we process personal data in order to provide our solutions to our client. When we are a Data Processor, we process the personal data in accordance with the instructions of the Data Controller.

For individuals whose personal data we collect directly or instruct our trusted third party to collect on our behalf, Unisys Corporation or one of our subsidiaries located in the EU, EEA or Switzerland is a Data Controller under the General Data Protection Regulation. The type of data we process as a Data Controller includes contact details such as name, company, email, phone, website preferences and other information collected for marketing or business operation purposes.

We process personal data as a Data Controller using the following legal basis:

• Legitimate interest – we process personal data to meet our legitimate business interest such as to develop and improve our solutions, support our sales and business operations, secure our systems, facilities and personnel.
• Legal obligation – we process personal data to comply with applicable laws and regulations.
• Performance of Agreement – we process personal data in order to perform or fulfill our obligations under an agreement with you or the entity with which you are affiliated.
• Consent – we may process personal data based upon the provision of your consent. You may withdraw your consent at any time by contacting us at unisysglobalprivacy@unisys.com.

For your personal data, you may exercise the following rights:

Access - You have the right to obtain confirmation from us if we are processing your personal data.

Rectification - You have the right to request that we correct inaccurate personal data and to have incomplete data completed.

Objection - You have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation and we will comply except in cases where legal provisions expressly provide for that processing.

Portability - In limited circumstances, you may receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format. This only applies if the processing is based on your consent or a contract and the processing is carried out by automated means.

Restriction - You may request to restrict processing of your personal data if (i) you contest the accuracy of the data – for a period we need to verify your request; (ii) the processing is unlawful and you oppose the erasure of the data and request restriction instead; (iii) we no longer need the data, but you tell us you need the data to establish, exercise or defend a legal claim; or (iv) you object to processing based on public or legitimate interest – for a period we need to verify your request.

Erasure - You may request to erase your personal data where there is no compelling reason for its continued processing.

Right to lodge a complaint - You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred.

Right to refuse or withdraw consent - Please note that in case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

You can exercise these rights by contacting us at unisysglobalprivacy@unisys.com. If you consider that the way we process your personal data infringes your rights under the GDPR or is not compliant, you can lodge a complaint with Unisys directly or with a supervisory authority in the EU Member state in which you reside or where the data was processed.

• Additional Rights if You Reside in Brazil
Right to anonymization, blocking or elimination - you may request the anonymization, blocking or elimination of unnecessary or excessive personal data or personal data which is not in compliance with LGPD provisions.

Right to review automated decisions - you may request a review of automated data processing decisions that affect your personal interests, including when intended for the purposes of developing personal, consumer and credit profiles and/or personality aspects.

Your California Privacy Rights

Unisys and its subsidiaries are Data Processors/Service Providers for our clients where we process personal data in order to provide our solutions to our clients. When we are a Data Processor/Service Provider, we process the personal data in accordance with the instructions of the Data Controller/Business.

If you are a California consumer seeking to exercise your rights under the California Consumer Privacy Act with respect to information we hold on behalf of our clients, you should reach out directly to the client responsible for determining the purposes and means of processing your personal information.

For information that Unisys holds as a business under CCPA regarding our business contacts, we share information gathered through cookies and other technologies for our own and third party marketing purposes (a potential “sale” under the CCPA). California consumers have the right to request to opt out of the sale of personal information. If you would like to opt out of cookie/tracking technologies, please click here.

Under California’s "Shine the Light" law, Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain once a calendar year information about the customer information shared, if any, with other businesses for their own direct marketing uses. Please contact us at the addresses below for more information.

Cookies and Other Data Tools
When you visit the Unisys website, we or our third-party service providers may collect information through the use of cookies or other device identification tools. The cookies we and our service providers’ use are unique to you and can only be read by our or our third-party service providers’ web servers. These tools perform different jobs, like letting you navigate between pages efficiently, remembering your preferences, and improving your overall experience. You can review more information about our use of cookies and other automatic data collection tools here.

If you have any questions or comments regarding this statement or our privacy practices, or any concerns regarding a possible violation of this statement, our practices or any applicable privacy law, or a concern or complaint about our cross-border data transfer practices,​​ please contact the privacy office at unisysglobalprivacy@unisys.com or through ​our Unisys Compliance Helpline, and we will promptly respond.​

Our mailing addresses are:

Unisys Corporate Compliance Office​​
Law Department
801 Lakeview Drive, Ste. 100
Blue Bell, PA 19422
United States

Unisys EU Privacy Manager
Westend City Centre – Tower “A”
Vaci ut 1/3
Budapest 1062
Hungary

The Data Protection Officer for Brazil is Jefferson Renato Ribeiro
Encarregado@unisys.com
Unisys Brazil – Departamento Jurídico e Compliance
Av. Das Nações Unidas 17.891, conjunto 801
Vila Almeida – São Paulo/SP
CEP: 04.795-920
Brazil

unisysglobalprivacy@unisys.com

www.unisyscompliance.com

Links to Other Websites

As a convenience to our website visitors, we sometimes provide links to other websites. These linked sites are not under the control of Unisys and we are not responsible for their content. You should review the privacy statements of any linked website to understand their privacy practices before using the site.

Children

It is not our intent to collect personal data from children under the age of consent in their country of residence. Our websites are not designed to attract children and we request that children under the age of consent not submit personal data to us through our websites.

Updates to Our Privacy Statement

We may update this Privacy Statement from time to time. When we update this statement, we will also update the date at the top. Only the current statement is effective, so please review it periodically. If we make any material changes, we may also notify you by contacting you directly or posting a notice on our website. You may request a copy of our prior Privacy Statement by contacting us at unisysglobalprivacy@unisys.com.