Global Binding Corporate Rules
At Avaya, we believe Binding Corporate Rules are the best way to safeguard personal data that we handle both for ourselves and our customers.
European data protection laws (in particular the General Data Protection Regulation (GDPR) that applies as from May 25, 2018) contain strict rules that must be adhered to for international transfers of personal data (i.e., data that identifies or may be used to identify an individual) to third countries outside of the European Economic Area and Switzerland that, according to the European Union legislation, do not ensure an adequate level of personal data protection. Reflecting a strong commitment to privacy and security, Avaya has obtained approval from the European Data Protection Authorities for both Controller and Processor Binding Corporate Rules. These policies are binding upon Avaya affiliates/subsidiaries and form a robust framework to satisfy data protection requirements when Avaya handles personal data on its own behalf and on behalf of its customers.
Controller Policy
The worldwide standards described in the Avaya Binding Corporate Rules Controller Policy apply to Avaya affiliates/subsidiaries when processing personal data as a controller, regardless of where such affiliates are located.
Processor Policy
The worldwide standards described in the Avaya Binding Corporate Rules Processor Policy apply to Avaya affiliates/subsidiaries when processing personal data as processor, regardless of where such affiliates are located.
Avaya Intra-Group Agreement
All Avaya affiliates that process personal data are contractually bound by an Intra-group Agreement to comply with the Binding Corporate Rules.
Further Information
For general information regarding Binding Corporate Rules and its legal effect, please refer to the official European Commission website.
Revised March 2023