General privacy statement
At Avaya, we take great care in collecting, processing, and safeguarding all personal data.
Explore general privacy statement
This General Privacy Statement (“Statement”) describes how Avaya LLC (350 Mt. Kemble Avenue, Morristown, NJ 07960, USA), and its subsidiaries / affiliates (collectively, "Company" "us," "we," or "our") collects, uses, discloses, and stores your information in certain contexts. We primarily handle Personal Data (as defined below) as a “Processor” or “Service Provider” to provide services on behalf of our business customers. We handle only limited Personal Data as a “Controller,” such as information about our business customers’, channel partners’, prospects’ and supplier’s personnel and other persons interacting with us that we collect through our websites, social media accounts, and mobile applications (collectively, our “Digital Properties”), events (including in-person), competitions and other promotions and through other online and offline interactions including email communication (for example, if you negotiate a contract on behalf of one our client companies, which you represent) or that we may need to process for licensing purposes. This Statement applies to Personal Data that we handle as a Controller. We will provide you with additional privacy statement(s) where necessary.
When we handle Personal Data on behalf of and under instructions of our business customers (as their Processor or Service Provider), we are bound by contractual obligations and this Statement does not apply. We do not control and are not responsible for our customers’ privacy and data collection practices. This Statement also does not apply to job applicants or our personnel.
Changes: We may update this Statement from time to time. Any updated Statement will be effective when posted. Please check this Statement periodically for updates. If any of the changes are unacceptable to you, please stop interacting with us. When required under applicable law, we will notify you of any changes to this Statement by posting an update on the Digital Properties.
Sources of Personal Data
“Personal Data” is any information relating to an identified or identifiable natural person and in some jurisdictions, information relating to an identified or identifiable household.
We collect Personal Data about you from the following sources:
- Directly from you. We may collect Personal Data you provide to us directly, such as when you contact us through our Digital Properties, interact with us in person at tradeshows, sign up for offers or newsletters, communicate with us (e.g., by email), place, receive or customize orders, or sign up for an account or other services.
- From the company you are working for. When you interact with Avaya in your professional role or use Avaya software or services, we may collect Personal Data about you from the company you’re working for, such as when your colleagues provide your professional contact details to us, when we need to contact you in context of a business relationship or when licensing software.
- Data collected automatically and through tracking technologies. We may automatically collect information or inferences about you, such as through cookies and other tracking technologies. This may include information about how you use and interact with our Digital Properties or otherwise interact with us, information from and about your device, internet usage information, and Digital Property activity, such as the type of device you use to access our Digital Properties, its operating system, which parts of our website you spend the most time on, which links you click on, and which websites you navigate from or to when visiting our Digital Properties. For more information about cookies and other device data, please see Section 6 below.
- From third parties. We may collect Personal Data from third parties, such as service and content providers, Technology partners, data brokers, social media companies, or other third with whom we interact.
- From publicly available sources. We may collect Persona Data about you from publicly available sources, such as public profiles and websites.
We may combine and use information and make inferences from information that we receive from the various sources described in this Statement, including third party sources. We use and disclose the combined information and inferences for the purposes identified below.
Types of Personal Data We Collect
Depending on your interaction with Avaya, we may collect the following types of Personal Data:
- Identifiers, such as your name, email address, physical address, telephone number, business contact information, account number, and device identifiers (e.g., cookie IDs and IP address).
- Business Contact Records, such as signatures.
- Protected class and demographic information, such as gender.
- Commercial information, such as purchase or subscription information, information about products and services you or the business you represent order or are interested in, b2b payment details, delivery details, and other commercial or financial information; and legal information, such as fraud checks or flags raised about your transactions, complaints and information related to their resolution, as well as legal requests and communications, such as those we may have with you, whether they are relating to a transaction or not.
- Internet or other electronic network activity information, such as your browsing history, search history, information regarding your interactions with and use of the Digital Properties, email metrics (e.g., when you open an email or click on a link inside the email, as well as records of form submissions on landing pages of our websites) and email preferences (i.e., when you choose an option on email preference center or unsubscribe from marketing emails).
- Non-precise geolocation data, such as your location as derived from your IP address.
- Audio, electronic, visual, or other sensory information, such as photographs and audio/video recordings.
- Professional or employment-related information, such as job title, organization, professional licenses, credentials, professional specialty, professional affiliations, or other professional information.
- Inferences drawn from any of the information we collect to assess the level of interest in our products and services based on frequency of visits and contact, evaluate the industries showing interest in our products and services based on IP address (where we can infer your approximate location to improve our communications to you), and determine your preferred frequency for receiving offers.
How We Use Personal Data
We may use Personal Data for the following purposes:
- To provide you or your company with products and services, such as providing and delivering you the goods and services you or the company that you represent requests; providing customer service; processing or fulfilling orders and transactions; verifying customer information; processing payments; communicating with you about your product, service or subscription; hosting informational webinars; verifying eligibility for certain programs or benefits; responding to requests, complaints, and inquiries; and providing similar services or otherwise facilitating your relationship with us.
- For our internal business purposes, such as maintaining or servicing accounts; operating our Digital Properties and customizing the content; maintaining internal business records; enforcing our policies and rules; conducting organizational analysis; completing management reporting; managing Company assets and global workforce; undertaking work planning, both administratively and organizationally (including work schedules and billing of clients); project management; auditing; maintaining records on business activities, such as accounting, commercial, procurement, document management and other similar activities; budgeting; real estate management; IT administration of our technologies, network, and intranet; and IT security management and tasks.
- For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products and services; designing new products and services; customizing advertisements to you; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
- For legal, safety or security reasons, such as complying with legal requirements; complying with reporting and similar requirements; investigating and responding to claims against the Company and its customers; for the establishment, exercise or defense of legal claims we may have against you/the company you represent or pursue together with you/the company you represent, whether in court proceedings or in administrative or out-of-court procedure; completing due diligence (such as in connection with a corporate transaction); protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity.
- In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change.
- For marketing, such as marketing products or services available from us. For example, we may use collected Personal Data to send you newsletters, surveys, questionnaires, promotions, or invites to events or webinars and analyze your reaction to emails sent and content viewed, as well as to identify anonymous visitors across devices and sites, to identify (lookalike) audiences to better target our advertising. You can manage your communication preferences here (if you represent an authorized Avaya Channel Partner, click here) or unsubscribe to our email marketing via the link in the concerned email.
We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.
How We Disclose Personal Data
We may disclose Personal Data to third parties, including to the categories of recipients described below:
- Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.
- Service providers that work on our behalf to provide the products and services you request or that support our relationship with you, such as IT providers, companies that provide business support services, financial administration and event organization.
- Professional consultants, such as accountants, lawyers, and financial advisors.
- Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
- Law enforcement or other government agencies, for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements; to enforce or apply our agreements; and to protect our, your, our customers’, or other third parties' safety, property or rights.
- With other entities in connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.
- Channel partners such as our Distributors, Resellers and Direct Partners, e.g., when you request an offer for our products and services in countries that are not supported directly by us or for delivering or licensing products and services obtained through an Avaya channel partner.
- Technology partners such as companies that operate cookies and other online tracking technologies.
- Entities to which you have consented to the disclosure.
Where recipients use your Personal Data for their own purposes independently from us, we are not responsible for their privacy practices or personal data processing policies. Please consult the privacy statements of those third-parties for details on their practices.
Your Data Protection Rights
Depending on the applicable data protection laws, you may have various rights, such as: right of access, right to rectification, restriction of processing, right to erasure (right to be forgotten), right to data portability, object to the processing, right not to be subject to an automated individual decision making, right to withdraw your consent etc. When exercising your rights please note that we may request specific information from you to enable us to confirm your identity so we can fulfil your rights. Please also note that your rights are not absolute and might be subject to certain limitations prescribed by law. To exercise your privacy right, please contact the Avaya Global Privacy Office (for contact details please see Section 12 below).
If you have a complaint about privacy practices at Avaya, please contact the Avaya Global Privacy Office (for contact details please see Section 12 below). You may also lodge a complaint with respective supervisory authority and/or bring proceedings before a court of competent jurisdiction in accordance with the applicable data protection laws.
Cookies and Other Tracking Technologies
We may collect technical information from and about your device (such as your browser type, operating system, IP address, and domain name) via cookies and other tracking technologies. Please see our Website Cookie Statement for more details.
Data Security and Data Retention
We maintain reasonable security procedures and technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, disclosure or use.
Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your Personal Data to provide you or your company with the products or services requested and interact with you; maintain our business relationship with you or your company; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you or your company has terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, in order to demonstrate our business practices and contractual obligations, or to provide you with information about our products and services in case of interest. If you would like to know more about the retention periods applicable to your Personal Data, you can contact us using details provided in Section 12 below.
International data transfers
Avaya reserves the right to process personal data globally and share it with recipient listed in Section 4, therefore, personal data that you submit to us / we process may be transferred to countries outside of your country/region. In such event Avaya will ensure that the export of your personal data is adequately protected under applicable laws and regulations.
Internal transfers of personal data between Avaya affiliates/subsidiaries will be governed by Avaya Binding Corporate Rules.
Children's Privacy
Our Digital Properties are intended for individuals 18 years of age and older. The Digital Properties are not directed at, marketed to, nor intended for, children under 18 years of age. As a general rule, we do not knowingly collect any information, including Personal Data, from children under 18 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the address in Section 12 below, and we will take prompt steps to delete the information.
External Links
Our Digital Properties may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements or sponsor information. We are not responsible for the privacy practices or data collection policies of such third-party services. Please consult the privacy statements of those third-party services for details on their practices.
Interpretation of this Statement
Any interpretation of this Statement will be done by the Avaya Global Privacy Officer. This Statement does not create or confer upon any individual any rights or impose upon Avaya any obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to such individual's Personal Data. Should there be, in a specific case, any inconsistency between this website privacy statement and such privacy laws, this Statement shall be interpreted to comply with such privacy laws.
Contact Information
If you have questions regarding this Statement or how the Company uses your Personal Data, please contact the Avaya Global Privacy Office.
Supplemental Information for California Residents
- Rights Concerning Personal Data
California residents may have the following rights concerning collection, use, sharing, and deletion of Personal Data:
- Right to Know. You have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and the categories of third parties with whom we have shared, sold, or disclosed your Personal Data, as well as the specific pieces of Personal Data we have collected about you.
- Right to Delete. You have the right to request that we delete Personal Data that we have collected from you.
- Right to Correct. You have the right to request that we correct inaccurate Personal Data that we maintain about you.
- Right to Opt Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your Personal Data.
California residents may exercise the Right to Know, the Right to Delete, and the Right to Correct via our web-form, by emailing us at dataprivacy@avaya.com, or by calling us at +1-800-213-9919 and leaving a voice mail.
Avaya does not sell Personal Data. In the preceding 12 months term Avaya has not “sold” personal information collected about the consumers. With respect to “sharing” of Personal Data automatically collected online through cookies and other tracking technologies, please see our Website Cookie Statement which describes how to control the use cookies.
Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases, we will collect some or all of the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are. We will inform you if we need such information.
Authorized Agents: Authorized agents may exercise rights on behalf of you by submitting a request via dataprivacy@avaya.com and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of you by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.
Timing: We will respond to Right to Delete, Right to Correct, and Right to Know requests within 45 days unless we need more time, in which case we will notify you and may take up to 90 days total to respond to your request.
- Additional Data Processing Disclosures
In addition to the disclosures in the Sections above, this Section provides supplemental information about how we process Personal Data.
Disclosure of Personal Data
Although we have not "sold" Personal Data for money in the past 12 months, we engage in routine practices with our Digital Properties involving third parties that could be considered a "sale" or “sharing” as defined under California law.
We allow third parties to control the collection of Personal Data through the use of cookies and other online tracking technologies. These third parties use the data to help us analyze how visitors use our Digital Properties, understand your interests and preferences, and personalize advertisements to those interests and preferences. For more information on our use of cookies and other online tracking technologies, please see our Website Cookie Statement.
Below please find a chart detailing the categories of Personal Data we have sold, shared, or disclosed and the categories of third parties with whom each category was sold, shared, or disclosed in the past 12 months:
Categories of Personal Data We Collect
Categories of Third Parties With Whom We Disclose Personal Data for a Business or Commercial Purpose
Categories of Third Parties to Whom Personal Data is Sold or Shared
Identifiers (Section 2.A)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Channel partners
- Technology partners
Personal information subject to the California Customer Records Act (Section 2.B)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Characteristics of protected classifications under California or federal law (Section 2.C)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Commercial information (Section 2.D)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Internet or other electronic network activity (Section 2.E)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Geolocation data (Section 2.F)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Audio, electronic, visual, olfactory, or similar information (Section 2.G)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Entities to which you have consented to the disclosure
- Not shared
Professional or employment-related information (Section 2.H)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Entities to which you have consented to the disclosure
- Not shared
Inferences (Section 2.I)
- Affiliates and subsidiaries
- Service providers
- Professional consultants
- Vendors necessary to complete transactions you request
- For legal, security, and safety purposes
- In connection with a corporate transaction
- Technology partners
- Entities to which you have consented to the disclosure
- Vendors necessary to complete transactions you request
- Technology partners
Financial Incentives
For more information about financial incentives we may offer, please see here.
Supplemental information for the EEA, Switzerland and the UK
The following terms supplement the above disclosures with respect to our processing of European Economic Area (i.e., European Union Member States, Iceland, Liechtenstein and Norway) (“EEA”), Swiss and UK Personal Data. To the extent applicable, in the event of any conflict or inconsistency between the other parts of the Statement and the terms of this Section 14, this Section 14 shall govern and prevail with regards to the processing of EEA, Swiss and UK Personal Data.
Data Controller
Unless otherwise specified, the entity responsible for the processing of your Personal Data and acting as the controller is the Avaya Group entity with which you have a primary relationship, such as the entity that entered into the sales, service, or supply contract with you, the entity that provided you with marketing or promotional materials and communications, the entity in the country for which we created a local website, or the entity whose representatives you have been communicating with.
Legal Bases for Processing
We rely on the following legal grounds for the collection, use, and other processing of your Personal Data:
A. Processing Purpose: To provide you or your company with products and services.
- Legal Bases:
- Performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
- Compliance with a legal or statutory obligation to which we are subject.
- Legitimate interests as set out in Section 3 above.
- Your consent, when appropriate.
B. Processing Purpose: For our internal business purposes.
- Legal Bases:
- Performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
- Compliance with a legal or statutory obligation to which we are subject.
- Legitimate interests as set out in Section 3 above.
- Your consent, when appropriate.
C. Processing Purpose: For our internal research and product improvement purposes.
- Legal Bases:
- Legitimate interests as set out in Section 3 above.
- Your consent, when appropriate.
D. Processing Purpose: For legal, safety or security reasons.
- Legal Bases:
- Performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
- Compliance with a legal or statutory obligation to which we are subject.
- Legitimate interests as set out in Section 3 above.
- Establishment, exercise or defense of legal claims.
- Protection of vital interests.
- Your consent, when appropriate.
E. Processing Purpose: In connection with a corporate transaction.
- Legal Bases:
- Legitimate interests as set out in Section 3 above.
- Your consent, when appropriate.
F. Processing Purpose: For marketing.
- Legal Bases:
- Legitimate interests as set out in Section 3 above.
- Your consent, when appropriate.
Your Data Protection Rights
Under the conditions set by applicable data protection laws, you may exercise certain rights regarding your Personal Data.
- Right to Access. You have the right to obtain confirmation from us whether we are processing your Personal Data and related information, as well as the right to obtain a copy of your Personal Data undergoing processing.
- Right to Data Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format.
- Right to Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.
- Right to Objection. You have the right to object to the processing of your Personal Data in certain cases.
- Right to Restrict Processing. You may request that we restrict the processing of your Personal Data in certain cases.
- Right to Erasure. You may request that we erase your Personal Data in certain cases.
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in the country where you reside or where the conduct that is the subject of the complaint occurred.
- Right to Refuse or Withdraw Consent. In case we ask for your consent to process your Personal Data, you are free to refuse to give it. If you have given your consent, you may withdraw it at any time without any adverse consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.
- Right to Not Be Subject to Automated Decision-making. You have the right to not to be subject to a decision based solely on automated processing and to be given more information about why any such decision was made.
International Transfers of Personal Data
Due to the global nature of our operations, some of the recipients mentioned in Section 4 of the Statement may be located in countries outside the EEA, Switzerland or the UK that do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland and the UK. Certain third countries, such as Canada, Republic of Korea and Japan, have been officially recognized by the European Commission and UK Secretary of State as providing an adequate level of protection. International transfers of Personal data (i) within Avaya Group entities are subject to the Avaya Binding Corporate Rules (Controller Policy) and (ii) to third parties located in third countries that do not provide an adequate level of data protection are subject to acceptable data transfer mechanism, such as the European Union and/or the United Kingdom Standard Contractual Clauses (for Switzerland in conjunction with the necessary amendments), or any other valid data transfer mechanism issued by the European Economic Area, Switzerland or the United Kingdom authorities. The group-external recipients of Personal Data in scope of the Swiss Data Protection Act are located in Argentina, the United States of America, Belarus, India and Colombia.
Supplemental information for Japan
The following terms supplement the above disclosures with respect to our processing of Japanese Personal Information as defined under the Japanese Act on the Protection of Personal Information (“Personal Data” for the purpose of this statement). To the extent applicable, in the event of any conflict or inconsistency between the other parts of the Statement and the terms of this Section 15 shall govern and prevail with regards to the processing of Japanese Personal Data.
Provision to third parties
We may disclose Personal Data to third parties in order to outsource to the extent necessary for the purpose of use described in Section 3 above, and may disclose Personal Data to third parties without your consent to the extent permitted by laws.
(1) Joint use of Personal Data
Items to be jointly used: company name, address, affiliation, title, individual name, email address, phone number, etc.
Scope of joint users: The Avaya Group entities
Purpose of joint use: Within the scope of the purposes of use of Personal Data described above.
Administrator for the joint use: Avaya Japan Co., Ltd.
Security control measures for personal information
(1) Organizational security control measures
We will appoint a person responsible for the handling of Personal Data, clarify the scope of Personal Data and persons who handle Personal Data, and establish a system for reporting to a person in charge in the event of a violation of the Act on the Protection of Personal Information or internal regulations.
(2) Personnel security control measures
We impose an obligation on employees to maintain the confidentiality of Personal Data and provide regular training regarding the Act on the Protection of Personal Information.
(3) Physical security control measures
In addition to managing persons entering and leaving the areas where Personal Data is handled, we also implement physical security control measures to prevent Personal Data from being viewed by unauthorized persons, such as locking storage locations.
(4) Technological security control measures
We will take appropriate information security measures such as measures against unauthorized access, computer virus and other malicious programs.
(5) Understanding the external environment
We will take necessary and appropriate measures of handling Personal Data in overseas Avaya Group entities.
Disclosure of retained Personal Data to the individual, etc.
The individual has the right to request disclosure, correction, addition, deletion, or suspension of use of Personal Data held by the Company. When we are requested to disclose Personal Data we retain, we will confirm the necessary facts, and if it turns out that there is a reason for the request, we will verify your identity. When disclosing, etc., we may charge a reasonable fee to you per processing your request.
Continuous improvement
We regularly review the operational status regarding the protection of Personal Data and strive for continuous improvement.
Inquiries, consultations, and complaints regarding Personal Data
In case of inquiries, consultations or complaints regarding the Personal Data Processing by Avaya, please reach out to the Avaya Global Privacy Office or the Data Privacy Officer for Japan/ Avaya Japan Ltd. Personal Information Management Committee at the contact details set out in section 12 above.
Last updated: 25 April 2024