Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

GDPR Compliance Statement

GDPR Compliance Statement

Effective Date: 16.05.2025

At AVENYA Technology OÜ, we are fully committed to compliance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — which governs the collection, processing, and protection of personal data in the European Union.

This statement outlines our approach to data protection and how we ensure GDPR compliance across our operations.

1. Data Controller Information

AVENYA Technology OÜ is the Data Controller for the personal data you provide. We operate from Estonia and offer digital services across the European Union.
Contact: [email protected]

2. Lawful Basis for Processing

We only collect and process personal data under the following legal bases:

  • Consent (e.g., newsletter subscriptions)
  • Contractual necessity (e.g., demo requests, support)
  • Legal obligations (e.g., tax or compliance records)
  • Legitimate interests (e.g., security, service improvement)
3. Data Minimization and Purpose Limitation

We only collect data that is necessary for specific, explicit, and legitimate purposes. We do not use personal data for unrelated purposes without prior notice and renewed consent.

4. Data Access and Security

Access to personal data is limited to authorized personnel only. We implement technical and organizational measures to protect against unauthorized access, alteration, and loss of data.

Measures include:

  • Encrypted data transfer (HTTPS/TLS)
  • Secure hosting infrastructure
  • Access control and logging
  • Regular software updates and patching
5. Data Subject Rights

Under the GDPR, individuals have rights regarding their personal data:

  • Access and rectification
  • Erasure (“right to be forgotten”)
  • Restriction and objection to processing
  • Data portability
  • Withdrawal of consent

To exercise these rights, users may contact: [email protected]

6. Third-Party Processors

We only use third-party processors that are GDPR-compliant and bound by strict data processing agreements. A full list is available upon request.

7. Data Breach Policy

In the event of a data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR.

8. International Data Transfers

If any data is transferred outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions are in place.

9. Records and Accountability

We maintain detailed records of data processing activities and regularly review our GDPR posture to ensure ongoing compliance.
For more information, please contact our data protection team at [email protected]