AT&T is a multinational company, but has centralized business and operational activities to better manage a global business. That centralization may result in the transfer of Personal Data to, or access to Personal Data from, countries outside of the country in which you are located. The principal countries to which Personal Data is transferred include the United States of America, Brazil, Czech Republic, India, Malaysia, Poland, Singapore, and Slovakia. In some of these countries, the applicable data privacy laws may offer a lower standard of protection than the country in which you are located. As applicable, AT&T takes appropriate technical, organizational, and contractual steps to conduct cross border transfers of Personal Data in accordance with the requirements of the more stringent applicable data privacy law in order to safeguard Personal Data as set out in this Notice.
AT&T generally transfers Personal Data between AT&T affiliates on the basis of our Intra-Group Agreement (IGA), which includes standard contractual clauses for export of Personal Data to third countries. AT&T may additionally rely on other lawful bases for transfer of Personal Data. You may request to review the safeguards AT&T uses for cross border transfers by contacting the AT&T Chief Privacy Office at AskPrivacy@att.com.
Wherever Personal Data is Processed, AT&T uses appropriate security measures consistent with applicable data privacy laws.