LGPD and Avaya
Explore LGPD
What is LGPD
The General Data Protection Law (LGPD) is a federal law on privacy and data protection in Brazil, providing a robust and coherent legal framework for the protection of personal data, defined as any information relating to an identified or identifiable natural person. Enacted in 2018, the LGPD came into force in 2020 and had its origin strongly influenced by the General Data Protection Regulation (GDPR), seeking to bring greater control to individuals about the use of their personal data.
How LGPD Applies to Avaya
LGPD applies to all companies that carry out activities involving the processing of personal data in Brazil, or when the purposes of its personal data processing activity correspond in the offer or supply of goods and services to individuals located in Brazil. Thus, LGPD applies to Avaya’s legal entity located in Brazil, as well as to Avaya worldwide affiliates/subsidiaries when they fit the application scenario previously described, regardless of where Avaya affiliates/subsidiaries are located.
Avaya’s Stance Regarding LGPD
By providing many services to its customers (data controllers) Avaya processes personal data on their behalf, acting as a data processor. Therefore, privacy, security, and integrity are priorities for Avaya and our relationships with our customers. We are committed to building on our experience to assist our customers in meeting their legal obligations under LGPD, where applicable, through leading edge technology solutions that enhance privacy, as well as cloud solutions that deliver both security and privacy.
If Avaya acts for its own purposes as a data controller in the processing of personal data, it will comply with all necessary requirements stipulated by LGPD, ensuring due transparency to the data subjects involved and enabling them to exercise their respective rights.
How Avaya Helps Customers be Compliant with LGPD
Avaya has worked in several areas to enable customers to be LGPD-compliant when relying on Avaya solutions:
Contractual Commitment to Privacy—Data Processing Addendum
Many of the services Avaya offers to its customers include certain “processing on behalf.” To facilitate LGPD compliance for customers, Avaya has incorporated a Data Processing Addendum (DPA) into its agreements, where appropriate. The DPA was drafted considering the best practices of privacy and data protection regulation, specially to meet the obligations on LGPD, as well as for the benefit of Avaya customers, to help them to comply with LGPD.
Security of Processing
Data security is a top priority for Avaya, just as it is for Avaya customers. Avaya has highly-skilled professionals to help ensure processing of information and personal data under its custody and responsibility is protected, whether related to Avaya remote maintenance solutions, our cloud offerings or to any other solutions where Avaya processes data.
Privacy by Design and by Default
Avaya’s portfolio of on premises and cloud-based solutions have embedded technology features that enable its customers to meet privacy by design and default requirements. Furthermore, Avaya is here to advise on the individual settings of respective system and to work with your team to make sure you can use our solutions in the most privacy-enhancing ways.
Assistance in Fulfilment Data Subject’s Rights
Most of the services Avaya offers to customers will be treated as “processing on behalf.” When Avaya acts as a data processor on behalf of customers (i.e., data controllers) it will assist them by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of customers’ obligation to respond to legitimate data subjects’ requests under the LGPD. In addition, to the extent the customer, in its use of the services and/or products and/or other technology solutions provided by Avaya, does not have the ability to address the data subject’s request, Avaya will (upon a customer’s written request) assist the customer in responding to such a request, to the extent Avaya is legally permitted to do so and the response to such data subject’s request is required under LGPD. If Avaya receives a request from a data subject directly, it will promptly notify the customer so the company can take appropriate action.
Further Information
If you have questions about Avaya and LGPD or need support for your personal data handling activities, contact your local Avaya representative or reach out to Avaya’s Global Privacy Office.