Postal Address: Avaya UK,Building 1000,
Cathedral Square, Cathedral Hill, Guildford,
Surrey GU2 7YL, United Kingdom
If you have any questions or concerns regarding the privacy of medical data, please contact us at firstname.lastname@example.org
California Consumer Privacy Act (“CCPA”) is a new law in California, which provides a robust and coherent statutory framework for the protection of “Personal Information” (i.e., any information relating to an identified or identifiable natural person or household – California resident (“Consumer”). It applies as from January 1, 2020. CCPA marks a paradigm shift in how companies handle and protect Personal Information by giving Consumers control and very strong rights over their Personal Information.
CCPA applies to businesses that do business in California and, although not explicitly mentioned, CCPA appears to be applicable to a business established outside of California if it collects and / or sells California Consumers Personal Information while conducting business in California. Therefore, depending on the specific business case, it may not only apply to Avaya Inc. (legal entity established in California and doing business within the U.S.), but also to other Avaya worldwide affiliates when they process Personal Information of California residents, irrespective of where such Avaya affiliates are located.
In providing many of the services to its customers (“businesses”) Avaya processes Personal Information on their behalf and acts as a“service provider.” Therefore, security, privacy and integrity are critical to Avaya and our relationships with our customers. We are committed to building on our experience to help our customers to comply with CCPA through leading edge technology solutions that enhance privacy, as well as cloud solutions that aim to deliver both security and privacy.
In the event Avaya acts as a “business” and on its own determines the purposes and means of the processing, it will comply with all necessary requirements stipulated by CCPA, including the fulfillment of Consumers’ legitimate requests. Such rights granted to Consumers will be disclosed in the comprehensive Privacy Statements (e.g., Privacy Statements for Avaya products where Avaya acts a “business” can be found here; Privacy Statement relevant to Avaya websites is accessible here, etc.) and/or on time Privacy Notices to be shown to Consumers at or before the point their Personal Information will be collected by Avaya.
Avaya has worked on a number of different areas to enable its customers to be CCPA-compliant when relying on Avaya solutions. Here are the most relevant:
Many of the services Avaya offers to its customers will include certain “processing on behalf”. Therefore, in order to facilitate CCPA compliance for its customers, Avaya has prepared a Data Processing Addendum (“DPA”). The DPA fulfils all the legal requirements mandated by the CCPA and has been drafted for the benefit of Avaya customers to help them to comply with CCPA.
What is Covered under the Avaya DPA?
The DPA assures that, with regard to the Personal Data Avaya processes on behalf of its customers, Avaya shall:
How to Execute the Avaya DPA?
Click on this hyperlink which will take you to our e-signature provider DocuSign and the actual DPA. The document has already been pre-signed by Avaya Inc., therefore, once you have countersigned the DPA in accordance with the instructions, you will automatically receive a copy of the fully executed document for your records.
Further Information Relevant to the Execution of the DPA
Within the execution of the DPA via DocuSign, you will be asked to provide your name and email address for the sole purpose of verifying you as representative of a countersigning party. Besides Avaya, the recipient of such Personal Information (including information identifying your connection data, such as IP address) will be sent to DocuSign Inc., having offices at 221 Main St., Suite 1000, San Francisco, CA 94105, and its sub-processors. The verification of the countersigning party will be stored as long as the DPA remains in force and / or to comply with statutory retention periods. Please also refer to our Website Privacy Statement and DocuSign Privacy Statement for more information.
If you have any questions regarding the above instructions or provisions of the DPA, you may contact Avaya Global Privacy Office at email@example.com.
Data security is a top priority for Avaya, just as it is for Avaya customers. Avaya has highly-skilled professionals to help ensure processing of information and Personal Information under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.
Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its customers to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you are able to use our solutions in the most privacy-enhancing ways.
An overview of privacy-related security controls and available methods of access and handling of various types of Personal Data within Avaya products as well as instructions on how to locate the Product Privacy Statements for such Avaya branded products in the portfolio are available on our Privacy Within Our Products page.
The vast majority of the services Avaya offers to its customers will be treated as a “processing on behalf”. Therefore, when Avaya it acts as a “service provider” on behalf of its customers (i.e., “businesses”) it will assist them by appropriate technical and organizational measures (and respective privacy features embedded within Avaya solutions), insofar as this is possible, for the fulfilment of customers’ obligation to respond to legitimate Consumers’ requests under the CCPA. In addition, to the extent customer, in its use of the services and / or products and / or other technology solutions provided by Avaya, does not have the ability to address the Consumer’s request, Avaya will (upon customer’s written request) assist customer in responding to the Consumer request, to the extent Avaya is legally permitted to do so and the response to such Consumer’s request is required under CCPA (please direct any such requests to firstname.lastname@example.org). If Avaya receives a request from a Consumer directly, it will promptly notify the customer so the company could take appropriate action with regards to the request.
Avaya does not sell Personal Information collected about Consumers to third parties. In the event Avaya decides to change this approach, it will notify its (i) customers (and modify applicable agreements, if required) and (ii) Consumers via applicable Privacy Statement / Notice to be shown to the Consumers at or before the time of collection of their Personal Information.
Please let us know if you have any questions with respect to Avaya and CCPA or need support for your Personal Information handling activities. You may contact your local Avaya representative or reach out directly to Avaya Global Privacy Office at email@example.com and we will address all your questions and support your individual needs.
Revised: January 2020