Data Processing Addendum (Global)

The Avaya Data Processing Addendum (Global) is designed to fulfil the substantive legal requirements of predominant privacy laws around the globe and gives necessary contractual rights to Avaya customers to be in control of the personal data entrusted to Avaya for processing.

The recent enactment of privacy laws all around the globe signals a new era on companies’ obligations in handling and protecting personal data. Through its leading-edge privacy enhancing technology solutions and its security / privacy focused features Avaya is strongly committed to continue to support your business and help you to comply with privacy laws.

What is Covered under the Avaya Global DPA?

How to Execute the Avaya Global DPA?

Further Information Relevant to the Execution of the DPA

What is Covered under the Avaya Global DPA?

As per requirements of multiple privacy laws all around the world, the processing activities conducted by a data processor shall be governed by a written contract between such data processor and the data controller. Many of the services Avaya offers to its customers will include certain “processing on behalf”. In order to facilitate privacy compliance for its customers, Avaya has prepared a global Data Processing Addendum (“DPA”), which has been benchmarked against numerous compliance obligations mandated by privacy laws around the world. It not only fulfils the major legal requirements under respective privacy regulations, but also has been drafted for the benefit of Avaya customers. Avaya offers the global DPA to all customers.

The DPA assures that, with regard to the personal data Avaya processes on behalf of its customers, Avaya shall:

• act on written instructions of its customers;
• ensure that Avaya staff, that has access to personal data, is bound by appropriate confidentiality obligations;
• assist customers where data subjects enforce legitimate rights under respective privacy laws;
• apply appropriate security measures while processing personal data on behalf of customers;
• notify data breaches without undue delay to customers and, if required under applicable privacy laws, data protection authorities;
• assist customers in the event there is a need to carry out a data protection impact assessment / prior consultation with data protection authority;
• delete or return personal data upon the termination of services;
• make available all information necessary to demonstrate compliance with its contractual obligations under the DPA; and
• allow for and contribute to audits and inspections.

Top

How to Execute the Avaya DPA?

Click on the respective hyperlink (DPA in English available here; DPA in German available here; DPA in Italian available here; DPA in Spanish available here; DPA in French available here), which will take you to our e-signature provider DocuSign and the DPA. The document has been pre-signed by Avaya Deutschland GmbH on behalf of its respective affiliates / subsidiaries worldwide. Once you have countersigned the DPA in accordance with the instructions, you will automatically receive a copy of the fully executed document for your records.

Top

Further Information Relevant to the Execution of the DPA

Within the execution of the DPA via DocuSign, you will be asked to provide your name and email address for the sole purpose of verifying you as representative of a countersigning party. Besides Avaya, the recipient of such personal data (including information identifying your connection data, such as IP address etc.) will be DocuSign Inc., having offices at 221 Main St., Suite 1000, San Francisco, CA 94105, and its sub-processors. The verification of the countersigning party will be stored as long as the DPA remains in force and / or to comply with statutory retention periods. Please also refer to our Website Privacy Statement and DocuSign Privacy Policy for more information.

If you have any questions regarding the above instructions and / or provisions of the DPA, you may contact Avaya Global Privacy Office at dataprivacy@avaya.com.

Revised: January 2020.