Privacy Policy

JUMP TO

Add a header to begin generating the table of contents

GTT Communications, Inc. (and together with our affiliates each an “Affiliate”, “We”, “Us” or “Our”)

This Privacy Notice (“Notice”) has been developed to ensure our customers, GTT website visitors and any other interested parties (hereinafter referred to as “you”) feel confident about the privacy and security of personal data. It outlines how GTT meet the obligations under the General Data Protection Regulation (“GDPR”) and other applicable data protection and privacy legislation, as amended, revised, modified or replaced from time to time (together, the “Legislation”). Under the Legislation, ‘personal data’ is any information that identifies you, or could identify you, directly or indirectly, as an individual.

This Notice pertains to all personal data collected, processed and stored by GTT through our websites, applications, and any related services, sales, marketing, or events in the course of our activities. The purpose of this Notice is to explain the procedures that are followed when dealing with personal data and how GTT collect and manage personal information in accordance with all relevant legislation and standards. The procedures set out herein are followed by GTT, our employees, agents, contractors, or other third parties on behalf of GTT. This Notice extends to all personal data whether stored in electronic or paper format.

GTT is the controller (i.e., responsible party) for the personal data practices described in this Notice. However, we also provide and administer certain services on behalf of customers and act as a processor or service provider relative to such customers. This Notice may not apply in that regard, and we recommend that you review the privacy policy of such third-party customers with whom you are dealing directly as they will be responsible for the handling of your personal data.

You can access specific topics within this Notice by clicking on the relevant links below:

What Personal Data Do We Collect?

GTT only holds personal data that is directly relevant to our dealings with a given data subject. That data will be collected, held, processed and disposed of in accordance with the Legislation and other data protection principles and with this Notice in a reasonable and lawful manner.

GTT collects personal data that is voluntarily provided to us when signing up for our services, expressing an interest in obtaining information about us or our products and services, when participating in activities on our sites, or otherwise contacting us. The personal data that we collect depends on the context of the interactions with us and our sites, the choices made and the products and features selected and used. For example:

Customer may be requested to provide the following information for provision of services and for the purposes of account administration and billing:

General Contact Information: including name, address, phone number and/or email address(es).
Device Information: (such as online identification data, including IP address, browser and device characteristics, referring URLs, country, location, information about how and when you use our site and other technical information) is automatically collected when visiting our websites.
Credentials and other authentication data for GTT customer accounts.
We may obtain information about Customer/Supplier/website visitor from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties. Examples of the information we receive from other sources may include: social media profile information (name, email, hiring company, physical addresses, user identification numbers for Customer’s contacts, URL and any other information that is chosen to make public); marketing leads and search results and links, including paid listings (such as sponsored links).

Legal Basis for Processing Personal Data and Types of Processing

Any and all personal data collected from you as customers of us is collected in order to ensure that we can provide the services under the terms of our services agreement, that we provide the services in the best possible manner, and that we can efficiently manage our customers as a whole.

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent, where required. The provision of your personal data is partly a statutory requirement and partly a contractual obligation. We use the personal data provided by you to provide the Services and for business purposes such as processing and fulfilling orders, billing, service improvement, research, marketing and for other general business purposes. Business purposes may include:

direct provisioning of the services to you
resolving issues arising during the provisioning of the services or the services agreement with you
billing for services provided by us under the services agreement with you
administration of customer accounts
ensuring the ongoing provision of optimized services to you
informing you of the status of the services
implementing any changes to services
billing or customer information as requested by you
account creation and logon processes
marketing and promotional communications: We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, You may unsubscribe at any time by visiting the Customer Preference Center.
requesting feedback and contacting you about your use of our Sites
contacting you regarding information on available upgrades or updates

Changes to Your Personal Data

You, as customer, are responsible for ensuring that you inform the relevant department of any changes in your personal details. Changes to personal data may be made by contacting your Account/Service Manager and/or by contacting GTT Data Protection team directly via e-mail to [email protected].

Do We Disclose Personal Data to Anyone Else?

Personal data may be disclosed internally when passed from one department to another in accordance with the data protection principles and this Notice. Personal data is not passed to any internal department or any individual that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed. Relevant internal departments to whom personal data may be disclosed includes: sales; marketing; customer service; billing; account and technical managers; network operations; security operations; and legal.

We may disclose your personal data to third parties only when it is necessary as part of our business practices, when there is a legal or statutory obligation to do so, or with your consent. Categories of such third parties may include: service providers, subcontractors, credit collection agencies, auditors, and authorities to whom we are legally obliged to disclose personal data (e.g. law enforcement, tax authorities, etc.). Whenever we disclose personal data to third parties, we will only disclose that amount of personal data necessary to meet such business need or legal requirement. Third parties that receive personal data from us must provide sufficient guarantees and satisfy us as to the measures taken to protect the personal data such parties receive and process it in accordance with the Legislation. Appropriate measures will be taken to ensure that all such disclosures or transfers of personal data to third parties will be completed in a secure manner and pursuant to contractual safeguards.

We may disclose personal data to advertising, analytics, and marketing partners—often through pixels, cookies, or similar tools on our websites.

We may provide information, when legally obliged to do so and in response to properly made requests, for example under a court order or for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. In the case of any such disclosure, we will do so only in accordance with the Legislation.

We may also transfer data to legal counsel where this is necessary for the defense of legal claims. If there is any change in the ownership of GTT Communications, Inc. or any of its assets, we may disclose personal data to the new (or prospective) owner(s). If we do so, we will require the other party(ies) to keep all such information confidential.

We may disclose or use aggregated or de-identified data for any lawful purpose. Deidentified information is generally not considered to be personal data under applicable laws.

Do We Use or Disclose Sensitive Personal Data or Special Categories of Personal Data?

With regard to sensitive personal data you provide, if any, we only use your Sensitive personal data to provide you with the requested products or services, to administer your account, or with your consent.

Additionally, we do not collect any special categories of personal data, as defined under the GDPR.

How Long Do We Keep Personal Data?

We have implemented generally accepted standards of technical and organizational security to protect personal data from loss, misuse, alteration or destruction. All employees are required to keep personal data confidential and only authorized personnel have access to this information. Despite these protections, however, we cannot guarantee the safety of your personal data. In case there is unauthorized access to or use of your personal data, we may notify you of such access or use, including by electronic means if permitted by law.

We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal data for a period of time that enables us to:

Maintain business records for analysis and/or audit purposes;
Comply with record retention requirements;
Defend or bring any existing or potential legal claims;
Deal with any queries or complaints you may have; and
Comply with any other relevant laws and regulations.

We will delete or de-identify your personal data when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the information.

International Transfers of Personal Data

We may transfer customer personal data outside the European Economic Area (EEA) and United Kingdom (UK) for storage, and other purposes. Any transfer of your personal data outside of the EEA shall be made through transfer mechanisms approved or allowed for under the Legislation and we shall take all necessary steps to ensure that there is adequate protection, as required by the Legislation. -Where Personal Data is transferred to a country that is not governed by a data protection law affording a similar level of data protection as that in force in the country of disclosure, or to which no adequacy decision has been issued by the relevant European Commission, GTT has taken steps to ensure an adequate level of protection of the transferred data in the country of transfer. This is achieved by entering into inter-group data transfer agreements (IGDTA) based on the European Standard Contractual Clauses (also known as European Model Clauses) issued by the European Commission, and as required by applicable data protection and privacy laws or regulations.

GTT is an international company and as such we have offices and personnel all over the world. Our Headquarters are in Arlington, Virginia, US. You can check all the locations where GTT operates on our Contact Us page.

You may obtain a copy of our standard contractual clauses (SCCs) by contacting us at [email protected].

How Can You Exercise Your Rights in Respect of Personal Data We Hold About You?

You may have certain rights regarding your personal data. The rights available to you depend on our reason for processing your personal data and the requirements of applicable law (i.e., your rights will vary depending on whether you are located in, for example, California, the European Union, or United Kingdom). Specifically, you may have the following rights:

- Right to access:You may have the right to obtain from us confirmation as to whether personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access to information includes the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed, among other categories of information. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the personal data free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectification (right to correct inaccurate information): You may have the right to request that we correct any personal data about you that is inaccurate. Depending on the purpose of the processing, you also have the right to request that we complete the personal data we hold about you where you believe it is incomplete, including by means of providing a supplementary statement. You may also be able to change your personal data in your account.
- Right to erasure (right to be forgotten): You may have the right to request that we erase your personal data, under certain conditions.
- Right to restrict processing: You may have the right to request that we restrict the processing of your personal data, under certain conditions. In such case, the respective data will be marked and may only be processed by us for certain purposes.
- Right to object to processing: You may have the right to object to our processing of your personal data, under certain conditions, and we can be required to no longer process your personal data. Such right to object may especially apply if we collect and process your personal data through automated decision making, such as profiling, to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed by us for such purposes. Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to data portability: You may have the right to request that we transfer the personal data we have collected about you to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
- Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right to know what personal data is sold or shared and to whom, and right to prohibit the sale or sharing of personal data (California): We do not and have not in the preceding 12 months, sold your personal data. However, we have shared (in this context, share means use of your personal data for cross-contextual behavioral advertising) your personal data. We share your device information with service providers or advertising companies. You may opt-out of the sharing of your personal data by updating your cookie preferences on our website or by going to the Privacy Choices button at the footer of our website.
- Right to limit the use and disclosure of sensitive personal data (California): We will only use sensitive or special personal data as needed for the purposes for which it was collected. If this changes, we will notify you, and you may have the right to restrict such additional uses. At this time, we do not collect sensitive personal data.
- Right to restrict automated decision making. At this time, we do not use automated decision making technologies to process your personal data.
- Right of non-discrimination/retaliation: We do not discriminate against individuals who exercise any of their rights described in this Notice, nor do we retaliate against individuals who exercise these rights.

Please note that many of the above rights are subject to exceptions and limitations. Your rights and our responses will vary based on the circumstances of the request. If you choose to assert any of these rights under applicable law, we will respond within the time period prescribed by such law.

If you are located in the State of California in the United States, a person authorized to act on your behalf may make a verifiable request related to your personal data. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf.

In any circumstances, your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal data or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

To exercise your rights, please contact us as stated in the “How to Contact Us” section of this Notice or by emailing us at [email protected].

What Cookies and Other Tracking Technologies Do We Use?

Please reference our Cookie Notice to learn more about our use of cookies.

Opt-out Preference Signal (Do Not Track)

GTT does not currently recognize Do Not Track signals. However, we recognize commercially reasonable universal preference signals (e.g., Global Privacy Control).

How Do We Protect Personal Data?

We shall employ reasonable and appropriate with the state of the art administrative, technical, personnel, procedural, and physical measures to safeguard information against loss, theft and unauthorized uses, access, or modifications.

Links to Other Websites

Our site may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with GTT. Linked websites may have their own privacy policies or notices, which we recommend you review if you visit those websites. This Notice only applies to personal data collected on this site. We have no control over third-party websites and are not responsible or liable for the content, privacy practice s, or use of any websites that are not affiliated with GTT.

Children’s Privacy

GTT does not knowingly collect personal data from children under the age of 13 (or other relevant age of majority).

How Can You Make a Complaint to Us About the Use of Personal Data?

Complaints on the use, retention and disposal of personal data can be submitted via email to: [email protected].

As a customer, you also have the right to lodge a complaint with your National Data Protection supervisory Authority – https://edpb.europa.eu/about-edpb/board/members_en.

How to Contact Us?

If you have questions or comments regarding this Notice or our privacy practices, please
contact us by using the information below.

Email: [email protected]

Information on Controller and DPO

GTT Communications Inc. and its affiliates are the controllers of your personal data.

GTT has appointed Bird & Bird DPO Services SRL as a Data Protection Officer (DPO), and the DPO may be reached:

By using the following email: [email protected]
By mail at the following address: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium

This Notice will be reviewed and updated annually to take into account changes in applicable laws and the experience of the Notice in practice. If we make material changes to this Notice, we may notify you by publishing this Notice on our website and/or by sending a notification via our Client portal – EnvisionDX. We encourage you to review this Notice frequently to be informed of how we are protecting your information.

This Notice includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

Effective Date: February 4, 2025

Last Updated: February 4, 2025

OUR GARTNER RATING

4.2

62 reviews

88%

as of the last 12 months