Introduction

    AVCT recognizes and supports the privacy rights of all persons, and we respect these rights when we collect and process personal information. AVCT has developed and adopted this Privacy Policy to describe and guide our processing of personal information.

    In addition to the restrictions and obligations of this Policy, we always comply with the letter and spirit of applicable national laws that protect the privacy of personal information.

    The obligations and responsibilities set out in this Privacy Policy are applicable to AVCT and its personnel and will be made available on AVCT’s intranet and external website. The obligations and responsibilities set out in the Privacy Policy are in addition to any other applicable policies or agreements entered into with AVCT and any applicable national and local laws and regulations. We continually monitor privacy, data protection and security laws and regulations as they apply to our operations worldwide. In some cases, a country’s data privacy and security laws may establish requirements which may diverge from our Privacy Policy. If a country’s law conflicts with our Data Privacy Policy, we follow the law.

    Document DP-AVC-1 v1 03-08-2021

    Scope

    EU GDPR Accountabilities

    The Information We Collect or Process

    Third Party Web Sites, Plugins or Widgets

    Cross-Border Personal Information Transfers

    Transfers of Personal Information from the EEA, UK and Switzerland to Other Jurisdictions

    Recipients and Disclosures

    Security and Integrity of Personal Information

    Retention of Data

    Choices and Accommodation

    Data Subject Rights

    Recourse, Complaints and Enforcement

    Revision of Policy

    Recent Revisions

    Effective Date

    Contact

     

    Scope

    This policy is global, applying to all AVCT collection and processing of personal information. It applies to personal information regardless of format. For example, the policy applies to computerized records and electronic information as well as paper-based files.

    The concepts enumerated in this policy guide AVCT’s selection and expectations of its agents and subcontractors and other recipients to whom AVCT transfers and relies on for processing of personal information.

    EU GDPR Accountabilities

    AVCT provides certain services which are subject to the EU General Data Protection Regulation (EU Regulation 2016/679).

    Data Processor

    AVCT’s Kandy service provides the technology platform for hosted cloud information and communications services. These services typically act as a conduit for data transmitted by third parties and subscribers. Personal information processed in the above context is typically controlled by or originated from other companies, such as our customers, subscribers or other business partners. While AVCT does process data in its role of providing a technology platform, it does not own, control or direct the use of any of the personal information stored or processed by the above parties.

    AVCT also provides AVCTCare services to network operators which includes post-sales product technical issue resolution, installation and upgrade services which are described within this policy.

    In the context of the above processing, which is subject to the EU GDPR, AVCT’s accountabilities are those of a data processor as defined under Chapter IV of the regulation. Accordingly, AVCT relies on guidance and direction of the applicable data controller(s), who determine the purposes and generally the means of processing such personal information.

    Data Controller

    In some cases, AVCT may collect and process personal information for our own legitimate business purposes including:

    • Management of business relationships with current or prospective customers, vendors, independent contractors, suppliers, resellers or partners
    • Direct marketing of AVCT products and services
    • Employee recruiting and hiring
    • Provision of training services

    This notice contains information required under GDPR Articles 13 and 14 and details AVCT’s data controller accountabilities with respect to the above processing. AVCT is established in the EU in several Member States which are organized under the following EU entity:

    American Virtual Cloud Technologies Ireland, Limited

    6th Floor, 2 Grand Canal Square

    Dublin 2, D02 A342 Ireland

    The contact for any matters related to data privacy for AVCT can be reached at: avct-legal@avctechnologies.com.

    Compliance with the California Privacy Act

    AVCT collects and uses personal information which is subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. AVCT is committed to complying with the CCPA.

    The Information We Collect or Process

    AVCT processes and in certain situations collects personal information as needed to deliver its products and services and manage its business. When collecting or processing personal information, AVCT does so in a lawful, fair and transparent manner.

    AVCT must have a legal basis to process personal information. In most cases the legal basis for processing will be one of the following:

    • where AVCT is the data processor, the legal basis identified by AVCT’s customers or partners acting in their role as individual data controllers
    • where AVCT is subject to a mandatory legal obligation
    • where AVCT is permitted to carry out the processing under applicable law
    • performance of a contract or when preparing to enter into a contract
    • where AVCT has a legitimate business interest which does not override the interests or fundamental rights and freedoms of individuals

    When AVCT collects or processes personal information, it does so in a proportionate and limited manner pursuant to relevant, appropriate, and customary purposes. AVCT will not share or disclose personal information for purposes other than as described herein.

    The categories of information and the purposes for which Ribbon collects or processes personal information may include the following.

    For Customers & Resellers

    Business Contact and Service Portal Account Information

    AVCT may collect and use personal information about individual business contacts of customers and prospective customers. Such information may include customer account information, account identifiers, first/last name, company name, job title and responsibilities, email address, business mailing address, telephone numbers, as well as additional information received by AVCT in the course of providing products or services. We will use such information for the purposes of establish and maintain business relationship, providing and improving services, authorizing and extending credit, and providing requested or supplemental information regarding AVCT products or services.

    Kandy Services Customer Proprietary Network Information (CPNI) and Traffic Data

    This may include information regarding quantity, destination, technical configuration, location, amount of use and related billing information of telecommunications, interconnected or non-interconnected Voice over Internet Protocol (VoIP) services. This may include but is not limited to the phone numbers that you call or send messages to (or the phone numbers that you receive these calls and messages from) through our Kandy services. The date, time, location and duration of the calls or messaging may also be collected as well as other networking or device identifiers such as IP and SIP addressing sufficient to identify an individual end user. This data is used for service delivery, billing, service level assurance and compliance with applicable regulatory obligations.

    AVCT provides Kandy services that are primarily for the benefit of organizations and subscribers in that the services transmit, route, switch or cache information. These services often merely serve as conduits for data transmitted by third parties and subscribers. AVCT does not determine the purposes and means of processing of this personal information.

    Kandy Messaging, Voicemail, Video, Media and Image Files

    AVCT provides Kandy services that facilitate the upload, recording and storage of audio, video and images by way of services such as voicemail, call recording, transcription, conference and web collaboration recording. Users may elect to store or record personal information including Sensitive Personal Information (SPI) within these resources at their discretion.

    Kandy Anonymized, Non-Identifying Voice and Traffic Data

    AVCT may use anonymized, non-identifying data collected from use of our Kandy service. This anonymized, non-identifying data may be used to enhance voice activation and recognition algorithms. Similarly, AVCT may use anonymized, non-identifying data collected from use of our AVCT Protect products in order to improve traffic analysis algorithms and techniques. This processing is executed under applicable terms and support AVCT’s legitimate interests in tuning, maintaining and enhancing these products and services.

    uReach Customer Proprietary Network Information (CPNI) and Traffic Data

    This may include information regarding quantity, destination, technical configuration, location, amount of use and related billing information of telecommunications, interconnected or non-interconnected Voice over Internet Protocol (VoIP) services. This may include but is not limited to the phone numbers that you call or send messages to (or the phone numbers that you receive these calls and messages from) through our uReach services. The date, time, location and duration of the calls or messaging may also be collected as well as other networking or device identifiers such as IP and SIP addressing sufficient to identify an individual end user. This data is used for service delivery, billing, service level assurance and compliance with applicable regulatory obligations.

    AVCT provides uReach services that are primarily for the benefit of subscribers in that the services transmit, route, switch or cache information. These services often merely serve as conduits for data transmitted by subscribers.

    uReach Messaging, Voicemail, Video, Media, Email and User Files

    AVCT provides uReach services that facilitate the upload, recording and storage of audio, video, images and other user files by way of services such as voicemail, virtual attendant, and transcription. uReach also provides web-based email and cloud-based user storage with some services. Users may elect to store or record personal information including Sensitive Personal Information (SPI) within these resources at their discretion.

    Technical Support and Professional Services Data

    AVCT provides technical support and professional services to network operators which includes post-sales product technical issue resolution, installation and upgrade services. Certain technical issue resolution processing will include sample data required to provide the above services including CPNI and traffic data (see above) as well as other information sufficient to identify an individual.

    Credit Card Information

    AVCT only collects credit card information in order to bill for subscribed services or in support of entering a contract. AVCT utilizes credit card payment processing agents solely for the purpose of authenticating and securely processing payment for the services you receive. We require these agents to take reasonable and appropriate measures to protect this information from loss or misuse.

    AVCT Training Services Data

    AVCT provides product and solutions training services to individuals that may be delivered to students in an online, in-person as well as self-paced training format depending on the offering. AVCT may collect, generate and/or process certain personal data for the purposes of (i) student registration, communication and billing, (ii) delivery of training content, (iii) maintenance of student online training profile/transcript, and (iv) maintenance of service consumption metrics.

    For Vendors, Suppliers and Independent Contractors

    AVCT may collect personal information about individuals who are employed by our suppliers and vendors as well as that of our independent contractors. This information is strictly used to administer existing and future business arrangements as well as to establish appropriate and secure access to AVCT’s network where required. This information may include name and contact information, employer identification information, qualifications, licenses and experience, reference, background checks and due diligence information, services provided, billing, payment, expenses and financial information, insurance and bonding information, electronic communications (email, voicemail) and networking communications data.

    For Marketing Leads and Website Visitors

    AVCT is the data controller of marketing data we collect. We collect marketing data when you visit our websites, when you provide it to us (by phone, in person or by webform), when you register for or attend an event, when you request information regarding AVCT, when we collect it from public databases, partners, social media sites or other third parties.

    Marketing data includes your contact details such as name, physical address, country, email, company name, job title and business telephone number (collectively “Marketing Data”). When you visit a AVCT website, AVCT collects associated website visitor information such as IP address, geographic location, browser type, operating system, screen size and company (collectively “Website Visitor Information”). Website Visitor Information shall not be linked to your Marketing Data unless you provide additional information to us (such as by filling out a form on our website) that connects the information to you. For more information on the above and choices available to website visitors please refer to AVCT's Cookie Policy accessible via the website.

    AVCT uses this data for direct marketing of AVCT products and services. Unless expressly requested by AVCT and consented by you, AVCT will not share or disclose or sell personal information to third parties for the purpose of their own marketing or resale activities.

    Other Collection or Processing

    Additional personal information may be collected, processed and disclosed for the purposes for which it was collected and for legal compliance purposes, including regulatory reporting, investigation of allegations of wrongdoing, and the management and defense of legal claims and actions, and compliance with subpoenas, court orders and other legal obligations.

    Third Party Web Sites, Plugins or Widgets

    AVCT websites and services may include social network or other third party plugins and widgets. Accessing these links is done at your option. Please review the sponsor’s privacy policy provided at the respective site.

    Cross-Border Personal Information Transfers

    Where feasible AVCT utilizes geographically aligned resources for primary data processing in order to reduce complexity and volume of cross-border personal information transfer.

    AVCT shall comply with the applicable laws governing international transfers of personal information and where required shall ensure that such transfers are made to countries where the data protection regime is compatible with that of the originating jurisdiction.

    Transfers of Personal Information from the EEA, UK and Switzerland to Other Jurisdictions

    Transfer Mechanisms

    AVCT employs the following transfer mechanisms for transfers of EEA and Swiss personal information in accordance with transfer restrictions imposed under the EU General Data Protection Regulation (GDPR) or the Swiss Federal Act on Data Protection (FADP).

    • GDPR Article 45 Adequacy decisions issued by the European Commission (EC) including the Privacy Shield Framework; and/or
    • Standard data protection clauses adopted by the EC under GDPR Article 46.

    Similarly, the transfer of personal information pertaining to UK data subjects will only be transferred subject to the equivalent mechanisms as defined in the UK Data Protection Act (2018).

    EU-US and Swiss-US Privacy Shield

    On 16 July 2020, the Court of Justice of the European Union issued a judgment declaring as invalid the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield Framework. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Economic Area to the United States. Also, on 8 September 2020, the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection (FADP).

    Please note that the standard data protection clauses adopted by the EC under GDPR Article 46 remain a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Economic Area, Switzerland and the United Kingdom to the United States. AVCT has implemented the standard data protection clauses.

    In addition to the protections provided under other sections of this Privacy Policy, AVCT will provide the following protections for personal data.

    Choice

    Individuals will be offered a clear, conspicuous, and readily available mechanism to choose (opt out) whether their personal information is (1) to be disclosed to a third party other than a third party acting as an agent to perform tasks on behalf of and under the instruction of AVCT or (2) to be used for a purpose that is materially different than or incompatible with the purpose for which it was originally utilized or subsequently authorized by the individual.

    Additionally, individuals will be offered a similar choice mechanism to give affirmative or explicit (opt in) choice whether their sensitive personal information is to be disclosed to a third party or used for a purpose other than the purposes for which it was originally collected or subsequently authorized by the individual by opt-in choice. However, explicit (opt in) choice is not required when the disclosure of the sensitive personal information is (1) in the vital interests of the individual or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) necessary to carry out the organization’s obligations in the field of employment law, or (5) related to personal information that is manifestly made public by the individual.

    Onward Transfers to Third Party Agents

    AVCT may transfer personal information to third parties acting as controllers. A “controller” is a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal information. Examples of third party controllers may include banks and healthcare providers, or management personnel in other AVCT offices outside of the U.S. When AVCT makes such onward transfers to third party controllers, AVCT will comply with accepted notice and choice principles and enter into a contract with the third party controller that provides that (1) such personal information may be processed only for limited and specified purposes consistent with the consent provided by the individual; (2) the third party controller will provide adequate levels of protections to personal data as required by law; (3) the third party controller will notify AVCT if the third party can no longer meet its obligation to provide required levels of protection for the personal information as required by the applicable law; and (4) upon such notice by the third party controller, the third party controller will cease processing the personal information and/or take reasonable and appropriate steps to remediate any unauthorized processing.

    Verification

    AVCT have verified and will verify annually through self-assessment that the attestations and assertions made about its privacy practices are true and that those privacy practices have been implemented as represented. This verification has been and will be signed by an officer of AVCT or other authorized representative of AVCT Companies at least once a year and is available upon request by individuals or in the context of an investigation or a complaint about non-compliance. The verification includes the following:

    • That the Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible;
    • That the Policy conforms to accepted and adequate levels of protection of data;
    • That individuals are informed of any in-house arrangements for handling complaints and of the independent mechanisms through which they may pursue complaints;
    • That it has in place procedures for training employees in the implementation of this Policy and disciplining them for failure to follow it;
    • That it has in place internal procedures for periodically conducting objective reviews of compliance with the above.

    Recourse Mechanisms Under Privacy Shield

    Inquiries or complaints regarding processing of personal data should be directed to:

    AVCT Counsel

    4880 Lower Roswell Rd., Suite 165-#129

    Marietta, GA 30068 USA

    Email: avct-legal@avctechnologies.com

    If a complaint remains unresolved, it will be resolved through alternative dispute resolution. AVCT has selected JAMS Mediation, Arbitration and ADR Services (JAMS) as the administrator of AVCT’s independent recourse mechanism for data privacy disputes. AVCT has committed to refer such unresolved data privacy complaints to JAMS in the United States. You may find more information about dispute resolution and how to file a claim with JAMS at https://www.jamsadr.com/eu-us-privacy-shield.

    Enforcement

    AVCT is also subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

    Liability

    In the context of an onward transfer of personal information, AVCT has responsibility for the processing of personal information it receives and subsequently transfers to a third party agent. AVCT will remain liable under the GDPR (and possibly other regulations) if their third party agent processes such personal information in a manner inconsistent with as legally required, unless AVCT proves that it is not responsible for the event giving rise to the damage.

    Training

    All employees who handle personal data will receive training regarding the data privacy principles and procedures under Privacy Shield Principles and this Policy.

    Recipients and Disclosures

    Within the AVCT Group

    In general, personal information may be shared within AVCT to fulfill service commitments to our customers and in support of legitimate business interests. These transfers are subject to the transfer mechanism controls described within the above section on Cross-Border Personal Information Transfers.

    AVCT restricts access to personal information to those employees, agents, or contractors who require access in order to carry out their assigned functions.

    A list of AVCT corporate locations is available here. Processing locations will vary by service provided.

    Third Party Suppliers

    AVCT uses vendors and partners for a variety of business purposes to help us fulfill the services we provide. We share information with those vendors and partners when it is beneficial for them to perform work on our behalf.

    AVCT will only transfer or provide direct access to personal information covered by this policy to third parties which have:

    • made a commitment to respect the privacy rights of individuals;
    • limited processing of personal information to comply with customer's and/or data controller instructions; and
    • provided AVCT contractual assurances that they will provide data protection no less stringent than is required by applicable privacy laws

    AVCT employs the following categories of third-party suppliers to deliver the services shown below.

     

    Kandy Services

    Service Region

    Third Party Category

    Locations

    EU

    Colocation Services

    EU, UK

    Cloud Hosting Providers

    EU

    Value Added Voice & Messaging Services

    EU, UK, US, Israel, Canada

    NA

    Colocation Services

    United States, Canada

    Cloud Hosting Providers

    United States, Canada

    Value Added Voice & Messaging Services

    US, Israel, Canada

    APAC

    Colocation Services

    Australia

    Cloud Hosting Providers

    Australia

    Value Added Voice & Messaging Services

    Australia, US, Israel, Canada

    Global

    CRM Technology Providers

    United States

    Global

    Technology Service Partners

    Turkey

     

    Technical Support and Professional Services

    Service Region

    Third Party Category

    Locations

    Global

    Cloud Hosting Providers

    United States

    Global

    CRM Technology Providers

    United States

    Global

    Technology Service Partners

    United States, Turkey, India, Vietnam

     

    uReach.com

    Service Region

    Third Party Category

    Locations

    NA

    Colocation Services

    United States

    CRM Technology Providers

    United States

    Technology Service Partners

    Turkey, India, Vietnam

     

    Marketing

    Service Region

    Third Party Category

    Locations

    Global

    CRM Providers

    United States

    Global

    Web Hosting Providers

    United States

     

    AVCT Training Services

    Service Region

    Third Party Category

    Locations

    Global

    CRM Providers

    United States

    Global

    Hosted Online Training Services Provider

    United States, Canada

    Global

    Payment Gateway Providers

    United States

     

    Third Party Suppliers and EEA, UK and Swiss Personal Information

    Additionally, for personal information pertaining to EEA or Swiss data subjects Ribbon will only transfer or provide direct access to personal information covered by this policy to third parties that:

    • are located in a jurisdiction subject to the EU GDPR or are subject to privacy laws designated to be adequate by the European Commission under GDPR Article 45; or
    • have provided AVCT contractual assurances that transferred personal information will be subject to appropriate safeguards by way of standard data protection clauses adopted by the European Commission under GDPR Article 46. 

    Similarly, the transfer of personal information pertaining to UK data subjects will only be transferred subject to the equivalent mechanisms as defined in the UK Data Protection Act (2018).  

    Other External Disclosures

    AVCT may disclose information that individually identifies our customers, subscribers or identifies their devices in certain circumstances, such as:

    • to comply with valid legal process including subpoenas, court orders or search warrants, to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
    • to prevent unauthorized, unlawful or abusive use of our products and services;
    • to determine credit risk or obtain payment for Ribbon services or products, such as through credit or collection agencies;
    • for other purposes with your consent.

    If AVCT enters into a merger, acquisition or sale of all or a portion of its assets or business, customer information will also be transferred as part of or in connection with the transaction as per local law and/or non-disclosure agreement.

     

    Security and Integrity of Personal Information

    To help protect the confidentiality of personal information, AVCT employs appropriate information security safeguards. These safeguards take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks to individuals posed by any unauthorized disclosure of the information.

    These safeguards include reasonable administrative, technical and physical measures to safeguard the confidentiality, integrity and availability of personal information against anticipated threats and unauthorized access to the personal information.

    AVCT conveys safeguard obligations to our third parties who receive personal information from or on behalf of AVCT in the course of their relationship with our organization as described above in the Recipients and Disclosures section.

     

    AVCT employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.

     

    Retention of Data

    AVCT understands the data minimization and storage limitation principles within the GDPR and other data protection laws which require that data be deleted when its retention is no longer required to satisfy the purposes for which it was collected, generated, or provided to AVCT by a data controller. AVCT complies with all applicable information retention laws and regulations including those associated with electronic communication service provider requirements.

    The following table illustrates some sample maximum retention periods employed by Ribbon.

    Information

    Maximum Retention Period

    Marketing Contact Data

    24 months after last marketing service interaction

    AVCTCare Tech Support Sample Date

    24 months after case closure

     

    Choices and Accommodation

    The data AVCT processes is described in further detail in the “Information We Collect and Use” section above.

    Service Portals

    If you have created a user profile on any AVCT service portal (eg: Kandy, Salesforce), you may access and revise the personal information in your user profile when you log into your account. In general, these portals will only require minimal personal information that is necessary to provide and administer the service.

    Marketing Materials

    If you provide us with your email address or other contact information to enable us to provide current communications and information to you, we may use the information for providing such communications including delivery of press releases and other AVCT marketing materials. You may request to no longer receive AVCT marketing communications by following the "unsubscribe" instructions in emails from AVCT or by sending a request to the Contact identified below.

    In the rare and unlikely event that AVCT wishes to use an individual’s personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals, AVCT will seek consent in advance as required by law.

    Cookie Preferences

    AVCT websites may use cookies to collect certain kinds of personal information about subscribers or users. For more information on how AVCT uses cookies and choices available to website visitors please refer to AVCT’s Cookie Policy accessible via the website.

    Kandy Services

    AVCT recognizes and promotes the right of subscribers to have reasonable opportunities to object to the collection (opt out), use and disclosure of their personal information while still maintaining the minimal data needed to provide the subscribed service. AVCT requires and collects CPNI, Traffic Data and billing information that is essential for providing the subscribed service. Opting out or declining to provide the requested data may hinder the provision of subscribed services. For further information on opting out please reference the instructions in the Contact section below.

    Sensitive Information

    AVCT recognizes that for some sensitive information, affirmative express consent from individuals is required and must be obtained if such information is to be (i) disclosed to a third party or (ii) processed for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. In addition, AVCT shall treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

    Data Subject Rights

    AVCT supports individual's data protection rights as provided for by applicable data protection law.

    Service Portals

    If you have created a user profile on any AVCT service portal (eg: Kandy, Salesforce), you may access, examine, revise, or delete the personal information in your user profile when you log into your account. In general, these portals will only require minimal personal information that is necessary to provide and administer the service. AVCT employs reasonable means to keep its individuals’ personal information accurate, complete, and current.

    EEA, UK and Swiss Data Subject Rights

    Individuals having rights governed by EEA, UK or Swiss data protection law may exercise the following rights as data subjects.

    Right

    Summary

    Notice

    AVCT provides required notice to individuals at points where AVCT collects personal information.

    Consent

    Where consent is required for AVCT to collect personal information, AVCT will request the individual’s consent.

    Transparency

    Access

    Accuracy

    Rectification

    Individuals are provided with credentialized access to much of their own personal information that AVCT collects and maintains through various service portals (please see Service Portals above). This enables individuals to access, review, export, and in many instances enter or certify their personal information.

    Erasure

    (Right to be Forgotten)

    AVCT will review and act upon requests by individuals for the erasure of personal data to the extent required under applicable law. Generally, individuals have the right to have their personal information erased when it is no longer necessary for the purposes for which it was collected or otherwise processed or the legal basis on which the data processing was based (e.g. consent) no longer applies.

    Restriction of Processing

    AVCT will review and act upon requests to restrict processing of personal data of individuals to the extent required under applicable law.

    Objection to Processing

    AVCT will review and act upon requests by individuals to object to the processing of personal data to the extent required under applicable law. Generally, an individual has the right to object to the processing of his or her personal data, and AVCT should no longer process the data where it is unable to demonstrate compelling legitimate grounds for the processing.

    Receipt of information

    (Right to Information)

    Generally individuals have the right to receive information about their personal data which is processed by AVCT. Among others, this right to information includes information on the purposes of the processing, the categories of the processed data, the recipients to whom the personal data has been or will be disclosed and the intended storage period. Upon request AVCT will provide the requesting individual with a copy of his/her personal data processed by AVCT.

    Portability

    Under certain conditions individuals have the right to receive their personal data which they have provided to the company in a structured, commonly used and machine-readable format. Individuals also have the right to transmit such data to another controller if the data processing is based on the consent of the individual and the data is processed by using automated processes. In this regard, individuals should refer to their Access right described above.

    In addition to the rights shown above, individuals have the right under GDPR Article 77 to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

    California Privacy Rights

    California Consumer Privacy Act

    AVCT collects, uses and discloses for business purposes personal information which is subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. Under the CCPA, individuals have a number of privacy rights including the rights of access, deletion, opt out and non-discrimination. Individuals wishing to exercise their rights under the CCPA may do so by clicking this link

    AVCT does not sell or disclose personal information to third parties for its own direct marketing purposes.

    California Shine the Light Law

    California law (Cal. Civ. Code §§ 1798.83) requires businesses to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed personal information within the previous calendar year for the third parties' direct marketing purposes, along with the type of personal information disclosed.

    If you are a California resident and would like to make such a request, email or contact as set forth in the section entitled “Requests” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that AVCT is not required to respond to requests made by means other than through the provided e-mail address or mail address.

    Any California residents under the age of eighteen (18) who are registered users of our online sites, services, or applications, and who have posted content or information on such sites, services, or applications, can request that such information be removed by sending an e-mail to the e-mail address set forth in the section entitled “Requests” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. AVCT will make reasonable good faith efforts to remove the post from prospective public view.

    Requests

    If you are an individual who wishes to exercise the above rights, please click here.

    The ability of an individual to access, update or delete his or her personal information is not unlimited.  An individual's ability to access personal information may be limited, for example, where (a) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual's privacy, (b) the information should not be disclosed or deleted due to legal reasons; or (c) providing access would compromise the privacy of another person.

    Recourse, Complaints and Enforcement

    Individuals who wish to file a complaint or who take issue with AVCT’s policy should direct such communications to AVCT at:

    AVCT Legal Department

    4880 Lower Roswell Rd., Suite 165-#129

    Marietta, GA 30068 USA

    avct-legal@avctechnologies.com

    AVCT undertakes annual compliance review of our policies, procedures with respect to data privacy to ensure that policy is implemented as presented and, in particular, to address any cases of non-compliance. AVCT also considers any impact to our policies and procedures as a result of privacy law changes or trends in recurring complaints from individuals.

    Revision of Policy

    AVCT reserves the right to change this privacy policy at our discretion subject to business or legal requirements. Please check this privacy policy from time to time and particularly before you provide personal information to AVCT. The effective date of the newest version of the privacy policy will be posted below, and in the event that we make material changes to this privacy policy, we will notify affected users by making a more prominent notice of the changes.

    If we change our policy or use of personal information in such a manner that significantly diverges from the original purposes that we collected the information, we will provide notification as required by applicable law. Your rights to object or obtain further information is as provided for in the Data Subject Rights and Recourse, Complaints and Enforcement sections.

    Recent Revisions

    Version

    Date

    Change Summary

    1

    February 2021

    		  

    Contact

    If you have any comments or questions regarding this policy or AVCT’s privacy practices, or if you are an individual with a disability and require access to this policy in an alternative format please contact us at:

    AVCT Privacy

    4880 Lower Roswell Rd., Suite 165-#129

    Marietta, GA 30068 USA

    avct-legal@avctechnologies.com