Citrix Data Processing Addendum

Citrix is committed to protecting the personal information you share with us.  This Data Processing Addendum (DPA) describes the privacy practices Citrix applies to any personal information processed on your behalf by Citrix when providing Citrix Cloud services, technical support services or consulting services (“Services”). This DPA is part of the Citrix EULA, EUSA or services agreement applicable to the Services (“Agreement”), does not require execution, and applies to all new orders for Services placed under the Agreement on or after May 27, 2020 (unless otherwise specified in the order for Services).  The Citrix EU Standard Contractual Clauses may be executed at your option.

Frequently Asked Questions

Yes. It applies to all personal information as defined in the DPA or under applicable data protection laws on a global basis, including from residents of the European Economic Area.

No. The DPA is incorporated by reference into the Agreement and applies to orders of Services under the Agreement placed on or after May 27, 2020.

Yes, the SCCs are incorporated by reference for applicable international transfers. For customers who would like to also formally execute SCCs, an executable version is available by following a few simple steps:

  1. Go to and Sign In to your Citrix My Account,
  2. Click “View Standard Contractual Clauses” on the left side, and
  3. Click “Accept” to complete the SCCs electronically.

If you enter into an agreement for Services directly with Citrix, then this DPA applies.  Otherwise, only the terms of your contract with the Citrix Partner apply.

No, Citrix has a specific Partner DPA that governs transactions between Citrix and our Partners, which is incorporated by reference into the applicable Partner Program Guides.

Former Data Protection Agreements (March 21, 2018)