AT&T Website User Privacy Notice: Most of World

Personal Data may be disclosed, to the extent required for the above purposes, to appropriate and authorized recipients. Recipients may include AT&T affiliates and personnel; business partners and third-party service providers, suppliers, vendors, and subcontractors; and/or other third parties performing services for any of the AT&T companies. Third parties may also collect and Process Personal Data on AT&T’s behalf for the above purposes. A list of AT&T affiliates and the countries in which they are located may be accessed at this link.

Third parties given access to Personal Data will be required to use appropriate security measures consistent with legal requirements when Processing Personal Data. Where the third party is Processing such Personal Data on behalf of AT&T, the third party is obligated to do so only pursuant to AT&T’s instructions.

AT&T may disclose Personal Data if compelled to do so by a court of law, regulators, law enforcement agencies, governmental agencies and parties to civil lawsuits in connection with inquiries, proceedings, investigations or lawfully requested to do so by a relevant governmental authority using the appropriate means of request. These parties may be located anywhere in the world.  Prior to any such disclosure, AT&T examines all such requests to determine that they are legally valid, appropriate and proportionate; and AT&T may challenge such requests if it determines that these criteria are not met. AT&T may disclose Personal Data if AT&T determines it is necessary or appropriate to comply with the law or to protect or defend AT&T’s rights, property, or employees.

AT&T is a multinational company, but has centralized business and operational activities to better manage a global business. That centralization may result in the transfer of Personal Data to, or access to Personal Data from, countries outside of the country in which you are located. The principal countries to which Personal Data is transferred include the United States of America, Brazil, Czech Republic, India, Malaysia, Poland, Singapore, and Slovakia. In some of these countries, the applicable data privacy laws may offer a lower standard of protection than the country in which you are located. As applicable, AT&T takes appropriate technical, organizational, and contractual steps to conduct cross border transfers of Personal Data in accordance with the requirements of the more stringent applicable data privacy law in order to safeguard Personal Data as set out in this Notice.

AT&T generally transfers Personal Data between AT&T affiliates on the basis of our Intra-Group Agreement (IGA), which includes standard contractual clauses for export of Personal Data to third countries. AT&T may additionally rely on other lawful bases for transfer of Personal Data. You may request to review the safeguards AT&T uses for cross border transfers by contacting the AT&T Chief Privacy Office at AskPrivacy@att.com.

Wherever Personal Data is Processed, AT&T uses appropriate security measures consistent with applicable data privacy laws.

Personal data will generally be retained as needed for business administration, tax, or legal purposes and as consistent with applicable data privacy laws. After that, Personal Data will be destroyed by making it unreadable or undecipherable. While Personal Data is retained, AT&T implements appropriate technical and organizational measures designed to secure Personal Data. Such measures may include:

You have certain rights regarding Processing of Personal Data. AT&T is committed to honoring these rights and has established clear and accessible policies and procedures. Your rights with respect to your own Personal Data may include:

Whether and how a right applies will depend on the lawful basis pursuant to which Personal Data is Processed, the nature of the Personal Data requested, and AT&T's ability to determine if we hold responsive Personal Data. AT&T's provision of Personal Data in response to your request shall not adversely affect the rights and freedoms of others.