(B) Categories of Personal Data we Collect and Process
(C) Purposes of Processing and Legal Bases for Processing
(H) Disclosure of Personal Data to Third Parties
(I) Selling and Sharing of Personal Data
(K) International Transfer of Personal Data
(S) Cookies and Similar Technologies
This Policy explains how we collect, use, process and disclose information about you. The Policy may be amended or updated from time to time to reflect changes in our practices with respect to the collection, use, processing and disclosure of information about you, or changes in applicable law. We encourage you to read it carefully, and to regularly check this page to review any changes we might make.
This Policy is issued by Gogo Business Aviation, with its principal office at 105 Edgeview Drive, Broomfield, CO 80021 (together, "Gogo", "we", "us" and "our"), and is addressed to individuals outside our organization with whom we interact, including customers, visitors to our Sites, users of our Apps, or other users of our products or services (together, "you"). Defined terms used in this Policy are explained in Section (T) below.
You have certain rights regarding the information we collect about you. Those rights are explained in Section (O) below.
The table below briefly summarizes Gogo's collection and purpose for using personal data. This selection also serves as our Notice at Collection for purposes of the California Consumer Privacy Act (CCPA).
Identifiers (including real name, alias, online identifier, Internet Protocol address and email address)
Yes
Commercial Information (including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
No
Internet or other electronic network activity information (including, browsing history and information regarding a consumer's interaction with an Internet website application, or advertisement, online adverting data and analytics)
Yes
Professional or employment related information
No
Third-party information
No
We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose.
Notice of Right to Opt-Out of Selling or Sharing Personal Data
You have the right, at any time, to direct Gogo not to Share or Sell your Personal Data.
We will honor a request to opt-out of sharing your Personal Data through an opt-out preference signal in a frictionless manner. Opt-out preference signals apply both to your device and your account. You may enable an opt-out preference signal by selecting to opt out at Gogo's Preference Center.
If you would like to opt out of the “Selling” or “Sharing” of your Personal Data, you may submit a request by sending an e-mail to connect@gogoair.com.
To provide our products and services, we collect and Process the following categories of Personal Data about you:
Identifiers and categories of Personal Data
Commercial Information
Internet or other electronic network activity information
Professional or employment related information
Provision of Sites, Apps, products and services: providing our Sites, Apps, products or services; and communicating with you in relation to those Sites, Apps, products or services.
Operating our business: operating and managing our Sites, our Apps, our products and our services; providing content to you; displaying advertising and other information to you; communicating and interacting with you via our Sites, our Apps, our products or our services; and notifying you of changes to any of our Sites, our Apps, our products or our services.
Communications and marketing: communicating with you via any means (including via email, telephone, text message, social media, post or in person) to provide information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.
Financial management: sales; finance; corporate audit; and vendor management.
Surveys: engaging with you for the purposes of obtaining your views on our Sites, our Apps, our products or our services.
Investigations: detecting, investigating and preventing breaches of policy, and criminal offenses, in accordance with applicable law.
Legal proceedings: establishing, exercising and defending legal rights.
Legal compliance: compliance with our legal and regulatory obligations under applicable law.
Improving our Sites, Apps, products, and services: identifying issues with our Sites, our Apps, our products or our services; planning improvements to our Sites, our Apps, our products or our services; and creating new Sites, Apps, products or services.
Fraud prevention: Detecting, preventing and investigating fraud.
Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:
plus:
and:
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
We collect or obtain Personal Data about you from the following sources:
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us.
We do not seek to collect or otherwise Process Sensitive Personal Data.
We disclose Personal Data to: legal and regulatory authorities; our external advisors; our Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offenses; any purchaser of our business; and any third-party providers of advertising, plugins or content used on our Sites or our Apps.
We also disclose the following categories of Personal Data to the recipients and for the business purposes detailed in the chart below.
Gogo Business Aviation affiliates
Assist in facilitating our business obligations.
Vendors who may need access to your Personal Data to help us provide our services (e.g., dealers, OEMs, etc.)
Assist in providing our products and services. For example, we may disclose your Personal Data for installation and troubleshooting of hardware.
Information Technology Partners
Provide us with e-mail address management, communication contact services, manage customer relationships, data storage, and analytics to enhance our marketing campaigns and service.
Payment processors
Process your payments and any refunds relating to the services.
Data analytics firms
Improve our products and services.
Legal, regulatory, governmental authorities, law enforcement or court
Comply with legal obligations
Accountants, auditors, consultants, lawyers and other outside professional advisors
Comply with legal and financial obligations.
Any relevant third-party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets
Effectuate the sale of our business or to obtain financing.
Sponsors and Promotional Partners
Promote our products and services and to enhance our business.
Gogo does not sell the Personal Data of minors under sixteen (16) years of age. In the preceding twelve (12) months, Gogo has “sold” or “shared” the following categories of Personal Data to the following categories of third parties.
Advertisers and advertising networks
Analytics and behavioral advertising networks
Social media companies
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
We Process Personal Data for automated decision-making and Profiling, which is carried out for the following purposes:
Customized discounts
Where we analyze your purchasing activity and your interests. This information is analyzed to determine the most appropriate promotions and discounts to offer you.
This Profiling activity may mean that you receive discounts that are not available to others, and that others receive discounts that are not available to you.
Because of the international nature of our business, we transfer Personal Data within the Gogo group, which consists of Gogo Inc. and its subsidiaries, and to Processors and other third parties as noted in Section (H) above, in connection with the purposes set out in this Policy. For this reason, we and our Processors may access, store, transfer or otherwise Process Personal Data outside the country, province or region in which you reside, including to jurisdictions that may have different laws and data protection compliance requirements to those that apply in the country or region in which you are located.
Gogo complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (collectively, the "Data Privacy Framework") as set forth by the U.S. Department of Commerce. Gogo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Gogo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles" and together with the EU-U.S. DPF Principles, the "DPF Principles") with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit the Data Privacy Framework website.
The Federal Trade Commission has jurisdiction over Gogo's compliance with the Data Privacy Framework. In compliance with the Data Privacy Framework, Gogo commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the Data Privacy Framework should first contact Gogo using the contact details provided in Section (R) below.
In compliance with the Data Privacy Framework, Gogo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on Data Privacy Framework.
We shall remain liable under the DPF Principles if our agent Processes your Personal Data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Additionally, where we transfer your Personal Data from the EEA to recipients located outside the EEA, specifically, who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses or the UK equivalent (i.e., UK addendum to the Standard Contractual Clauses). You are entitled to request a copy of our Standard Contractual Clauses or the UK equivalent (i.e., UK addendum to the Standard Contractual Clauses) using the contact details provided in Section (R) below. Please note that when you transfer any Personal Data directly to a Gogo entity established outside the EEA, we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.
Personal Data is subject to the laws of the jurisdictions in which we or our Processors operate, including laws that may require or permit disclosure or lawful access by courts, law enforcement or other governmental authorities in those jurisdictions. For more information about how we or our Processors handle Personal Data, please contact us as set forth in Section (R) below.
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In addition, we have procedures in place to limit retention periods as described in Section (D) above.
We have also implemented internal policies and technical measures to handle privacy complaints and limit access to your Personal Data within our organization to employees who need the information to perform their job functions. For example, our customer support team may have access to certain types of information during our interactions with you, namely, to respond to complaints and inquiries.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet - any such transmission is at your own risk, and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
We take every reasonable step to ensure that:
In addition, from time to time, we may ask you to confirm the accuracy of your Personal Data.
We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.
You have certain rights relating to the Personal Data we collect from or about you. Those rights include:
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy or about our Processing of your Personal Data, please use the contact details provided in Section (R) below. Please note that in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.
Generally, in order to verify your requests to exercise your rights, we will compare the Personal Data we have about you to pieces of Personal Data we will request in the course of processing your request. The Personal Data required for verification may include your name, email address, phone number or the date of your last purchase from us. We will deliver a response to you within thirty (30) days of receiving your verifiable Data Subject request.
Verifiable requests to exercise the rights mentioned above may be submitted through one of the following methods:
Right to Non-Discrimination. Data Subjects have the right to be free from discrimination when they exercise their Data Subject rights, including freedom from:
Authorized Agent. You may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require you to provide the authorized agent with signed permission to submit a request on your behalf, verify your identity directly with us, and directly confirm that you have provided the authorized agent permission to submit the request. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.
Right to Appeal. If we fail to take action on your verified request or deny your request, you may appeal that decision by contacting us using the information in Section (R) below. You must submit your appeal within thirty (30) days of receiving our response pertaining to your request. We will, within forty-five (45) days after receipt of your appeal, inform you of our decision, along with a written explanation of the reasons in support of the decision. We may extend the forty-five (45)-day period by sixty (60) additional days where it is reasonably necessary. Should we deny your appeal, you may have the right to contact the data privacy regulator in your jurisdiction.
All use of our Sites, Apps, products or services is subject to our Terms of Use. We recommend that you review our Terms of Use regularly, in order to review any changes we might make from time to time.
We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps, products or services that may be of interest to you. If we provide Sites, Apps, products or services to you, we may send information to you regarding our Sites, Apps, products or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances, we will continue to contact you to the extent necessary for the purposes of any Sites, Apps, products or services you have requested.
Gogo's data privacy compliance program is led by Gogo Business Aviation's cybersecurity team. If you have any questions about this Policy, how Gogo obtains and uses your Personal Data, or our policies and procedures relating to your Personal Data, please contact us by e-mail at cybersecurity@gogoair.com or by postal mail at:
GOGO Business Aviation LLC
Attention: Cybersecurity
105 Edgeview Drive, Suite 300
Broomfield, Colorado 80021
United States of America
Cookies are small text files that may be stored on your device when you visit a website. They are generally used to make websites work, to keep track of your movements within the website, to remember your login details, to remember your preferences and interests, and so on. There are different types of cookies, and they can be distinguished on the basis of their origin, function and lifespan. Important characteristics of cookies include the following:
More information on all aspects of cookies can be found on www.allaboutcookies.org. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.
Why do we use cookies?
We may use cookies to:
We do not use the collected information to create visitor profiles.
What types of cookies do we use?
An overview of the cookies used on our Sites is set out in the following table.
ASP.NET_SessionId
First Party (Kentico CMS System)
session end
Functionality (Site Analytics)
Keeps the user session ID for security reasons.
CMSAnalyticsData
First Party (Kentico CMS Visitor)
20 minutes
Functionality (Site Analytics)
Persists user-related data and is used by Web analytics to keep track of exit page candidates.
CMSCookieLevel
First Party (Kentico CMS Visitor)
1 year
Functionality (Site Analytics)
Specifies which cookies are allowed by the visitor.
CMSCsrfCookie
First Party (Kentico CMS Visitor)
session end
Functionality (Site Analytics)
Stores a security token that the administration interface uses to validate all form data submitted via POST requests. Helps protect against Cross site request forgery.
CMSPreferredCulture
First Party (Kentico CMS Visitor)
1 year
Functionality (Site Analytics)
Stores the visitor's preferred content culture.
CMSVarAB<ABtestname>
First Party (Kentico CMS Visitor)
2 months
Functionality (Site Analytics)
Used to maintain consistent content of A/B tested pages for visitors who have not given consent to be tracked (i.e., do not accept cookies of the Visitor level).
Stores the identifier of the page variant assigned to the visitor. The value is transferred to the CMSAB<ABtestname> cookie if the visitor later gives tracking consent and views the tested page.
VisitorStatus
First Party (Kentico CMS Visitor)
20 years
Functionality (Site Analytics)
Indicates if the visitor is new or returning. Used for tracking the visitors statistics in Web analytics.
CurrentContact
First Party (Kentico CMS Visitor)
50 years
Functionality (Site Analytics)
Stores the GUID of the contact related to the current site visitor. Used to track activities on the website.
CMSLandingPageLoaded
First Party (Kentico CMS Visitor)
20 minutes
Functionality (Site Analytics)
Indicates that the landing page has already been visited and the Landing page activity is not logged again for the current visitor. Expires after 20 minutes and the expiration period of the key is renewed every time the website is accessed again.
CMSAB<ABtestname>
First Party (Kentico CMS Visitor)
2 months
Functionality (Site Analytics)
Added for visitors who view A/B tested pages. Tracks conversions for the test and maintains consistent page content for the visitor.
Stores JSON data including the identifier of the page variant assigned to the visitor, the list of performed conversions, and an indicator of whether the visitor is included in A/B testing.
_ga
Third Party (Marketo)
2 years
Functionality (Site Analytics)
Used to distinguish one visitor from another.
_mkto-trk
Third Party (Marketo)
2 years
Functionality (Site Analytics)
Used to distinguish one visitor from another, stores and tracks interaction with the site.
_mkto-trk_http
Third Party (Marketo)
2 years
Functionality (Site Analytics)
Used to distinguish one visitor from another, stores and tracks interaction with the site.
s_ecid
First Party
2 years
Functionality (Site Analytics)
The purpose of this Adobe Experience Platform cookie is to allow persistent ID tracking in the 1st-party state and is used as a reference ID if the AMCV cookie has expired.
In addition, we may also use web beacons (or clear GIFs) and other similar technologies in addition to, or in combination with, cookies. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website or in an email and it helps us to understand the behaviour of visitors to our Sites. More information on web beacons can be found at https://www.allaboutcookies.org/faqs/beacons.html. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). The information generated by Google Analytics Cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
For more information please visit https://www.google.com/analytics/
How can you control cookies and web beacons?
Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set your browser to warn you before accepting cookies, or you can set it to refuse them. Please refer to the 'help' button (or similar) on your browser to learn more about how you can do this.
Disabling cookies may impact your experience on our Sites.
If you use different devices to access our Sites, you will need to ensure that each browser of each device is set to your cookie preference.
More information on how to manage cookies is available from: https://www.allaboutcookies.org/manage-cookies/. Please note that Gogo has no affiliation with, and is not responsible for, this third party website.
In addition, you may opt-out from certain cookies by visiting the following third party websites and selecting which company cookies you would like to opt-out from: https://www.aboutads.info/choices/#completed and https://www.youronlinechoices.com/ Please note that Gogo has no affiliation with, and is not responsible for, these third party websites.