Data Processing Activities

Nature and purpose of personal data processing

In the course of providing products and services (“services”) to its customers, Verizon and its affiliates (“Verizon”), as well as its vendors and partners may need to process personal data as defined in the EU General Data Protection Regulation (GDPR).  Article 28 requires Processors to provide detailed information to Controllers as to how their data will be processed. Article 30 also requires the Controller (with the assistance of its processors) to demonstrate how it will comply with the GDPR. The following information explains Verizon’s status under GDPR and provides customers with further information regarding Verizon’s key services and the nature of processing where the GDPR is applicable.

When Verizon is a controller.

Verizon processes personal data for administrative purposes in order to manage the relationship with its customers. This will include activities such as billing, installation, maintenance and customer service. In such circumstances Verizon is the Controller because it ‘determines the purpose and manner in which the data will be used’. Personal data processed for these administrative purposes will be retained in accordance with applicable law(s) and/or Verizon records retention policies unless otherwise stated in the customer agreement. For further information regarding the use of this data please contact emeadataprotection@intl.verizon.com.

In addition, in a limited set of circumstances Verizon may be considered a Controller in the course of providing services to customers. This will occur when Verizon is providing services where Verizon determines how the data should be processed in order to provide the service. 

Example: Verizon provides professional services to a customer in Belgium. This may include services such as managed security and on-premise security solutions. In such circumstances, it will be necessary for Verizon to process Customer Data. In doing so Verizon will determine how the data should be processed in order to provide the service requested.

When Verizon is a processor.

If GDPR applies, in most cases, when providing services to customers, Verizon will be a Processor. This means that Verizon will act on the instructions of the customer with regards to the personal data. 

Example: Verizon provides managed hosting services to its customer in Italy. The customer collects personal data about its end users and employees which Verizon stores on its behalf. In the course of providing such services Verizon may access this data and is a Processor on behalf of the customer.

Where GDPR does not apply.

There will be circumstances where GDPR does not apply. This can be because the data used to provide the service is not included in the definition of personal data under Article 4 of GDPR, or because the nature of the services Verizon is providing is not considered Processing under Article 4 GDPR.

Example: An EU based customer purchases network services from Verizon. Verizon does not have logical access to any customer data in connection with the services. Verizon is not considered a Processor as it is a ‘mere conduit’ of the data (Article 2(4) GDPR and Article 12 Directive 2000/13/EC).

Example: An EU based customer purchases pure co-location services from Verizon in Amsterdam. The customer’s servers reside in Verizon’s data centre but Verizon provides only space, power, cooling, and physical security for the server. This is not considered processing under GDPR.

Where Verizon is a Processor, customers should understand what Verizon is doing with their personal data.

What are the categories of personal data?

Verizon will process a limited amount of personal data when providing services to customers. This will include:

  • contacts of customers
  • customer’s employees
  • customer contractors

The nature of personal data.

The type of data processed by Verizon Enterprise Solutions will depend on the nature of the business. However, when processing data on behalf of its customers Verizon is likely to process: IP traffic; names; business email addresses; business telephone numbers.

Verizon Connect will process additional types of personal data when providing services. This may include the following data elements that are necessary to provide telematics service: End user email address; IP address and geo-location data.

In addition, at a customer’s request Verizon Connect can collect other information including driver licence expiration details. Any additional information would be at the direction of the customer and will be specifically agreed in the contract.

International transfers

Verizon processes data outside the EEA. Verizon has Binding Corporate Rules (BCRs) approved as both a Controller and Processor. As a result, Verizon Enterprise Solutions and Verizon Connect may transfer personal data outside of the EEA consistent with Article 47 GDPR. Further information regarding Verizon’s BCRs can be found at the International Privacy Centre.

Data retention

Where a specific data retention period is not defined in the [tables below] for a service, the retention period may be agreed as part of the contractual negotiations on an individual customer basis and detailed in that contract.

Privacy contact details

For queries regarding data processing activities please e-mail or contact us in writing at the following address:

Jannine Aston
International Data Privacy Office
Verizon Legal Department
RIBP Floor 1 Spur D Basingstoke Road
Reading, Berkshire
United Kingdom RG26DA

Please note that Verizon Enterprise Solutions is not required to appoint a Data Protection Officer (DPO) for the purposes of Article 37 GDPR due to the nature of the services that it provides. However, Verizon Connect has appointed a DPO and she can be contacted as described above.

Security

Please refer to the Verizon Internal Systems Information Security Exhibit for a description of the technical and organisational security measures that Verizon implements to comply with its obligations under Article 32(1). 

Where additional security measures are necessary for particular services, these will be detailed in the customer’s contractual documentation.

Description of processing of personal data by Verizon for services as Processor for Customer – Article 28 GDPR

Please note that if you cannot find your Verizon service listed below you should contact your account team who can provide you with additional information where applicable. For information about the processing details for Verizon Connect services please click here.

  • Product Name
  • Brief Product Description
  • Nature and purpose of the processing
  • Type of personal data
  • Categories of data subjects
  • Sub-contractors
  • Retention of data

For further information regarding how Verizon will protect your data please see the Verizon International Privacy Policy

Product Name Description

Audio Conferencing

Verizon Audio Conferencing offers a choice of audio conferencing services.

Colocation Services

Verizon Colocation provides a secure, dedicated environment where customers can collocate their servers, storage, or network equipment.

Cyber Risk Programs

Using the Verizon Data Breach Investigations Report (DBIR) as its foundation, Cyber Risk Programs consist of recurring activities designed to measure the effectiveness of cyber risk controls and identify potential weaknesses.

DNS Safeguard

DNS Safeguard is a cloud-based security platform that blocks inappropriate and malicious sites and content before an IP connection is established.

DOS Defense - Detection

DOS Defense Detection is a managed network-based traffic analysis service that provides anomaly detection and proactive alerts when Customer’s traffic deviates from normal traffic patterns.

Full Management (Premium) Wireless LAN

Managed Wireless LAN, which is part of Verizon’s Managed Network Services portfolio, offers management of Wireless LAN Controllers and Wi-Fi Access Points.

Hosted Interactive Voice Response-Enhanced Call Routing

ECR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the callers experience and the utilization of customer agents (this product is end-of-life and no longer sold to new customers).

Hosted IP Centrex

A hosted VOIP product.

Intelligent Contact Routing Gateway & Integration

ICR Gateway allows a customer's Intelligent Contact Router (ICR) to direct Verizon's toll free network where to send call, based on agent availability. ICR Integration allows a customer's ICR to control the Verizon network IVR and direct the call, once the IVR is done, to a site based on agent availability.

Interactive Voice Response - Core

IP IVR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the calling experience and the utilization of customer agents.

IP Contact Center (IPCC)

Allows US multi-national customers and Global Enterprise customers to have an IP based “in-region” Interactive Voice Response (IVR) solution.

IP Interactive Voice Response (IVR)

IP IVR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the calling experience and the utilization of customer agents.

Managed Security Services - Cloud / Premises / Analytics

Managed Security Services are provided via a common service platform on which a suite of security services are deployed to geographically diverse locations supporting an array of security devices, applications and systems. The security devices are located on the customer’s premises or in a cloud environment and are connected securely via a Connection Kit to a Hosted Local Event Collector in the Security Management Center.

Managed SIEM (Security Incident and Event Management)

Security Incident and Event Management systems (SIEM) are deployed at customer premises to detect cyber threats. Detection takes log data from IT systems and applies a set of detection rules to it. In the Managed SIEM service, Verizon manages the SIEM system and the detection rules and collects and investigates alerts coming from the rules.

Managed UCC

Premises-based unified communications solution available to customers with single or multiple site requirements who seek ongoing support with fault management, configuration management, asset management, and performance reporting. By extending Managed Network Services (MNS) capabilities beyond the WAN and LAN router to Unified Communications servers and applications, this comprehensive management solution enables customers to leverage Verizon's technical expertise in design, planning, implementation, and network management.

Managed WAN

Managed WAN is a service offered by Verizon to manage customer routers as part of an overall WAN network, using Verizon (or third party) private and public networks. The service includes management and monitoring of the WAN router, as well as the transport circuits connected to it.

Managed WAN Optimization

Managed WAN Optimization Service is a network management offering where Verizon installs, configures, monitors, and manages WAN optimization devices.

Managed Wireless LAN

Managed Wireless LAN is part of Verizon Managed Network Services portfolio and is offered in the US, Canada, EMEA, APAC, and LATAM. Managed Wireless LAN offers management of Wireless LAN Controllers and Wi-Fi Access Points.

Network Application Performance Management

Network Application Performance Management provides an application monitoring service to Enterprise customers to monitor physical servers, dedicated/virtual operating systems, application workloads, and synthetic test generation.

Network Threat Monitoring/Advanced Analytics

Monitoring service based on data from Verizon’s backbone network. Near-real time fully automated watch list matching process based on unique Verizon threat intelligence.

Outbound International - Dedicated

Direct Voice service provides an ISDN30 or PRI service which connects the customer PBX through a 2mbps or E1 access circuit carrying 30 telephony channels. The product supports inbound and outbound calling to fixed, mobile, national, international and non geographic telephone numbers. Emergency calling is supported. New telephone numbers or number portability can be provided.

Outbound International - Switched

Indirect Voice service provides outbound calling using the PTT's access circuits (PSTN or ISDN lines). The product supports outbound calling only to fixed, mobile, national, international and some non geographic telephone numbers. The PTT will contract separately for the access lines. In the UK, Verizon provides UK Line Rental service, i.e. the PSTN/ISDN line, though over the BT Openreach network.

SD WAN (Managed Software Defined WAN) - Viptela

SD WAN is a fully managed service provided by Verizon, allowing customers to efficiently utilize multiple networks to route critical and non-critical traffic across those multiple networks. Verizon manages the devices and the networks, as well as the customer-defined SD WAN policies that control how traffic is routed over the multiple network paths. Viptela is one vendor that Verizon uses to provide SD WAN services to customers.

Secure Gateway Services

Secure Gateway allows customers to connect Internet-based sites to their Private IP network, through a Secure Gateway Universal Port that is hosted by Verizon in the network. The Universal Port is connected to the customer's PIP network to allow incoming connections from Internet-based sites via IPSec encryption.

Software Defined Perimeter

Verizon Software Defined Perimeter (SDP) is an SDN-based service offering that enables customers to quickly establish secure software-based network perimeters around services, networks, devices, applications and other assets.

SSLOnDemand

SSLOnDemand is a system for producing and managing digital certificate and publishing certificate status for validation of certificates. Certificates are used to identify servers/computers on the network/internet and to protect communication to/from the server.

ThingSpace Alpha Build / Data Management

New portal for specific IOT OEM partners for purposes of enabling developers to test and prototype with ThingSpace platform. The portal contains the following features: ThingSpace SDK download for IOT chipsets; Downloadable security certificates to load onto IOT devices to connect to ThingSpace platform; Data manager for visualizing IOT data sent to ThingSpace platform; APIs for event based alerting related to IOT device activity.

ThingSpace Develop

ThingSpace Develop is a developer portal focused on APIs, Dev Kits and developer tools. This fosters innovation to build new apps. The portal is located at thingspace.verizon.com.

UCCaaS

Unified Communication and Collaboration as a Service (UCCaaS) is a hosted and managed service based on Cisco's Hosted Collaboration Solution. UCCaaS delivers business-grade communications and collaboration services from the Cloud, offering the flexibility of a premises-based solution with the simplicity of a hosted solution. UCCaaS provides the following UC&C services: Call control (audio, video); Integrated/unified voicemail; Presence and Instant Messaging; Enterprise mobility; and Audio conferencing and net conferencing.

Unified Customer Experience (CX)

Unified Customer Experience (Unified CX) provides a cloud based contact center platform that enables companies to respond to customers via voice, email, chat, SMS, web and mobile as well as provide voice self service capabilities. It utilizes the Cisco Hosted Collaboration Solution for Contact Center (HCS-CC) architecture which includes the Unified Communications Manager (UCM), Unity Connection, Unified Contact Center Enterprise (UCCE), Cisco Customer Voice Portal (CVP) and Cisco Finesse for Agent and Supervisor Desktop. Email, Chat and SMS can be added as additional channels and an enhanced Agent and Supervisor Desktop is available that provides information on a single screen to enable a better agent experience. Access to previous customer interactions provide context to customer conversations improving the customer experience. Additional functionality that helps improve the overall experience includes Quality Management to provide coaching for agent improvement as well as Workforce Management to ensure the right staffing is on hand based on forecasted interaction volume. Speech and Desktop analytics are also available as an option to provide the voice of the Customer and more targeted Quality Monitoring.

Universal Identity Service (UIS)

This application provides authentication and access control services for NIST L1-4 and sophisticated adaptive authentication and helps individuals manage their electronic identity, simplifying what they have to remember, minimizing the information they need disclose and maximizing the security of on-line transactions they participate in.

Virtual Communications Express (VCE)

VCE is an existing U.S. product that Verizon is extending to the EU. VCE is a cloud PBX/UC service that Verizon provides in partnership with Broadsoft. In lieu of a premises-based PBX, customers utilize VCE for call routing, basic PBX features and UC services such as IM & Presence, Audio/Video Conferencing and Desktop Sharing.

Virtual Contact Center

Virtual Contact Center is a cloud based contact center solution that supports multiple channels (voice, email, chat, SMS) for both inbound and outbound communication. It also provides Workforce Management, Quality Management, Surveys and other Contact Center management tools.

Voice Call Back

Voice Call Back offers callers a call back rather than waiting on hold.

VoIP Inbound

VoIP Inbound offers legacy and CP IPCC customers the opportunity to purchase inbound numbers (US toll free 800 numbers, US local numbers (ViLO), ITFS and/or UIFN numbers) to allow calls from around the globe to reach their contact center or agent or to terminate into the IVR.

WIFI for Business - Managed

Wi-Fi for Business is part of the Verizon Managed Network Services portfolio and is offered in US, Canada, EMEA and APAC. The service offers the management of Cisco Meraki security appliances, LAN switches and Wi-Fi access points.

Product Name

Audio Conferencing

Description

Verizon Audio Conferencing offers a choice of audio conferencing services.

Product Name

Colocation Services

Description

Verizon Colocation provides a secure, dedicated environment where customers can collocate their servers, storage, or network equipment.

Product Name

Cyber Risk Programs

Description

Using the Verizon Data Breach Investigations Report (DBIR) as its foundation, Cyber Risk Programs consist of recurring activities designed to measure the effectiveness of cyber risk controls and identify potential weaknesses.

Product Name

DNS Safeguard

Description

DNS Safeguard is a cloud-based security platform that blocks inappropriate and malicious sites and content before an IP connection is established.

Product Name

DOS Defense - Detection

Description

DOS Defense Detection is a managed network-based traffic analysis service that provides anomaly detection and proactive alerts when Customer’s traffic deviates from normal traffic patterns.

Product Name

Full Management (Premium) Wireless LAN

Description

Managed Wireless LAN, which is part of Verizon’s Managed Network Services portfolio, offers management of Wireless LAN Controllers and Wi-Fi Access Points.

Product Name

Hosted Interactive Voice Response-Enhanced Call Routing

Description

ECR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the callers experience and the utilization of customer agents (this product is end-of-life and no longer sold to new customers).

Product Name

Hosted IP Centrex

Description

A hosted VOIP product.

Product Name

Intelligent Contact Routing Gateway & Integration

Description

ICR Gateway allows a customer's Intelligent Contact Router (ICR) to direct Verizon's toll free network where to send call, based on agent availability. ICR Integration allows a customer's ICR to control the Verizon network IVR and direct the call, once the IVR is done, to a site based on agent availability.

Product Name

Interactive Voice Response - Core

Description

IP IVR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the calling experience and the utilization of customer agents.

Product Name

IP Contact Center (IPCC)

Description

Allows US multi-national customers and Global Enterprise customers to have an IP based “in-region” Interactive Voice Response (IVR) solution.

Product Name

IP Interactive Voice Response (IVR)

Description

IP IVR provides customized interactive voice messaging and routing for callers of IPCC ITFS, UIFN, Freephone and PSTN numbers which optimizes the calling experience and the utilization of customer agents.

Product Name

Managed Security Services - Cloud / Premises / Analytics

Description

Managed Security Services are provided via a common service platform on which a suite of security services are deployed to geographically diverse locations supporting an array of security devices, applications and systems. The security devices are located on the customer’s premises or in a cloud environment and are connected securely via a Connection Kit to a Hosted Local Event Collector in the Security Management Center.

Product Name

Managed SIEM (Security Incident and Event Management)

Description

Security Incident and Event Management systems (SIEM) are deployed at customer premises to detect cyber threats. Detection takes log data from IT systems and applies a set of detection rules to it. In the Managed SIEM service, Verizon manages the SIEM system and the detection rules and collects and investigates alerts coming from the rules.

Product Name

Managed UCC

Description

Premises-based unified communications solution available to customers with single or multiple site requirements who seek ongoing support with fault management, configuration management, asset management, and performance reporting. By extending Managed Network Services (MNS) capabilities beyond the WAN and LAN router to Unified Communications servers and applications, this comprehensive management solution enables customers to leverage Verizon's technical expertise in design, planning, implementation, and network management.

Product Name

Managed WAN

Description

Managed WAN is a service offered by Verizon to manage customer routers as part of an overall WAN network, using Verizon (or third party) private and public networks. The service includes management and monitoring of the WAN router, as well as the transport circuits connected to it.

Product Name

Managed WAN Optimization

Description

Managed WAN Optimization Service is a network management offering where Verizon installs, configures, monitors, and manages WAN optimization devices.

Product Name

Managed Wireless LAN

Description

Managed Wireless LAN is part of Verizon Managed Network Services portfolio and is offered in the US, Canada, EMEA, APAC, and LATAM. Managed Wireless LAN offers management of Wireless LAN Controllers and Wi-Fi Access Points.

Product Name

Network Application Performance Management

Description

Network Application Performance Management provides an application monitoring service to Enterprise customers to monitor physical servers, dedicated/virtual operating systems, application workloads, and synthetic test generation.

Product Name

Network Threat Monitoring/Advanced Analytics

Description

Monitoring service based on data from Verizon’s backbone network. Near-real time fully automated watch list matching process based on unique Verizon threat intelligence.

Product Name

Outbound International - Dedicated

Description

Direct Voice service provides an ISDN30 or PRI service which connects the customer PBX through a 2mbps or E1 access circuit carrying 30 telephony channels. The product supports inbound and outbound calling to fixed, mobile, national, international and non geographic telephone numbers. Emergency calling is supported. New telephone numbers or number portability can be provided.

Product Name

Outbound International - Switched

Description

Indirect Voice service provides outbound calling using the PTT's access circuits (PSTN or ISDN lines). The product supports outbound calling only to fixed, mobile, national, international and some non geographic telephone numbers. The PTT will contract separately for the access lines. In the UK, Verizon provides UK Line Rental service, i.e. the PSTN/ISDN line, though over the BT Openreach network.

Product Name

SD WAN (Managed Software Defined WAN) - Viptela

Description

SD WAN is a fully managed service provided by Verizon, allowing customers to efficiently utilize multiple networks to route critical and non-critical traffic across those multiple networks. Verizon manages the devices and the networks, as well as the customer-defined SD WAN policies that control how traffic is routed over the multiple network paths. Viptela is one vendor that Verizon uses to provide SD WAN services to customers.

Product Name

Secure Gateway Services

Description

Secure Gateway allows customers to connect Internet-based sites to their Private IP network, through a Secure Gateway Universal Port that is hosted by Verizon in the network. The Universal Port is connected to the customer's PIP network to allow incoming connections from Internet-based sites via IPSec encryption.

Product Name

Software Defined Perimeter

Description

Verizon Software Defined Perimeter (SDP) is an SDN-based service offering that enables customers to quickly establish secure software-based network perimeters around services, networks, devices, applications and other assets.

Product Name

SSLOnDemand

Description

SSLOnDemand is a system for producing and managing digital certificate and publishing certificate status for validation of certificates. Certificates are used to identify servers/computers on the network/internet and to protect communication to/from the server.

Product Name

ThingSpace Alpha Build / Data Management

Description

New portal for specific IOT OEM partners for purposes of enabling developers to test and prototype with ThingSpace platform. The portal contains the following features: ThingSpace SDK download for IOT chipsets; Downloadable security certificates to load onto IOT devices to connect to ThingSpace platform; Data manager for visualizing IOT data sent to ThingSpace platform; APIs for event based alerting related to IOT device activity.

Product Name

ThingSpace Develop

Description

ThingSpace Develop is a developer portal focused on APIs, Dev Kits and developer tools. This fosters innovation to build new apps. The portal is located at thingspace.verizon.com.

Product Name

UCCaaS

Description

Unified Communication and Collaboration as a Service (UCCaaS) is a hosted and managed service based on Cisco's Hosted Collaboration Solution. UCCaaS delivers business-grade communications and collaboration services from the Cloud, offering the flexibility of a premises-based solution with the simplicity of a hosted solution. UCCaaS provides the following UC&C services: Call control (audio, video); Integrated/unified voicemail; Presence and Instant Messaging; Enterprise mobility; and Audio conferencing and net conferencing.

Product Name

Unified Customer Experience (CX)

Description

Unified Customer Experience (Unified CX) provides a cloud based contact center platform that enables companies to respond to customers via voice, email, chat, SMS, web and mobile as well as provide voice self service capabilities. It utilizes the Cisco Hosted Collaboration Solution for Contact Center (HCS-CC) architecture which includes the Unified Communications Manager (UCM), Unity Connection, Unified Contact Center Enterprise (UCCE), Cisco Customer Voice Portal (CVP) and Cisco Finesse for Agent and Supervisor Desktop. Email, Chat and SMS can be added as additional channels and an enhanced Agent and Supervisor Desktop is available that provides information on a single screen to enable a better agent experience. Access to previous customer interactions provide context to customer conversations improving the customer experience. Additional functionality that helps improve the overall experience includes Quality Management to provide coaching for agent improvement as well as Workforce Management to ensure the right staffing is on hand based on forecasted interaction volume. Speech and Desktop analytics are also available as an option to provide the voice of the Customer and more targeted Quality Monitoring.

Product Name

Universal Identity Service (UIS)

Description

This application provides authentication and access control services for NIST L1-4 and sophisticated adaptive authentication and helps individuals manage their electronic identity, simplifying what they have to remember, minimizing the information they need disclose and maximizing the security of on-line transactions they participate in.

Product Name

Virtual Communications Express (VCE)

Description

VCE is an existing U.S. product that Verizon is extending to the EU. VCE is a cloud PBX/UC service that Verizon provides in partnership with Broadsoft. In lieu of a premises-based PBX, customers utilize VCE for call routing, basic PBX features and UC services such as IM & Presence, Audio/Video Conferencing and Desktop Sharing.

Product Name

Virtual Contact Center

Description

Virtual Contact Center is a cloud based contact center solution that supports multiple channels (voice, email, chat, SMS) for both inbound and outbound communication. It also provides Workforce Management, Quality Management, Surveys and other Contact Center management tools.

Product Name

Voice Call Back

Description

Voice Call Back offers callers a call back rather than waiting on hold.

Product Name

VoIP Inbound

Description

VoIP Inbound offers legacy and CP IPCC customers the opportunity to purchase inbound numbers (US toll free 800 numbers, US local numbers (ViLO), ITFS and/or UIFN numbers) to allow calls from around the globe to reach their contact center or agent or to terminate into the IVR.

Product Name

WIFI for Business - Managed

Description

Wi-Fi for Business is part of the Verizon Managed Network Services portfolio and is offered in US, Canada, EMEA and APAC. The service offers the management of Cisco Meraki security appliances, LAN switches and Wi-Fi access points.