European data protection laws (in particular the General Data Protection Regulation (“GDPR”) that applies as from May 25, 2018) contain strict rules that have to be adhered to for international transfers of “Personal Data” (i.e., data that identifies or may be used to identify an individual) to third countries outside of the European Economic Area and Switzerland which, according to the European Union legislation, do not ensure an adequate level of personal data protection. Reflecting a strong commitment to privacy and security, Avaya has obtained the approval from the European Data Protection Authorities for both Controller and Processor Binding Corporate Rules. These policies are binding upon Avaya affiliates / subsidiaries and form a robust framework to satisfy data protection requirements when Avaya handles Personal Data on its own behalf and on behalf of its customers.
The worldwide standards described in the Avaya Binding Corporate Rules (Controller) Policy apply to Avaya affiliates / subsidiaries when processing Personal Data as a controller, regardless of where such affiliates are located.
The worldwide standards described in the Avaya Binding Corporate Rules (Processor) Policy apply to Avaya affiliates / subsidiaries when processing Personal Data as processor, regardless of where such affiliates are located.
All Avaya affiliates that process Personal Data are contractually bound by an Intra-group Agreement to comply with the Binding Corporate Rules. A copy of this agreement may be obtained upon written request to Avaya Global Privacy Office (contact details below).
If you have any questions regarding the provisions of the Avaya Binding Corporate Rules or your rights under these policies, please contact Avaya Global Privacy Office at firstname.lastname@example.org.
For general information regarding Binding Corporate Rules and its legal effect please refer to the official European Commission website available here.
Revised: September 2021.