The European General Data Protection Regulation (“GDPR”) is a new European Union (“EU”) law, which provides a robust and coherent statutory framework for the protection of “Personal Data” (i.e., data that identifies or may be used to identify an individual). It applies as from May 25, 2018. GDPR marks a paradigm shift in how companies handle and protect Personal Data by giving EU data subjects control and very strong rights over their Personal Data.
GDPR applies to all companies operating in the EU, selling products and / or services into the EU, or monitoring the behavior of EU data subjects. It applies not only to the Avaya legal entities established in the EU, but also to the Avaya worldwide affiliates / subsidiaries when they process Personal Data of data subjects residing in the EU or monitoring their behavior, irrespective of where such Avaya affiliates are located.
Security, privacy and integrity are critical to Avaya and our relationships with our customers. Avaya has extensive knowledge in protecting Personal Data and helping its customers to meet their legal obligations with regards to Personal Data. We are committed to building on our experience to help our customers to comply with GDPR through leading edge technology solutions that enhance privacy, as well as cloud solutions that aim to deliver both security and privacy. Avaya has a long history of providing robust and secure products and services to its customers all over the world. This includes governments, other public authorities and organizations, such as financial institutions, that must meet the highest standards of security.
Avaya has worked on a number of different areas to enable its customers to be GDPR-compliant when relying on Avaya solutions. Here are the most relevant:
We stand behind you. Avaya has rolled out brand-new Data Processing Addendum (Global) and offers it to its customers globally . This document fulfils legal requirements under GDPR and gives the necessary contractual rights so that Avaya customers are in control of the Personal Data entrusted to Avaya for processing.
Data security is a top priority for Avaya, just as it is for Avaya customers. Avaya has highly-skilled professionals to help ensure processing of information and Personal Data under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.
Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its customers to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you are able to use our solutions in the most privacy-enhancing ways.
An overview of privacy-related security controls and available methods of access and handling of various types of Personal Data within Avaya products, as well as instructions on how to locate the Product Privacy Statements for such Avaya branded products in the portfolio are available here and on our Privacy Within Our Products page.
GDPR contains several data subject rights (e.g., the right to erasure or correction) that can be addressed once Personal Data is located. When Avaya acts as a “data processor” on behalf of its customers (i.e., “data controllers”), we will assist them by appropriate technical and organizational measures (and respective privacy features embedded within Avaya solutions), insofar as this is possible, for the fulfilment of customers’ obligation to respond to legitimate data subjects’ requests under GDPR. In addition, to the extent customer, in its use of the services and / or products and / or other technology solutions provided by Avaya, does not have the ability to address the data subject’s request, Avaya will (upon customer’s written request) assist customer in responding to the data subject request, to the extent Avaya is legally permitted to do so and the response to such data subject’s request is required under GDPR (please direct any such requests to email@example.com). If Avaya receives a request from a data subject directly, it will promptly notify the customer so that the company could take appropriate action with regards to the request.
Avaya is a multinational organization being able to provide world class support 24/7. To do this Avaya uses various locations around the globe. This geographic diversity means Personal Data may be processed from various international locations. Reflecting our commitment to data protection principles, Avaya has obtained the approval from the European Data Protection authorities for our Binding Corporate Rules, both as a data processor and as a data controller of Personal Data. This approval speaks for Avaya’s uniform and advanced data handing practices, regardless of whether Personal Data is processed in the EU or outside it.
Please refer to this document for additional details with regards to Avaya’s GDPR initiatives. Also, let us know if you have any questions with respect to Avaya and GDPR or need support for your data handling activities. You may contact your local Avaya representative or reach out directly to Avaya Global Privacy Office at firstname.lastname@example.org and we will address all your questions and support your individual needs.
Revised: January 2020.