PIPL (China Personal Information Protection Law)

On 20 August 2021 China approved the Personal Information Protection Law (“PIPL”), the first comprehensive data protection legislation in the region. The PIPL entered into effect on 1 November 2021 and established personal information processing rules, data subject rights, and obligations for personal information processors, among other things. PIPL marks a paradigm shift in how Chinese companies handle and protect personal data.
 

请点击此处查看中文版本

Security, privacy, and integrity are critical to Avaya and our relationships with our customers. Avaya has extensive knowledge in protecting personal information and helping its customers to meet their legal obligations with regards to personal information. Avaya has a long history of providing robust and secure products and services to its customers all over the world (this includes governments and other public authorities and organizations, such as financial institutions, that must meet the highest standards of security).

As per PIPL, personal information is any data that directly (via “direct identifiers”, such as name, email address) or indirectly (via “indirect identifiers”, such as, phone number, employee ID, etc.) identifies a human being (“Data Subject”).

In order to provide our services (e.g. Implementation-, Maintenance- and Managed Services) effectively and timely, Avaya has to process personal information of its customers. This may be the case, for example, when the Customer opens a troubleshooting ticket with Avaya or when Avaya has to remotely access Customer’s systems, e.g., to set up a new user. Often the processed categories of personal information are limited to business contact details of personnel managing the relationship with Avaya and users of customer telecommunication systems, but in some occasions it may become necessary (in particular, for agreed troubleshooting or management purposes) to access data stored on customer systems, which may potentially contain identifiers such as unique user IDs, names, phone numbers, IP addresses, configuration details, usage logs and other information on the persons whose data our customers are processing within the systems.

Avaya has worked on several areas to enable its customers to be PIPL-compliant when relying on Avaya solutions. Here are the most relevant:

Contractual Commitment to Privacy – Data Processing Addendum

Avaya’s Data Processing Addendum (Global) is offered to customers globally. This document fulfils the legal requirements under PIPL and gives the necessary contractual rights, so that Avaya customers are in control of the personal information entrusted to Avaya for processing. The Avaya DPA has been exclusively drafted to the benefit customers and contains Avaya’s commitments to protect the customer and its users’ privacy. The DPA can be executed electronically through our provider DocuSign here by providing the email address and the name of the signatory. A verification code will be sent by email and once the verification procedure is completed, the customer’s signatory can review the document and execute it electronically. If you’d like to execute the DPA manually, please reach out to your account representative.

Security of Processing

Data security is a top priority for Avaya, just as it is for Avaya customers. Avaya has highly skilled professionals to help ensure processing of information including personal information under its custody and responsibility is protected.

Data Protection by Design and Default

Avaya is here to advise on individual settings of your system and to work with your team to make sure you can use our solutions in the most privacy-enhancing ways. Please reach out to your account representative if you need any support.

Assistance in Fulfilment Data Subject’s Rights

PIPL contains several data subject rights (e.g., the right to erasure or correction) that can be addressed once personal information is located. When Avaya acts as a “entrusted party” on behalf of its customers (i.e., “personal information handlers”), we are happy to assist you by appropriate technical and organizational measures (and respective privacy features embedded within Avaya solutions), insofar as this is possible, for the fulfilment of customers’ obligations to respond to data subject requests. Where customers does not have the ability to address the data subject’s request directly, Avaya is happy to assist in responding to the data subject request upon request.

International Transfers 

Like many global corporations Avaya uses centralized systems and a global workforce in addition to its local resources in China to provide its services, in particular for support requests. Due to this, personal information may be transferred internationally to Avaya affiliates in the United States of America and onward to other members of the Avaya group, as well as to selected external service providers inside and outside of China (see the Avaya Trust Center for more information).

Please reach out to your account representative or to dataprivacy@avaya.com if you wish to execute the Chinese Standard Contractual Clauses as transfer safeguard, where required by law.

Please see Avaya’ Global Data Privacy Policy and the Avaya Trust Center for further information on privacy and data protection. If you have any questions about Avaya and PIPL or need support for your data handling activities, please contact your local Avaya account representative or reach out directly to the Avaya Global Privacy Office at dataprivacy@avaya.com.

Revised September 2024