Privacy Policy

Introduction

Open Text Corporation (collectively with its affiliates hereinafter referred to as ‘OpenText’, ‘we’, ‘us’, ‘our’) supports the right to privacy and understands the importance of protecting personal information and complying with applicable data protection laws. This privacy policy (the ‘policy’) explains how we process personal information concerning Opentext users (‘Users’ or ‘you’ or ‘your’). OpenText is a global organization and this policy also applies to our subsidiaries to the extent they have access to your personal information. A current listing of our subsidiaries can be found online at: Worldwide office locations | OpenText

Scope

This policy provides information on the collection, use, and sharing of your personal data or information (‘personal information’) when OpenText acts as a data controller (meaning where OpenText controls how and why your personal information is processed), unless otherwise provided in a separate agreement or mandated by any applicable law.

This policy applies to the personal information collected from you directly when you visit our websites and portals (‘Website’); you communicate with us, including but not limited to emails, phone calls, texts, or faxes; you use our products, services, and applications; you engage in commercial transactions with us; and register for or participate in our webinars, events, programs, marketing, and promotional activities or indirectly through third parties, including our partners, in the course of our business.

Where we provide links to websites of other organizations, this policy does not cover how that organization processes personal information. We encourage you to read the privacy policies on the other websites you visit. Unless otherwise provided in a separate agreement, this policy does not apply to the extent we process your personal information in the role of a processor or service provider on behalf of our customers (meaning where OpenText acts on your instructions regarding how and why your personal information is processed.

For details on how to contact us, see the Contact Information section below.

Table of Contents

• What personal information we collect and why we use it
• How we collect your personal information
  • Cookies and tracking technologies
  • Do Not Track (DNT)
  • Personal information collected from third parties
  • API Services
• How we share your personal information
• How we protect your personal information
• How long we store your personal information
• Your privacy rights
• Children's privacy
• Contact information
• Changes to this privacy policy

What personal information we collect and why we use it

The personal information we process about you and how we collect it is determined by the OpenText product(s) and/or service(s) you use, how you interacted with OpenText, and the personal information we have obtained from a third party with permission to share such information with us.

Refer to Table 1 below for more details on the categories of personal information collected and purposes we process it for. More detailed examples for each purpose are described in Table 2 below.

Table 1 - Purposes of processing personal information

Table 2 – Examples of processing activities

Choice/opting out of marketing: OpenText offers you the choice of receiving different types of communications and information related to our products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism in all our marketing communications or you may contact us directly.

Note that if you opt out of marketing, you may still receive service-related and market research messages from us (and you may still receive marketing messages for a short period after opting out while we update our records).

Choice/opting out of digital advertising: For details on how to manage advertising, visit Digital Advertising Alliance Consumer Choice. For your mobile device, you can review your device settings: Android devices allow you to opt out using “Opt-out of Ads Personalization” and Apple devices allow apps to include interest-based advertising only if you opt in using the app’s pop-up notice.

How we collect your personal information

We collect personal information through various means, including Cookies, Application Programming Interfaces (APIs), Artificial Intelligence (AI), and similar tracking technologies. We may collect personal information through our Website(s), order forms, and through provision of products or services, from third-party service providers, customer support activities, and at meetings, exhibitions, and events (both physical or digital). Your employer, as a customer or partner of OpenText, may provide your contact information when necessary to provide OpenText products or services. We may collect personal information where you or your employer is a customer of a business we may acquire. We may also collect call recording and chat transcript data during calls for instance but not limited to sales and customer support calls and live chat sessions or interviews. Additionally, we may also collect information about you on CCTV and log books or other security cameras when you visit our premises as part of our security and crime prevention measures.

The Website(s) may also automatically collect information about your visits without actively submitting such information through cookies, AI enabled analytics tools, and other tracking technologies.

Cookies and tracking technologies: OpenText uses cookies to collect information about the use of its Website(s), either directly or through third-party tracking providers. For more information refer to our Cookie Policy.

Do Not Track (DNT): Your browser setting may allow you to automatically transmit a "Do Not Track" (DNT) signal to websites and online services that you visit. There is no consensus among industry participants as to what DNT means in this context, and some browsers automatically apply DNT signals by default and therefore do not necessarily reflect our visitors' choice as to whether they wish to receive advertisements tailored to their interests. As a result, like many websites, our Website does not respond to a DNT signal from a visitor's browser. However, you may elect not to accept cookies by changing the designated settings on your web browser or opting out of the OpenText cookies. Please note that if you do not accept certain cookies, you may not be able to use all functions and features of our Website(s). Consent for use of cookies varies depending on the jurisdiction. For more information visit OpenText’s Cookie Policy and options on how to manage your cookies preferences. For more information visit OpenText’s Cookie Policy and options on how to manage your cookies preferences.

Personal information collected from third parties: OpenText obtains personal information from third parties. For example, OpenText may collect and receive personal information about you from companies that distribute OpenText products by way of co-branded or private-labeled websites. Companies with which OpenText partners to market, resell, and distribute its products and services, which may include the payment gateways we work with, also may supply us with personal information in order to help us fulfil orders and provide services. We may also collect your personal information from public sources or from data brokers (for example, LinkedIn, ZoomInfo, Dun & Bradstreet) to the extent the local regulations allow.

API Services: For certain limited services provided by OpenText, we use third-party API Services such as the YouTube API or Google API. Such third-party API services used in OpenText products only captures data you designate OpenText to access on third-party platforms. Such data may include your content stored on third-party sites, associated meta data, and account information related to those third-party sites. Data collected by OpenText using third-party API services may be used to archive content and certain associated meta data uploaded to those third-party sites by you. Additionally, such data may be used by OpenText as part of an authentication and authorization framework to access your data on third-party sites. Third-party email, social media, and other communication services are not offered, controlled, or provided by OpenText. OpenText is not responsible for how a third party transmits, accesses, processes, stores, uses, or provides data to OpenText. In addition, such third-party services are subject to the terms and conditions and privacy policies applicable to those services. We do not use any personal data processed by Google APIs for the purposes of developing, improving or train generalized / non-personalized AI and / or ML models. Depending on the service you are using, the Google privacy policy and/or the YouTube terms of service may apply.

In certain circumstances, if you do not provide us with personal information we need, we may not be able to provide certain products or services or comply with our legal obligations. The legal basis for collecting and using the personal information described above will depend on the personal information concerned, applicable privacy laws, and specific context in which we collect it, such as:

• With consent where required by law.
• Where the processing is necessary for the performance of a contract or a commitment under which you and/or we have made an undertaking.
• Where necessary to comply with law.
• Where the processing is necessary for the purposes of our legitimate interests, taking into account individual interests. Please refer to Table 1 for a list of legitimate interests.

How we share your personal information

General: OpenText may share your personal information with its affiliates, business partners (including those who resell or distribute our products and services), service providers (including website, software, infrastructure and application providers), payment gateways, prospects and/or customers, event/campaign management, cloud hosting providers, credit reference agencies, debt agencies, professional advisors, marketing agencies (including event or promotion partners or sponsors), third-party networks and websites, database providers, backup and disaster recovery specialists, analytics and email providers, and agents working on our behalf, to fulfil product and information requests, provide customers and prospective customers with information about OpenText and its products and services, and support promotional and marketing communications related to our offerings. We may also share personal information to facilitate marketplace transactions and to inform customers and prospective marketplace users about products available on the marketplace.

We may be required to share personal information with a third party or body where such disclosure is required to satisfy applicable law or other legal or regulatory requirement, or to protect the rights or property of OpenText or others. This can include in response to lawful requests from a competent authority or body and to meet national security or law enforcement requirements to comply with laws or respond to lawful requests and legal process, to protect our rights and property and those of our agents, customers, members, and others (including enforcing our agreements, policies, and terms of use), or in an emergency to protect the personal safety of any person.

If all or any part of our business is re-organized or sold to or there is a joint venture with another organization, we may need to provide your information to that organization. We may also be the recipient of personal information when we acquire another organization or a part of their business or enter into a joint venture with them.

Where third parties are performing processing on our behalf, OpenText will require these organizations to adopt adequate technical and organizational security measures to protect personal information and to ensure the processing of personal information is only performed as instructed by OpenText and for no other purposes.

International Data Transfers: Personal information may be processed outside the country of your residence by our affiliates, partners, or service providers and agents that are based in other countries and operating on our behalf. The can be found online at: Worldwide office locations | OpenText.

Transfers of personal information outside the EU/EEA are carried out using the relevant lawful transfer mechanisms, which may include an adequacy decision or appropriate safeguards. Where appropriate safeguards are required, these may include: the use the the Standard Contractual Clauses (SCCs) or equivalent international data transfer mechanisms approved by the relevant authorities (such as the European Commission, the UK Information Commissioner’s Office, or the Swiss Federal Data Protection, and Information Commissioner) We may also rely on any other approved transfer mechanism as it becomes available.

For data transfers to outside of Japan, as a personal information handling business operator as defined in the Act on the Protection of Personal Information N°57 (APPI) will operate in conformity with this policy.

As a rule, we do not share your data to third parties or transfer your data outside Japan except where such data processing is permitted by applicable laws, or where you have provided your consent, and when the foreign third party adheres to the necessary standards prescribed by the Personal Information Protection Commission (PPC) (as described in the “How we share your data”)

For any other international transfers, OpenText ensures that recipients implement appropriate safeguards and maintain the required data protection terms to protect personal information to the same standard required by OpenText and applicable data protection laws. Where transfers occur to jurisdictions with specific legal requirements (e.g., Argentina, Brazil, China, Turkey, Saudi Arabia), we also ensure that the relevant geography specific transfer mechanism is in place, including any required data transfer agreements.

Data Privacy Framework: EU-US, and UK Extension and Swiss-US: Open Text Inc. and its entities and subsidiaries that are, or may become the participants to the Data Privacy Framework (collectively hereinafter referred to as “OpenText US”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (together the "Data Privacy Framework") as set forth by the U.S. Department of Commerce. OpenText US has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenText US has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. These principles include Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, and Enforcement and Liability, along with any additional and supplemental principles specified in the framework (together called as the "DPF Principles"). If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the following link: Data Privacy Framework.

Within the Data Privacy Framework, OpenText US engages in the collection, utilization, and disclosure of all applicable personal information as indicated in this Policy. As outlined in “Your Privacy Rights” section below, within the Data Privacy Framework, individuals have the right to inquire whether OpenText is processing their personal information, request access to such data, and ask for correction, amendment, or deletion of inaccurate information or instances where processing violates DPF Principles. OpenText US is responsible for processing personal information it receives under the Data Privacy Framework and following transfers to third parties on OpenText US’s behalf. The Data Privacy Framework holds OpenText US accountable should its third-party parties process personal information inconsistently with DPF Principles. OpenText US adheres to DPF Principles for all onward transfers of personal information from the European Economic Area, United Kingdom, and Switzerland, including adherence to provisions regarding onward transfer liability.

In relation to the personal information received or transferred under the Data Privacy Framework, OpenText US is subject to oversight and enforcement by the US Federal Trade Commission (FTC). The FTC holds authority over OpenText US's adherence to the Data Privacy Framework. In specific circumstances, we may need to reveal personal information in response to lawful requests by public authorities, including those related to national security or law enforcement.

If you are subject to the EU or Switzerland Privacy Laws and believe we are not following the terms of this Privacy Policy or complying with the DPF Principles, please reach out using the provided contact information at the “Contact Information” section of this Privacy Policy.

Under certain conditions, as detailed on the Data Privacy Framework website, you may have the option to invoke binding arbitration once other dispute resolution avenues have been exhausted. For more details, visit https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

If you are dissatisfied with our response, OpenText US commits to cooperating with EU data protection authorities (DPAs), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

For more information on the recipients of your personal information and the mechanism in place for international transfers please contact us by using the information in the section (Contact Information) below.

How we protect your personal information

Protecting your personal information, both online and offline, is a priority for us. We have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, accidental loss, disclosure, or destruction and ensure a level of security appropriate to the risk. We have specialized and dedicated security teams who constantly review and improve our security measures to protect your personal information from unauthorized access, accidental loss, disclosure, or destruction. All our employees are subject to confidentiality agreements and undergo annual training on the proper handling of personal information.

OpenText is committed to protecting all personal information and is cognizant of its obligations under applicable data protection laws.

How long we store your personal information

OpenText will retain personal information for as long as needed to provide the relevant products or services or to fulfil the purposes for which the personal information was collected or as per the specific contractual terms. OpenText may also retain and use this information for a longer period as permitted or required by law, to comply with our legal, tax or regulatory obligations (e.g., audit and accounting requirements), handle disputes, to exercise or defend claims, and enforce our agreements. We ensure that personal information we dispose of is de-identified or destroyed in a secure manner.

Your privacy rights

Your local applicable law may provide certain rights regarding the collection, use, and sharing of your personal information. As a minimum standard, we aim to enable all individuals to exercise the privacy rights set out below, but please note that these rights and the conditions for exercising and processing them (including response times) may vary depending on the jurisdiction in which you reside. Under the European Union (EU) data protection laws, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information:

• Your right of access. You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
• Your right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
• Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances.
• Your right to object to processing. You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
• Your right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you. The right only applies if we are processing information based on your consent or under, or are in talks about entering into a contract and the processing is automated.

Your Rights When Your Data Is Provided to Us by a Customer

If your personal information has been submitted to us by or on behalf of a customer of our products and services who is the controller of that personal information and we are the processor, you will need to contact them directly if you wish to exercise any rights you may have under applicable data protection laws. If you make your request to us, we will need the name of the customer who submitted your data to us, and we will refer it on to them.

Jurisdiction-specific privacy rights:This supplement applies exclusively to the processing of personal information of individuals in the relevant jurisdiction and is intended to be read in conjunction with our main Privacy Policy. It reflects the additional requirements imposed by the applicable local data protection laws:

Australia: We are committed to processing any personal information in accordance with the Privacy Act 1988 (Cth.) (the Privacy Act) including the Australian Privacy Principles (APPs).

This current policy describes how OpenText deals with personal information of individuals who interact with us or any personal information obtained through our operations as a professional services provider.

This current policy describes how OpenText deals with personal information of individuals who interact with us or any personal information obtained through our operations as a professional services provider. We collect, use, and disclose personal information only where it is reasonably necessary for, or directly related to, our business functions and activities, and in a manner that is fair and reasonable in the circumstances. In accordance with the 2026 "Fair and Reasonable" standards, we have determined that our collection of the data categories listed in the core policy is proportionate to our professional service functions and meets the reasonable expectations of our Australian users. For the avoidance of doubt for Australian residents, the "Technical Data" (such as IP addresses and device identifiers) described in the core Policy is treated as "personal information" under the Privacy Act.

The nature of our business activities may require that personal information be disclosed to overseas recipients (including in Canada, India, the USA, and Europe and other countries from time to time) in order to provide the services contemplated under the terms of our engagement or prospective engagement. In such circumstances, we will use our best endeavors to ensure such parties are subject to a law, binding scheme, or contract that effectively upholds principles for fair handling of the information that are suitably similar to the APPs have the right to request access to, and correction of, personal information we hold about them, subject to applicable law. We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorized access, modification, or disclosure, in accordance with APP 11.

If you make a complaint about how OpenText has handled your personal information we encourage you to contact us first so we can attempt to resolve the matter promptly and fairly. If we are unable to resolve your complaint or you are unhappy with the outcome, you can contact the Office of Australian Information Commissioner website or via its enquiries line 1300 363 992  to lodge a complaint.

Brazil: We process personal information of individuals located in Brazil in accordance with the Lei Geral de Proteção de Dados (Law No. 13,709/2018) (“LGPD”). In accordance with the LGPD, we have appointed a Data Protection Officer (Encarregado) to oversee our compliance with applicable data protection laws and to act as a point of contact for data subjects and the Brazilian data protection authority. You may contact our Encarregado at the email address provided in the Contact Information section below. Subject to the LGPD, you may request confirmation of processing, access to and correction of your personal information, and the anonymization, blocking, or deletion of data processed unlawfully or excessively. If you have unresolved concerns regarding our processing of your personal information, you have the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD), Brazil’s data protection authority, in accordance with the LGPD.

Canada: We process personal information in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial privacy laws. Personal information is collected, used, and disclosed only for purposes that a reasonable person would consider appropriate in the circumstances. Subject to applicable law, you have the right to request access to and correction of your personal information. If you have unresolved concerns, you may lodge a complaint with the Office of the Privacy Commissioner of Canada.

China: The OpenText China Privacy Policy governs how we process Personal Information of residents of mainland China who fall within the scope of the China Personal Information Protection Law (“PIPL”) and relevant laws, regulations, and national standards (“China Data Protection Law”).

Kingdom of Saudi Arabia (KSA): We process personal information of individuals located in the Kingdom of Saudi Arabia in accordance with the personal information Protection Law (“PDPL”) and its implementing regulations. Personal information may be processed or stored in jurisdictions outside the Kingdom of Saudi Arabia for general business purposes, including outsourcing and data processing. Where such cross-border processing occurs, we ensure compliance with the PDPL, including any required safeguards or approvals. Personal information is retained only for as long as necessary and is deleted or anonymized in accordance with applicable law. If you have unresolved concerns regarding our processing of personal information, you have the right to contact the Saudi Data and Artificial Intelligence Authority (SDAIA).

India: For the purposes of the Digital Personal information Protection Act, 2023 (“DPDP Act”), OpenText acts as a Data Fiduciary with respect to personal information processed under this policy. In accordance with the DPDP Act, our Privacy Department serves as the Grievance Officer and is responsible for addressing questions, concerns, or complaints regarding the processing of personal information. Contact details are provided in the Contact Information section below. We will endeavour to resolve grievances in a timely manner in accordance with applicable law.

Where we rely on consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to such withdrawal and may impact our ability to provide certain products or services. In accordance with the DPDP Act, you have the right to nominate another individual to exercise your rights under applicable data protection laws in the event of your death or incapacity.

If you have unresolved concerns regarding our processing of your personal information, you have the right to lodge a complaint with the Data Protection Board of India, in accordance with the DPDP Act.

Japan: We collect and use personal information only within the scope necessary to achieve the specified purposes of use, unless otherwise permitted under applicable law in accordance with Act on the Protection of Personal Information (APPI) and for data subjects residing in Japan.

Joint use: OpenText Affiliates may jointly use your data, as jointly used is defined under the APPI, under the following conditions:

• The types of personal data jointly used: as listed in the table below section “What data we collect and why we use it.”
• The purpose of the joint use: to respond to your requests, to provide you with OpenText products and services, including the purpose as listed in “Table 1” above.
• The entities that engage in the joint use: the subsidiaries of OpenText, available in our Annual Report.
• The entity responsible for the joint use: Open Text Corporation (Corporate HQ: 275 Frank Tompa Drive, Waterloo ON N2L 0A1, Canada).

Singapore: We process personal data of individuals in Singapore in accordance with the Personal Data Protection Act 2012 (“PDPA”). We have appointed a Data Protection Officer (DPO) to oversee compliance with the PDPA and to act as a point of contact for data protection matters; contact details are provided in the Contact Information section below.

Where we rely on consent, you may withdraw your consent at any time, which may affect our ability to provide certain products or services. Subject to applicable law, you have the right to request access to and correction of your personal data. We implement reasonable technical and organizational measures to protect personal data.

If you have unresolved concerns, you may lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC).

South Africa: Personal information as used in this privacy policy means Personal Information as such term is defined under the Protection of Personal Information Act, 2013 (“POPIA”). Therefore, “You” and “Your” as used in this privacy policy mean a natural person or a juristic person as such term is used under POPIA. For purposes of POPIA, OpenText acts as the Responsible Party in respect of the processing of personal information. We process personal information in accordance with the conditions for lawful processing set out in POPIA and implement appropriate technical and organizational measures to safeguard personal information. Subject to POPIA, you have the right to request access to or correction of your Personal Information, to object to certain processing activities, and to lodge a complaint with the Information Regulator (South Africa). Where Personal Information is transferred outside South Africa, such transfers are carried out in accordance with section 72 of POPIA.

South Korea: We process personal information of individuals in the Republic of Korea in accordance with the Personal Information Protection Act (“PIPA”). Where required, we obtain consent for processing and you may withdraw your consent at any time. Subject to applicable law, you have the right to request access to, correction of, deletion of, or suspension of processing of your personal information. We implement reasonable safeguards to protect personal information. If you have unresolved concerns, you may lodge a complaint with the Personal Information Protection Commission (PIPC).

United States: This section applies to residents of United States jurisdictions with comprehensive privacy laws, including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Indiana, Kentucky, and Rhode Island, and any other US state or territory that enacts a comprehensive privacy law in the future which does not contradict the provisions below.

Use of personal information

In compliance with its obligations under the CCPA, and other applicable US state privacy laws, OpenText may provide your personal information to our affiliates, authorized service providers, and business partners, or allow them to collect personal information from our Website, products, or services in certain situations. Examples of such situations include where you consent to or direct us to disclose the personal information to those parties, if you use our Websites or services to interact with those third parties, or we are otherwise required to do so by law. We may also provide personal information to service providers, or allow service providers to collect personal information from our Websites and apps (for example, through the use of cookies or similar technologies) to help us deliver advertising to you and to provide a personalized experience. In several US jurisdictions, these activities may be classified as "sharing" for cross-contextual behavioral advertising or "targeted advertising." See our Cookies Policy for more information.

Access to personal information

As a California resident or a resident of a state with similar protections, you may request and obtain from us once a year, free of charge, certain information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that were shared and the names and addresses of all third parties with which we shared information in the preceding calendar year.

For more details on what personal information we collect and how it is processed, please see the ‘What personal information we collect and why we use it’ section.

Your Rights Across States: Depending on your state of residency, you may also have the right to: (1) request correction of inaccurate personal data; (2) request deletion of your personal data; (3) opt-out of the "sale" of data or its use for profiling/automated decision-making; and (4) obtain your data in a portable, readily usable format.

California-Specific Provisions (CCPA/CPRA) In accordance with the California Consumer Privacy Act ("CCPA") as updated, amended, and expanded by the California Privacy Rights Act (CPRA), California residents benefit from the following additional rights. We also recognize and honor Global Privacy Control (GPC) signals sent from your browser as a valid request to opt-out of sale or sharing for California residents.

For more details on what personal information we collect and how it is processed, please see the : ‘What personal information we collect and why we use it’ section.

Children's privacy

OpenText encourages parents and guardians to take an active role in their children's online activities. Our services are not aimed at people under 18 and OpenText does not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe that we may have collected personal information from someone under the age of 13 (or the applicable age of consent as per jurisdiction) without proper consent, please submit your request in writing to the address found in the Contact Information section.

Contact information & Filing a complaint

If you have questions regarding this privacy policy or our privacy practices,

• please contact OpenText’s Data Protection Officer or OpenText Global Data Privacy Department at DPO@opentext.com or
• write to the OpenText entity of which you are a customer or interacting with, at the following addresses available at: Worldwide office locations | OpenText

To exercise your rights regarding your personal information please fill out this Data Subject Request Form or email us at DPO@opentext.com, or call our toll free number 1-866-397-0207.

Alternatively, you may contact the OpenText’s nearest office based on your place of residence or any other location you deem appropriate.

Open Text will request certain verification information from individuals for both access and deletion requests made under the CCPA as amended, to ascertain that any received request is valid. You can also designate an authorized agent to submit requests to exercise your data protection rights to OpenText. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

When you contact us, please indicate in which country and/or state you reside.

Furthermore, if you think your rights as stated in this privacy policy or under applicable data protection laws have been violated, please contact us. We will review the matter and work to resolve any complaints or disputes regarding the use or disclosure of personal information in line with this policy and applicable law. You can at any time, to the extent required by applicable law, lodge a complaint with a competent data protection authority.

OpenText corporate headquarters are located at: 275 Frank Tompa Drive Waterloo, ON N2L 0A1 Canada

Changes to this privacy policy

OpenText may update this policy from time to time. If we modify this policy, we will post the revised version on this page. You should review this page periodically for updates.

If we make a change that materially affects your rights or, to the extent permitted by the applicable law, materially changes how or why we use personal information, we will notify you by way of a prominent notice or pop-up on our Website, or other appropriate means.

Note: In addition to the entities referenced above, this policy applies to:

• The products and services of Total Defense, LLC (formerly known as Total Defense, Inc.), a subsidiary of Open Text Corporation, including its Total Defense Mobile Security product; and
• The products and services of Webroot, LLC (formerly known as Webroot Inc.), a subsidiary of Open Text Corporation, including its Webroot Mobile Security and Webroot for Chromebook.

This policy was last updated April 2026.