Individual States Rights - Xfinity by Comcast

Additional notices:

California Notice at Collection

California law provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” rights to access, delete, and correct certain Personal Information we collect about them, restrict us from “selling” or “sharing” certain Personal Information, and limit our use of Sensitive Personal Information, as defined by the law and described in the categories below. These rights apply to all residents of CA, regardless of whether you are a customer, business contact, or member of the workforce. As a California resident, you have a right not to receive discriminatory treatment for the exercise of your privacy rights.

The California Consumer Privacy Act defines “Personal Information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

You or your authorized agent may submit a request to exercise these rights by visiting our www.xfinity.com/privacy/requests or calling us at 1-844-963-0138. To opt out of targeted advertising and the sale or sharing of Personal Information, or to set preferences regarding our use of Sensitive Personal Information, please visit the Xfinity Privacy Preferences Center and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, XClass and Xumo TV.

Residents of the State of California also have the right to request information regarding third parties to whom the company has disclosed certain categories of personal information during the preceding year for the third parties' direct marketing purposes under California's "Shine the Light" law (Cal. Civ. Code § 1798.83). Personal information under this California law means "any information that when it was disclosed identified, described, or was able to be associated with an individual." We do not disclose this type of personal information to third parties for their own purposes and we permit you to opt out of any disclosures of non-identifiable personal information. However, if you are a California resident and would like to inquire further, please email Comcast_Privacy@comcast.com.

Collection, use, and retention of Personal Information

The general section of this Privacy Policy describes the types of personal information we collect, how we collect it, how we use it in categories that are easy to understand. The CCPA requires us to disclose the personal information we have collected about consumers in the following categories. Some of the categories include very different types of information within the same category and certain personal information may fall into multiple categories. How we use and how long we keep the information within each category will vary, and not all types of information within the same category will be used for all the purposes listed.

California law also requires us to provide information regarding the criteria we use to determine the length of time for which we retain personal information. We utilize the following criteria to determine the length of time for which retain personal information:

The business purpose for which the information is used, and the length of time for which the information is required to achieve those purposes;
Whether we are required to retain the information in order to comply with legal obligations or contractual commitments, or is otherwise necessary to investigate theft or other illegal activities, to ensure a secure online environment, or to protect health and safety;
The privacy impact on the consumer of ongoing retention, including the consumer's likely expectations in light of the sensitivity of information and our Privacy Commitments; and
The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle in light of the volume and complexity of the systems in our infrastructure.

Individual pieces of personal information such as those listed above may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.

Identifiers

Name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers

SOURCE

Directly from you when you provide it to us, such as when you create an account
From our systems when we generate the information and assign it to you, such as your account number or your IP address from third parties
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, driver's license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories

SOURCE

Directly from you when you provide it to us, such as when you create an account or pay for your Services
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Protected classification characteristics under California or federal law

Age (40 years or older), national origin, marital status, gender, veteran or military status

SOURCE

Directly from you when you provide it to us, such as when you sign up for an offer for veterans
From third parties who make inferences regarding your household, such as marital status or the age ranges of people within your household

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

SOURCE

From you when you complete transactions with us
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, scans of the hands or face geometry, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data

SOURCE

Directly from you when you provide it to us, such as when you seek to authenticate your identify.
From our systems when you opt in to certain features of our Services, such as Xfinity Home security, that may collect information and generate inferences about physical patterns to deliver the Services and applicable features you have selected

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To verify your identity
To make improvements to our existing Services and create new products, services, or features
To protect the health and safety of our customers, employees, contractors, or the general public

Internet or other electronic network activity information

Browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement.

SOURCE

From our systems when you use or interact with our Services
From third parties. For more information on these third parties, see our Cookie Notice

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
We do not use information collected from our broadband network through the provision of Xfinity Internet or Xfinity Mobile for these purposes.

Geolocation data

Precise physical location or movements

SOURCE

From our systems when you use or interact with Services that collect this information, such as Xfinity Mobile or the Xfinity Mobile apps and websites

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services
To personalize our Services and to provide marketing and advertising; we do not use information collected from our provision of Xfinity Internet or Xfinity Mobile for these purposes

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information

SOURCE

From our systems when you use certain features of products and services that may collect information and generate inferences about physical patterns, such as Xfinity Home security features or when you use the Voice Remote to deliver Services and applicable features that you have selected

PURPOSE OF COLLECTION AND USE

To provide our Services
To make improvements to our existing Services and create new products, services, or features

Inferences drawn from other personal information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

SOURCE

From our systems through a series of computer processes

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Sensitive Personal Information

Social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents mail, email and text messages; genetic data and biometric information; information collected and analyzed concerning a consumer’s health; or information collected and analyzed concerning a consumer’s sex life or sexual orientation. Some personal information included in this category may overlap with other categories. We do not collect all of these examples of Sensitive Personal Information, nor do we use all types of Sensitive Personal Information for the purposes described below.

SOURCE

Directly from you when you provide it to us, such as when you create an account or pay for your Services
From our systems when you use or interact with Services that collect this information or when you opt into certain features of our Services
From third parties who make inferences regarding your household

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services
To verify identity and to protect the health and safety of our customers, employees, contractors, or the general public

Disclosures to third parties for a business purpose

For all enumerated categories listed above, we limit disclosures of Personal Information for business purposes to service providers, as described in When and with Whom We Share Information.

Sharing and sale of personal information and right to opt out

The CCPA requires companies to include certain disclosures relating to your right to opt out of “sale” or “sharing.” We do not sell information that identifies who you are to anyone and we do not knowingly sell the personal information of consumers under 16 years of age. To opt out of the sale or sharing of non-identifying information, please visit the Xfinity Privacy Preferences Center and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, XClass TV and Xumo TV. Please note that your right to opt out does not apply to our sharing of data with service providers, with whom we work and who are required to use the data only on our behalf. Below are the types of information “sold” and the categories of third parties that receive the information. This information does not, in and of itself, identify who you are.

Identifiers to Affiliates, advertising networks, data analytics providers, social networks, and audience measurement companies.

Internet or other electronic network activity information to affiliates, advertising networks, data analytics providers, social networks, and audience measurement companies.

Inferences drawn from other personal information to advertising networks

Right to know, right to request correction, and right to request deletion of information

California residents have the right to request that we disclose what personal information we collect, use, and sell, as well as the right to request that we delete certain personal information that we have collected from you. If we hold personal information that is not accurate, California residents have the right to request that we correct this information. You or your authorized agent may submit a request to exercise your rights by visiting www.xfinity.com/privacy/requests or calling us at 1-844-963-0138.

For your security and to ensure unauthorized third parties do not access your personal information, we will require you to verify your identity before we can act on your request. If you are a current customer or still have access to your Xfinity My Account, you will be required to authenticate through your Xfinity account. If you do not have an account with us, you will be required to provide an email address and mobile phone number to start the verification process. You may also be required to provide a qualified government-issued photo identification. If you are asking for access on behalf of someone else, we will require verification of your identity, as well as proof of authorization by the individual whose personal information you wish to access.

There may be information we will not return in response to your access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with your deletion request, such as the need to keep your personal information to provide you service or to fulfill a legal obligation. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to restrict use of Sensitive Personal Information

California residents have the right to request that we restrict our use of Sensitive Personal Information. You can limit our use and disclosure of your Sensitive Personal Information for personalized recommendations, marketing, and advertising purposes through the Xfinity Privacy Preferences Center.

Right to information regarding participation in data sharing for financial incentives

We may run promotions from time to time and ask you to share personal information with us in exchange for discounts. We will always give you clear notices about these types of programs when you sign up, and participation is always voluntary. If you change your mind, you will always be able to opt out, and if you don’t participate, you will still be able to use our Services.

To review the number of requests we have received over time, how we have complied with those requests, and the median or mean number of days in which we respond to such requests, please visit www.xfinity.com/privacy/reports.

Additional information regarding Maine residents’ privacy rights

Maine’s Broadband Internet Access Service Customer Privacy Act generally prohibits providers of broadband Internet access service (“Providers”) from using, disclosing, selling or permitting access to “customer personal information” without a customer’s express, affirmative consent, which may be revoked at any time.

However, no consent is required for the collection, retention, use, disclosure, or sale or access to customer personal information when such activities are required to:

Provide the service from which such information is derived or for the services necessary to the provision of such service;
Advertise or market the Provider's communications-related services to the customer;
Comply with a lawful court order;
Initiate, render, bill for and collect payment for broadband Internet access service;
Protect users of the provider's or other providers' services from fraudulent, abusive or unlawful use of or subscription to such services; or
Provide geolocation information concerning the customer:
- For the purpose of responding to a customer's call for emergency services, to a public safety answering point; a provider of emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility; or
- To a provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.

A Provider may not refuse to serve a customer who does not provide consent when required or charge a customer a penalty or offer a customer a discount based on the customer's decision to provide or not provide consent.

A Provider shall take reasonable measures to protect customer personal information from unauthorized use, disclosure or access, taking into account the nature and scope of the Provider's activities, the sensitivity of the data the provider collects, the size of the Provider, and the technical feasibility of the security measures.

In addition, a Provider may use, disclose, sell, or permit access to non-CPI, unless the customer opts out.

If you are an Xfinity customer, you can manage your account information and review your privacy settings at www.xfinity.com/privacy/your-privacy-choices. To review the full Xfinity privacy policy, visit www.xfinity.com/privacy. To learn more about our privacy commitments, including our commitment to protect your privacy when you use our broadband Internet service, please visit www.xfinity.com/privacy.

Additional information regarding Virginia residents’ privacy rights

Virginia law provides Virginia residents with rights to access, delete, and correct certain “Personal Data” we collect about them, as well as to restrict the use of that Personal Data for targeted advertising, restrict the “sale” of that Personal Data, and control our use of Personal Data considered sensitive. If you are a Virginia resident, you also have a right not to receive discriminatory treatment for the exercise of your privacy rights.

The Virginia Consumer Data Protection Act defines “Personal Data” to mean “any information that is linked or reasonably linkable to an identified or identifiable natural person.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

You or your authorized agent may submit a request to exercise your access, deletion, and correction rights by visiting www.xfinity.com/privacy/requests or calling us at 1-844-963-0138. To opt out of targeted advertising and the sale or sharing of Personal Data, or to set preferences regarding our use of sensitive Personal Data, please visit the Xfinity Privacy Preferences Center and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, XClass TV and Xumo TV. If we deny your request, you have the right to appeal our decision. You can request further review through the request dashboard.

Additional information regarding EEA, Switzerland, and United Kingdom residents’ privacy rights

The EU General Data Protection Regulation and the UK General Data Protection Regulation provide residents of the EEA, United Kingdom, and Switzerland the rights to receive notice regarding the purposes for which your data are processed and the legal basis for our processing, the categories of recipients of your personal information, whether the personal information will be transferred outside these jurisdictions, and the criteria we use to determine how long to retain your data. You also have the right to receive notice about your rights. These rights apply to all residents of these locations, regardless of whether you are a customer, business contact, or member of the workforce.

The GDPR defines “Personal Data” to mean “any information that is linked or reasonably linkable to an identified or identifiable natural person.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

Right to be informed

The general section of this Privacy Policy describes the types of personal information we collect, how we collect it, and how we use it in categories that are easy to understand. For information on our retention practices, please see How long we keep your information above.

LEGAL BASIS FOR PROCESSING

We rely on a variety of legal bases to process your personal information. We mainly process your personal information because it is necessary to perform our agreement to provide the Services to you or because the processing is necessary for our legitimate interests where those interests do not override your fundamental rights and freedoms related to data privacy. Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights. In limited circumstances, we may rely on other legal bases for processing your personal information, including when necessary to comply with a legal obligation or where you provide your consent for processing.

CROSS-BORDER TRANSFER OF INFORMATION

Certain personal information may be transferred to and processed in the US and other countries where we have facilities or in which we engage service providers. The laws in the U.S. regarding personal information may be different from the laws of your state or country. We implement appropriate safeguards to protect your personal information as required by relevant law, including supplemental measures, if we transfer your personal information outside of the EEA, UK, or Switzerland

Right of access, right to data portability, right to request correction, and right to request deletion of information

You have the right to request that we:

Give you access to, and a copy of your personal information we hold in our systems;
Correct or update inaccurate or incomplete personal information we have about you;
Delete all or some of the personal information we have about you (e.g., if it is no longer needed to provide Services to you).

To submit a request to exercise your rights, please complete the form available at www.xfinity.com/privacy/requests. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response. Please note that, in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to object, withdraw consent, and restrict processing

You have the right to request that we:

Stop using, and ensure that all third parties stop using, some or all of your personal information (e.g., if we no longer have a legal basis to process it);
Stop contacting you with promotional messages.

You can exercise these rights by visiting the Xfinity Privacy Preferences Center and making the appropriate selections in the Settings menu of your relevant Comcast/Xfinity issued devices.

Right to opt out of automated processing

You have the right to opt-out of automated processing where such processing would produce legal or other similarly significant effects. However, we do not use personal information of residents of the EEA, Switzerland, and United Kingdom to make automated decisions about you that would have these effects.

Right to lodge a complaint

You have the right to lodge a complaint with your local data protection authority about our use of your personal information.

Additional information regarding other laws and individual rights

California Notice at Collection

Additional information regarding Maine residents’ privacy rights

Additional information regarding Virginia residents’ privacy rights

Additional information regarding EEA, Switzerland, and United Kingdom residents’ privacy rights

Want to learn more?

Review your privacy preferences