Gogo Privacy Policy

Table of Contents

(A) Notice at Collection

(B) Categories of Personal Data we Collect and Process

(C) Purposes of Processing and Legal Bases for Processing

(D) Data Retention

(E) Sources of Personal Data

(F) Creation of Personal Data

(G) Sensitive Personal Data

(H) Disclosure of Personal Data to Third Parties

(I) Selling and Sharing of Personal Data

(J) Profiling

(K) International Transfer of Personal Data

(L) Data Security

(M) Data Accuracy

(N) Data Minimization

(O) Your Legal Rights

(P) Terms of Use

(Q) Direct Marketing

(R) Contact Us

(S) Cookies and Similar Technologies

(T) Definitions

(U) Satcom Direct Government Customers

This Policy explains how we collect, use, process and disclose information about you. The Policy may be amended or updated from time to time to reflect changes in our practices with respect to the collection, use, processing and disclosure of information about you, or changes in applicable law. We encourage you to read it carefully, and to regularly check this page to review any changes we might make.

This Policy is issued by Gogo Business Aviation, with its principal office at 105 Edgeview Drive, Broomfield, CO 80021, and its affiliates (together, "Gogo", "we", "us" and "our"), and is addressed to individuals outside our organization with whom we interact, including customers, visitors to our Sites, users of our Apps, or other users of our products or services (together, "you"). Defined terms used in this Policy are explained in Section (T) below.

You have certain rights regarding the information we collect about you. Those rights are explained in Section (O) below.

(A) Notice of Collection

The table below briefly summarizes Gogo's collection and purpose for using personal data. This selection also serves as our Notice at Collection for purposes of the California Consumer Privacy Act (CCPA).

We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose.

Notice of Right to Opt-Out of Selling or Sharing Personal Data

You have the right, at any time, to direct Gogo not to Share or Sell your Personal Data.

We will honor a request to opt-out of sharing your Personal Data through an opt-out preference signal in a frictionless manner. Opt-out preference signals apply both to your device and your account. You may enable an opt-out preference signal by selecting to opt out at Gogo's Preference Center.

If you would like to opt out of the “Selling” or “Sharing” of your Personal Data, you may submit a request by sending an e-mail to connect@gogoair.com.

(B) Categories of Personal Data We Collect and Process

To provide our products and services, we collect and Process the following categories of Personal Data about you:

Identifiers and categories of Personal Data

• Personal details: given name(s); preferred name; and photograph.
• Contact details: correspondence address; shipping address; telephone number; email address.
• Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).

Commercial Information

• Purchase details: records of purchases and prices; address, contact telephone number and email address.
• Payment details: invoice records; payment records; billing address; payment method; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of checks.
• Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.

Internet or other electronic network activity information

• Data relating to our Sites and Apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a Site; App usage statistics; App settings; dates and times of connecting to an App; location data and other technical communications information (some of which may constitute Personal Data); username; password; security login details; usage data; and aggregate statistical information.
• Content and advertising data: records of your interactions with our online advertising and content, records of advertising and content displayed on pages or App screens displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.

Professional or employment related information

• Employee or job applicant details: where we employ or consider you for employment, the name, address, telephone number, email address and work and education history related information.
• Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.

(C) Purposes of Processing and Legal Bases for Processing

(D) Data Retention

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:

1. we will retain Personal Data in a form that permits identification only for as long as:
   1. we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
   2. (b)your Personal Data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your Personal Data are included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data),

2. plus:

3. the duration of:
   1. any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
   2. an additional two (2)-month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),

4. and:

5. in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:

• permanently delete or destroy the relevant Personal Data; or
• anonymize the relevant Personal Data.

(E) Sources of Personal Data

We collect or obtain Personal Data about you from the following sources:

• Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
• Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
• App data: We collect or obtain Personal Data when you download or use any of our Apps.
• Site data: We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site.
• Registration details: We collect or obtain Personal Data when you use, or register to use, any of our Sites, Apps, products or services. We may also obtain Personal Data from your employer in order to grant you access to our Sites, Apps, products or services.
• Content and advertising information: If you interact with any third-party content or advertising on a Site or in an App (including third-party plugins and cookies) we receive Personal Data from the relevant third-party provider of that content or advertising.
• Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., marketing partners).

(F) Creation of Personal Data

We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us.

(G) Sensitive Personal Data

We do not seek to collect or otherwise Process Sensitive Personal Data.

(H) Disclosure of Personal Data to Third Parties

We disclose Personal Data to: legal and regulatory authorities; our external advisors; our Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offenses; any purchaser of our business; and any third-party providers of advertising, plugins or content used on our Sites or our Apps.

We also disclose the following categories of Personal Data to the recipients and for the business purposes detailed in the chart below.

(I) Selling and Sharing of Personal Data

Gogo does not sell the Personal Data of minors under sixteen (16) years of age. In the preceding twelve (12) months, Gogo has “sold” or “shared” the following categories of Personal Data to the following categories of third parties.

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.

(J) Profiling

We Process Personal Data for automated decision-making and Profiling, which is carried out for the following purposes:

(K) International Transfer of Personal Data

Because of the international nature of our business, we transfer Personal Data within the Gogo group, which consists of Gogo Inc. and its subsidiaries, and to Processors and other third parties as noted in Section (H) above, in connection with the purposes set out in this Policy. For this reason, we and our Processors may access, store, transfer or otherwise Process Personal Data outside the country, province or region in which you reside, including to jurisdictions that may have different laws and data protection compliance requirements to those that apply in the country or region in which you are located.

Where we transfer your Personal Data from the EEA to recipients located outside the EEA, specifically, who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses or the UK equivalent (i.e., UK addendum to the Standard Contractual Clauses). You are entitled to request a copy of our Standard Contractual Clauses or the UK equivalent (i.e., UK addendum to the Standard Contractual Clauses) using the contact details provided in Section (R) below. Please note that when you transfer any Personal Data directly to a Gogo entity established outside the EEA, we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.

Personal Data is subject to the laws of the jurisdictions in which we or our Processors operate, including laws that may require or permit disclosure or lawful access by courts, law enforcement or other governmental authorities in those jurisdictions. For more information about how we or our Processors handle Personal Data, please contact us as set forth in Section (R) below.

(L) Data Security

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In addition, we have procedures in place to limit retention periods as described in Section (D) above.

We have also implemented internal policies and technical measures to handle privacy complaints and limit access to your Personal Data within our organization to employees who need the information to perform their job functions. For example, our customer support team may have access to certain types of information during our interactions with you, namely, to respond to complaints and inquiries.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet - any such transmission is at your own risk, and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

(M) Data Accuracy

We take every reasonable step to ensure that:

• your Personal Data that we Process are accurate and, where necessary, kept up to date; and
• any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.

In addition, from time to time, we may ask you to confirm the accuracy of your Personal Data.

(N) Data Minimization

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

(O) Your Legal Rights

You have certain rights relating to the Personal Data we collect from or about you. Those rights include:

• the right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Sites, Apps, products or services, if you do not provide us with your Personal Data - e.g., we might not be able to process your requests without the necessary details);
• the right to request access to, or copies of, your Personal Data, together with information regarding the nature, Processing and disclosure of those Personal Data such as the:
  • categories of Personal Data we collected about you;
  • purposes for which the categories of Personal Data collected about you will be used;
  • categories of sources for the Personal Data we collected about you;
  • categories of third parties with whom we share Personal Data;
  • business or commercial purpose for collecting Personal Data;
  • specific pieces of Personal Data we collected about you; and
  • categories of Personal Data we have disclosed for a business purpose;
• the right to request rectification of any inaccuracies in your Personal Data;
• the right to request, on legitimate grounds:
  • erasure of your Personal Data; or
  • restriction of Processing of your Personal Data;
• the right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
• where we Process your Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases);
• the right to lodge complaints regarding the Processing of your Personal Data; and
• the right to opt-out of the Sale or Sharing of Personal Data.

Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:

• the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf; and
• the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy or about our Processing of your Personal Data, please use the contact details provided in Section (R) below. Please note that in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.

Generally, in order to verify your requests to exercise your rights, we will compare the Personal Data we have about you to pieces of Personal Data we will request in the course of processing your request. The Personal Data required for verification may include your name, email address, phone number or the date of your last purchase from us. We will deliver a response to you within thirty (30) days of receiving your verifiable Data Subject request.

Verifiable requests to exercise the rights mentioned above may be submitted through one of the following methods:

• Call us toll free at +1 303.301.3278
• Email us at connect@gogoair.com
• Our online form located at: Preference Center

Right to Non-Discrimination. Data Subjects have the right to be free from discrimination when they exercise their Data Subject rights, including freedom from:

1. Denying you goods or services.
2. Charging you a different price or rate for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Providing you a different level of quality of goods or services.
4. Suggesting that you may receive a different rate for goods or services or a difference level or quality of goods or services.

Authorized Agent. You may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require you to provide the authorized agent with signed permission to submit a request on your behalf, verify your identity directly with us, and directly confirm that you have provided the authorized agent permission to submit the request. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.

Right to Appeal. If we fail to take action on your verified request or deny your request, you may appeal that decision by contacting us using the information in Section (R) below. You must submit your appeal within thirty (30) days of receiving our response pertaining to your request. We will, within forty-five (45) days after receipt of your appeal, inform you of our decision, along with a written explanation of the reasons in support of the decision. We may extend the forty-five (45)-day period by sixty (60) additional days where it is reasonably necessary. Should we deny your appeal, you may have the right to contact the data privacy regulator in your jurisdiction.

(P) Terms of Use

All use of our Sites, Apps, products or services is subject to our Terms of Use. We recommend that you review our Terms of Use regularly, in order to review any changes we might make from time to time.

(Q) Direct Marketing

We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps, products or services that may be of interest to you. If we provide Sites, Apps, products or services to you, we may send information to you regarding our Sites, Apps, products or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.

You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances, we will continue to contact you to the extent necessary for the purposes of any Sites, Apps, products or services you have requested.

(R) Contact Us

Gogo's data privacy compliance program is led by Gogo Business Aviation's cybersecurity team. If you have any questions about this Policy, how Gogo obtains and uses your Personal Data, or our policies and procedures relating to your Personal Data, please contact us by e-mail at cybersecurity@gogoair.com or by postal mail at:

Gogo Business Aviation LLC

Attention: Cybersecurity

105 Edgeview Drive, Suite 300

Broomfield, Colorado 80021

United States of America

(S) Cookies and similar technologies

Cookies are small text files that may be stored on your device when you visit a website. They are generally used to make websites work, to keep track of your movements within the website, to remember your login details, to remember your preferences and interests, and so on. There are different types of cookies, and they can be distinguished on the basis of their origin, function and lifespan. Important characteristics of cookies include the following:

• First party cookies are cookies that are placed by the website you are visiting, while third party cookies are placed by a website other than the one you are visiting. Please note that we do not control the collection or further use of data by third parties.
• Necessary cookies are necessary to allow the technical operation of a website (e.g., they enable you to move around on a website and to use its features).
• Performance cookies collect data on the performance of a website such as the number of visitors, the time spent on the website and error messages.
• Functionality cookies increase the usability of a website by remembering your choices (e.g. language, region, login, and so on).
• Targeting/advertising cookies enable a website to send you personalized advertising.
• Session cookies are temporary cookies that are erased once you close your browser while persistent or permanent cookies stay on your device until you manually delete them or until your browser deletes them based on the duration period specified in the persistent cookie file.

More information on all aspects of cookies can be found on www.allaboutcookies.org. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.

Why do we use cookies?

We may use cookies to:

• distinguish between visitors;
• improve the use and the functionality of our Sites;
• process your purchase orders;
• tailor our Sites and products to your needs and preferences; and
• analyse how our Sites are used and compile anonymous and aggregate statistics.

We do not use the collected information to create visitor profiles.

What types of cookies do we use?

An overview of the cookies used on our Sites (other than the SDG Site) is set out in the following table.

An overview of the cookies used on the SDG site is set out in the following table.

In addition, we may also use web beacons (or clear GIFs) and other similar technologies in addition to, or in combination with, cookies. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website or in an email and it helps us to understand the behaviour of visitors to our Sites. More information on web beacons can be found at https://www.allaboutcookies.org/faqs/beacons.html. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). The information generated by Google Analytics Cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

For more information please visit https://www.google.com/analytics/

How can you control cookies and web beacons?

Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set your browser to warn you before accepting cookies, or you can set it to refuse them. Please refer to the 'help' button (or similar) on your browser to learn more about how you can do this.

Disabling cookies may impact your experience on our Sites.

If you use different devices to access our Sites, you will need to ensure that each browser of each device is set to your cookie preference.

More information on how to manage cookies is available from: https://www.allaboutcookies.org/manage-cookies/. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.

In addition, you may opt-out from certain cookies by visiting the following third party websites and selecting which company cookies you would like to opt-out from: https://www.aboutads.info/choices/#completed and https://www.youronlinechoices.com/ Please note that Gogo has no affiliation with, and is not responsible for, these third party websites.