AT&T Website User
Global Privacy Notice

This AT&T Website User Global Privacy Notice explains our commitment to compliance with applicable laws including the European Union’s General Data Protection Regulation (GDPR), Brazil’s General Data Protection Law (LGPD) and New Zealand’s Privacy Act (Privacy Act). This Notice defines key terms and answers important questions, such as who is covered by applicable laws, including GDPR, LGPD and the Privacy Act (Global Privacy Laws), what these laws require, and how AT&T operates within those requirements.

AT&T’s Commitment to Data Protection

AT&T is committed to fulfilling our responsibilities in relation to collection, retention, use, and other processing of personal data that is within the scope of applicable laws including GDPR, LGPD, and the Privacy Act. Such personal data will be processed only for lawful and appropriate purposes. AT&T has implemented measures designed to ensure security of personal data and to prevent unauthorized or accidental access, erasure, or other misuse of personal data. AT&T will facilitate the exercise of your rights in an effective and transparent manner.

Who is covered by this Notice?

This AT&T Website User Global Privacy Notice applies to persons subject to applicable privacy laws including those in New Zealand, the Brazilian Federal Union, States, Federal District and Municipalities (“Brazil”) and in the European Union (EU) or European Economic Area (EEA), who access an AT&T website (att.com). AT&T maintains other notices, as well as the AT&T Privacy Policy, that cover other data protection matters and audiences and may supplement this AT&T Website User Global Privacy Notice. Where another notice or policy conflicts with the audiences and purposes of this AT&T Website User Global Privacy Notice, this AT&T Website User Global Privacy Notice will prevail as to persons in New Zealand, the EU, EEA, or Brazil. Persons outside New Zealand, the EU, EEA, or Brazil can read about the applicable terms of use for AT&T’s websites.

What personal data about you does AT&T process?

To access AT&T websites, certain information will be processed, including your device’s IP identification and routing information, such as ISP, connection type, and the ISP’s location. Processing this information is necessary for purposes, such as authentication, security, and locality features.

AT&T also uses cookies to enhance the user experience. Certain cookies and processing are necessary for the performance of website features, to deliver relevant advertising, and to conduct analytics to improve the site. You may learn more about cookies and how to manage your cookie preferences.

Additional information, such as name, email address, or mailing address, may be requested of you to enroll in a specific service or forum. The relevant grant of consent will be specific. This information, collectively or individually, is referred to as “personal data” throughout this Notice.

Why does AT&T process personal data about you?

Personal data will be used to provide the AT&T websites you are seeking to access. AT&T processes personal data pursuant to established and appropriate lawful bases for processing. These are:

  • Processing for one or more specific purposes for which you have given consent. Your consent authorizes us to process your personal data for a specific AT&T web service, including cookies. You may withdraw your consent at any time, but this will impact our ability to provide you the service or further related information.
  • Processing necessary for the legitimate interests pursued by AT&T. AT&T has certain legitimate and lawful interests in processing personal data; these could include processing for website functionality, administrative purposes, personal and network security, and other compatible purposes.

Throughout this Notice, “processing” (and all variants) means any operation(s) performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Who has access to personal data about you?

Personal data will be disclosed, to the extent required for the above purposes, to appropriate and authorized recipients. Recipients may include AT&T personnel and third-party service providers and subcontractors that support AT&T in staging events. Third parties may also collect and process personal data on AT&T’s behalf.

Third parties given access to personal data will be required to use appropriate security measures consistent with legal requirements when processing personal data and, where the third party is processing such personal data on behalf of AT&T, to do so only pursuant to AT&T’s instructions.

Personal data will be disclosed if compelled to do so by a court of law or lawfully requested to do so by a relevant governmental authority using the appropriate means of request. Personal data may be disclosed if determined necessary or appropriate to comply with the law or to protect or defend AT&T’s rights, property, or employees.

Where is personal data about you processed?

AT&T has centralized administrative activities to better manage a global business. That centralization may result in the transfer of personal data to countries outside of New Zealand, the EEA, or Brazil. For example, your personal data may be transferred for processing in the United States of America. Wherever personal data is processed, AT&T uses appropriate security measures.

When is personal data about you deleted?

Personal data will generally be retained as needed for business administration, tax, or legal purposes and as consistent with applicable law, including Global Privacy Laws. The retention period for a specific event will be stated in the grant of consent. Grants of consent may be renewed or terminated, but termination will impact participation in the event.

How may you manage processing of personal data?

You have certain rights regarding processing of personal data. AT&T is committed to honoring these rights and has established clear and accessible policies and procedures. Your rights with respect your own personal data may include:

  • Right to Notice. AT&T provides you with this AT&T Website User Global Privacy Notice, detailing how personal data is processed.
  • Right to Revoke Consent. You may withdraw your grant of consent at any time and AT&T will stop processing and delete your data, subject to AT&T’s right to retain the data as allowed for lawful purposes, including to comply with its legal obligations and to use it exclusively on an anonymized basis.
  • Right of Access. You may obtain from AT&T confirmation as to whether or not personal data concerning you is being processed and, if it is, access to the personal data and additional information about the processing of that data.
  • Right to Correction/Rectification. You may have AT&T correct inaccurate personal data about you, as well as to have incomplete personal data made complete.
  • Right to Erasure or Deletion. You may have AT&T erase or delete personal data concerning you in certain circumstances.
  • Right to Restriction of Processing. You may have AT&T temporarily prohibit additional processing of personal data while your challenge to the accuracy or processing of the personal data is contested.
  • Right to Data Portability. You may be able to receive from AT&T the personal data concerning you for the purpose of providing that personal data to another controller, either by you or directly by AT&T.
  • Right to Object. You may object, at any time and on grounds relating to your particular situation, to AT&T's processing of personal data.
  • Right to Avoid Automated Individual Decision-Making. AT&T’s processing of personal data generally does not include automated decision-making that produces legal effects concerning you or significantly affects you.

Whether and how a right applies will depend on the lawful basis pursuant to which personal data is processed, the nature of the personal data requested, and AT&T's ability to determine we hold responsive personal data. AT&T's provision of personal data in response to your request shall not adversely affect the rights and freedoms of others.

Additional Information

Persons in Brazil, you may file a complaint with a data protection regulator referred to as the national authority under LGPD. For persons in the EU or EEA, you may file a complaint with a data protection regulator, also known as a “supervisory authority.” For those in New Zealand, you may file a complaint with the data protection regulator known as the “Privacy Commissioner.” The relevant supervisory authority would most likely be, but is not necessarily limited to, the supervisory authority of the country in which you are located. You may additionally or alternatively seek judicial redress for alleged infringements of applicable law. For any of the above matters, AT&T may be contacted at AskPrivacy@att.com or DPO@att.com. Please indicate “LGPD Website Question,”  “GDPR Website Question or “Privacy Act Website Questions” in your email’s subject line.

You may also access AT&T’s Business Customer Notices: New Zealand, LGPD, or GDPR.