The General Data Protection Law (Law 13.709/2018, Lei Geral de Proteção de Dados – “LGPD”) is a federal law on privacy and data protection in Brazil, providing a robust and coherent legal framework for the protection of "Personal Data", defined as any information relating to an identified or identifiable natural person. Enacted in 2018, the LGPD came into force in 2020 and had its origin strongly influenced by the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”), seeking to bring greater control to the individuals about the use of their Personal Data.
LGPD applies to all companies that carry out activities involving the processing of Personal Data in Brazil, or when the purposes of its Personal Data processing activity correspond in the offer or supply of goods and services to individuals located in Brazil. Thus, LGPD applies to Avaya’s legal entity located in Brazil, as well as to Avaya worldwide affiliates/subsidiaries when they fit the application scenario previously described, regardless of where Avaya affiliates/subsidiaries are located.
By providing many of the services to its Customers ("Data Controllers") Avaya processes Personal Data on their behalf, acting as a "Data Processor”. Therefore, privacy, security, and integrity are priorities for Avaya and our relationships with our Customers. We are committed to building on our experience to assist our Customers in meeting their legal obligations under LGPD, where applicable, through leading edge technology solutions that enhance privacy, as well as cloud solutions that aim to deliver both security and privacy.
If Avaya acts for its own purposes as a Data Controller in the processing of Personal Data, it will comply with all necessary requirements stipulated by LGPD, ensuring due transparency to the Data Subjects involved and enabling them to exercise their respective rights.
Avaya has worked on a number of different areas to enable its Customers to be LGPD-compliant when relying on Avaya solutions. Here are the most relevant:
I. Contractual Commitment to Privacy – Data Processing Addendum
Many of the services Avaya offers to its Customers will include certain “processing on behalf”. Therefore, in order to facilitate LGPD compliance for its Customers, Avaya has prepared a Data Processing Addendum (“DPA”). The DPA was drafted considering the best practices of privacy and data protection regulation, specially to meet the obligations on LGPD, as well as for the benefit of Avaya Customers to help them to comply with LGPD.
What is covered under the Avaya DPA?
The DPA assures that, with regard to the Personal Data Avaya processes on behalf of its Customers, Avaya shall:
How to Execute the Avaya DPA?
Click on this hyperlink which will take you to our e-signature provider DocuSign and the actual DPA. The document has already been pre-signed by Avaya Brasil LTDA, therefore, once you have countersigned the DPA in accordance with the instructions, you will automatically receive a copy of the fully executed document for your records.
Further Information Relevant to the Execution of the DPA
Within the execution of the DPA via DocuSign, you will be asked to provide your name and email address for the sole purpose of verifying you as representative of a countersigning party. Besides Avaya, the recipient of such Personal Data (including information identifying your connection data, such as IP address) will be sent to DocuSign Inc., having offices at 221 Main St., Suite 1000, San Francisco, CA 94105, and its sub-processors. The verification of the countersigning party will be stored as long as the DPA remains in force and / or to comply with statutory retention periods. Please also refer to our Website Privacy Statement and DocuSign Privacy Statement for more information.
II. Security of Processing
Data security is a top priority for Avaya, just as it is for Avaya Customers. Avaya has highly-skilled professionals to help ensure processing of information and Personal Data under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.
III. Privacy by Design and by Default
Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its Customers to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you are able to use our solutions in the most privacy-enhancing ways.
An overview of privacy-related security controls and available methods of access and handling of various types of Personal Data within Avaya products as well as instructions on how to locate the Product Privacy Statements for such Avaya branded products in the portfolio are available on our Privacy Within Our Products page.
IV. Assistance in Fulfilment Data Subject’s Rights
The vast majority of the services Avaya offers to its customers will be treated as a “processing on behalf”. Therefore, when Avaya acts as a Data Processor on behalf of its Customers (i.e., Data Controllers) it will assist them by appropriate technical and organizational measures (and respective privacy features embedded within Avaya solutions – see our Privacy Within Our Products page for more information), insofar as this is possible, for the fulfilment of Customers’ obligation to respond to legitimate data subjects’ requests under the LGPD. In addition, to the extent Customer, in its use of the services and / or products and / or other technology solutions provided by Avaya, does not have the ability to address the data subject’s request, Avaya will (upon Customer’s written request) assist Customer in responding to such a request, to the extent Avaya is legally permitted to do so and the response to such data subject’s request is required under LGPD. If Avaya receives a request from a data subject directly, it will promptly notify Customer so the company could take appropriate action with regards to the request.
If you have any questions with respect to Avaya and LGPD or need support for your Personal Data handling activities, you may contact your local Avaya representative or reach out directly to Avaya’s Global Privacy Office.