Global Privacy Policy

Privacy on our Website
How to Contact Us

Avaya Global Privacy Office

Email:
 
Postal Address:
Avaya UK
Building 1000, Cathedral Square, Cathedral Hill,
Guildford, Surrey GU2 7YL, United Kingdom
Koldo Loidi

“We will ensure that your personal data is protected and appropriately handled and used by Avaya. Now and in the future.”

Koldo Loidi
Global Privacy Officer


Avaya Global Privacy Policy

 

This Avaya Data Privacy Policy (Global) (“Policy”) establishes Avaya's[1] approach to compliance with data protection laws when processing[2] personal data[3]. This Policy does not replace any specific data protection requirements that might apply to a business unit or function. Where respective local laws and regulations mandate additional restrictions on the collection, use and disclosure of personal data that exceed those contained in this Policy, the local laws and regulations will prevail.

This Policy describes how personal data must be processed to meet Avaya’s data protection standards and to comply with privacy laws and regulations. Additional instructions and / or guidelines regarding personal data processing activities at Avaya are provided to Avaya employees in internal policies.

 

What is Data Protection Law?
How does Data Protection Law Affect Avaya Internationally?
What is Avaya Doing About it?
Avaya Binding Corporate Rules (Controller) Policy
Avaya Binding Corporate Rules (Processor) Policy
Legally Binding Effect of This Policy
Further Information

 

What is Data Protection Law?

Data protection law gives individuals certain rights in connection with the way in which their personal data is processed. If organizations do not comply with data protection law, they may be subject to sanctions and penalties imposed by the national data protection authorities and the courts. When Avaya processes personal data, this activity and the personal data in question are covered and regulated by data protection law.

When an organization processes personal data for its own purposes, that organization is deemed to be a "controller" of that information and is, therefore, primarily responsible for meeting the legal requirements under data protection law.

On the other hand, when an organization processes personal data on behalf of a third party (e.g., content hosted on behalf of an Avaya enterprise customer) that organization is deemed to be a "processor" of the information. In this case, the relevant controller of the personal data (i.e., the relevant third party) will be primarily responsible for meeting the legal requirements.

Top

How does Data Protection Law Affect Avaya Internationally?

European data protection law prohibits the transfer of personal data to countries outside Europe[4] that do not ensure an adequate level of data protection. Some of the countries in which Avaya operates are not regarded by European data protection authorities as providing an adequate level of protection for individuals’ privacy and data protection rights.

Top

What is Avaya Doing About it?

Avaya must take proper steps to ensure that it processes personal data on an international basis in a safe and lawful manner. Therefore, Avaya has obtained approval from European Data Protection Authorities and adopted Avaya Global Binding Corporate Rules: Controller and Processor Policies which set out a framework to satisfy data protection law requirements (these policies are incorporated herein by reference and form an integral part of this Policy). Such framework shall apply to all personal data processing activities conducted by Avaya globally.

Top

Avaya Binding Corporate Rules (Controller) Policy

The standards described in the Avaya Binding Corporate Rules (Controller) Policy are worldwide standards that apply to all Group Members when processing any personal data for purposes of carrying out Avaya’s business activities, employment administration and supplier chain management. Below is the summary of basic data protection principles that Avaya must observe when it processes personal data as a controller. Such principles (along with other data protection commitments of Avaya) are described in detail in the aforementioned policy.
 

Principle 1 – lawfulness of processing

  • Avaya will ensure that all processing is carried out in accordance with applicable laws.

Principle 2 – fairness and transparency

  • Avaya will inform and explain to individuals, at the time when their personal data is collected, how their personal data will be processed.

Principle 3 – purpose limitation

  • Avaya will only obtain and process personal data for those purposes which are known to the individual or which are within their expectations and are relevant to Avaya.
  • Avaya will only process personal data for specified, explicit and legitimate purposes and not further process that information in a manner that is incompatible with those purposes unless such further processing is consistent with the applicable law of the country in which the personal data was collected.

Principle 4 – data minimization and accuracy

  • Avaya will keep personal data accurate and up to date.
  • Avaya will only process personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Principle 5 – limited retention of personal data

  • Avaya will only keep personal data for as long as is necessary for the purposes for which it is collected and further processed.

Principle 6 – security and confidentiality

  • Avaya will implement appropriate technical and organizational measures to ensure a level of security of personal data that is appropriate to the risk for the rights and freedoms of the individuals.
  • Avaya will ensure that providers of services to Avaya also adopt appropriate and equivalent security measures.
  • Avaya will comply with data security breach notification requirements as required under applicable law.

Principle 7 – rights of individuals

  • Avaya will adhere to the data subject rights procedure and will respond to any requests from individuals to access their personal data in accordance with applicable law.
  • Avaya will also deal with requests to rectify or erase inaccurate or incomplete personal data, or to cease processing personal data in accordance with the data subject rights procedure.

Principle 8 – ensuring adequate protection for transborder transfers

  • Avaya will not transfer personal data to third parties outside Europe without ensuring adequate protection.

Principle 9 – safeguarding the use of sensitive personal data

  • Avaya will only process sensitive personal data where the individual’s explicit consent has been obtained, unless Avaya has an alternative legitimate basis for doing so consistent with the applicable law of the country in which the personal data was collected.

Principle 10 – legitimising direct marketing

  • Avaya will allow customers to opt-out of receiving marketing information.

Principle 11 – automated individual decisions

  • Individuals have the right not to be subject to a decision based solely on automated processing and to contest such decision.

Top

Avaya Binding Corporate Rules (Processor) Policy

The standards described in the Avaya Binding Corporate Rules (Processor) Policy are worldwide standards that apply to all Group Members when processing any personal data on behalf of a controller which is not a Group Member, such as for instance in the context of providing a service to a business customer. Below is the summary of basic data protection principles that Avaya must observe when it processes personal data as a processor. Such principles (along with other data protection commitments of Avaya) are described in details in the aforementioned policy.
 

Principle 1 – lawfulness of processing

  • Avaya will ensure that all processing is carried out in accordance with applicable laws.
  • Avaya will cooperate and assist a controller to comply with its obligations under applicable data protection laws and without undue delay.

Principle 2 – fairness and transparency

  • Avaya will assist a controller to comply with the requirement to inform and explain to individuals how their personal data will be processed in accordance with applicable laws.

Principle 3 – purpose limitation

  • Avaya will only process personal data on behalf of, and in accordance with, the instructions of the controller.

Principle 4 – data minimization and accuracy

  • Avaya will assist a controller to keep the personal data accurate and up to date.

Principle 5 – limited retention of personal data

  • Avaya will only keep personal data for as long as is necessary under the terms of the contract or other legally binding document with a controller.

Principle 6 – security and confidentiality

  • Avaya will implement appropriate technical and organizational measures to safeguard personal data processed on behalf of a controller.
  • Avaya will notify a controller without undue delay of any security breach affecting the personal data that is being processed on behalf of a controller in accordance with the terms of the contract or other legally binding document with that controller.
  • Avaya will comply with the requirements of a controller regarding the appointment of any sub-processor.
  • Avaya will ensure that external sub-processors undertake to comply with provisions that are consistent with (i) the terms of the contract or other legally binding document it has with a controller and (ii) Avaya Binding Corporate Rules (Processor) Policy, and in particular that the sub-processor will adopt appropriate and equivalent security measures

Principle 7 – rights of individuals

  • Avaya will assist controllers to comply with their duty to respect the rights of individuals.

In the event of a conflict between (i) the Avaya Global Binding Corporate Rules: Controller and Processor Policies and (ii) this Policy, the Avaya Global Binding Corporate Rules: Controller and Processor Policies shall prevail.

Top

Legally Binding Effect of This Policy

Group Members and their employees (including new hires, individual contractors and temporary staff) that process personal data worldwide must comply with, and respect, this Policy when processing personal data as a controller and / or processor, irrespective of the country in which they are located.

Avaya reserves the right to change, modify or update this Policy at any time. Please review it frequently for any updates.

Top

Further Information

If you have any questions regarding the provisions of this Policy, your rights under this Policy or any other data protection issues, you can contact Avaya's Data Privacy Office at the address below who will either deal with the matter or forward it to the appropriate person or department within Avaya.

Attention: Koldo Loidi – Avaya Global Privacy Officer

Email: dataprivacy@avaya.com

Address: Avaya UK, Building 1000, Cathedral Square, Cathedral Hill, Guildford, Surrey GU2 7YL, United Kingdom

 

Revised: March 2018

 


[1] “Avaya” includes Avaya Inc. and designated affiliates ("Group Members"), detailed list of such designated affiliates is incorporated into Avaya Global Binding Corporate Rules: Controller and Processor Policies  by reference. 

[2] "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

[3] "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

[4] For the purpose of this Policy reference to Europe means the EEA and Switzerland.

 

Error: There was a problem processing your request.