Iridium Service Provider GDPR Privacy Notice
Iridium Satellite LLC (“Iridium,” “we,” or “us”) understands that privacy is important to you and values your trust. This privacy notice (the “Notice”) explains how we collect, use, retain, and generally process personal data that is within the scope of compliance with the European Union’s General Data Protection Regulation (“GDPR”), and how GDPR affects individuals that use Iridium services.
This Notice applies to “Customer Data Subjects”, who are identified or identifiable individuals authorized by a third party entity under contract with Iridium to provide Iridium services (“Iridium Service Provider”), to use such services or to interact with Iridium in connection with the use of such services, when:
- The Customer Data Subject creates personal data through use of Iridium services within the European Union (“EU”) or the European Economic Area (“EEA”) in connection with the Customer Data Subject’s relationship with an Iridium Service Provider, or Iridium otherwise processes personal data of a Customer Data Subject who is in an EU or EEA country; and
- Such services are within the scope of the GDPR.
Iridium functions as an independent Data Controller (as defined under the GDPR) in its processing of personal data of such Customer Data Subject.
Additional information on the processing of your personal data may be
available directly from your Iridium Service Provider. In
addition, Iridium maintains a Privacy
Policy that addresses data protection, but unless
specifically stated otherwise and where another notice or policy
conflicts with the purposes of this Notice, this Notice will
prevail as to the processing of personal data from a Customer
We Collect Personal Data
Iridium will process personal data of Customer Data Subjects in order to perform and provide services as contractually agreed with the Iridium Service Provider. Such personal data relate to unique devices from which (or to which) electronic communications are sent (or received) (e.g., Internet Protocol (“IP“) address, Media Access Control (“MAC“) address, Subscriber Identity Module (“SIM“), International Mobile Equipment Identity (“IMEI“) number, Mobile Station International Subscriber Directory Number (“MSISDN”), Serial Number, Unique Device Identifier (“UDID”)). In connection with the Iridium Global Maritime Distress and Safety System (“GMDSS”) Services, we collect data relating to vessels’ unique devices from which (or to which) electronic communications are sent (or received) (e.g., Vessel Name, International Maritime Organization (“IMO”) number, Maritime Mobile Service Identity (“MMSI”), Call Sign, Fleet Name, Nation Flag, Vessel Type, SP Owner, Vessel information, Tonnage, Year of build, Port of Registry, Capacity of People, Emergency Contact (Name, Phone and email) and Provider Reference (SP Ticket Number). We also collect data processed in an electronic communications network for the purposes of transmitting, distributing, or exchanging electronic communications content, such as data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration, and type of communication.
Iridium has and relies on a legitimate interest to process such
Customer Data Subject’s personal data to provide and improve
services and network operations and the GMDSS. In addition,
Iridium may process this personal data as necessary for
protecting the vital interests of the Customer Data Subject or
another natural person; performing a task carried out in the
public interest; and/or complying with legal obligations.
Iridium’s processing of personal data does not include automated decision-making or profiling that affects the Customer Data Subject.
The Ways We Disclose Personal Data
Personal data about Customer Data Subjects will be disclosed, to the extent required for service delivery, to appropriate and authorized recipients. Recipients may include: Iridium personnel, third party service providers and subcontractors (e.g., Iridium Service Providers), and/or other third parties performing services for us and assisting with the provision of services, our parent company or for any subsidiaries, joint ventures, or other companies under common control.
Third parties given access to personal data about Customer Data Subjects will be required to use appropriate security measures consistent with GDPR requirements when processing personal data.
Iridium may disclose personal data if Iridium determines in good
faith it is necessary or appropriate to comply with applicable
laws or respond to requests from law enforcement or other
government officials, or to protect or defend the rights or
property of Iridium, you, or third parties.
Where We Process your Personal Data
Iridium provides its services from the United States and other
locations. By using Iridium’s services you are transferring your
personal data for processing to the United States of America, a
country not designated by the European Commission to offer
adequate protection of personal data. However, wherever personal
data is processed, Iridium uses appropriate security measures
consistent with GDPR requirements.
Retention of Personal Data
Unless otherwise required by law, we will erase your personal data when it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; when the period of the contract between Iridium and the Iridium Service Provider, or between the Iridium Service Provider and the Customer Data Subject has expired or the contract has terminated; when you object to the processing or exercise any of your other rights that require deleting your personal data and there are no overriding legitimate grounds for the processing; and when it is necessary to comply with legal obligations.
While personal data is retained, Iridium implements appropriate
technical and organizational measures designed to make the
personal data collected as secure as possible.
Customer Data Subject Rights Regarding the Processing of Personal Data
Customer Data Subjects have the right to request from us access to, and rectification and erasure of your personal data. You also have the right to restrict or object to processing concerning your personal data, which includes restricting us from continuing to process your personal data under certain circumstances. In addition, you have the right to data portability, which includes certain rights to have your personal data transmitted from us to another data controller, such as to a different Iridium Service Provider. You also have the right to lodge a complaint with a supervisory authority.
To exercise or to inquire about the above rights you can send an
email to [insert email]. Please include “[Country] – Customer
data subject rights request” in the email’s subject line. As the
personal data is processed as part of Iridium contract
obligations to the Iridium Service Provider, Iridium will
coordinate responses to requests of Customer Data Subjects with
the Iridium Service Provider. Iridium recommends the Customer
Data Subject directly contact the Iridium Service Provider to
initiate a rights request. Iridium will work with the Iridium
Service Provider to determine the appropriate response to a
request. Please note that the exercise of these requests may
affect your use of the services that depend on the ability of
Iridium to Process your personal data (e.g., your SIM
Changes to Our Notice
This Notice is subject to revision from time to time. If we make
material changes to how we treat your personal data, we will
notify you by using the email address on record.
Iridium Satellite, LLC is the independent controller of your personal
data. If you have any questions regarding our Notice, please
contact us at email@example.com.
Please include “[Country] -Customer Data Subject Question” in
the email’s subject line.
Last Updated: December 2019