Last updated: 11 May 2022
This notice describes how Inmarsat Global Limited and its affiliates ("Inmarsat", "we", "us" or "our") uses and discloses your personal data when you use our in-flight Wi-Fi connectivity services (the “Service”). It also describes your data protection rights, including a right to object to some of the processing which Inmarsat carries out. More information about your rights, and how to exercise them, is set out in the "Your choices and rights" section.
This notice also applies to the processing of your communications metadata (“traffic data”) by Inmarsat regardless of whether it is personal data under data protection laws (see Technical Data below).
Category |
Personal Data |
---|---|
Identity and Contact Data |
We may collect the following Identity and Contact Data:
|
Transaction Data |
We collect the following Transaction Data:
|
Technical Data |
We collect the following Technical Data:
|
IP addresses, and Device Information |
We may collect technical information about your laptop, computer, mobile phone, smart phone and/or other electronic devices ("Devices"), including where available your IP address, the Device's unique device identifiers, operating system and browser type, for system administration and to report aggregate information to the airline upon which you are flying. We will collect this information through the use of deep packet inspection, indicating whether a webpage has been viewed. This statistical information will be aggregated to provide non-personally identifiable information about our users' aggregate browsing actions and patterns, and does not include any personally identifiable information. |
We collect most of this information from you directly. For example, personal data is collected when you register to use the Service and through your use of the Service. We also collect some information about you from other people or organisations, such as from our customers who operate the aircraft where you access the Service and our Internet Service Provider.
We collect, use and store your personal data for the reasons set out below:
Where the processing is necessary for us to administer our contract with you |
Performance of a contract - We will process your Identity and Contact Data, and Transaction Data (as set out in Section 2 above) where it is necessary for the performance of a contract we are about to enter into or have entered into with you. Registration – We will process your Identity and Contact Data that you provide at the time of registering to purchase our Service, which will be used for the purpose of providing you with the Service. |
Where necessary for Inmarsat’s legitimate interests, as listed below, and where our interests are not overridden by your data protection rights |
Enquiries - If you contact us, we will use the Identity and Contact Data that you supply in order to deal with and/or respond to your request or as is necessary for the performance of a contract with you or in order to take a step at your request prior to entering into a contract and/or where such processing is in our legitimate interests. We may also retain a record of that correspondence. Surveys - If you choose to complete a survey that we use for research purposes, we will retain the information that you provide in response to that survey. This is necessary for our legitimate interest in understanding our customers and developing our business. Administration - We may use your Identity and Contact Data and Technical Data for the purpose of protecting our business and our website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. This is necessary for our legitimate interest in running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, and for compliance with our legal obligations. Website Analytics - As you navigate websites using the Service, Technical and Usage Data (as set out in Section 2 above) may be collected automatically. We do this to collect information such as the number of visits to websites, and to help us to improve and customise the Service for you, in accordance with our legitimate interests. This is necessary for our legitimate interest in defining types of customers for our Service, to keep our Service updated and relevant and to develop our business. Fault reporting - If you contact us to report a fault with our Service or portal, we will use the Identity and Contact Data provided for the purposes of rectifying that fault in accordance with our legitimate interests. |
Where necessary to comply with a legal obligation |
We will process your personal data where we have a legal obligation to do so, including:
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law, and / or an applicable regulation. |
With your consent |
We may process personal data in relation to IP addresses and Device Information (as set out in Section 2 above) on the basis of your consent. We share your personal data with our customers who operate the aircraft where you access the Service, who may process your personal data in accordance with their privacy policy, including sending marketing communications to you. |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
The information we hold about you is used for the following purposes and processes:
We will only retain your personal data for as long as necessary, in accordance with the purpose for which the personal data was collected and with the applicable law.
Personal data may be shared with government authorities and/or law enforcement officials to whom we have a legal obligation to provide information for regulatory purposes as set out in Section 3 above titled “Where necessary to comply with a legal obligation” and if necessary for Inmarsat’s legitimate interests as set out in Section 3 above titled “Where necessary for Inmarsat’s legitimate interests” (in the latter case, only where our interests are not overridden by your data protection rights).
Personal data will also be shared with third party service providers, who will process it on our behalf. These third parties include:
Third parties that process personal data on our behalf are required by contract to implement safeguards that are no less protective than those implemented by us in order to protect any personal data they receive from us. Third party service providers are further prohibited from using the personal data for any purpose other than to perform the services as instructed by Inmarsat.
We may also share your personal data with:
We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. We may also disclose, share or transfer your personal data to any legal entity resulting from a merger, acquisition, divestiture, asset transfer or any other form of corporate reorganization.
We may transfer your personal data to third parties (e.g. service providers) overseas, which may involve the transfer of personal data to countries outside the UK and European Economic Area which have different data protection standards to those which apply in the UK/European Economic Area, including transfers of personal data to the United States of America.
Some of these countries are subject to a European Commission adequacy decision. For other countries, we have put in place standard contractual clauses approved in accordance with applicable data protection laws with the relevant third party to protect this personal data. We may also rely on other permitted data transfer mechanisms such as third-party corporate rules (approved by EU data protection authorities and put in place to protect your personal data). You have a right to ask us for a copy of the safeguard used (by contacting us using the contact details set out in Section 8 below).
You have a number of rights that apply when we process your personal data, including:
Access to your personal data (commonly known as a "data subject access request") |
Obtain a copy of your personal data held by Inmarsat. |
Correction of the personal data that we hold about you. |
Require Inmarsat to correct any incomplete or inaccurate personal data that Inmarsat holds about you. |
Erasure of your personal data |
Require Inmarsat to delete or remove personal data, for example, where:
|
Object to processing |
Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Object to the processing of your personal data by Inmarsat for direct marketing purposes. |
Request restriction of processing of your personal data. |
Require Inmarsat to suspend the processing of your personal data in certain scenarios. |
Withdraw consent |
Withdraw your consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. |
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to the data protection authority which has jurisdiction over your place of residence, or to the UK Information Commissioner’s Office or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (which is the data protection authority at our main place of establishment in the European Union).
Where we collect personal data to administer our contract with you or to comply with our legal obligations, this is mandatory and we will not be able to provide the Service without this information. In other cases, provision of the requested personal data may be optional, but this may affect your ability to participate in certain programs or systems, where the information is needed for those purposes.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. In some cases, we are under direct obligations to delete certain communications data unless it is required for billing, fraud prevention or other necessary Service-related purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
The data controller for your personal data is Inmarsat Global Limited.
If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please contact us at:
Post: 99 City Road, London, EC1Y 1AX
Email: [email protected]