Privacy Center
At GTT, we value your privacy and the trust you place in us. Our Privacy Center is designed to provide clear, accessible insights into how we collect, process, use, and protect personal data, whether we are acting as a service provider (processor) or a data controller.
GTT complies with the EU General Data Protection Regulation (GDPR), the UK GDPR, and all applicable data protection laws as required, ensuring transparency and security in all processing activities.
1. Non-Personal Data Processing
Note that GTT offers a diverse selection of products and services that do not involve the processing of personal data belonging to Clients’ end-users.
Personal data is defined as information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or other personal attributes.
However, when GTT cannot reasonably associate an identifier—such as an IP address—with an identifiable individual using other available data, such an identifier is not classified as personal data.
For services that do not process personal data, a Data Processing Agreement (DPA) or similar contract is not required.
GTT Services That Do Not Process Personal Data
Managed Networking:
- Dedicated Internet Access (DIA)
- Broadband
- IP Transit
- 5G Fixed Wireless
Wide Area Networking:
- MPLS
- VPLS
- Ethernet
2. GTT as a Service Provider (Processor)
GTT acts as a data processor when providing services that involve processing personal data on behalf of our clients. In this role, we handle Client Data strictly in accordance with documented instructions from the Client and service agreements.
As a processor, we ensure that Client Data is:
- Used exclusively for delivering contracted services.
- Processed securely and in compliance with all applicable data protection laws.
- Not processed for any purposes beyond those explicitly authorized by the Client in writing.
Products with Privacy Data Sheets
Covered Services
- Cloud UC Service
- Fax Cloud Service
- Managed Detection & Response (MDR)
- Managed Firewall/Security Service Edge (SSE)
- Managed Hosting
- SD-WAN
- Virtual Data Centre (VDC)
Client-Specific Services
3. GTT as a Data Controller
GTT processes personal data as a controller for certain business operations, vendor relationships, and Client interactions. We ensure:
- Personal data is processed lawfully, fairly, and transparently.
- Data subjects retain control over their personal information, including rights of access, rectification, and deletion.
- Processing aligns with regulatory obligations and contractual requirements.
Applicable DPAs
- For services processing only Client contact details: Controller-to-Controller DPA
- Vendor Relationships: Controller-to-Processor DPA
4. Traffic Data Processing
GTT also handles traffic data related to Client end-users. Defined under EU ePrivacy Directive, traffic data is used only for communication or billing.
For certain products, GTT acts as a “mere conduit” under EU Directive 2000/31/EC, meaning no personal data is processed.
Our Commitment to Privacy
We are dedicated to safeguarding Client data while ensuring compliance, transparency, and security. Whether acting as a processor or controller, our privacy practices ensure responsible data handling, secure operations, and trustworthy service delivery.
For more details, refer to our Privacy Notice and Cookie Notice.
Privacy Datasheets
Cloud UC Service
Fax Cloud Service
Managed Detection & Response (MDR) Service
MANAGED FIREWALL SERVICE /
SECURITY SERVICE EDGE (SSE)
Managed Hosting Service
Software-Defined Wide Area Network (SD-WAN) Service
Virtual Data Centre (VDC) Service
Our Gartner Rating
Global WAN Services
