ZenKey powered by AT&T App Privacy Policy

September 15, 2020

ZenKey powered by AT&T App Privacy Policy

This policy (“Policy”) applies when you download or access the ZenKey powered by AT&T app (“the App”), which is provided by AT&T Services, Inc. and its affiliates (“we” or “us”). A list of AT&T affiliates is found here. You may access the App, through various supported platforms, such as your mobile phone, and may access the App’s services on selected companies’ apps or websites when you use a trusted browser, to share information with a selected company. We will refer to such companies you elect to interact with through the App or ZenKey services as a “Service Provider” or “SP.”

By accessing the App you agree to the ZenKey powered by AT&T terms and conditions, and to the collection, use, and sharing of data identified in this Policy.

When and what information is collected?

We collect the following information about you when you access the App:

  1. Your “ZenKey Profile,” to include things like:
    • information you provide us through the registration process;
    • any updates to the information you provide in the app; and
    • contact information (e.g., billing zip code) we provide in the app from your wireless account.
  2. Your use of the App on your phone, tablet, computer, or any other device. This includes information like:
    • the types of information you choose within the App to share with Service Providers, such as your name, email address or zip code;
  3. Your devices on which the App is accessed. This includes information like:
    • mobile number and IP address; and
    • unique identifiers associated with the devices.
  4. Your use of this service through the App or Service Provider’s app or website. This includes:
    • information about your browser or operating system you used, and the date used.

A note about Do Not Track - We don’t respond to “do not track” signals. For more information on Do Not Track, please visit www.allaboutdnt.com.

How might we use your information?

  • We may use the information collected through use of the App to: register or authenticate you to a Service Provider or authorize transactions between you and a Service Provider; deliver and improve the service; conduct analytics; and detect attacks on your account, fraudulent activity or a device change.

Do we share your information and, if so, with whom?

  • We may share information collected through the App, as described in this Policy, with:
    • Service Providers that you choose to connect with through the App to make it easier to register, to authenticate your identity and authorize transactions. We require proof through the App of your consent before sharing your information that identifies you personally with Service Providers. We may also share information with Service Providers to help detect fraud.
    • The Service Providers may not sell your data but may share your data and attributes with third parties for purposes that are consistent with the context of the transaction and your relationship with them. The Service Provider’s privacy policy will govern data provided to the Service Provider.
    • If you update your ZenKey Profile, we may share this updated information with Service Providers based on your consent settings in the App.
    • Other companies within the AT&T family of companies, including any of our affiliates;
    • Vendors who perform services such as: help market or provide you with the App or services; provide or improve service; conduct analytics without identifying you personally; and bill Service Providers with respect to those services.
  • Your information may be used in or shared to compile aggregate reports that won’t identify you personally, such as a report on how many people connected to certain Service Providers.
  • The App will not disclose your location information to your Service Providers.
  • We may also share information to:
    • Comply with court orders and other legal process; and
    • Enforce our agreements and protect our rights or property.

How will the App information be governed if you also have other products and services from AT&T?

  • Information generated and derived from the App, including your ZenKey Profile, is subject to this Policy. If you use other AT&T products and services, you are subject to the privacy policy that governs those products and services.
  • For example, if you’re opted into AT&T’s Enhanced Relevant Advertising program and we combine your data from other AT&T products and services with App information, the Enhanced Relevant Advertising terms will apply. For information on the AT&T Enhanced Relevant Advertising program, click here.

What information is not covered by this Policy?

  • This Policy does not apply to data after you direct us to provide it to the Service Provider. The data will be governed by that Service Provider’s privacy policy and/or terms. But Service Providers may only share your data and attributes with third parties for purposes that are consistent with the context of the transaction and your relationship with them.
  • This Policy does not apply if you go to a third-party site from the App, such as when you go to a non-AT&T website from the App (by clicking on a link, for example). In this case, the privacy policy of the third-party site may apply.
  • AT&T may act as both the carrier providing the App and as a Service Provider. If AT&T is a Service Provider, data provided to AT&T through the ZenKey app will be governed by AT&T’s respective privacy policy and/or terms. For example, if you use ZenKey to authenticate into your myAT&T app, AT&T’s privacy policy and/or terms of the myAT&T app will govern after you direct us to provide data to AT&T as the Service Provider.

Do you have safeguards in place to protect my information?

  • We work hard to protect your information. Though we cannot guarantee the protection of your information, we've established electronic and administrative safeguards designed to help make the information we collect secure.
  • In the event of a security incident, laws and regulations direct us in how to give you notification when certain types of sensitive information are involved. We will provide you with notice in accordance with these laws and regulations.
  • We will keep your personally identifiable information in connection with your use of the App as long as you are a customer and/or user, or until it is no longer needed for business, tax or legal purposes.

Do you collect information about my children's use?

  • We do not knowingly collect personally identifying information from anyone under the age of 13 unless we first obtain permission from the child's parent or legal guardian.

What choices and controls do I have over the use of my data?

  • You are in control. You have choices and controls over how your data is collected, used, and shared when you use the App:
    • Collection of Information: You can stop the collection of information through the App by uninstalling the App.
    • Sharing of Information with Service Providers: You may limit the sharing of information with Service Providers by not registering the Service Provider on the App.
    • If you already enabled the Service Provider in the App, you may stop sharing any data with that Service Provider by removing the Service Provider in the App, after which AT&T will no longer share any data elements with Service Providers.

      You may limit sharing for any data element by turning off sharing of data element(s) in the App with the Service Provider, after which AT&T will no longer share those data element(s) with Service Providers.

What happens if there is a change in corporate ownership or a change to this policy?

  • Information about our customers and users, including personally identifiable information, may be shared and transferred as part of any merger, acquisition, sale of company assets or transition of service to another provider. This also applies in the unlikely event of an insolvency, bankruptcy or receivership in which customer and user records would be transferred to another entity as a result of such a proceeding.
  • We may update this Policy as necessary to reflect changes we make and to satisfy legal requirements. The most recent version of the Policy will always be made available through the App. If we make material changes to this Policy, we will notify you to obtain your consent for those changes.

Your California Privacy Rights

  • California Civil Code Section 1798.83 entitles California customers to request information concerning whether a business has disclosed personal information to any third parties for their direct marketing purposes. As stated in this Policy, by using the App you agree to the sharing of your information with other companies to use for their own marketing purposes. If you don’t want us to share your information collected through the App with third parties, you must uninstall the App from all of your devices.
  • California customers who want to request further information about our compliance with these requirements, or would like to request a copy of information regarding our disclosure to third parties for their direct marketing purposes in the preceding calendar year, or have questions or concerns about our privacy practices and policies may contact us at the contact information listed below.

California Consumer Privacy Act (CCPA)

CCPA Personal Information (CCPA PI) is defined by California law as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with California consumers or households.

The Information We Collect and Share

We want to provide you with the information about how to exercise rights involving CCPA PI. Here is information about the CCPA PI we may collect from and share about consumers.

Information We Collect From Consumers

The CCPA identifies a number of categories of CCPA PI. We may collect the following categories of CCPA PI:

  • Address and other identifiers – such as name, postal address, email address, zip code, account name, or other similar identifiers.
  • Unique and online identifiers associated with personal information – IP address, device IDs, or other similar identifier
  • Commercial information – such as Service Providers you connect with, that you authenticated or were authorized by the Service Provider but not the detail of those transactions.
  • Electronic network activity information – such as information regarding an individual’s interaction with an internet browser, website or application (for example, successful or failed logins).
  • Location Information, limited to postal address and zip code provided by the user. Location information derived from use of a device or the ZenKey application is not collected.
  • App Activities (e.g., pages viewed in the App, linked Service Provider apps).
  • Inferences drawn from CCPA PI, such as individual profiles, preferences, characteristics, behaviors.

We may collect the above categories of CCPA PI for the following purposes:

  • Performing services on behalf of the business, such as customer service, processing or fulfilling orders, and processing payments.
  • Auditing customer transactions.
  • Fraud and crime prevention.
  • Debugging errors in systems.
  • Marketing and advertising.
  • Internal research, analytics and development – e.g., user-preference analytics.
  • Developing, maintaining, provisioning or upgrading the underlying network services or the App.

We may collect the above categories of CCPA PI from the following sources:

  • Directly from you – such as contact and billing info and customer service interactions
  • Generated by your use of our services – such as technical, equipment and usage information
  • Other companies – such as vendors and other AT&T companies

Information We Will Share About Consumers

We may share these categories of CCPA PI with entities that provide services for us, like processing your bill, or “Service Providers” (as defined above) that you agree to share your information with in the App:

  • Address and other identifiers – such as name, postal address, email address, account name, or other similar identifiers.
  • Unique and online identifiers – IP address, device IDs, or other similar identifiers.
  • Commercial information – such as Service Providers you connect with, that you authenticated or were authorized by the Service Provider but not the detail of those transactions.
  • Electronic network activity information – such as information regarding an individual’s interaction with an internet browser, website or application (for example, successful or failed logins).
  • Location Information (see above).
  • App Activities (e.g., pages viewed in the App, linked Service Provider apps).
  • Inferences drawn from CCPA PI, such as individual profiles, preferences, characteristics, behaviors.

We may share each of the above categories of CCPA PI with the following categories of companies who perform services on our behalf:

  • Product and services delivery companies
  • Marketing services companies
  • Cloud storage companies
  • Billing and payment processing companies
  • Fraud prevention entities
  • Analytics companies

We will not sell CCPA PI.

Your Right To Request Disclosure Of Information We Collect And Share About You

We are committed to ensuring that you know what information we collect. You can ask us for the following information:

  • The categories and specific pieces of your CCPA PI that we’ve collected.
  • The categories of sources from which your CCPA PI was collected.
  • The purposes for collecting or selling your CCPA PI.
  • The categories of third parties with whom we shared your CCPA PI.

We are also committed to ensuring that you know what information we share about you. You can submit a request to us for the following additional information:

  • The categories of CCPA PI we’ve sold about you, the categories of third parties to whom we’ve sold that CCPA PI, and the category or categories of CCPA PI sold to each third party.
  • The categories of CCPA PI that we’ve shared with service providers who provide services for us, like processing your bill; the categories of third parties to whom we’ve disclosed that CCPA PI; and the category or categories of CCPA PI disclosed to each third party.

To exercise your right to request the disclosure of your CCPA PI that we collect or share, either click here or contact us at 866-385-3193. These requests for disclosure are generally free.

Your Right To Request The Deletion Of CCPA PI

Upon your request, we will delete the CCPA PI we have collected about you, except for situations when that information is necessary for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us, or that are reasonably aligned with your expectations based on your relationship with us.

To exercise your right to request the deletion of your CCPA PI, either click here or contact us at 866-385-3193. Requests for deletion of your CCPA PI are generally free.

Your Right To Ask Us Not To Sell Your CCPA PI

You can always tell us not to sell your CCPA PI by clicking here or contacting us at 866-385-3193.

Once we receive and verify your request, we will not sell your CCPA PI unless you later allow us to do so. We may ask for your permission to resume sale of your CCPA PI at a later date, but we will wait at least 12 months before doing so.

Verification of Identity – Access or Deletion Requests

Password Protected Account.

If you maintain a password-protected account with us, in most cases you may submit an access or deletion request by authenticating yourself with a password like you would when you access your account (see exceptions below). You’ll have to authenticate yourself again to access your data or submit your deletion request.

Former Accountholders and Non-Accountholders (without Password Protected Account).

If you do not have a password protected account, we will ask to verify your identity using our mobile verification process. This process captures an image of your identity document, such as your driver’s license, and compares it to a self-photo you submit. We will only use this information to verify your identity. We will delete it after the time expires allowed by the CCPA to process and respond to your request.

If we cannot verify your identity, we will not be able to respond to your request. We will notify you to explain.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Your agent will need a valid power of attorney or written permission signed by you. If the agent relies on written permission, we’ll need to verify the agent’s identity. We may also contact you directly to confirm the permission. Your authorized agent can submit your requests by calling us at 866-385-3193.

We Don’t Mind If You Exercise Your Data Rights

We are committed to providing you control over your CCPA PI. If you exercise any of these rights explained in this section of the Privacy Policy, we will not disadvantage you. You will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services.

Consumers Under 16 Years Old

As of the effective date of this policy, we do not have actual knowledge that we sell CCPA PI of consumers under 16 years of age. If we collect CCPA PI that we know is from a child under 16 years old in the future, we will not sell that information unless we receive affirmative permission to do so. If a child is between 13 and 16 years of age, the child may provide that permission.

Any customer who wishes to request further information about our compliance with these requirements, or who has questions or concerns about our privacy practices and policies, can email us at privacypolicy@att.com, or write to us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard, Room 2100, Dallas, TX 75202.

How to contact us about this Policy

Contact us at either of these addresses for any questions about this Policy. Please specify if you are emailing or writing us about this Policy.

  • Email us at privacypolicy@att.com.
  • Write to us at ZenKey powered by AT&T App Privacy Policy, Chief Privacy Office, 208 S. Akard, Room 2100, Dallas, TX 75202.

Thank you for choosing AT&T.