GO TO OUR SOLUTIONS

GO TO LATEST NEWS

Find all our announcements and a selection of imagery – and sign up to receive our latest news.

Last updated: 11 May 2022

1. What does this notice cover?

This notice describes how Inmarsat Global Limited and its affiliates ("Inmarsat", "we", "us" or "our") uses and discloses your personal data when you use our in-flight Wi-Fi connectivity services (the “Service”). It also describes your data protection rights, including a right to object to some of the processing which Inmarsat carries out. More information about your rights, and how to exercise them, is set out in the "Your choices and rights" section.

This notice also applies to the processing of your communications metadata (“traffic data”) by Inmarsat regardless of whether it is personal data under data protection laws (see Technical Data below).

2. If you use the Service, we may collect the following personal data

Category

Personal Data

Identity and Contact Data

 We may collect the following Identity and Contact Data:
  • your first name;
  • last name;
  • title;
  • gender;
  • address (home, postal or other physical address), email address and telephone numbers;
  • the departing and arriving airports of your flight; and
  • if you contact us, a record of that correspondence.

Transaction Data

 We collect the following Transaction Data:
  • details of transactions you carry out in order to purchase the Service, including:
  • details about payments from you and other details of Services you have purchased from us; and
  • our fulfilment of your order.

Technical Data
We collect the following Technical Data:
  • traffic data (data about the “if, how, who and when” of your usage of our Service, processed for the purpose of the conveyance of your communications or for billing);
  • location data;
  • log data about your usage of the internet and other communication data;
  • the resources that you access and your internet protocol (IP) address;
  • browser type and version;
  • information about technical settings on the devices you use to access our Service; and
  • details of any mobile applications on your device that make use of the Service.

IP addresses, and Device Information

We may collect technical information about your laptop, computer, mobile phone, smart phone and/or other electronic devices ("Devices"), including where available your IP address, the Device's unique device identifiers, operating system and browser type, for system administration and to report aggregate information to the airline upon which you are flying.

We will collect this information through the use of deep packet inspection, indicating whether a webpage has been viewed. This statistical information will be aggregated to provide non-personally identifiable information about our users' aggregate browsing actions and patterns, and does not include any personally identifiable information.

We collect most of this information from you directly. For example, personal data is collected when you register to use the Service and through your use of the Service. We also collect some information about you from other people or organisations, such as from our customers who operate the aircraft where you access the Service and our Internet Service Provider.

3. Why we collect, use and store this personal data

We collect, use and store your personal data for the reasons set out below:

Where the processing is necessary for us to administer our contract with you

Performance of a contract - We will process your Identity and Contact Data, and Transaction Data (as set out in Section 2 above) where it is necessary for the performance of a contract we are about to enter into or have entered into with you.

Registration – We will process your Identity and Contact Data that you provide at the time of registering to purchase our Service, which will be used for the purpose of providing you with the Service.

Where necessary for Inmarsat’s legitimate interests, as listed below, and where our interests are not overridden by your data protection rights

Enquiries - If you contact us, we will use the Identity and Contact Data that you supply in order to deal with and/or respond to your request or as is necessary for the performance of a contract with you or in order to take a step at your request prior to entering into a contract and/or where such processing is in our legitimate interests. We may also retain a record of that correspondence.

Surveys - If you choose to complete a survey that we use for research purposes, we will retain the information that you provide in response to that survey. This is necessary for our legitimate interest in understanding our customers and developing our business.

Administration - We may use your Identity and Contact Data and Technical Data for the purpose of protecting our business and our website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. This is necessary for our legitimate interest in running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, and for compliance with our legal obligations.

Website Analytics - As you navigate websites using the Service, Technical and Usage Data (as set out in Section 2 above) may be collected automatically.  We do this to collect information such as the number of visits to websites, and to help us to improve and customise the Service for you, in accordance with our legitimate interests. This is necessary for our legitimate interest in defining types of customers for our Service, to keep our Service updated and relevant and to develop our business.

Fault reporting - If you contact us to report a fault with our Service or portal, we will use the Identity and Contact Data provided for the purposes of rectifying that fault in accordance with our legitimate interests.

Where necessary to comply with a legal obligation

We will process your personal data where we have a legal obligation to do so, including:

  • tax law and similar obligations (for example, tax and national insurance reporting, filing and withholding);
  • responding to court orders, subpoenas or other legal processes with which Inmarsat is required to comply;
  • complying with legal, regulatory, law enforcement, and other requirements under UK, EU or Member State laws.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law, and / or an applicable regulation.

With your consent

We may process personal data in relation to IP addresses and Device Information (as set out in Section 2 above) on the basis of your consent.

We share your personal data with our customers who operate the aircraft where you access the Service, who may process your personal data in accordance with their privacy policy, including sending marketing communications to you.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4. How we use your information

The information we hold about you is used for the following purposes and processes:

  • providing you with access to the Service and enabling you to participate in interactive features of the Service, when you choose to do so;
  • verifying that you are an authorised user for security purposes;
  • ensuring that content accessed via the Service is presented in the most effective manner for you on your Device;
  • providing you with information, products or services that you request from us or which we consider may interest you;
  • contacting you in relation to the Service or where you have otherwise consented;
  • assisting us with crime and fraud prevention, such as to check your identity;
  • investigating any complaints or other enquiries that you submit to us;
  • enhancing and personalising the products and services that we and selected third parties offer to you;
  • analysing markets and producing reports, performing research and statistical analysis and to monitor usage behaviour; and
  • disclosing your personal data or usage of our Service to certain third parties, in the following situations:
    • aggregating information about you, your spending and your use of the Service (including your calling, searching, browsing and location data) with information about other users of the Service in order to identify trends ("Aggregated Data"). We may pass Aggregated Data to third parties, such as our customers who operate the aircraft where you access the Service, to give them a better understanding of our business and to bring you a better Service. Aggregated Data will not contain information from which you may be personally identified; and
    • we may pass information about you including your calling, searching, browsing and location data on a personalised basis to selected third parties, including our customers who operate the aircraft where you access the Service. Such third parties may use this information to provide you with information about goods and services that may be of interest to you.

We will only retain your personal data for as long as necessary, in accordance with the purpose for which the personal data was collected and with the applicable law.

5. How we share your personal data

Personal data may be shared with government authorities and/or law enforcement officials to whom we have a legal obligation to provide information for regulatory purposes as set out in Section 3 above titled “Where necessary to comply with a legal obligation” and if  necessary for Inmarsat’s legitimate interests as set out in Section 3 above titled “Where necessary for Inmarsat’s legitimate interests” (in the latter case, only where our interests are not overridden by your data protection rights).

Personal data will also be shared with third party service providers, who will process it on our behalf. These third parties include:

  • our Internet Service Providers; and
  • third parties that process any payments made by you to use the Service.

Third parties that process personal data on our behalf are required by contract to implement safeguards that are no less protective than those implemented by us in order to protect any personal data they receive from us. Third party service providers are further prohibited from using the personal data for any purpose other than to perform the services as instructed by Inmarsat.

We may also share your personal data with:

  • other communications companies;
  • our customers who operate the aircraft where you access the Service;
  • third parties from whom you have chosen to receive marketing information;
  • third parties to whom you have consented to transfer your personal data;
  • fraud prevention services, where you give us false or inaccurate information and we identify or suspect fraud; and
  • during emergencies when we believe physical safety is at risk.

We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. We may also disclose, share or transfer your personal data to any legal entity resulting from a merger, acquisition, divestiture, asset transfer or any other form of corporate reorganization.

We may transfer your personal data to third parties (e.g. service providers) overseas, which may involve the transfer of personal data to countries outside the UK and European Economic Area which have different data protection standards to those which apply in the UK/European Economic Area, including transfers of personal data to the United States of America.

Some of these countries are subject to a European Commission adequacy decision.  For other countries, we have put in place standard contractual clauses approved in accordance with applicable data protection laws with the relevant third party to protect this personal data. We may also rely on other permitted data transfer mechanisms such as third-party corporate rules (approved by EU data protection authorities and put in place to protect your personal data).  You have a right to ask us for a copy of the safeguard used (by contacting us using the contact details set out in Section 8 below).

6. Your choices and rights

You have a number of rights that apply when we process your personal data, including:

Access to your personal data (commonly known as a "data subject access request")

Obtain a copy of your personal data held by Inmarsat.

Correction of the personal data that we hold about you.

Require Inmarsat to correct any incomplete or inaccurate personal data that Inmarsat holds about you.

Erasure of your personal data

 Require Inmarsat to delete or remove personal data, for example, where:
  • it is no longer needed or there is no good reason for us continuing to process it;
  • you have objected to the processing (see below);
  • we may have processed your personal data unlawfully; or
  • we are required to erase your personal data to comply with local law.

Object to processing

Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

Object to the processing of your personal data by Inmarsat for direct marketing purposes.

Request restriction of processing of your personal data.

Require Inmarsat to suspend the processing of your personal data in certain scenarios.

Withdraw consent

Withdraw your consent at any time where we are relying on consent to process your personal data.

This will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

 

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to the data protection authority which has jurisdiction over your place of residence, or to the UK Information Commissioner’s Office or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (which is the data protection authority at our main place of establishment in the European Union).

Where we collect personal data to administer our contract with you or to comply with our legal obligations, this is mandatory and we will not be able to provide the Service without this information. In other cases, provision of the requested personal data may be optional, but this may affect your ability to participate in certain programs or systems, where the information is needed for those purposes.

7. How long we retain your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. In some cases, we are under direct obligations to delete certain communications data unless it is required for billing, fraud prevention or other necessary Service-related purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. Contact us

The data controller for your personal data is Inmarsat Global Limited.

If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please contact us at:

Post: 50 Finsbury Square, London, EC2A 1HD, United Kingdom

Email: [email protected]