GDPR is here, and Avaza is ready to help.

GDPR Ready Image

A new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. Avaza is here to help our customers in their efforts to comply with the GDPR through our robust privacy and security protections.

GDPR Ready Image

GDPR is a new EU data protection law which applies to businesses that store or process personal data.

GDPR updates the existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU.

Avaza is considered both a processor, and a controller, for data. Businesses that use Avaza are considered data controllers.

Expanded rights for EU individuals:
The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.

Compliance obligations:
The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.

Data breach notification and security:
The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.

Additional information about the GDPR is available on the official GDPR website of the EU.

What has Avaza done to become GDPR compliant?

At Avaza, we take data security and user privacy very seriously. Here’s what we’ve done to become GDPR compliant:

GDPR gives individual data subjects the right to access, delete and make corrections to their data.

Avaza account owners (i.e. data controllers) can access and manage their team members’ data in Avaza as needed. They can directly access, update, and delete data from Avaza, or contact support@avaza.com for assistance. They can also export their employee and external contact information from Avaza.

Avaza’s Privacy Policy describes the data we collect, how we use it, and who it is disclosed to.

Under GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (i.e. data processors).

Avaza’s EU customers who are data controllers can enter into a data processing agreement (DPA) with Avaza. This agreement details our privacy commitments as well as establishes the terms for Avaza and our customers to meet GDPR requirements. This is available for customers to sign upon request.

We’ve contacted all our vendors regarding their GDPR compliance. As a part of our data audit, we have documented the data shared with vendors, and reviewed their policies for processing data requests and deletion.

All Avaza users can opt-out of Avaza marketing emails via their User Profile. This permission is obtained when a user signs up for an account, and can be revoked at any time.

Frequently Asked Questions

If you are an Admin for the Avaza account you are using, you can request deletion of your (or your users’) data.

To request deletion of your personal data stored in Avaza, please do the following:

  1. Log into Avaza, and contact chat support with your request. You can also email support@avaza.com from the email address you use to log into Avaza.
  2. Once we have verified your Admin status and account, we will delete all personal or account data (as requested) and inform our third-party vendors to do the same.

If you have been invited to use Avaza, and are not an Admin on your Avaza account, you will need to contact the Account Admin (i.e. data controller) to delete your personal data.

Avaza only collects and stores data entered by users. In some cases, this may be your employer or a vendor you work with. In such cases, we are happy to provide you with the personal data Avaza has stored under your name, but we are unable to delete it unless requested by the account owner (see above) as the data may be necessary for business operations.

Avaza counts as both Processor and Controller, and the businesses that use Avaza are considered Data Controllers as well.

To request a copy of your personal data stored in Avaza, please do the following:

  1. Log into Avaza, and contact chat support with your request. You can also email support@avaza.com from the email address you use to log into Avaza.
  2. Once we have verified you as an Avaza user, we will send you a copy of your personal data stored in Avaza.