Loading...
Flexera respects the data privacy rights of individuals and is committed to fulfilling valid Data Subject Requests (DSRs) in accordance with applicable law, including the GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA). Flexera's role as data controller or data processor determines how a request is handled: where Flexera is controller, it takes direct responsibility for fulfilment; where it acts as processor on behalf of a customer, it routes the request to the relevant controller and provides appropriate support.
Flexera recognises and upholds the full range of rights afforded to individuals under applicable law, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection. Under CCPA, we also honour the right to know, the right to delete, the right to opt-out of data sales, and the right not to be discriminated against for exercising privacy rights.
DSRs can be submitted via DataProtectionTeam@flexera.com or through the contact mechanisms described in our Privacy Notice detailed below. We acknowledge requests promptly and aim to respond within the statutory timeframes (30 days under GDPR; 45 days under CCPA), with extension available for complex requests where permitted by law. All requests are authenticated proportionately, documented, and managed by our Data Protection Team.
Flexera's Privacy Policy provides comprehensive information about how we collect, use, and protect personal data. The policy covers topics such as global and regional data collection practices, legal bases for processing, data subject rights, data security measures, international data transfers, and contact information for privacy inquiries.
Flexera is committed to protecting the confidentiality and security of customer data. We process customer data solely as a data processor acting on documented customer instructions, subject to strict contractual obligations and applicable law. We do not voluntarily provide customer data to any government authority, law enforcement agency, or other third party, and will only do so where legally compelled by a valid and lawfully issued demand from a competent authority.
Every request we receive is subject to mandatory legal review. We assess whether the request is valid, properly scoped, and issued by a competent authority before taking any action. Where a request is overbroad, we will seek to narrow or challenge it. We disclose only the minimum data legally required. Unless prohibited by law, we notify the affected customer promptly upon receipt of a request. Where notification is legally restricted, we will inform the customer as soon as that restriction is lifted. Cross-border requests are assessed against applicable data transfer requirements, including EU Standard Contractual Clauses and the UK data transfer addendum, before any disclosure is made.
Flexera engages third-party subprocessors to support the delivery of its products and services where those third parties process personal data on Flexera's behalf. Flexera maintains control over all subprocessing arrangements, ensures that subprocessors are bound by data protection obligations no less protective than those Flexera itself operates under, and remains accountable to its customers for the acts and omissions of its subprocessors.
All subprocessors are subject to due diligence and contractual assessment prior to engagement. Data processing agreements are in place with each subprocessor, incorporating GDPR-compliant obligations, data minimisation requirements, and appropriate security standards. Where subprocessors are located outside the UK or EEA, Flexera ensures that appropriate transfer mechanisms are in place, including Standard Contractual Clauses or the UK International Data Transfer Addendum, before any personal data is shared.
Flexera publishes and maintains an up-to-date list of current subprocessors (Flexera Community login required) on our Community site.
Where Flexera intends to add or replace a subprocessor, we provide customers with reasonable advance notice in accordance with our Data Processing Agreement, giving customers the opportunity to raise reasonable objections.
Customers with questions about specific subprocessing arrangements should contact DataProtectionTeam@flexera.com.
Download DPA (
pdf format).