AVANADE
DATA PRIVACY STATEMENT FOR VISITORS

1. GENERAL INFORMATION

This privacy statement explains how Avanade Inc and/or its affiliates (“Avanade”) protect the personal data Avanade processes and controls relating to you (“your personal data”), why Avanade processes your personal data, who has access to your personal data and how you can exercise your rights in relation to the processing of your personal data.

Further information on Avanade (and, if relevant, its representative) can be found here. Any Avanade entity located outside the European Union will for the purposes of compliance with data privacy laws be represented by Avanade Inc.

This privacy statement provides an overview of Avanade’s most common processing activities of your personal data. Please note that certain specific processing activities may be subject to a separate and tailored privacy statement.

In the event any translation of this privacy statement is prepared, the English version of this privacy statement shall prevail in case of conflicts between the different language versions.

Which categories of personal data does Avanade process?

Avanade will collect personal data about you to achieve the purposes set out in this privacy statement.

For further information on the specific categories of personal data Avanade is processing, please see section 2. For further information on the sources from which Avanade has obtained your personal data, please see section 3.

If you provide Avanade with any personal data of another person (for instance, a potential employee/referral), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with Avanade.

Except for certain information that is required by law, your decision to provide any personal data to Avanade is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide Avanade with your personal data. However, please note that if you do not provide certain information, Avanade may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.

Why does Avanade process your personal data?

Avanade may collect, use, transfer, disclose and otherwise process your personal data in the context of facilitating communication with you (including in case of emergencies), operating and managing Avanade’s business operations, complying with legal requirements, monitoring your use of Avanade’s systems, undertaking data analytics and recruitment. For a more detailed list of the purposes, please see section 4. Avanade will not use your personal data for purposes that are incompatible with the purposes listed in this privacy statement, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.

On which legal basis does Avanade process your personal data?

Avanade processes your personal data as permitted by applicable data privacy laws and its internal policies. Avanade processes your personal data for the purposes set out in this privacy statement for one or more of the following reasons: (i) because Avanade is required to do so for compliance with a legal obligation to which it is subject, (ii) because such information is necessary for the performance of a contract to which you are a party, (iii) because the processing is necessary for the purposes of the legitimate interests pursued by Avanade or by a third party (as described in the last sentence of this paragraph), or (iv) where necessary in order to protect the vital interests of any person. Avanade has legitimate interests in collecting and processing personal data, for example: (1) to ensure that Avanade’s networks and information are secure, (2) to administer and generally conduct business and (3) to prevent fraud.

In addition, Avanade may process your sensitive data and/or make automated decisions concerning you where permitted by applicable law and/or with your prior consent and for the purposes mentioned in this privacy statement.

Please see section 5 for further information on the legal basis on which Avanade bases the processing of your personal data for each processing activity.

Who has access to your personal data?

Access to your personal data within Avanade will be limited to those employees who have a need to know the information for the purposes described in this privacy statement, which may include personnel in Security, HR, IT, Compliance, Legal, Finance and Accounting, Corporate Investigations and Internal Audit. All employees within Avanade will generally have access to your business contact information (e.g. name, position, telephone number and e-mail address).

Furthermore, your personal data may be transferred to other Avanade offices and third parties, which may involve transferring your personal data to other countries.

As a global organisation with offices and operations throughout the world, your personal data may be transferred or be accessible internationally throughout Avanade’s global business and between its entities and affiliates. Any transfers of your personal data to other Avanade offices (including transfers from within the European Economic Area (EEA) to outside the EEA) will be governed by Avanade's Intra-Group Data Protection Agreement (IGDPA). It also means that your rights stay the same no matter where your data are processed by Avanade. A list of the Avanade offices that may process your personal data, and their contact information, can be found here.

Furthermore, where there is a need, Avanade may share your personal data with third parties, such as service providers and public authorities. Before doing so, Avanade takes steps to protect your personal data. Any third party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws. For the categories of third parties with which Avanade may share your personal data, please see section 6. Unless you are otherwise notified, any transfers of your personal data from within the EEA to third parties outside the EEA will be based on an adequacy decision or are governed by the EU standard contractual clauses (a copy of which can be obtained from AvanadeDPO@avanade.com). Any other, non-EEA originating, international transfers of your personal data, will take place in accordance with this privacy statement the appropriate international data transfer mechanisms and safeguards.

How does Avanade protect your personal data?

Avanade maintains organisational, physical and technical security arrangements for all the personal data it holds. Avanade has protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing Avanade undertakes.

Avanade adopts market leading security measures to protect your personal data. This includes (without being limitative):
  • Avanade’s Information Security Program aligns with ISO27001 framework. Avanade also holds an ISO27001 certification for its Client Data Protection program and the CMS (Cloud Managed Services) business unit, which indicates that it adheres to the highest and strictest information security standards. This certification is a security standard awarded by the British Standards Institution that serves as an international certification, confirming that Avanade’s processes and security controls provide an effective framework for protecting information.
  • Avanade has a global Client Data Protection program in place which governs the stewardship of client information and systems entrusted to Avanade.
  • Avanade has regular penetration testing performed by a third party provider, which continues to show the strength of its technical defences.

How long does Avanade retain your personal data?

Avanade retains your personal data only for as long as is necessary. Avanade maintains specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
  • Avanade retains your personal data as long as it has an ongoing relationship with you.
  • Avanade retains your personal data for as long as needed in order to comply with a legal obligation to which it is subject.
  • Avanade retains your personal data where this is advisable to safeguard or improve Avanade’s legal position (for instance in relation to statutes of limitations, litigation, or regulatory investigations).

Please keep your personal data at all times up to date and inform Avanade of any material changes to your personal data.

Your rights concerning your personal data?

Please contact Avanade’s Data Protection Officer at AvanadeDPO@avanade.com if you have any questions or concerns about how Avanade processes your personal data. If you want to exercise any of your rights in relation to your personal data please contact SubjectAccessRequest@Avanade.com.

You have the right (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law to:
  • Request access to the personal data we process about you: this right entitles you to know whether Avanade holds personal data of you and, if so, obtain information on and a copy of those personal data.
  • Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
  • Object to the processing of your personal data: this right entitles you to request that Avanade no longer processes your personal data.
  • Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
  • Request the restriction of the processing of your personal data: this right entitles you to request that Avanade only processes your personal data in limited circumstances, including with your consent.
  • Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to Avanade, or request Avanade to transmit such personal data to another data controller.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting SubjectAccessRequest@Avanade.com.

Please note that this will not affect Avanade’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent. Please note, however, that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.

If, despite Avanade’s commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome you to come to Avanade first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Avanade with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).

What if you have questions or want further information?

This privacy statement, and the web pages referred to therein, aims to give you complete and transparent information on how Avanade processes your personal data.

If you have any further questions or concerns regarding how Avanade processes your personal data, or if you wish to exercise any of your foregoing rights, please contact the Data Protection Officer at AvanadeDPO@avanade.com.

2. FURTHER INFORMATION ON CATEGORIES OF PERSONAL DATA

The below table sets out the categories of personal data that Avanade processes or may process in the context of the processing activities described in the privacy statement.

Category of personal data Explanation
Personal details. Name, preferred pronoun, all types of contact details (such as e-mail, phone numbers, physical address), gender, date of birth, age, place of birth.
Sensitive data.

Avanade may also collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status and dietary requirements/allergies in the framework of the events we organise/sponsor). Avanade will only use such sensitive information for the purposes described in section 4.
Audiovisual materials. Photograph, and images/footage captured on CCTV (which is either managed by Avanade directly and /or in conjunction with Accenture (an Avanade affiliate) or other video systems, and voice recordings.
Position.
Description of current position, job title, employer, location, Avanade contact(s).
System and application access data. Where you are provided with access to Avanade’s systems, Avanade may collect information required to access such Avanade systems and applications such as System ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, access logs, activity logs, and electronic content produced using Avanade systems.

In addition, for recruitment purposes, Avanade may process the personal data set out in the below table.

Personal details. In addition to the personal details listed above, Avanade may collect additional personal details for recruitment purposes, such as national identification number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents, emergency contact information, military history.
Sensitive data.

Avanade may collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag, and (where authorised by law) information on criminal convictions and offences. Avanade collects this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; background checks; religion or church affiliation in countries such as Germany where required for statutory tax deductions; and diversity-related personal data (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.
Documentation required under immigration laws. Avanade may collect data on citizenship, passport data, details of residency or work permit (a physical copy and/or an electronic copy).
Talent management information.
Information necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, e-learning/training programs, performance and development reviews (including information you provide when asking for/providing feedback, creating priorities, updating your input in relevant tools), driver’s license and car ownership information, and information used to populate biographies.

3. FURTHER INFORMATION ON SOURCES OF PERSONAL DATA

Your personal data have been obtained by Avanade from the sources set out in the below table.

Source from which Avanade obtains the personal data
Yourself.
Avanade employees.
Avanade’s affiliates.
Employers of the visitors and contractors./td>
Public authorities.
Public websites and social media.
Suppliers and vendors.

In addition, for recruitment purposes, Avanade may obtain personal data from the sources set out in the below table.

Previous employers.
Educational institutions.
Background check providers.
Talent management providers.

The above sources are private sources, unless where the source is expressly stated to be “public”. Note that these sources may have been holding your personal data both inside and outside the EU.

4. FURTHER INFORMATION ON THE PURPOSES

As set out in the Avanade Privacy Policy, Avanade processes your personal data for multiple purposes. The below table sets out each of the purposes for which Avanade processes your personal data.

Purpose Explanation
Facilitating communication with you (including in case of emergencies). Facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others, safeguarding IT infrastructure, office equipment and other property, facilitating communication with you and your nominated contacts in an emergency.
Operating and managing Avanade’s business operations (including security).

Operating and managing the IT and communications systems, IT security operations, security access control to facilities, managing Avanade assets, business continuity and disaster recovery, compilation of audit trails and other reporting tools, maintaining records relating to business activities and organising Avanade events/seminars.
Complying with legal requirements. Complying with legal requirements, such as mandatory filings, record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures, protecting, enforcing or defending the legal rights, privacy, safety, or property of Avanade, Avanade affiliates or their employees, agents and contractors (including enforcement of relevant agreements and terms of use), protecting the safety, privacy, and security of users of Avanade products or services or members of the public, or protecting against fraud or for risk management purposes.
Monitoring your use of Avanade’s assets
Monitoring activities as permitted by local law and/or in accordance with applicable Avanade policies (including monitoring the use of Avanade resources).
Undertaking data analytics. Applying analytics to business operations and data to describe, predict and improve business performance within Avanade and/or to provide a better user experience. Specifically, areas within analytics include descriptive analytics, predictive analytics, analytics involving individuals (clients, business contacts) use personal data, analytics driven by marketing, single customer view and customer journey.
Recruitment. Managing job applications, including conducting interviews, undertaking appraisals, assessing performance, financial planning, undertaking payment administration, managing inclusion and diversity programs, performing background checks, planning and monitoring training requirements.

5. FURTHER INFORMATION ON LEGAL BASIS

Avanade processes your personal data based on the legal bases set out in the below table.

Purpose Legal Basis
Facilitating communication with you (including in case of emergencies). Justified on the basis of Avanade’s legitimate interests for ensuring proper communication and emergency handling within the organisation.
Operating and managing Avanade’s business operations (including security).

Justified on the basis of Avanade’s legitimate interests for ensuring the proper functioning of its business operations.
Complying with legal requirements. Necessary for the compliance with a legal obligation to which Avanade is subject.
Monitoring your use of Avanade’s systems. Justified on the basis of Avanade’s legitimate interests of avoiding non-compliance and protecting its reputation.
Undertaking data analytics. Justified on the basis of Avanade’s legitimate interests of analyzing and improving the proper functioning of its business operations.
Recruitment. Justified on the basis of Avanade’s legitimate interests for ensuring that it recruits the appropriate employees.

Please note that:
  • Where the above table states that Avanade relies on its legitimate interests for a given purpose, Avanade is of the opinion that its legitimate interests are not overridden by your interests, rights or freedoms given (i) the transparency Avanade provides on the processing activity, (ii) Avanade’s privacy by design approach, (iii) Avanade’s regular privacy review and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact AvanadeDPO@avanade.com.
  • Where any of the above purposes require the processing of sensitive data, Avanade will only do so where permitted under applicable law, or with your prior consent.
  • Where any of the above purposes involve an automated decision, Avanade will only make such automated decision with your prior consent and after having informed you of meaningful information about the logic involved in the automated decision, as well as the significance and the envisaged consequences of such automated decision for you.
  • Avanade will process your personal data based on your prior consent to the extent such consent is required by mandatory law.

6. FURTHER INFORMATION ON CATEGORIES OF THIRD PARTY RECIPIENTS

In addition to transferring personal data to its affiliates and relevant internal staff, Avanade may also transfer your personal data to the categories of unaffiliated third parties set out in the below table.

Category of third party Explanation
Professional advisors. Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in all of the countries in which Avanade operates.
Service providers. Companies that provide products and services to Avanade such as IT systems suppliers and support, trade bodies and associations, and other service providers.
For recruitment purposes, Avanade may also transfer your personal data to companies that provide products and services to Avanade in relation to performance, training, expense management, and background searches.
Public and governmental authorities. Entities that regulate or have jurisdiction over Avanade such as regulatory authorities, law enforcement, public bodies, and judicial bodies.
Corporate / commercial transaction. A third party in connection with any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Avanade business, assets or stock (including in connection with any bankruptcy or similar proceedings). A third party in connection with any proposed or actual client project.

AVANADE COUNTRIES OF INCORPORATION

Further information on Avanade (and, if relevant, its representative) can be found below. Any Avanade entity located outside the European Union will be represented by Avanade Inc.

Country of
Incorporation
Legal Name Address
Australia Avanade Australia Pty Ltd 48 Pirrama Road, Pyrmont, NSW, 2009
Austria Avanade Österreich GmbH 4030 Linz, Dauphinestraße 5, Austria
Belgium Avanade Belgium SPRL Medialaan 38
B-1800 Vilvoorde
Brazil Avanade do Brasil Ltda. Rua Bonnard, 980, Bloco 10, Andar 6.
Alphaville -- CEP 06.465-134
City of Barueri, Sao Paulo, Brazil
Canada Avanade Canada Inc. 200 Wellington St. W., 10th Fl.
Toronto, ON
M5V 3C7
Canada Infusion Development Inc.
(Canada)
c/o Avanade Canada
200 Wellington St. W., 10th Fl.
Toronto, ON, M5V 3C7
China Avanade (Guangzhou)
Computer Technology
Development Co, Ltd
Room 3114, 31st Floor,
NO.898 Xinyuan Building,
Tianhe Bei Road,
Guangzhou 510898
Denmark Avanade Denmark A/S Arne Jacobsens Allé 15
DK-2300 København S
Denmark
Finland Avanade Finland Oy
Porkkalankatu 5
00180 Helsinki
Finland
France Avanade France SAS Immeuble Le Prisme
125, Avenue de Paris, 92320 Chatillon, France
Germany Avanade Deutschland GmbH Campus Kronberg 7
D-61476 Kronberg im Taunus
Germany
Hong Kong Avanade Hong Kong Limited Suites 4103-10,
41/F One Island East, Taikoo Place,
18 Westlands Road, Quarry Bay,
Hong Kong
Ireland Avanade Ireland Limited 3 Grand Canal Plaza, Grand Canal Street
Upper, Dublin 4
Italy Avanade Italy Srl Via Roberto Lepetit 8/10,
20124 Milano, Italy
Japan Avanade Japan K.K. MFPR Roppongi Azabudai Building,
1-8-7, Roppongi, Minato-ku,
Tokyo 107-8672, Japan
Malaysia Avanade Malaysia Sdn. Bhd. Suite 22.01, Level 22, The Gardens North
Tower, Mid Valley City, Lingkaran Syed Putra,
59200 Kuala Lumpur, Malaysia
Netherlands Avanade Netherlands B.V. Orteliuslaan 1000
3528 BD Utrecht
Norway Avanade Norway AS Rolfsbuktveien 2, 1364 Fornebu, Norway
Poland Avanade Poland sp. zo. o. ul. Lubicz 23 A, 31-503 Kraków
Singapore Avanade Asia Pte Ltd 250 North Bridge Road
#33-00 Raffles City Tower
Singapore 179101
Spain Avanade Spain, S.L. Paseo de Gracia, 11-Esc. C.
Planta 3a
08007 Barcelona
Spain
Sweden Avanade Sweden AB Alstromergatan 12
Box 12502
SE-102 29 Stockholm
Switzerland Avanade Schweiz GmbH Flurstrasse 50, 8048 Zurich, Switzerland
United Kingdom Avanade Europe Holdings Limited 30 Cannon Street, London, EC4M 6XH
United Kingdom Avanade Europe Services Ltd 30 Cannon Street, London, EC4M 6XH
United Kingdom Avanade UK Limited 30 Cannon Street, London, EC4M 6XH
United Kingdom Infusion Development UK Limited c/o Avanade UK: 30 Cannon Street, London,
EC4M 6XH
United States Avanade Holdings LLC Corporation Trust Center, 1209 Orange Street,
City of Wilmington, County of Newcastle, DE
19801
United States Avanade International Corp Corporation Trust Center, 1209 Orange Street,
City of Wilmington, County of Newcastle, DE
19801
United States Avanade Inc. (US) 818 Stewart Street, Suite 400
Seattle, WA 98101
United States InfusionDev LLC (US) c/ Avanade Inc. 818 Stewart Street, Suite 400
Seattle, WA 98101

Next steps

Talk to us about how we can bring the power of digital innovation to your business.

CLOSE
Modal window
Contract
Share this page