Last reviewed & updated: February 16, 2023
This Notice pertains to all personal data collected, processed and stored by GTT through our websites, applications, and any related services, sales, marketing, or events in the course of our activities. The purpose of this Notice is to explain the procedures that are followed when dealing with personal data and how GTT collect and manage personal information in accordance with all relevant legislation and standards. The procedures set out herein are followed by GTT, our employees, agents, contractors, or other third parties on behalf of GTT. This Notice extends to all personal data whether stored in electronic or paper format.
GTT only hold personal data that is directly relevant to our dealings with a given data subject. That data will be collected, held, processed and disposed of in accordance with the Legislation and other data protection principles and with this Notice in a reasonable and lawful manner.
GTT collect personal information that is voluntarily provided to us when signing up for our services, expressing an interest in obtaining information about us or our products and services, when participating in activities on our sites, or otherwise contacting us. The personal information that we collect depends on the context of the interactions with us and our sites, the choices made and the products and features selected and used. For example:
Any and all personal data collected from you as customers of us is collected in order to ensure that we can provide the services under the terms of our services agreement, that we provide the services in the best possible manner, and that we can efficiently manage our customers as a whole.
We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. We use the personal data provided by you to provide the Services and for business purposes such as processing and fulfilling orders, billing, service improvement, research, marketing and for other general business purposes. GTT may share such information with third parties for business and marketing purposes. Business purposes may include:
We endeavor to ensure personal information held by us is up to date and accurate. We shall employ reasonable means to keep personal data accurate, complete, and up to date in accordance with the purposes for which it was collected. You, as customer, are responsible for ensuring that you inform the relevant department of any changes in your personal details. Changes to personal information may be made by contacting your Account/Service Manager and/or by contacting GTT Data Protection team directly via e-mail to [email protected].
Personal data may be disclosed internally when passed from one department to another in accordance with the data protection principles and this Notice. Personal data is not passed to any internal department or any individual that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed. Relevant internal departments to whom personal data may be disclosed includes: sales; marketing; customer service; billing; account and technical managers; network operations; security operations; and legal.
We shall disclose your personal information to third parties only when it is necessary as part of our business practices, when there is a legal or statutory obligation to do so, or with your consent. Categories of such third parties may include: service providers, subcontractors, credit collection agencies, auditors, and authorities to whom we are legally obliged to disclose personal information (e.g. law enforcement, tax authorities, etc.). Whenever we disclose personal information to third parties, we will only disclose that amount of personal information necessary to meet such business need or legal requirement. Third parties that receive personal information from us must provide sufficient guarantees and satisfy us as to the measures taken to protect the personal data such parties receive and process it in accordance with the Legislation. Appropriate measures will be taken to ensure that all such disclosures or transfers of personal information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
We may provide information, when legally obliged to do so and in response to properly made requests, for example under a court order or for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. In the case of any such disclosure, we will do so only in accordance with the Legislation. We may also transfer data to legal counsel where this is necessary for the defense of legal claims. If there is any change in the ownership of GTT Communications, Inc. or any of its assets, we may disclose personal information to the new (or prospective) owner(s). If we do so, we will require the other party(ies) to keep all such information confidential.
The time period for which we retain information varies according to the law provisions about the use of that information. In some cases, there are legal requirements to keep data for a minimum period of time. Unless specific legal requirements dictate otherwise, we will retain information no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Customer personal data will be held for as long as the customer holds a services agreement for the provision of services with us. Following termination of service, personal data shall continue to be retained for the minimum period mandatory under local law. Following this mandatory period, personal data shall be retained for no longer than necessary to allow for the defense of legal claims in accordance with applicable statutory limitation periods under local law. Following the expiry of this period, personal data held by us will be destroyed.
We may transfer customer personal data outside the EEA for storage, and other purposes. Any transfer of your personal data outside of the EEA shall be made through transfer mechanisms approved or allowed for under the Legislation and we shall take all necessary steps to ensure that there is adequate protection, as required by the Legislation. Please note that GTT does not rely on Privacy Shield, GTT has signed Standard Contractual Clauses (SCCs) between its affiliates.
GTT is an international company and as such we have offices and personnel all over the world. Our Headquarters are in McLean, Virginia, US. You can check all the locations where GTT operates on our Contact Us page.
You may obtain a copy of our standard contractual clauses (SCCs) by contacting us at [email protected].
For EEA Citizens
We shall respect all your rights under the Legislation. These rights are as follows:
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before withdrawal of such consent.
Giving effect to your rights shall not affect any obligations which we may have under the Legislation. If you want to know what personal information we hold about you or exercise any of the above rights, you can do so by making your specific request to our Privacy & Data Protection team in writing to the following e-mail address: [email protected]. We will confirm your request after validating your identity and process your request without undue delay and within 30 days of receipt. If the information we hold about you is inaccurate, we request that you advise us promptly so that we can make the necessary amendments and confirm that these have been made within 30 days of receipt of your request.
For California and Virginia Residents
If you are a resident of the state of California, under the California Consumer Privacy Act (California Civil Code §1798.100 et. Seq. (as amended from time to time, the “CCPA”)) or a resident of the state of Virginia, under the Virginia Consumer Data Protection Act (Code of Virginia 59.1-571 through 59.1-581 (as amended from time to time, the “VCDPA”)), you have the following rights:
Your right to access. You have the right to request access to specific pieces and categories of personal information we collected about you in the past twelve months. You can do this by contacting us at: [email protected], or by calling toll-free: 1-888-889-0020.
Your right to delete. You have the right to request that we delete personal information we have about you unless we need it for specific reasons described by the CCPA and VCDPA. You can do this by contacting us at: [email protected], or by calling toll-free: 1-888-889-0020. We retain personal information only as long as reasonably necessary for business, accounting, tax or legal purposes and then securely delete it.
Your right to say “Do not sell my personal information.” The CCPA and VCDPA give you the right to say no to the sale of personal information.
We do not sell information that personally identifies you such as your name, telephone number, mailing address or email address. We may share that type of information with directory publishers and for caller ID purposes, excluding customers who have subscribed (at no charge) to unlisted or unpublished numbers.
We may allow third-party advertising companies to collect information about your activity on our websites and in our apps, for example through cookies, mobile ad identifiers, pixels, web beacons, social network plugins and similar technologies.
Your right to not be discriminated against. We do not discriminate against you if you exercise any rights described in this section.
Where to exercise your rights. You or your authorized agent can exercise your right to access or delete data by:
We may require you to verify your identity according to our internal procedure before we are able to process your request.
We shall employ reasonable and appropriate with the state of the art administrative, technical, personnel, procedural, and physical measures to safeguard information against loss, theft and unauthorized uses, access, or modifications. You can request a copy of our Technical and organizational measures (GTT TOMs) by contacting us at [email protected].
GTT has an ISO 27001:2013 certified Information Security Management System (ISMS) and our technical and organizational measures are based on the Plan, Do, Check, Act cycle. GTT is assessed and regularly audited by independent third parties to ensure that the highest security standards are maintained and continuously improved.
Complaints on the use, retention and disposal of personal data can be submitted via email to: [email protected].
As a customer, you also have the right to lodge a complaint with your National Data Protection supervisory Authority - https://edpb.europa.eu/about-edpb/board/members_en.