AT&T transfers personal data between our entities and third parties around the globe in order to provide dependable, effective services to business customers wherever they are in the world, as well as to support our global workforce. To provide transparency to business customers, employees, and regulators regarding how AT&T transfers personal data, this document supplements our Privacy Notices by providing contact information for our entities around the globe. This document also summarizes how AT&T entities function as controllers and/or processors, as well as exporters and/or importers of personal data. Further explanations of why, how, and by whom this personal data is processed, as well as your rights with regard to AT&T’s processing of personal data, may be found on the AT&T Privacy Center and in our Privacy Notices.
AT&T has centralized many of its business administration and support functions. This centralization primarily means that personal data is processed (including for server-based storage or in support of call centers) in Brazil, Canada, Czech Republic, India, Japan, Malaysia, Mexico, Philippines, Poland, Singapore, Slovakia, the United Kingdom, and the United States of America.
For cross border transfers of personal data within the AT&T group of companies, the AT&T entities in a given country will generally serve as the initial controller and exporter. This is always true for personal data of AT&T employees and most common for business products and services. For certain products and services, AT&T in a given country will serve as both a processor and exporter.
For cross border transfers of personal data involving business customers or another third party as the exporter, the business customer or third party will generally serve as a controller but could be a processor in some instances. When the business customer or third party is the exporter, the AT&T company will serve as the data importer. The AT&T company could function as a controller, processor, or sub-processor.
For cross border transfers of personal data involving AT&T as the exporter and a third party as the importer, AT&T will generally serve as a controller but could be a processor in some instances. When AT&T is the exporter and a third party the importer, the third party will generally function as a processor, but could be a sub- processor or controller.
AT&T entities are identified by country in the following list, along with the mailing addresses. The AT&T Privacy Program is corporately managed from AT&T’s Headquarters in Dallas, Texas, United States. Questions or comments about the AT&T Privacy Program may be directed to the AT&T Chief Privacy Office at AskPrivacy.
AT&T has also appointed data protection officers to support our compliance with local privacy and data protection laws. Questions or comment for AT&T’s data protection officers may be emailed to AT&T DPO.
This list will be updated from time-to-time, so please check back periodically for the most current version. This list was last updated in May 2021.