Connect your employees to your customers across the channels they use most.
Automate and personalize business processes with prebuilt or customized apps.
Call, meet, message, and more—all in one app.
Connect people, tasks, tools, and more in a customizable app built for immersive collaboration.
Rely on our team of experts to help you get the most from your investment.
Consult with the experts to create your best customer journey.
Find a cloud that’s flexible, secure, and dedicated to your organization.
Explore our complete portfolio of devices for individuals and conference rooms.
See what’s next for your full-featured call center.
Explore your options for communications innovation.
Take collaboration, both inside and out, to the next level.
Move at your pace with Avaya’s hybrid cloud options.
Deliver effortless experiences for customers and employees at every touchpoint.
Help your contact center run smoothly, no matter where your employees are.
Find an Authorized Avaya Channel Partner in your part of the world.
Build new, innovative communications solutions via Avaya’s open solution platforms.
See our partnerships with leading technology companies for unique and value-adding solutions.
Explore all of the partner types and programs available at Avaya
Sell the Avaya portfolio with benefits, incentives, lead gen, training, and marketing resources.
Transition customers to the cloud fast and on budget, supported by Avaya services and features.
Stay up to date on Avaya's latest news and solutions.
Deliver innovative and complete solutions to your customers.
Get to know Avaya through our blogs. Insights on collaboration, customer experience, AI, digital.
Watch videos and listen to podcasts by topic or just browse what’s new. Interviews, solutions, how-to’s, more.
See inspiring ways companies are using Avaya solutions to change the world of work.
Look at what's new in our world—and how it benefits yours.
Engage with us in an immersive and interactive experience—on site, virtually, or a combo.
Listen in on conversations with tech innovators who are transforming the experience economy.
Learn about the privacy, compliance, and security inside Avaya solutions.
Review the terms and policies associated with Avaya software and services.
Access a full range of information and assistance for your Avaya solution.
For research and support, access our product documentation resources.
Meet Avaya experts at our events, webinars, expos, conferences and more.
In person or online, gain a full understanding of your Avaya solution and its capabilities.
We will ensure that your personal data is always protected and appropriately handled and used by Avaya.
What is data protection law?
Transparency of personal data processing activities by Avaya
How does data protection law affect Avaya internationally?
What is Avaya doing about it?
Avaya Binding Corporate Rules: Controller Policy
Avaya Binding Corporate Rules: Processor Policy
Policy update procedure
This policy describes how personal data will be processed to meet Avaya’s data protection standards and to comply with privacy laws and regulations. Instructions and/or guidelines regarding personal data processing activities at Avaya are provided to Avaya employees and contractors in internal policies.
Data protection law gives individuals certain rights in connection with the way in which their personal data is processed. If organizations do not comply with data protection law, they may be subject to sanctions and penalties imposed by the national data protection authorities and the courts. When Avaya processes personal data, this activity and the personal data in question are covered and regulated by data protection law.
When an organization processes personal data for its own purposes, that organization is deemed to be a data controller of that information and is, therefore, primarily responsible for meeting the legal requirements under data protection law.
On the other hand, when an organization processes personal data on behalf of a third party (e.g., content hosted on behalf of an Avaya customer) that organization is deemed to be a data processor of the information. In this case, the data controller of the personal data (i.e., Avaya’s customer) will be primarily responsible for meeting the legal requirements.
This policy, together with Binding Corporate Rules: Controller and Processor Policies (approved by the European data protection authorities), describes the general practices of handling personal data at Avaya. Avaya is always committed to provide transparency on all personal data processing activities and to comply with all applicable privacy laws and regulations. Due to the vast range of products and services, this is being done through various privacy statements/privacy fact sheets. Avaya, depending on its role (data controller vs. data processor), takes a layered approach to thoroughly inform its customers and/or data subjects, as applicable, about the handling of their personal data.
When Avaya is a data controller, it fulfils its transparency obligations (e.g., the kinds of personal data that Avaya collects and holds; how Avaya collects and holds personal data; the purposes for which Avaya collects, holds, uses and discloses personal data, etc.) via applicable ad hoc privacy statements. When Avaya is a data processor, it provides information to its customers (the data controllers) so that they are able to meet their transparency obligations.
Unless agreed otherwise or set out in a more specific privacy statement or privacy fact sheet, in the course of business Avaya will transfer personal data overseas to leverage its international resources, including affiliated companies and trusted third parties, for the purpose of providing requested solutions or otherwise transacting our business. This means that both personal data provided to Avaya in the role of a data controller or in the role of a data processor will be transferred internationally. This includes various types of personal data:
The latter mainly results from contractual arrangements with our customers and, in particular, their individual usage of (and input into) the solutions provided by Avaya. The types of such personal data typically include name, contact information (company, title/position, email address, phone number, physical address), connection data, location data, video/call (recordings) data, and metadata derived thereof, etc.
Further information regarding privacy within respective Avaya solutions can be found in offer/service descriptions, product privacy statements/privacy fact sheets, or on the Privacy Within Our Products page.
Many countries/regions have legislation addressing the international transfers of personal data. For instance, European data protection law prohibits the transfer of personal data to countries outside Europe4 that do not ensure an adequate level of data protection, unless the exporting entity implements one of the contractual or legal mechanisms established in the law. Some of the countries in which Avaya operates are not regarded by European data protection authorities as providing an adequate level of protection for individuals’ privacy and data protection rights.
Avaya must take proper steps to ensure that it processes personal data on an international basis in a safe and lawful manner. Avaya has implemented processes and controls to abide by these requirements. Avaya has obtained the approval from European data protection authorities and adopted its global Binding Corporate Rules: Controller and Processor Policies, which set out a framework to satisfy data protection law requirements (these policies, including their appendixes, e.g., Data Subject Right Procedure, Complaint Handling Procedure, Cooperation Procedure, Law Enforcement Data Access Procedure, etc., are incorporated herein by reference and form an integral part of this policy). Such framework shall apply to all personal data processing activities conducted by Avaya globally.
The standards described in the Avaya Binding Corporate Rules (Controller) Policy are worldwide standards that apply to all group members1 when processing any personal data for purposes of carrying out Avaya’s business activities, employment administration, and supply chain management. Below is a summary of basic data protection principles and practical commitments that Avaya must observe when it processes personal data as a data controller. They are described in detail in the aforementioned policy.
Principle 1 – Lawfulness of processing
Avaya shall ensure that all Processing is carried out in accordance with applicable laws.
Avaya shall have appropriate staff and support to ensure and oversee privacy compliance throughout the business.
Avaya shall provide appropriate privacy training to employees who have permanent or regular access to personal data, who are involved in the processing of personal data, or in the development of tools used to process personal data in accordance with the Privacy Training Program set out in Appendix 4 of its Binding Corporate Rules Controller Policy.
The standards described in the Avaya Binding Corporate Rules (Processor) Policy are worldwide standards that apply to all Group Members when Processing any Personal Data on behalf of and under the instructions from a Data Controller which is not a Group Member, such as for instance in the context of providing a service to an enterprise customer. Below is a summary of basic data protection principles and practical commitments that Avaya must observe when it Processes Personal Data as a Data Processor. They are described in detail in the aforementioned policy.
Avaya reserves the right to change, modify or update this policy at any time. Please review it frequently for any updates.
If you have any questions regarding the provisions of this policy, your rights under this policy, or any other data protection issues, please contact the Avaya Global Privacy Office.
Revised March 2023
1 “Avaya” includes Avaya LLC (350 Mt. Kemble Avenue, Morristown, NJ 07960, USA) and designated affiliates ("Group Members"), detailed list of such designated affiliates is incorporated into Avaya Binding Corporate Rules: Controller and Processor Policies by reference.
2 "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3 "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4 For the purpose of this Policy reference to "Europe" means the European Economic Area and Switzerland.