AT&T Website User
GDPR Privacy Notice

This AT&T Website User GDPR Privacy Notice explains our commitment to compliance with the European Union’s General Data Protection Regulation (GDPR). This Notice defines key terms and answers important questions, such as who is covered by GDPR, what GDPR requires, and how AT&T operates within those requirements.

AT&T’s Commitment to Data Protection

AT&T is committed to fulfilling our responsibilities in relation to collection, retention, use, and other processing of personal data that is within the scope of the GDPR. Such personal data will be processed only for lawful and appropriate purposes. AT&T has implemented measures designed to ensure security of personal data and to prevent unauthorized or accidental access, erasure, or other misuse of personal data. AT&T will facilitate the exercise of your rights in an effective and transparent manner.

Who is covered by this Notice?

This AT&T Website User GDPR Privacy Notice applies to persons in the European Union (EU) or European Economic Area (EEA) who access an AT&T website (att.com). AT&T maintains other notices, as well as the AT&T Privacy Policy, that cover other data protection matters and audiences and may supplement this AT&T Website User GDPR Privacy Notice. Where another notice or policy conflicts with the audiences and purposes of this AT&T Website User GDPR Privacy Notice, this AT&T Website User GDPR Privacy Notice will prevail as to persons in the EU or EEA. Persons outside the EU or EEA may find the applicable terms of use for AT&T’s websites here.

What Personal Data about you does AT&T Process?

  • To access AT&T websites, certain information will be processed, including your device’s IP identification and routing information such as ISP, connection type, and the ISP’s location. Processing this information is necessary for purposes such as authentication, security, and locality features.
  • AT&T also uses cookies to enhance the user experience. Certain cookies and processing are necessary for the performance of website features, to deliver relevant advertising, and to conduct analytics to improve the site. You may learn more about cookies and how to manage your cookie preferences here.
  • Additional information, such as name, email address, or mailing address may be requested of you to enroll in a specific service or forum. The relevant grant of consent be specific. This information, collectively or individually, is referred to as “Personal Data” throughout this Notice.

Why does AT&T Process Personal Data about you?

Personal Data will be used to provide the AT&T websites you are seeking to access. AT&T Processes Personal Data pursuant to established and appropriate lawful bases for Processing. These are:

  • Processing for one or more specific purposes for which you have given consent. Your consent authorizes us to process your Personal Data for a specific AT&T web service, including cookies. You may withdraw your consent at any time, but this will impact our ability to provide you the service or further related information.
  • Processing necessary for the legitimate interests pursued be AT&T. AT&T has certain legitimate and lawful interests in Processing Personal Data; these could include Processing for website functionality, administrative purposes, personal and network security, and other compatible purposes.

Throughout this Notice, “Processing” (and all variants) means any operation(s) performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Who has access to Personal Data about you?

Personal Data will be disclosed, to the extent required for the above purposes, to appropriate and authorized recipients. Recipients may include AT&T personnel and third party service providers and subcontractors that support AT&T in staging events. Third parties may also collect and process Personal Data on AT&T’s behalf.

Third parties given access to Personal Data will be required to use appropriate security measures consistent with legal requirements when Processing Personal Data and, where the third party is Processing such Personal Data on behalf of AT&T, to do so only pursuant to AT&T’s instructions.

Personal Data will be disclosed if compelled to do so by a court of law or lawfully requested to do so by a relevant governmental authority using the appropriate means of request. Personal Data may be disclosed if determined necessary or appropriate to comply with the law or to protect or defend AT&T’s rights, property or employees.

Where is Personal Data about you Processed?

AT&T has centralized administrative activities to better manage a global business. That centralization may result in the transfer of Personal Data to countries outside of the EEA. For example, your Personal Data may be transferred for Processing in the United States of America. Wherever Personal Data is Processed, AT&T uses appropriate security measures.

When is Personal Data about you deleted?

Personal Data will generally be retained as needed for business administration, tax, or legal purposes and as consistent with applicable law, including GDPR. The retention period for a specific event will be stated in the grant of consent. Grants of consent may be renewed or terminated, but termination will impact participation in the event.

How may you manage Processing of Personal Data?

You have certain rights regarding Processing of Personal Data. AT&T is committed to honoring these rights and has established clear and accessible policies and procedures. Your rights with respect your own Personal Data include:

  • Right to Notice. AT&T provides you with this AT&T Website User GDPR Privacy Notice, detailing how Personal Data is Processed.
  • Right of Access. You may obtain from AT&T confirmation as to whether or not Personal Data concerning you is being Processed and, if it is, access to the Personal Data and additional information about the Processing of that data.
  • Right to Rectification. You may have AT&T correct inaccurate Personal Data about you, as well as to have incomplete Personal Data made complete.
  • Right to Erasure. You may have AT&T erase Personal Data concerning you in certain circumstances.
  • Right to Restriction of Processing. You may have AT&T temporarily prohibit additional Processing of Personal Data while your challenge to the accuracy or Processing of the Personal Data is contested.
  • Right to Data Portability.You may be able to receive from AT&T the Personal Data concerning you for the purpose of providing that Personal Data to another controller, either by you or directly by AT&T.
  • Right to Object. You may object, at any time and on grounds relating to his or her particular situation, to AT&T's Processing of Personal Data.
  • Right to Avoid Automated Individual Decision-Making.AT&T’s Processing of Personal Data generally does not include automated decision-making that produces legal effects concerning you or similarly significantly affects you.

Whether and how a right applies will depend on the lawful basis pursuant to which Personal Data is Processed, the nature of the Personal Data requested, and AT&T's ability to determine we hold responsive Personal Data. AT&T's provision of Personal Data in response to your request shall not adversely affect the rights and freedoms of others.

Additional Information

You may file a complaint with a data protection regulator, also known as a “supervisory authority.” The relevant supervisory authority would most likely be, but is not necessarily limited to, the supervisory authority of the country in which you are located. You may additionally or alternatively seek judicial redress for alleged infringements of applicable law. For any of the above matters, AT&T may be contacted at AskPrivacy@att.com. Please indicate “GDPR Website Question” in your email’s subject line.