DATA PRIVACY STATEMENT FOR VISITORS
1. GENERAL INFORMATION
This global privacy statement explains how Avanade Inc and/or its affiliates, subsidiaries and acquired companies (“Avanade”) protect the personal data Avanade processes and controls relating to you (“your personal data”), why Avanade processes your personal data, who has access to your personal data and how you can exercise your rights in relation to the processing of your personal data.
Further information about Avanade (and, if relevant, its representative) can be found here. Any Avanade entity located outside the European Union will for the purposes of compliance with data privacy laws be represented by Avanade Inc.
This global privacy statement provides an overview of Avanade’s most common processing activities of your personal data. Please note that certain specific processing activities may be subject to a separate and tailored privacy statement.
In the event any translation of this global privacy statement is prepared, the English version of this global privacy statement shall prevail in case of conflicts between the different language versions.
Which categories of personal data does Avanade process?
Avanade will collect personal data about you to achieve the purposes set out in this global privacy statement. For further information on the specific categories of personal data Avanade is processing, please see section 2. For further information on the sources from which Avanade has obtained your personal data, please see section 3.
If you provide Avanade with any personal data of another person (for instance, a potential employee referral), you are responsible for ensuring that such person is made aware of the information contained in this global privacy statement and that the person has given you his/her consent for sharing the information with Avanade.
Except for certain information that is required by law, your decision to provide any personal data to Avanade is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide Avanade with your personal data. However, please note that if you do not provide certain information, Avanade may not be able to accomplish some or all of the purposes outlined in this global privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
Why does Avanade process your personal data?
Avanade may collect, use, transfer, disclose and otherwise process your personal data in the context of facilitating communication with you (including in case of emergencies), operating and managing Avanade’s business operations, complying with legal requirements, monitoring your use of Avanade’s systems, undertaking data analytics and recruitment. For a more detailed list of the purposes, please see section 4. Avanade will not use your personal data for purposes that are incompatible with the purposes listed in this global privacy statement, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
On which legal basis does Avanade process your personal data?
Avanade processes your personal data as permitted by applicable data privacy laws and its internal policies.
Avanade processes your personal data for the purposes set out in this global privacy statement for one or more of the following reasons: (i) because Avanade is required to do so for compliance with a legal obligation to which it is subject, (ii) because such information is necessary for the performance of a contract to which you are a party, (iii) because the processing is necessary for the purposes of the legitimate interests pursued by Avanade or by a third party (as described in the last sentence of this paragraph), or (iv) where necessary in order to protect the vital interests of any person.
Avanade has legitimate interests in collecting and processing personal data, for example: (1) to ensure that Avanade’s networks and information are secure, (2) to administer and generally conduct business and (3) to prevent fraud.
In addition, Avanade may process your sensitive data and/or make automated decisions concerning you where permitted by applicable law and/or with your prior consent and for the purposes mentioned in this privacy statement.
Please see section 5 for further information on the legal basis on which Avanade bases the processing of your personal data for each processing activity.
Who has access to your personal data?
Access to your personal data within Avanade will be limited to those employees who have a need to know the information for the purposes described in this global privacy statement, which may include personnel in Security, HR, IT, Compliance, Legal, Finance and Accounting, Corporate Investigations and Internal Audit. All employees within Avanade will generally have access to your business contact information (e.g. name, position, telephone number and e-mail address).
Furthermore, your personal data may be transferred to other Avanade offices and third parties, which may involve transferring your personal data to other countries.
As a global organisation with offices and operations throughout the world, your personal data may be transferred or be accessible internationally throughout Avanade’s global business and between Avanade’s entities and/or its affiliates, including Accenture PLC and/or its affiliates. Any transfers of your personal data to other Avanade offices (including transfers from within the European Economic Area (EEA) to outside the EEA) will be governed by Avanade Intra-Group Data Protection Agreement (IGDPA) and the Intra-Group Data Processing and Transfer Agreement (IGDTA). It also means that your rights stay the same no matter where your data are processed by Avanade. A list of the Avanade offices that may process your personal data, and their contact information, can be found here.
Furthermore, where there is a need, Avanade may share your personal data with third parties, such as service providers, public authorities, Accenture PLC and/or its affiliates or third parties in connection with Avanade’s operation of its business, including any (potential) corporate or commercial transaction. Before doing so, Avanade takes steps to protect your personal data. Any third-party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws. For the categories of third parties with which Avanade may share your personal data, please see section 6. Unless you are otherwise notified, any transfers of your personal data from within the EEA to third parties outside the EEA will be based on an adequacy decision or are governed by the EU standard contractual clauses. A copy of these clauses can be obtained from the Avanade Data Privacy Officer at AvanadeDPO@avanade.com. Any other non-EEA originating international transfers of your personal data take place in accordance with this privacy statement the appropriate international data transfer mechanisms and safeguards.
How does Avanade protect your personal data?
Avanade maintains organisational, physical and technical security arrangements for all the personal data it holds. Avanade has protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing Avanade undertakes.Avanade adopts market leading security measures to protect your personal data. These include:
- Avanade’s Information Security Program aligns with the ISO 27001 framework. We also hold an ISO 27001 certification for our Corporate Client Data Protection program and the CMS (Cloud Managed Services) business unit which indicates that we adhere to the highest and strictest information security standards. This certification is an international security standard that is awarded and confirms that Avanade’s processes and security controls provide an effective framework for protecting our clients’ and Avanade’s information.
- We have a global Client Data Protection (“CDP”) program in place which governs the stewardship of client information and systems entrusted to us.
- We have regular penetration testing performed by a third-party provider, which continues to show the strength of our technical defenses.
How long does Avanade retain your personal data?Avanade retains your personal data only for as long as is necessary. Avanade maintains records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
- Avanade retains your personal data as long as it has an ongoing relationship with you.
- Avanade retains your personal data for as long as needed in order to comply with a legal obligation to which it is subject.
- Avanade retains your personal data where this is advisable to safeguard or improve Avanade’s legal position (for instance in relation to statutes of limitations, litigation, or regulatory investigations).
Please keep your personal data at all times up to date and inform Avanade of any material changes to your personal data.
Which rights do you have concerning your personal data?
Please contact Avanade’s Data Privacy Officer at AvanadeDPO@avanade.com if you (i) have any questions or concerns about how Avanade processes your personal data or (ii) want to exercise any of your rights in relation to your personal data.You have the right (in the circumstances and under the conditions, and subject to certain legal exceptions) to:
- Request access to the personal data we process about you: this right entitles you to know whether Avanade holds personal data of you and, if so, obtain information on and a copy of those personal data.
- Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: this right entitles you to request that Avanade no longer processes your personal data.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: this right entitles you to request that Avanade only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to Avanade, or request Avanade to transmit such personal data to another data controller.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting Avanade’s Data Privacy Officer. Please note that this will not affect Avanade’s right to process personal data obtained prior to the withdrawal of your consent, or, right to continue other processing activities which rely on a legal basis other than consent. Please note, that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.
If despite Avanade’s commitment to protecting your personal data, you believe that your data privacy rights have been violated, we encourage and welcome you to come to Avanade first to seek resolution of any complaint by contacting Avanade’s Data Privacy Officer. You also have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Avanade with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
What if you have questions or want further information?
This global privacy statement, and the web pages referred to therein, aims to give you complete and transparent information on how Avanade processes your personal data.If you have any further questions or concerns regarding how Avanade processes your personal data, or if you wish to exercise any of your foregoing rights, please contact the Data Privacy Officer at AvanadeDPO@avanade.com.
2. FURTHER INFORMATION ON CATEGORIES OF PERSONAL DATA
The below table sets out the categories of personal data that Avanade processes or may process in the context of the processing activities described in the global privacy statement.
|Category of personal data||Explanation|
|Personal details.||Name, preferred pronoun, all types of contact details (such as e-mail, phone numbers, physical address), gender, date of birth, age, place of birth.|
||Avanade may also collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status and dietary requirements/allergies in the framework of the events we organise/sponsor). Avanade will only use such sensitive information for the purposes described in section 4.|
|Audio-visual materials.||Photograph, and images/footage captured on CCTV or other video and related security / monitoring systems ((which is either managed by Avanade directly and /or in conjunction with Accenture PLC and/or its affiliates where Avanade shares office resources) (an Avanade affiliate) or other video systems, and voice recordings.|
||Description of current position, job title, employer, location, Avanade contact(s).|
|System and application access data.||Where you are provided with access to Avanade’s systems, Avanade may collect information required to access such Avanade systems and applications such as System ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, access logs, activity logs, and electronic content produced using Avanade systems.|
In addition, for recruitment purposes, Avanade may process the personal data set out in the below table.
|Personal details.||In addition to the personal details listed above, Avanade may collect additional personal details for recruitment purposes, such as national identification number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents, emergency contact information, military history.|
||Avanade may collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag, and (where authorised by law) information on criminal convictions and offences. Avanade collects this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; background checks; religion or church affiliation in countries such as Germany where required for statutory tax deductions; and diversity-related personal data (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.|
|Documentation required under immigration laws.||Avanade may collect data on citizenship, passport data, details of residency or work permit (a physical copy and/or an electronic copy).|
|Talent management information.
||Information necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, e-learning/training programs, performance and development reviews (including information you provide when asking for/providing feedback, creating priorities, updating your input in relevant tools), driver’s license and car ownership information, and information used to populate biographies.|
3. FURTHER INFORMATION ON SOURCES OF PERSONAL DATA
Your personal data have been obtained by Avanade from the sources set out in the below table.
|Source from which Avanade obtains the personal data|
|Employers of the visitors and contractors.|
|Public websites and social media.|
|Suppliers and vendors.|
In addition, for recruitment purposes, Avanade may obtain personal data from the sources set out in the below table.
|Background check providers.|
|Talent management providers.|
The above sources are private sources, unless where the source is expressly stated to be “public”. Note that these sources may have been holding your personal data both inside and outside the EU.
4. FURTHER INFORMATION ON THE PURPOSES
As set out in the global privacy statement, Avanade processes your personal data for multiple purposes. The below table sets out each of the purposes for which Avanade processes your personal data.
|Facilitating communication with you (including in case of emergencies).||Facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others, safeguarding IT infrastructure, office equipment and other property, facilitating communication with you and your nominated contacts in an emergency.|
|Operating and managing Avanade’s business operations (including security).
||Operating and managing the IT and communications systems, IT security operations, security access control to facilities, managing Avanade assets, business continuity and disaster recovery, compilation of audit trails and other reporting tools, maintaining records relating to business activities and organizing Avanade events/seminars.|
|Monitoring your use of Avanade’s assets
||Monitoring activities as permitted by local law and/or in accordance with applicable Avanade policies (including monitoring the use of Avanade resources).|
|Undertaking data analytics.||Applying analytics to business operations and data to describe, predict and improve business performance within Avanade and/or to provide a better user experience. Specifically, areas within analytics include descriptive analytics, predictive analytics, analytics involving individuals (clients, business contacts) use personal data, analytics driven by marketing, single customer view and customer journey and workplace analytics.|
|Recruitment.||Managing job applications, including conducting interviews, undertaking appraisals, assessing performance, financial planning, undertaking payment administration, managing inclusion and diversity programs, performing background checks, planning and monitoring training requirements.|
5. FURTHER INFORMATION ON LEGAL BASIS
Avanade processes your personal data based on the legal bases set out in the below table.
|Facilitating communication with you (including in case of emergencies).||Justified on the basis of Avanade’s legitimate interests for ensuring proper communication and emergency handling within the organisation.|
|Operating and managing Avanade’s business operations (including security).
||Justified on the basis of Avanade’s legitimate interests for ensuring the proper functioning of its business operations.|
|Complying with legal requirements.||Necessary for the compliance with a legal obligation to which Avanade is subject.|
|Monitoring your use of Avanade’s systems.||Justified on the basis of Avanade’s legitimate interests of avoiding non-compliance and protecting its reputation.|
|Undertaking data analytics.||Justified on the basis of Avanade’s legitimate interests of analyzing and improving the proper functioning of its business operations.|
|Recruitment.||Justified on the basis of Avanade’s legitimate interests for ensuring that it recruits the appropriate employees.|
Please note that:
- Where the above table states that Avanade relies on its legitimate interests for a given purpose, Avanade is of the opinion that its legitimate interests are not overridden by your interests, rights or freedoms given (i) the transparency Avanade provides on the processing activity, (ii) Avanade’s privacy by design approach, (iii) Avanade’s regular privacy review and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact AvanadeDPO@avanade.com.
- Where any of the above purposes require the processing of sensitive data, Avanade will only do so where permitted under applicable law, or with your prior consent.
- Where any of the above purposes involve an automated decision, Avanade will only make such automated decision with your prior consent and after having informed you of meaningful information about the logic involved in the automated decision, as well as the significance and the envisaged consequences of such automated decision for you.
- Avanade will process your personal data based on your prior consent to the extent such consent is required by mandatory law.
6. FURTHER INFORMATION ON CATEGORIES OF THIRD PARTY RECIPIENTS
In addition to transferring personal data to its affiliates and relevant internal staff, Avanade may also transfer your personal data to the categories of unaffiliated third parties set out in the below table.
|Category of third party||Explanation|
|Professional advisors.||Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in all of the countries in which Avanade operates.|
|Service providers.||Companies that provide products and services to Avanade such as IT systems suppliers and support, trade bodies and associations, and other service providers.
For recruitment purposes, Avanade may also transfer your personal data to companies that provide products and services to Avanade in relation to performance, training, expense management, and background searches.
|Public and governmental authorities.||Entities that regulate or have jurisdiction over Avanade such as regulatory authorities, law enforcement, public bodies, and judicial bodies.|
|Corporate / commercial transaction.||A third party in connection with any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Avanade business, assets or stock (including in connection with any bankruptcy or similar proceedings). A third party in connection with any proposed or actual client project.|
7. CONTACT US
You can contact Avanade as data controller of your personal data via our Avanade’s Data Privacy Officer (preferably electronically) or via post, clearly marked for the attention of the Data Privacy Officer, at this address: 1191 Second Avenue, Suite 100, Seattle, WA 98101.