GDPR and Avaya

Avaya enables its customers to meet their GDPR legal obligations when relying on Avaya solutions.

What is GDPR

The European General Data Protection Regulation (GDPR) is a European Union (EU) law that provides a robust and coherent statutory framework for the protection of personal data(i.e., data that identifies or may be used to identify an individual). It applies as from May 25, 2018. GDPR marks a paradigm shift in how companies handle and protect personal data by giving EU data subjects control and very strong rights over their personal data.

How GDPR Applies to Avaya

GDPR applies to all companies operating in the EU, selling products and/or services into the EU, or monitoring the behavior of EU data subjects. It applies not only to the Avaya legal entities established in the EU, but also to the Avaya worldwide affiliates/subsidiaries when they process personal data of data subjects residing in the EU or monitoring their behavior, irrespective of where such Avaya affiliates are located.

Avaya’s Stance Regarding GDPR

Security, privacy, and integrity are critical to Avaya and our relationships with our customers. Avaya has extensive knowledge in protecting personal data and helping its customers to meet their legal obligations with regards to personal data. We are committed to building on our experience to help our customers comply with GDPR through leading-edge technology solutions that enhance privacy, as well as cloud solutions that deliver both security and privacy. Avaya has a long history of providing robust and secure products and services to its customers all over the world. This includes governments and other public authorities and organizations, such as financial institutions, that must meet the highest standards of security.

How Avaya Helps Customers to be Compliant with GDPR

Avaya has worked on several areas to enable its customers to be GDPR-compliant when relying on Avaya solutions. Here are the most relevant:

Contractual Commitment to Privacy – Data Processing Addendum

Avaya’s Data Processing Addendum (Global) is offered to customers globally. This document fulfils legal requirements under GDPR and gives the necessary contractual rights so that Avaya customers are in control of the personal data entrusted to Avaya for processing.

Security of Processing

Data security is a top priority for Avaya, just as it is for Avaya customers. Avaya has highly-skilled professionals to help ensure processing of information and personal data under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.

Data Protection by Design and Default

Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its customers to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you can use our solutions in the most privacy-enhancing ways.

Assistance in Fulfilment Data Subject’s Rights

GDPR contains several data subject rights (e.g., the right to erasure or correction) that can be addressed once personal data is located. When Avaya acts as a data processor on behalf of its customers (i.e., data controllers), we will assist them by appropriate technical and organizational measures (and respective privacy features embedded within Avaya solutions), insofar as this is possible, for the fulfilment of customers’ obligations to respond to legitimate data subjects’ requests under GDPR.

In addition, to the extent customer, in its use of the services and/or products and/or other technology solutions provided by Avaya, does not have the ability to address the data subject’s request, Avaya will (upon customer’s written request) assist customer in responding to the data subject request, to the extent Avaya is legally permitted to do so and the response to such data subject’s request is required under GDPR (please direct any such requests to dataprivacy@avaya.com). If Avaya receives a request from a data subject directly, it will promptly notify the customer so that the company can take appropriate action.

International Transfers 

Avaya is a multinational organization able to provide world class support 24/7. To do this Avaya uses various locations around the globe. This geographic diversity means personal data may be processed from various international locations. Reflecting our commitment to data protection principles, Avaya has obtained approval from the European Data Protection authorities for our Binding Corporate Rules, both as a data processor and as a data controller of personal data. This approval speaks for Avaya’s uniform and advanced data handing practices, regardless of whether personal data is processed in the EU or outside it.

Further Information

Please refer to “Avaya and the New Privacy Landscape” for additional details about Avaya’s GDPR initiatives. Also, let us know if you have any questions about Avaya and GDPR or need support for your data handling activities. You may contact your local Avaya representative or reach out directly to the Avaya Global Privacy Office at dataprivacy@avaya.com and we will address all your questions and support your individual needs

 

Revised March 2023

AvayaTop