Avaya’s Commitment to Global Privacy

In order to provide our services effectively and timely, Avaya often has to process personal data (which most comprehensive privacy laws define as information that is directly or indirectly relatable to natural persons, usually referred to as “data subjects”) of its Customers. This may be the case, for example, when a Customer opens a troubleshooting ticket with Avaya or when Avaya has to remotely access Customer’s systems, e.g., to set up a new user, etc. Often the processed categories of personal data are limited to business contact details of personnel managing the relationship with Avaya and users of Customer telecommunication systems, but in some occasions it may become necessary (in particular, for troubleshooting or system management purposes) to access data stored on Customer systems, which may potentially contain identifiers, such as unique user IDs, names, phone numbers, IP addresses, configuration details, usage logs and other information on the persons whose data our customers are processing within the systems.

Avaya takes a proactive approach to help its Customers in meeting their compliance obligations. The key areas of support include:

1. Contractual Commitments – Data Processing Addendum (DPA)
   Avaya offers a (global) Data Processing Addendum to address contractual privacy requirements. This document provides Customers with clear contractual rights and ensures they maintain control over any personal data processed by Avaya on their behalf.
   
   
2. Security of Processing
   Protecting data is a top priority. Avaya uses skilled professionals and industry-standard practices to protect all entrusted data across cloud, remote, and on-premises solutions. For more details on our security practices, please see our Security Trust Center.
   
   Avaya also maintains a Data Breach Incident Response Team (DBIRT) that provides leadership and coordination in the event of a data breach or security incident. This cross-functional team’s specific purpose is to efficiently and effectively respond to data breaches, incidents and suspicions to minimize their impact on Avaya or third parties, including Avaya’s Customers.
   
   
3. Privacy by Design and Default
   Avaya’s products are built with privacy in mind. Whether cloud-based or on-premises, our solutions are designed to support compliance with “privacy by design and default” principles. We also work closely with Customers to fine-tune system settings and configurations for maximum privacy protection that meet our Customers’ requirements.
   
   
4. Support for Data Subject Rights
   Many data privacy regulations grant individuals rights such as access, correction, and erasure of their personal data. As a data processor, Avaya assists Customers in fulfilling these obligations by providing technical and organizational tools embedded in our solutions.
   
   When a Customer cannot address a data subject request independently, Avaya will assist -upon written request and where legally permitted - in responding to such requests in accordance with applicable laws. Any direct requests Avaya receives from data subjects will be promptly forwarded to the relevant Customer.
   
   
5. International Data Transfers
   As a global company, Avaya supports international service delivery through a network of worldwide locations and a global workforce, which usually requires international transfers within and outside of the Avaya group. To safeguard such cross-border data flows Avaya has implemented various safeguards, including Binding Corporate Rules (BCRs) for group-internal transfers, which have been approved by the European data protection authorities, reflecting Avaya’s consistent, high-standard approach to data protection - regardless of where data is processed.

For more information regarding compliance with Canadian privacy regulations, please see the following resources or click here for information in French.

• Avaya Canadian Privacy Laws Compliance Guide
• Freedom of Information, Protection of Privacy Act (Ontario)
• Personal Health Information Protection Act (Ontario)

Please click here for more information in Chinese / 请点击此处获取更多中文信息。

To learn more about Avaya’s global privacy approach, please visit the Avaya Trust Center. For support or privacy-related inquiries, please contact your Avaya representative or the Avaya Global Privacy Office.