Iridium Satellite LLC (“Iridium,” “we,” or “us”) understands that privacy is important to you and values your trust. This privacy notice (the “Notice”) explains how we collect, use, retain, and generally process personal data that is within the scope of compliance with the European Union’s General Data Protection Regulation (“GDPR”), and how GDPR affects individuals that use Iridium services.
This Notice applies to “Customer Data Subjects”, who are identified or identifiable individuals authorized by a third party entity under contract with Iridium to provide Iridium services (“Iridium Service Provider”), to use such services or to interact with Iridium in connection with the use of such services, when:
- The Customer Data Subject creates personal data through use of Iridium services within the European Union (“EU”) or the European Economic Area (“EEA”) in connection with the Customer Data Subject’s relationship with an Iridium Service Provider, or Iridium otherwise processes personal data of a Customer Data Subject who is in an EU or EEA country; and
- Such services are within the scope of the GDPR.
Iridium functions as an independent Data Controller (as defined under the GDPR) in its processing of personal data of such Customer Data Subject.
Additional information on the processing of your personal data may be available directly from your Iridium Service Provider. In addition, Iridium maintains a Privacy Policy that addresses data protection, but unless specifically stated otherwise and where another notice or policy conflicts with the purposes of this Notice, this Notice will prevail as to the processing of personal data from a Customer Data Subject.
We Collect Personal Data
Iridium will process personal data of Customer Data Subjects in order to perform and provide services as contractually agreed with the Iridium Service Provider. Such personal data relate to unique devices from which (or to which) electronic communications are sent (or received) (e.g., Internet Protocol (“IP“) address, Media Access Control (“MAC“) address, Subscriber Identity Module (“SIM“), International Mobile Equipment Identity (“IMEI“) number, Mobile Station International Subscriber Directory Number (“MSISDN”), Serial Number, Unique Device Identifier (“UDID”)). In connection with the Iridium Global Maritime Distress and Safety System (“GMDSS”) Services, we collect data relating to vessels’ unique devices from which (or to which) electronic communications are sent (or received) (e.g., Vessel Name, International Maritime Organization (“IMO”) number, Maritime Mobile Service Identity (“MMSI”), Call Sign, Fleet Name, Nation Flag, Vessel Type, SP Owner, Vessel information, Tonnage, Year of build, Port of Registry, Capacity of People, Emergency Contact (Name, Phone and email) and Provider Reference (SP Ticket Number). We also collect data processed in an electronic communications network for the purposes of transmitting, distributing, or exchanging electronic communications content, such as data used to trace and identify the source and destination of a communication, data on the location of the device generated in the context of providing electronic communications services, and the date, time, duration, and type of communication.
Iridium has and relies on a legitimate interest to process such Customer Data Subject’s personal data to provide and improve services and network operations and the GMDSS. In addition, Iridium may process this personal data as necessary for protecting the vital interests of the Customer Data Subject or another natural person; performing a task carried out in the public interest; and/or complying with legal obligations.
Iridium’s processing of personal data does not include automated decision-making or profiling that affects the Customer Data Subject.
The Ways We Disclose Personal Data
Personal data about Customer Data Subjects will be disclosed, to the extent required for service delivery, to appropriate and authorized recipients. Recipients may include: Iridium personnel, third party service providers and subcontractors (e.g., Iridium Service Providers), and/or other third parties performing services for us and assisting with the provision of services, our parent company or for any subsidiaries, joint ventures, or other companies under common control.
Third parties given access to personal data about Customer Data Subjects will be required to use appropriate security measures consistent with GDPR requirements when processing personal data.
Iridium may disclose personal data if Iridium determines in good faith it is necessary or appropriate to comply with applicable laws or respond to requests from law enforcement or other government officials, or to protect or defend the rights or property of Iridium, you, or third parties.
Where We Process your Personal Data
Iridium provides its services from the United States and other locations. By using Iridium’s services you are transferring your personal data for processing to the United States of America, a country not designated by the European Commission to offer adequate protection of personal data. However, wherever personal data is processed, Iridium uses appropriate security measures consistent with GDPR requirements.
Retention of Personal Data
Unless otherwise required by law, we will erase your personal data when it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; when the period of the contract between Iridium and the Iridium Service Provider, or between the Iridium Service Provider and the Customer Data Subject has expired or the contract has terminated; when you object to the processing or exercise any of your other rights that require deleting your personal data and there are no overriding legitimate grounds for the processing; and when it is necessary to comply with legal obligations.
While personal data is retained, Iridium implements appropriate technical and organizational measures designed to make the personal data collected as secure as possible.
Customer Data Subject Rights Regarding the Processing of Personal Data
Customer Data Subjects have the right to request from us access to, and rectification and erasure of your personal data. You also have the right to restrict or object to processing concerning your personal data, which includes restricting us from continuing to process your personal data under certain circumstances. In addition, you have the right to data portability, which includes certain rights to have your personal data transmitted from us to another data controller, such as to a different Iridium Service Provider. You also have the right to lodge a complaint with a supervisory authority.
To exercise or to inquire about the above rights you can send an email to [insert email]. Please include “[Country] – Customer data subject rights request” in the email’s subject line. As the personal data is processed as part of Iridium contract obligations to the Iridium Service Provider, Iridium will coordinate responses to requests of Customer Data Subjects with the Iridium Service Provider. Iridium recommends the Customer Data Subject directly contact the Iridium Service Provider to initiate a rights request. Iridium will work with the Iridium Service Provider to determine the appropriate response to a request. Please note that the exercise of these requests may affect your use of the services that depend on the ability of Iridium to Process your personal data (e.g., your SIM number).
Changes to Our Notice
This Notice is subject to revision from time to time. If we make material changes to how we treat your personal data, we will notify you by using the email address on record.
Other Information
Iridium Satellite, LLC is the independent controller of your personal data. If you have any questions regarding our Notice, please contact us at iridium.online@iridium.com. Please include “[Country] -Customer Data Subject Question” in the email’s subject line.
Last Updated: December 2019
