Privacy Notice for Viasat Mobility Services

Last updated: January 24, 2024

Scope of this Privacy Notice                 

 

This Privacy Notice applies to the personal data that Viasat and its affiliates collect, use, and share when you access or use our global mobility services including our inflight (aviation), maritime, rail, bus (or other transportation service) satellite broadband internet connectivity, communications, content and advertising-supported services (collectively, the “Mobility Services”).  Viasat’s use of personal data for other Viasat services, websites, or practices (separate from the Mobility Services) are covered under different privacy notices available when you interact with us, including on Viasat’s Privacy Center at 7rn4.36837a.com/privacy.
 

The term “Viasat” (or “us,” “we”, or “our”) in this Privacy Notice means Viasat, Inc., Inmarsat Global Limited and our affiliated group companies around the world.  Information on the group company that is the owner (or data “controller” or similarly defined term under applicable laws) of the Mobility Service you are using is available in the “Viasat Controller Entities Addendum” included with this Privacy Notice.
 

Please read this entire Privacy Notice to be fully informed about how we treat your personal data and your rights.  This includes information in the “Additional Information Based on Your Location” section of this Privacy Notice that include details on our personal data processing that apply depending on your location, e.g., region, country, or state.

We collect personal data about you from the following sources in relation to the Mobility Services:

  • Directly from you.  We collect personal data like your name and contact information when you voluntarily choose to provide us with this information. 
     
  • Indirectly.  We collect personal data about you indirectly, including through automated means.  We capture this Information through your use of the Mobility Services, which may involve using cookies and other tracking technologies, as explained in the “Cookies and Similar Tracking Technology” section of this Privacy Notice.

  • Third parties.  We also collect information about you from third-party sources such as our partners and business customers (like airlines), as well as service providers that provide marketing, analytics, and data, including advertising networks data.  Some of this collection may occur even before your initial interaction directly with us.

The following table describes the personal data we collect from and about you depending on the Mobility Service, some of which we combine in our systems. 

Personal Data Description

Information Source

Identifiers such as your name or alias, Mobility Service account credentials like username and password, online identifiers (e.g., cookies and similar tracking technology), airline frequent flyer account number or pilot and crew identifiers (for our inflight internet services), and other similar identifiers

  • Directly from you
  • Indirectly
  • Third parties

Contact details such as address, phone number and email address used for contact or service support purposes

  • Directly from you

Financial and related information like your credit card number for payments and payment transaction related details

  • Directly from you
  • Third parties (payment processor)

National identification numbers such as your tax identification number that we associate with your access to Mobility Services in certain countries

  • Directly from you

Customer transaction information such as records of the Mobility Services you purchase from us, including payment amount, type(s) of Mobility Services, and records of our interactions with you, including when and how you contact us and the content of those interactions

  • Indirectly

Service usage information on your interactions with our Mobility Services, such as the date and time you access the Mobility Services

  • Indirectly

Online usage information including Internet and other network activity data that we capture as an internet service provider (ISP), including the website domains you visit, the date and time of visits, and related network metadata, details of mobile apps on your device that make use of the Mobility Services, malicious traffic your device may encounter when visiting websites, and crash reports

  • Indirectly

Device information including IP address, device type, unique device ID numbers like your device MAC Address, modem and router information, operating platform and system, and browser-type, browser plug-in types and versions

  • Indirectly

Geolocation information using IP address, WiFi access points and GPS that gives your general geographic location, e.g., location of the aircraft or ship on which you’re traveling, and other technical information that associates your location to your use of the Mobility Services

  • Indirectly

Sensory information such as audio recordings of customer service calls in relation to the Mobility Services

  • Indirectly

Characteristics such as date of birth, job title, and gender that we collect in relation to your account (such as through our maritime Fleet Hotspot Service)

  • Directly from you

Inferences derived from personal data such as purchase preferences and interests to form a view on what we think you may want or what may be of interest, for our or our customer’s (e.g., airline) marketing and commercial purposes

  • Indirectly

Interests and membership information including loyalty or frequent flyer membership status and interests that we may collect in connection with our inflight WiFi and related content and ad-supported services

  • Directly from you
  • Third parties

Travel data such as details on the origin, destination, current location, departure and arrival time, and other details about your flight or travel route (maritime, rail, buses, etc.) that features our Mobility Services

  • Directly from you
  • Third parties (e.g., airline)

Marketing and communications preferences including your interest in receiving marketing from us and our third parties and your communication preferences

  • Directly from you

Social media content such as comments that you post on public pages or our Mobility Services or Third-Party Services that are publicly available and may be processed by Viasat

  • Directly from you

We use the personal data that we collect from and about you for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information. 


Laws in some locations where we operate require that we disclose our legal basis to process your personal data, which includes the following bases depending on the Mobility Service:

  • Contract – we require certain personal data to provide and support the Mobility Services you purchase or request from us.

  • Consent – in some cases, we may ask for your consent before we collect, use, or disclose your personal data; you can voluntarily choose to give or deny your consent without negative consequences to you.

  • Legitimate Interests – we may use or disclose your personal data for the legitimate business interests of either Viasat or a third party (such as our airline customers), but only when we’re confident that your privacy rights will remain appropriately protected.

  • Legal Obligation – there may be instances where we must process and retain your information to comply with laws or to fulfill certain legal obligations.

If we rely on our (or a third party’s) legitimate interests to collect and use your personal data, these interests normally will be to operate and provide our Mobility Services, communicate with you and respond to your questions, improve our Mobility Services or use the insights to improve or develop new services, market or promote either our Mobility Services or the services of a third-party that are closely partnered with our Mobility Services, or to detect or prevent illegal activities.
 

If we need to collect personal data by law, or under the terms of a contract between you and us and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to execute with you (to provide you with Mobility Services). In this case, we may have to cancel your Mobility Service with us, and we will notify you if this is the case.


The following table provides more details on our purposes for processing your personal data and the related legal bases.

Purpose

Personal Data

Legal basis

Register you as a customer, administer our contract with you and provide the requested Mobility Services to you, including to develop or deliver other products or services in collaboration with your travel or transportation provider (such as your airline)

  • Identifiers
  • Contact details
  • Financial and related information
  • National identification number
  • Device information
  • Customer transaction information
  • Service usage information
  • Online usage information
  • Geolocation information

Contract

Communicate with you about the Mobility Services, product and service updates and availability, updates to our terms of service

  • Identifiers
  • Contact details
  • Customer transaction information
  • Geolocation information

Contract

Respond to inquiries and requests from current and prospective customers, including for customer support quality assurance and training purposes, and related recordkeeping

  • Identifiers
  • Contact details
  • Financial and related information
  • Customer transaction information
  • Service usage information
  • Sensory information
  • Device information
  • Geolocation information
  • Travel data

Legitimate Interests of Viasat

Secure the personal data of Mobility Service users and customers, prevent fraud, and address threats to your safety or the safety of others. For example, we may use malware and spyware monitoring tools to detect suspicious activity or unauthorised access to our Mobility Services

  • Service usage information
  • Online usage information
  • Device information
  • Geolocation information

Legitimate interests of  Viasat

Manage compliance with our service terms, or to bring and defend legal claims, including recovery of debts

  • Customer transaction  information
  • Service usage information
  • Online usage information
  • Device information
  • Geolocation information

Legitimate interests of Viasat

 

Maintain, support, and improve our IT systems, including to repair and debug our systems

  • Customer transaction information
  • Service usage information
  • Online usage information
  • Device information
  • Geolocation information

Legitimate interests of Viasat

Learn about our current and prospective customers and Mobility Services users to improve our Mobility Services, and to develop new products and services and improve our marketing, customer relationships and experiences.  This includes identifying usage trends and patterns and evaluating this information on an aggregated, specific group(s), and individual basis

  • Identifiers
  • Customer transaction information
  • Service usage information
  • Online usage information
  • Device information
  • Geolocation information
  • Characteristics
  • Inferences derived from personal data

Legitimate interests of Viasat

Contact current and prospective customers about products, services, and events we think may be of interest to you, including with promotional mailers and electronic communications (where authorized to do so by law and by our travel partners and customers)

  • Identifiers
  • Contact details
  • Characteristics
  • Inferences derived from personal data
  • Marketing and communications preferences

Consent (where required); otherwise, legitimate interests of Viasat

Personalize and customize your experience with our Mobility Services, including to provide local or otherwise targeted content and information, e.g., using browser or WiFi terminal/device-related location data to customize Viasat information presented when using our Mobility Services

  • Identifiers
  • Contact details
  • Characteristics
  • Inferences derived from personal data

Consent (where required); otherwise, legitimate interests of Viasat

Administer surveys to collect customer perceptions and measure satisfaction (where permitted by our travel partners and customers)

  • Identifiers
  • Contact details
  • Customer transaction information
  • Sensory information

Legitimate interests of Viasat

Manage our use of cookies and tracking technologies used with our Mobility Services, and enable you to manage your cookie preferences

  • •     Identifiers
  • Device information

Consent (where required); otherwise, legitimate interests of Viasat

Comply with the legal obligations to which we are subject and to support our general business operations

  • Identifiers
  • Contact details
  • Device information
  • Customer transaction information
  • Service usage information
  • Online usage information

Legal obligation

Fulfill arrangements with our business partners, which may include sharing personal data with our partners and customers, such as the airline or other transport mode on which you are traveling, to contact you for their promotional and informational purposes

  • Contact details
  • Customer transaction information
  • Travel data

Consent (where required); otherwise, legitimate interests of Viasat and third parties

We may disclose your personal data to the following categories of recipients:

  • Viasat (including Inmarsat) group companies.  We share information across the Viasat group of companies to help us operate our business and Mobility Services or for their own purposes, such as to provide their services to you. These entities are in various countries around the world. A list of countries in which Viasat entities are located can be found here and here. If a group company uses your information for its own purposes, those entities are ‘controllers’ (or a similar-meaning term) of your personal data.  Depending on the purpose, we may share information with group companies either in an identifiable format or an aggregated and anonymized manner such that you cannot be identified through this information.  Generally, the personal data that we process will be accessible to Viasat, Inc. in the U.S., where permitted by law.

  • Third-party service providers.  We use third-party companies to perform services on our behalf.  These service providers provide business, professional, payment processing, passenger care and support, marketing and advertising, analytics and measurement, regulatory compliance, and technical and hosting support to us, help us operate and administer activities in support of our business and the Mobility Services.  These vendors include consulting services by groups and individuals, technology platform and cloud hosting providers like Amazon Web Services, Salesforce, and other third-party technology application providers. These parties are not permitted by us to use or share your personal data for their own or another third party’s commercial purposes. As our Mobility Services are global, these third parties are in countries around the world.

  • Roaming partners. Viasat has agreements in place with companies (typically telecommunications or satellite communications companies) (“Roaming Partners”) that provide the Mobility Services to their customers (“Roaming Partner Users”). If you are a Roaming Partner User, we may send to the Roaming Partner your phone number, device ID, and information relating to your use of the Mobility Services (for example, information about the flight you are on when using the Mobility Services). We share this data to authenticate you, give you access to the Mobility Services, prevent fraud, and for our Roaming Partners’ business process analysis.

  • Business partners (including airlines and other travel partners). To provide the Mobility Services efficiently, fulfil your requests, and provide you with offers and promotions tailored to your interests, we may also disclose personal data like your name, email address, and other identifiers to our partner or customer with whom you are interacting or traveling (the airline on which you’re flying, for example).  When we offer services or promotions in collaboration with a third-party partner who will receive your information for its own use, we will inform you of that at the time of collection and you may choose whether to participate in the offering. We may also disclose your information to the travel provider in connection with their operational or commercial purposes, and otherwise may disclose your information based on your consent.

  • Credit agencies or bureaus.  We in some scenarios (e.g., certain maritime services) engage with credit agencies or bureaus to carry out credit checks so that we can make credit and solvency decisions for certain Mobility Services (excluding commercial air inflight connectivity services). These credit agencies/bureaus are in various countries around the world.

  • Entities involved in corporate transactions.  We may sell or purchase assets during the normal course of our business.  In connection with these transactions, we may disclose your personal data or transfer this information to another entity as part of a potential or actual acquisition or merger of Viasat or any portion of our assets. If we bring or are defending a reorganization, bankruptcy, or similar event, your personal data may be considered our asset and sold or transferred to third parties. These third parties are in various countries around the world.

  • Law enforcement, governmental, judicial, investigative, and related entities.  We may share your information to protect and secure our Mobility Services, network, and IT systems and applications, and business, and in connection with an investigation of fraud, intellectual property infringement, interference with our rights, property or users, or other activity that is illegal or may expose you or us to legal liability, including as required or requested by outside auditors or advisors, law enforcement or other government officials. 

We also may share your information with third parties when we have reason to believe that a disclosure is necessary to address potential or actual injury or interference with our rights, property, operations, users, or others who may be harmed or may suffer loss or damage. We may share your information when we believe that it is necessary to protect our rights, investigate, or enforce our policies, terms or other legal document or contract, or to comply with a judicial proceeding, court order, or legal process served on Viasat.  We may share your data with public authorities such as tax authorities, to comply with our legal obligations.

We also may share your information when we have reason to believe it is necessary to investigate or enforce our policies, terms, or other legal document or contract related to the Mobility Services or rights of a third party.

  • Other parties with your consent to the disclosure.

  • Third parties who receive aggregate or anonymous information. We may share aggregate or anonymous information derived from your personal data with third parties, including our business partners, for their business, marketing, or analytics uses. When we do, we take steps so that this information cannot be used to identify you.

Cookies are small data files placed on your computer or mobile device when you visit a website or online platform.  We use cookies and similar tracking technology like pixels and web beacons (collectively, “Cookies”) including those of third-party service providers to operate and enhance our Mobility Services and understand how you navigate our Mobility Services, to maintain user preferences or settings, combat fraud, help to ensure compliance with our policies and terms of use, and in some cases support our online advertising for the Mobility Services.  We ask you to provide your consent to use Cookies when required by law.
 

For information about the types of Cookies we use, why, and how you can control Cookies, please see the Cookie Notice presented on the Mobility Service you are using (where applicable based on local laws).
 

The Mobility Services may include hyperlinks to or include on or in connection with the Mobility Services (e.g., apps and plug-ins), websites, locations, platforms, or services operated by third parties, including airlines or other transportation partners (“Third-Party Services”), and you can use the Mobility Services to navigate to access and use Third-Party Services. These Third-Party Services may use their own Cookies to independently collect information about you and may solicit personal data from you.
 

When you access these Third-Party Services, the applicable third party’s policies and terms and conditions govern those services.  We are not responsible for and makes no representations or warranties regarding the policies or business practices of any third parties, including, without limitation, any informational content, products, services, software, or other materials available on a third-party website. We encourage you to familiarize yourself with the third party’s privacy policies and terms of use.

We take our responsibility to protect your information seriously and use appropriate technical, physical, and organizational measures to safeguard the information that we process through our Mobility Services.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. No security system is 100% secure, however, and we cannot guarantee our security measures will not be compromised. 

Your personal data may be transferred to, and processed in, countries other than the country in which you reside.  These countries may have data protection laws that are different than the laws of your country (and, in some cases, may not be as protective).
 

The servers that process personal data related to our Mobility Services are primarily located in the United States, UK, Ireland, and the Netherlands though personal data also may be transferred to India, Australia and the countries in which our business is established, or our Mobility Services are available, and potentially other countries.  This means that when we collect your personal data, we or our service providers will process it in different countries. Please see the Privacy Notice section "When We Share Your Personal Data" for further information on third parties with whom we may share your personal data.

 

We take appropriate safeguards to help ensure that your personal data remains protected in accordance with this Privacy Notice. These include, for example, implementing the UK and European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require group companies that are parties to these agreements to protect personal data they process from the European Economic Area, Switzerland, and the UK in accordance with data protection laws in those areas.  Where appropriate, we also put in place additional safeguards to protect your personal data when it is transferred to countries considered to be less protective.
 

Information on the Standard Contractual Clauses we have in place between our Viasat group companies can be provided on request.  We have implemented similar appropriate safeguards with our third-party service providers and partners.

EU-US, UK Extension and Swiss-US Data Privacy Framework

Viasat, Inc. participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.  Please review the Data Privacy Framework Addendum included in this Privacy Notice to learn more.*

*Viasat, Inc. will not rely on the Swiss-US Data Privacy Framework or the UK Extension to the EU-US Data Privacy Framework until they enter into force, but Viasat, Inc. will adhere to their required commitments in anticipation of their effective date.

 

Where Viasat, Inc. relies on the EU EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, these will apply to transfers of personal data to Viasat, Inc. instead of the Standard Contractual Clauses in place between the Viasat group companies.

If you are in one of the locations listed below, please review the “Location-specific Addendum” portion of this Privacy Notice for location specific information about our collection and use of your personal data and your related rights.

  • United States (including state-specific information, e.g., CA, CO, VA)
  • UK, Switzerland, and European Union
  • Brazil
  • Mexico

We retain the personal data we collect from you where we have an ongoing legitimate purpose to do so as described in the “How We Use Your Personal Data and Our Legal Bases” section above.  For example, where we process your information based on a contract with you, we generally will retain the information for the length of the contract to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements. 


When we no longer have an ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

We do not use your personal data to engage in automated decision-making that will have a significant effect on you (legally or otherwise).  

Depending on your location, the privacy laws that apply to our Mobility Services give you certain rights over the personal data we process about you.  These rights are in addition to your right to know or be informed about how we process your data, which we honor through this Privacy Notice.  Your data protection rights may include:

  • You can access, correct, update or request deletion of your personal data.  You also can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.  You can exercise these rights at any time by submitting a request through our online Privacy Rights Request Form or by contacting us at privacy@36837a.com.  You also have the right to avoid discrimination by us in response to exercising your rights.

  • You have the right to opt-out of marketing communications we may send you.  You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails you receive from us.

  • If we collect and process your personal data with your consent, you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of our processing activity prior to your withdrawal, nor will it affect our processing of your personal data conducted in reliance on lawful processing grounds other than consent.

  • You have the right to complain to a data protection authority about our collection and use of your personal data.  For more information, please contact your local data protection authority.

Requests to exercise your data protection rights

Please submit a request using our Privacy Rights Request Form to exercise your data protection rights. You also can contact us at privacy@36837a.com at any time. While your location determines what rights are available to you, we respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Requests to stop sending directed marketing

You can unsubscribe from marketing emails by clicking the unsubscribe link at the bottom of the email. You also can use our Privacy Rights Request Form to instruct us to remove you from our marketing campaigns.

The Mobility Services are not directed to children under 13 years old (or older, if applicable law provides for different protections), and we do not intentionally collect personal data from children. If you become aware that we have inadvertently collected personal data from a child, please notify us using the contact details under the “How to Contact Us” section below.

We may update this Privacy Notice from time to time in response to changing business, technical or legal developments. When we update this Privacy Notice, we take the necessary measures to inform you and provide you with appropriate choice, consistent with the significance of the changes we make, and in compliance with applicable data protection laws.

The “Last Updated” date displayed at the top of this Privacy Notice indicates when this Privacy Notice was last updated. 

If you have any questions or concerns about our use of your personal data, please contact us using the following details:

Viasat, Inc.

Attn:  Viasat Privacy Office
901 K Street, NW, Suite 400
Washington, DC 20001

Email: privacy@36837a.com

Notice Addendums

Viasat, Inc. and/or its affiliated entities act as the data “controllers” (or a similarly defined term in applicable privacy laws) of your personal data and are responsible for its processing, unless we state otherwise in this Privacy Notice.  While Viasat, Inc. generally will operate as the main decision maker as to the processing of personal data subject to this Privacy Notice, the following table provides additional details on Viasat entities that are controllers of your personal data for certain Mobility Services.  For clarity, this Privacy Notice does not apply where Viasat processes personal data in the role of a data processor (as this and similar terms are defined in various privacy laws) on behalf of our customers.

 

Contact us at privacy@36837a.com with questions on any of the entities listed below. 

Viasat Entity Data Controller Status / Services

Viasat, Inc. (U.S.)

6155 El Camino Real

Carlsbad, CA

92009-1699

Data controller for Mobility Services offered in the U.S., the European Economic Area, and other geographies where the Mobility Services are available, except as otherwise stated in this Addendum.

Inmarsat Global Ltd.

99 City Road

London, EC1Y 1AX

Data controller for Mobility Services provided to end users under the Inmarsat Global Ltd Terms of Service. 

Viasat Brasil Serviços de Comunicações Ltda. (Brazil)

Av. Engenheiro Luís Carlos Berrini

105 Unit 301 - 30th Flr, Tower 04 - Cidade Monções

São Paulo - SP 04571-010

Data controller for the Mobility Services offered by Viasat in Brazil.

Viasat Tecnología, S.A. de C.V (Mexico)

Montes Urales 754, piso 3, colonia Lomas de

Chapultepec, alcaldía Miguel Hidalgo, C.P. 11000

Mexico City, Mexico

Data controller for the Mobility Services offered by Viasat in Mexico.

Viasat Malaysia Sdn. Bhd. (Malaysia)

Suite 3158 SPACES

Menara Prestige

No. 1 Jalan Pinang

50450 Kuala Lumpur

Phone: +60122929067

Data user, or the nominated representative of Viasat, Inc. for Mobility Services offered by Viasat in Malaysia.

Certain regions, countries and U.S. states have enacted privacy laws that require that we provide residents of those locations with additional information not found in the main Privacy Notice, including information on location-specific choices or rights.  You can learn more about your rights and choices for the following locations in this section, including the effective dates of certain rights.

California Notice of Collection of Personal Information: This notice to California residents is provided under California law, explains your privacy rights as a California resident, provides our “notice at collection,” and provides certain mandatory disclosures about our treatment of California residents’ personal information, both online and offline.

 

The information in this section applies to the personal information we’ve collected from California residents during the 12 months prior to the effective date of this Privacy Notice.

 

The following table describes the categories of Personal Information that Viasat collects, the sources from which the Personal Information is collected and the categories of third parties to whom Personal Information is disclosed.

 

Categories of Personal Information

Personal Information Sources

Categories of Recipients

Identifiers (name, contact information, unique identifiers, cookies, IP address, and other similar identifiers)

You (directly and indirectly)

  • Viasat group companies
  • Third-party service providers
  • Credit agencies or bureaus
  • Payment processors
  • Business partners
  • Law enforcement and related entities

Any personal information described in subdivision (e) of Section 1798.80, e.g., credit card number

  • You (directly)
  • Payment Processor
  • Viasat group companies
  • Third-party service providers

Characteristics of protected classifications under California or federal law (age, gender, and other demographic data)

You (directly)

  • Viasat group companies
  • Third-party service providers

Commercial information (your service usage information, history and preferences; purchase history)

You (directly and indirectly)

  • Viasat group companies
  • Third-party service providers
  • Law enforcement and related entities

Internet or other electronic network activity information (your online usage information and online interactions with the Services)

  • You (indirectly, including your device)
  • Third party (airline or other transportation partner)
  • Viasat group companies
  • Third-party service providers

Professional or employment-related information (as part of the characteristics information we collect about you)

  • You (indirectly, including your device)
  • Third party (airline or other transportation partner)
  • Viasat group companies
  • Third-party service providers
  • Law enforcement and related entities

Geolocation data

You (indirectly)

  • Viasat group companies
  • Third-party service providers
  • Law enforcement and related entities

Audio, electronic, visual, thermal, olfactory, or similar information such as recordings of customer service calls

You (indirectly)

  • Viasat group companies
  • Third-party service providers

Inferences drawn from the above categories (inferences we draw from your information and activity through the Services to help create a personalized profile so we can better identify services that may be of interest)

You (directly and indirectly)

  • Viasat group companies
  • Third-party service providers

 

 

Our specific business and commercial purposes for collecting your personal information is described in the “How We Use Your Personal Data and our Legal Bases” section of the Privacy Notice.

 

We may retain each category of personal information we collect as long as necessary to provide our Services to you, after which we delete your data in accordance with our corporate retention policy. For more information, please see the “How Long We Keep Your Information” section of the Privacy Notice. 

 

Categories of Personal Information Sold or Shared

In the last 12 months, we have not “sold” or “shared” (as these words are defined under California law) your personal information.

 

Use and Disclosure of Sensitive Personal Information:

We do not collect, use, or share “sensitive personal information” as that term is defined under California law in relation to the Mobility Services.

 

California Privacy Rights

(a) Right to Access

You have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, sell, and share, such information to be provided to you in a readily useable format.

 

(b) Right to Delete

You have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.

 

(c) Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you, subject to applicable legal exceptions.

 

(d) Right to Opt-Out of Sale or Sharing of Personal Information

You have the right to opt-out of the “sale” or “sharing” of your personal information, as such terms are defined under California law.  We do not sell your personal information, as “sale” is defined under California law.

 

(e) Right to Non-Discrimination

You have the right not to be treated in a discriminatory manner for exercising your privacy rights. We do not use the fact that you have exercised or requested to exercise any rights for any purpose other than facilitating a response to your request.

 

(f) Right to Limit Use and Disclosure of Sensitive Personal Information

You have the right to limit our use and disclosure of sensitive personal information, such as your credit card information with security code, where we use such information to draw inferences or for nonpermitted purposes under California law.  We limit our use or disclosure of sensitive personal information to permitted business purposes. 

 

Exercising your California Privacy Rights

 

To exercise your rights, please visit our Privacy Rights Request Form, call us at 1-855-463-9333, or send an email to privacy@36837a.com.

 

To process certain rights requests described in this section, we may need to verify that you are the person that is the subject of the request. This verification process consists of matching identifying information provided by you with the information we have about you in our records. When making a request, you may be asked to provide your name, email address, contact and request details. A confirmation email will be sent to the email address you provide. If we cannot verify your identity, we may not be able to respond to your request.  We use the information that we collect about you during the verification process only for verification purposes.

 

Instructions for Authorized Agents Making Requests

 

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents may submit a request using the Privacy Rights Request Form and will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. We retain the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention. 

 

We reserve the right to deny requests in certain circumstances, such as where we have a reasonable belief that the request is fraudulent.

 

Do Not Track

 

California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn't an industry standard for recognizing or honoring DNT signals, we do not respond to them at this time. 

Effective July 1, 2023

 

This section provides supplemental information to residents of the State of Colorado, whose personal data we process in connection with the Services.

 

Please see the main Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.

 

Colorado Privacy Rights

 

(a) Right to Access

You have the right to know and access the personal data we process concerning you.

 

(b) Right to Delete

You have the right to delete personal data concerning you.

 

(c) Right to Opt-Out

You have the right to opt out of targeted advertising and the sale of your data (as defined under Colorado law).

 

(d) Right to Correct

You have the right to correct inaccuracies in the personal data, taking into account the nature of the personal data and the purposes of the processing.

 

(e) Right to Portability

You have the right to obtain a portable copy of the personal data we process concerning you.

 

Exercising Your Colorado Privacy Rights

 

To exercise your rights, please visit our Privacy Rights Request Form or email privacy@36837a.com.

 

To process your request, we may need to verify that you are the person that is the subject of the request. This verification process consists of matching identifying information provided by you with the information we have about you in our records. When making a request, you may be asked to provide your name, email address, contact and request details. A confirmation email will be sent to the email address you provide. If we cannot verify your identity, we may not be able to respond to your request.  We use the information that we collect about you during the verification process only for verification purposes.

 

Instructions for Authorized Agents Making Requests

 

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents may submit a request using the Privacy Rights Request Form and will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. We retain the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention. 

 

To appeal our decision regarding a request related to these rights, you may email us at privacy@36837a.com

 

We do not process the personal data of children under 13 years of age.

Effective July 1, 2023

This section provides supplemental information to residents of the State of Connecticut, whose personal data we process in connection with the Services.

Please see the Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.

 

Connecticut Privacy Rights

 

(a) Right to Access

You have the right to know and access the personal data we process about you.

 

(b) Right to Delete

You have the right to delete the personal data provided by or obtained about you.

 

(c) Right to Opt-Out

You have the right to opt out of targeted advertising and the sale of your data (as defined under Connecticut law).

 

(d) Right to Correct

You have the right to correct inaccuracies in the personal data, taking into account the nature of the personal data and the purposes of the processing.

 

(e) Right to Portability

You have the right to obtain a portable copy of your data processed by us.

 

Exercising Your Connecticut Privacy Rights

 

To exercise your rights, please visit our Privacy Rights Request Form or email privacy@36837a.com.

 

To appeal our decision regarding a request related to these rights, you may email us at privacy@36837a.com

The Categories of Personally Identifiable Information We Collect Through Our Website and Online Services

 

For information about the categories of Personally Identifiable Information we collect through our website and online, please see the “Personal Data We Collect and Sources of Information” section of our Privacy Notice.

 

The Categories of Third Parties with Whom We Share Personally Identifiable Information

 

For information regarding the categories of third parties with whom we may share your personally identifiable information, and those that may collect personally identifiable information regarding your online activities over time, please see the “When We Share Your Personal Data” section of our Privacy Notice.

 

Opt-out Requests

 

We do not sell your personally identifiable information, as “sale” is defined under Nevada law. Nonetheless, Nevada law allows you to submit a request directing us not to sell any personally identifiable information we have collected or will collect from you. If you wish to submit a request, please visit our Privacy Rights Request Form

 

How We Notify You of Changes to Our Privacy Policy

 

Please see the “Updates to this Privacy Notice” section of our Privacy Notice.

Effective December 31, 2023

 

This section provides supplemental information to residents of the State of Utah, whose personal data we process in connection with the Services.

Please see the Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.

 

Utah Privacy Rights

 

(a) Right to Access

You have the right to know and access the personal data we process about you.

(b) Right to Delete

You have the right to delete the personal data you provided to us.

(c) Right to Opt-Out

You have the right to opt-out of targeted advertising (as defined under Utah law). We do not sell personal data as “sale” is defined under Utah law.

(d) Right to Portability

You have the right to obtain a portable copy of the personal data you provided to us.

 

Exercising Your Utah Privacy Rights

 

To exercise your rights, please visit our Privacy Rights Request Form or email privacy@36837a.com.

Effective January 1, 2023

 

This section provides supplemental information to residents of the State of Virginia, whose personal data we process in connection with the Services.

 

Please see the Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.

 

Virginia Privacy Rights

 

(a) Right to Access

You have the right to confirm whether we are processing your personal data and to access such personal data.

 

(b) Right to Delete

You have the right to delete personal data provided by or obtained by you.

 

(c) Right to Opt-Out

You have the right to opt out of targeted advertising (as defined under Virginia law). We do not sell personal data as “sale” is defined under Virginia law.

 

(d) Right to Correct

You have the right to correct inaccuracies in the personal data, taking into account the nature of the personal data and the purposes of the processing.

 

(e) Right to Portability

You have the right to obtain a portable copy of the personal data that you provided to us.

 

Exercising Your Virginia Privacy Rights

 

To exercise your rights, please contact us at our Privacy Rights Request Form or privacy@36837a.com.

 

To appeal our decision regarding a request related to these rights, email us at privacy@36837a.com.

Viasat commits to resolve complaints about your privacy and our collection or use of your personal data.  In addition to contacting us through the “How to Contact Us” section of the Privacy Notice, inquires or concerns regarding this Privacy Notice or Viasat’s data handling practices should be directed to our Data Protection Officer, using the following information:

 

European Economic Area

Fieldfisher LLP

Data Protection Officer

ViasatDPO@fieldfisher.com

 

United Kingdom

Fieldfisher LLP

Data Protection Officer

ViasatDPO@fieldfisher.com

 

You also can contact us through our representatives using the information below if you are in the UK or European Economic Area (EEA):

 

UK Representative

Lionheart Squared Ltd (FAO Viasat)

Attn: Data Privacy

17 Glasshouse Studios

Fryern Court Road

Fordingbridge

Hampshire, SP6 1QX UK

Viasat@LionheartSquared.co.uk

 

EEA Representative

Lionheart Squared Ltd (FAO Viasat)

Attn: Data Privacy

2 Pembroke House

Upper Pembroke Street 28-32

Dublín

DO2 EK84

Republic of Ireland

Email: viasat@LionheartSquared.eu

How We Use Your Personal Data

 

If you use Viasat’s Mobility Services in Brazil (“Services”), your personal data is jointly controlled by Viasat, Inc. and Viasat Brasil Serviços de Comunicações Ltda., the provider of the telecommunications services in this country.

 

Your personal data is primarily used to provide you with the Viasat products and services you request. It may also be used to comply with legal obligations we are subject to, bring or defend ourselves in legal claims, or to fulfill our legitimate interests, such as to personalize your experience, develop and improve our services, or detect illegal activities, which may also be done to protect your vital interests. Viasat may also process personal data for purposes of complying with applicable Federal and State laws and regulations in Brazil where our products and services are offered. With your prior consent or whenever there is a legitimate interest at stake, it may also be used to send you offers and promotions.

 

To the fullest extent not prohibited by applicable laws, we may disclose the personal data we collect from and about you for business and commercial purposes to the following categories of recipients: (i) Viasat group companies, (ii) third-party service providers, (iii) credit agencies or bureaus, (iv) authorized retailers and distributors, (v) third-party ad platforms or networks, (vi) entities involved in a corporate transaction, (vii) law enforcement, governmental judicial and related entities, (viii) third parties who receive aggregate or anonymous information, and (ix) other persons with our consent.

 

We may transfer your personal data outside your local territory. These international data transfers are carried out in accordance with applicable data protection legislation and with the adoption of all the necessary safeguards.

 

We will retain your personal data for the period necessary to fulfill the purposes outlined hereto and/or in our main Privacy Notice, as needed to provide Services and/or to comply with our legal obligations.

 

For more information about Viasat’s data collection and use practices please read our main Privacy Notice.

 

Know Your Data Protection Rights

 

You have several rights outlined in Brazil’s data protection legislation including but not limited to the right to confirm the existence of the processing of your personal data, request access to, change, or remove your personal data, change your marketing preferences (including withdrawing your consent at any time), and to petition before the national data protection authority, as set out in Article 18 of Brazil’s General Data Protection Law and other applicable laws.

 

Please review the Privacy Notice to learn more about managing your marketing preferences or deleting the account you created to access our services.

 

Contact Information for Data Protection Office

 

Viasat Brasil Serviços de Comunicações Ltda.

Avenida Presidente Vargas, n.º 309

21º andar, Centro

Rio de Janeiro/RJ, Brasil

CEP 20.040-010

 

Viasat, Inc.

Attn:  Viasat Privacy Office

901 K Street, NW, Suite 400

Washington, DC 20001

 

Our Data Protection Officer can be contacted by emailing: privacy@36837a.com

 

How to Make a Request

 

To make a request, please visit our Privacy Rights Request Form or contact us at privacy@36837a.com

Data Owners from Mexico may have the following rights under the FPDL:

  • The right to be provided with information about how we process their information
  • The right to access their Information
  • The right to rectify Information if it is inaccurate or incomplete
  • The right to object to the processing of Information
  • The right to limit the use or disclosure of their Information
  • The right to cancel/delete their Information
  • The right to revoke consent granted for the processing of Information

 

To exercise the above rights, please visit the Privacy Rights Request Form or contact us at privacy@36837a.com.  We will notify you within twenty (20) days of receipt of your request with a determination on your request. If more time is required to fulfill your request, we will notify you with a justification for the extension. Please be aware that under certain circumstances, the FPDL may limit your exercise of these rights.

This Data Privacy Framework (“DPF”) Notice sets out the privacy principles Viasat follows with respect to transfers of personal data from the European Economic Area (EEA), the United Kingdom (UK) and Switzerland to the United States, including personal data we process as part of our Mobility Services.

 

Viasat, including those affiliates listed in Annex 1 of this Addendum, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.*  We have certified to the U.S. Department of Commerce that we adhere to: (i) the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; and (ii) the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).   If there is any conflict between the terms in this DPF Notice and the DPF Principles, the DPF Principles shall govern.  

 

*We will not rely on the Swiss-US Data Privacy Framework or the UK Extension to the EU-US Data Privacy Framework until each enters into force, but we adhere to their required commitments in anticipation of their doing so.

 

To learn more about the DPF, and to view our certification, please visit http://www.dataprivacyframework.gov/.

 

Types of personal data we collect and use

The types of personal data we may receive in the United States, as well as the purposes for which we collect and use it, will vary depending on the Mobility Services you use. You can find the details applicable to your specific information set out in this Privacy Notice.

 

 

Your choices

Where appropriate or required to do so, we will give you an opportunity to opt out where personal data we control about you is to be disclosed to an independent third party or is to be used for a purpose that is materially different from those set out in the Privacy Notice. If you otherwise wish to limit the use or disclosure of your personal data, please contact us using the contact details below.

 

 

Transfers to third parties

Information about the types of third parties to which we disclose personal data and the purposes for which we do so is described in the Privacy Notice.

 

 

If we have received your personal data in the United States and subsequently transfer that information to a third party acting as an agent, and such third-party agent processes your personal data in a manner inconsistent with the DPF Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.

 

 

Your DPF rights

If you are from the EEA, UK or Switzerland, you have the right to request access to the personal data that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF.

 

 

If you would like to exercise these rights, please write to us at the contact details provided below.  We may request specific information from you to confirm your identity and we will respond to your request in accordance with the DPF Principles and applicable data protection laws.

 

 

You may also opt-out of receiving marketing communications from us by writing to us at the contact details provided below or by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.

 

 

Disclosures for national security or law enforcement

Please note that under certain circumstances, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Viasat publishes annual transparency information reflecting (to the degree permitted by applicable laws) the number and type of data production requests it has received for the corresponding period, the type of data requested and the category of requester.

 

 

Enforcement

Viasat's compliance with the with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

 

 

Questions or complaints

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to resolve DPF-related complaints about our collection and use of your personal data.  EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DP and the Swiss-U.S. DPF should first contact us by email at privacy@36837a.com or in writing at:

 

Viasat, Inc.
Attn: Viasat Privacy Office (Legal Dept.)
901 K Street, NW, Suite 400 Washington,
DC 20001

 

We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.  If you have an unresolved DPF complaint that we have not addressed satisfactorily, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit http://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  These services are provided free of charge to you.

 

You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances.  For further information, please refer to: http://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

 

 

Changes to this Notice

It may be necessary for Viasat to make changes to this DPF Notice consistent with the DPF's requirements, so please check this page periodically. We will announce any material changes to this DPF Notice via channels appropriate to our relationship with you.

 

Annex 1

 

List of DPF Self-Certified US Entities

The following Viasat controlled US affiliates certify compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce:

 

Automation Communications Engineering Corporation

ComPetro Communications Holdings LLC

ComPetro Communications, LLC

Engreen, Inc.

Frontera LLC

Intelie, Inc.

Landtel Communications, L.L.C.

Landtel, Inc.

mmWaveBroadband Co.

RBS Alpha, LLC

RBS Beta, LLC

RigNet EIS, Inc.

RigNet Global Holdings S.a.r.l. (US Branch)

RigNet Holdings, LLC

RigNet Newco, Inc.

RigNet, Inc.

Safety Controls, Inc.

THEU, LLC

TrellisWare Technologies, Inc.

Viasat Carrier Services, Inc.

Viasat China Services, Inc.

Viasat Global Holdings, LLC

Viasat Services Holding Co.

Viasat Technologies Limited (US Branch)

Viasat Worldwide Limited

Viasat, Inc.

VParent, Inc.

VService, Inc.