Individual States Rights - Xfinity by Comcast

Additional Notices:

California Notice at Collection

California law provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” rights to access, delete, and correct certain Personal Information we collect about them, restrict us from “selling” or “sharing” certain Personal Information, and limit our use of Sensitive Personal Information, as defined by the law and described in the categories below. These rights apply to all residents of California, regardless of whether you are a customer, business contact, or member of the workforce. As a California resident, you have a right not to receive discriminatory treatment for the exercise of your privacy rights.

The California Consumer Privacy Act ("CCPA") defines “Personal Information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

You or your authorized agent may submit a request to exercise these rights by visiting our xfinity.com/privacy/requests or calling us at 1-844-963-0138. To opt out of personalized advertising and the sale or sharing of Personal Information, or to set preferences regarding our use of Sensitive Personal Information, please visit the Xfinity Privacy Preferences Center and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, and Xumo TV.

Residents of the State of California also have the right to request information regarding third parties to whom the company has disclosed certain categories of Personal Information during the preceding year for the third parties' direct marketing purposes under California's "Shine the Light" law (Cal. Civ. Code § 1798.83). Personal Information under this California law means "any information that when it was disclosed identified, described, or was able to be associated with an individual." We do not disclose this type of Personal Information to third parties for their own purposes and we permit you to opt out of any disclosures of non-identifiable Personal Information. However, if you are a California resident and would like to inquire further, please email Comcast_Privacy@comcast.com.

Learn more about your rights if you are a California resident and how to exercise them

Collection, Use, and Retention of Personal Information

The general section of this Privacy Policy describes the types of Personal Information we collect, how we collect it, how we use it in categories that are easy to understand. The CCPA requires us to disclose the Personal Information we have collected about consumers in the following categories. Some of the categories include very different types of information within the same category and certain Personal Information may fall into multiple categories. How we use and how long we keep the information within each category will vary, and not all types of information within the same category will be used for all the purposes listed.

California law also requires us to provide information regarding the criteria we use to determine the length of time for which we retain Personal Information. We utilize the following criteria to determine the length of time for which we retain Personal Information:

The business purpose for which the information is used, and the length of time for which the information is required to achieve those purposes
Whether we are required to retain the information in order to comply with legal obligations or contractual commitments, or is otherwise necessary to investigate fraud or other illegal activities, to ensure a secure online environment, or to protect health and safety
The privacy impact on the consumer of ongoing retention, including the consumer’s likely expectations in light of the sensitivity of information and our Privacy Commitments
The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle in light of the volume and complexity of the systems in our infrastructure

Individual pieces of Personal Information such as those listed above may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.

Identifiers

Name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers

SOURCE

Directly from you when you provide it to us, such as when you create an account
From our systems when we generate the information and assign it to you, such as your account number or your IP address from third parties
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Additional categories of information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, Social Security number, physical characteristics or description, address, telephone number, driver's license or state identification card number, education, employment, bank account number, credit card number, debit card number, or any other financial information. Some Personal Information included in this category may overlap with other categories

SOURCE

Directly from you when you provide it to us, such as when you create an account or pay for your Services
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Protected classification characteristics under California or federal law

Age (40 years or older), national origin, marital status, gender, veteran or military status

SOURCE

Directly from you when you provide it to us, such as when you sign up for an offer for veterans
From third parties who make inferences regarding your household, such as marital status or the age ranges of people within your household

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

SOURCE

From you when you complete transactions with us
From third parties

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, scans of the hands or face geometry, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data

SOURCE

Directly from you when you provide it to us, such as when you seek to authenticate your identity.
From our systems when you opt in to certain features of our Services, such as Xfinity Home security, that may collect information and generate inferences about physical patterns to deliver the Services and applicable features you have selected

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To verify your identity
To make improvements to our existing Services and create new products, services, or features
To protect the health and safety of our customers, employees, contractors, or the general public

Internet or other electronic network activity information

Browsing history, search history, and information regarding your interaction with one of our internet websites, applications, or an advertisement.

SOURCE

From our systems when you use or interact with our Services
From third parties. For more information on these third parties, see our Cookie Notice

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To personalize our Services and to provide marketing and advertising, when you use our websites like Xfinity.com or ComcastBusiness.com or apps (see our Cookie Notice).
We do not use information collected from our broadband network through the provision of Xfinity Internet or Xfinity Mobile for these purposes.

Geolocation data

Precise physical location or movements

SOURCE

From our systems when you use or interact with Services that collect this information, such as Xfinity Mobile or the Xfinity apps and websites

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services
To personalize our Services and to provide marketing and advertising; we do not use information collected from our provision of Xfinity Internet or Xfinity Mobile for these purposes

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information

SOURCE

From our systems when you use certain features of products and services that may collect information and generate inferences about physical patterns, such as Xfinity Home security features or when you use the Voice Remote to deliver Services and applicable features that you have selected

PURPOSE OF COLLECTION AND USE

To provide our Services
To make improvements to our existing Services and create new products, services, or features

Inferences drawn from other Personal Information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

SOURCE

From our systems through a series of computer processes

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services

Sensitive Personal Information

Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of mail, email, and text messages; genetic data and biometric information; information collected and analyzed concerning a consumer’s health; or information collected and analyzed concerning a consumer’s sex life or sexual orientation. Some Personal Information included in this category may overlap with other categories. We do not collect all of these examples of Sensitive Personal Information, nor do we use all types of Sensitive Personal Information for the purposes described below.

SOURCE

Directly from you when you provide it to us, such as when you create an account or pay for your Services
From our systems when you use or interact with Services that collect this information or when you opt into certain features of our Services
From third parties who make inferences regarding your household

PURPOSE OF COLLECTION AND USE

To offer or provide our Services
To make improvements to our existing Services and create new products, services, or features
To provide marketing and advertising
To personalize our Services
To verify identity and to protect the health and safety of our customers, employees, contractors, or the general public

Disclosures to third parties for a business purpose

For all enumerated categories listed above, we limit disclosures of Personal Information for business purposes to service providers, as described in When and To Whom We Disclose Information.

Related Businesses

For all enumerated categories listed above, we may share Personal Information with Our Related Businesses (corporate.comcast.com/privacy-related-businesses), as described in When and To Whom We Disclose Information.

Sharing and sale of Personal Information and right to opt out

The CCPA requires companies to include certain disclosures relating to your right to opt out of “sale” or “sharing.” We do not sell information that directly identifies who you are to anyone and we do not knowingly sell the Personal Information of consumers under 16 years of age. To opt out of the sale or sharing of non-identifying information, please visit the Xfinity Privacy Preferences Center (xfinity.com/privacy/your-privacy-choices) and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, and Xumo TV. Your authorized agent may also contact us at 1-844-963-0138; however, opt-out of the sale or sharing of Personal Information via cookies and similar technologies must be implemented at the browser level on each device you use to access our websites. Please note that your right to opt out does not apply to our sharing of data with service providers, with whom we work and who are required to use the data only on our behalf. Below are the types of information “sold” and the categories of third parties that receive the information. This information does not, in and of itself, identify who you are.

Identifiers to advertising networks, data analytics providers, social networks, and audience measurement companies.

Internet or other electronic network activity information to advertising networks, data analytics providers, social networks, and audience measurement companies.

Inferences drawn from other Personal Information to advertising networks

Right to know, right to request correction, and right to request deletion of information

California residents have the right to request that we disclose what Personal Information we collect, use, and sell, as well as the right to request that we delete certain Personal Information that we have collected from you. If we hold Personal Information that is not accurate, California residents have the right to request that we correct this information. You or your authorized agent may submit a request to exercise your rights by visiting www.xfinity.com/privacy/requests or calling us at 1-844-963-0138.

For your security and to ensure unauthorized third parties do not access your Personal Information, we will require you to verify your identity before we can act on your request. If you are a current customer or still have access to your Xfinity account, you will be required to authenticate through your Xfinity account. If you do not have an account with us, you will be required to provide an email address and mobile phone number to start the verification process. You may also be required to provide a qualified government-issued photo identification. If you are asking for access on behalf of someone else, we will require verification of your identity, as well as proof of authorization by the individual whose Personal Information you wish to access.

There may be information we will not return in response to your access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with your deletion request, such as the need to keep your Personal Information to provide you service or to fulfill a legal obligation. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to restrict use of Sensitive Personal Information

California residents have the right to request that we restrict our use of Sensitive Personal Information. You can limit our use and disclosure of your Sensitive Personal Information for personalized recommendations, marketing, and advertising purposes through the Xfinity Privacy Preferences Center.

Right to information regarding participation in data sharing for financial incentives

We may run promotions from time to time and ask you to share Personal Information with us in exchange for discounts. We will always give you clear notices about these types of programs when you sign up, and participation is always voluntary. If you change your mind, you will always be able to opt out, and if you don’t participate, you will still be able to use our Services.

To review the number of requests we have received over time, how we have complied with those requests, and the median or mean number of days in which we respond to such requests, please visit www.xfinity.com/privacy/reports.

Additional information regarding certain state residents’ privacy rights

The laws of certain U.S. states provide their residents with certain rights with respect to their personal information. When we use the term “personal information” in our Privacy Policy, it includes “Personal Data” as defined under these state laws. If you are a resident of one of the following states, you may have certain rights under the laws of your state: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

The laws of these states provide their residents with one or more of the following rights:

to confirm whether we process your personal information and access such personal information
to delete certain personal information
to correct certain personal information
to receive a list of third parties to whom we disclose personal information
to restrict the “sale” of personal information and processing for purposes of targeted advertising
to control our use of personal information considered sensitive
not to receive discriminatory treatment for the exercise of your privacy rights

While these laws provide state residents with the right to opt out of automated profiling that would produce legal or other similarly significant effects, we do not use personal information to make automated decisions in any situation where you would have a legal right to opt out. If this changes, we will notify you of your right to opt out before processing your personal information in this way.

When your preferences are set to restrict our processing of sensitive personal information, we continue to process your sensitive personal information for purposes that are strictly necessary to provide products and services you have requested. Depending on your state of residence, you may be opted out of optional processing of sensitive personal information by default.

California residents also have the right to know certain details about our processing of their personal information. If you are a California resident, please see our California Notice at Collection for this information.

Comcast Cable Communications, LLC and other entities operating under the Comcast and/or Xumo names are the controllers of your Personal Data. Our products and services are offered under a number of brands, including Xfinity, NOW, Effectv, Comcast Business Services, Machine Q, Deep Blue, and Comcast Technology Services. If you use Xumo Play, Xumo LLC is the controller of your Personal Data.

How to exercise your rights

You or your authorized agent may submit a request to exercise your access, deletion, and correction rights by visiting xfinity.com/privacy/requests or calling us at 1-844-963-0138. For your security and to ensure unauthorized third parties do not access your personal information, we will require you to verify your identity before we can act on your request. If you are a current customer or still have access to your Xfinity account, you will be required to authenticate through your Xfinity account. If you do not have an account with us, you will be required to provide an email address and mobile phone number to start the verification process. You may also be required to provide a qualified government-issued photo identification. If you are asking for access on behalf of someone else, we will require verification of your identity, as well as proof of authorization by the individual whose personal information you wish to access.

You may also view our list of third parties to whom we disclose Personal Data by visiting xfinity.com/privacy/reports. To opt out of personalized advertising and the sale of Personal Data, or to set preferences regarding our use of sensitive Personal Data, please visit the Xfinity Privacy Preferences Center and make the appropriate selections in the Settings menu of your relevant devices including X1, Flex, and Xumo TV. Your authorized agent may also contact us at 1-844-963-0138. Please note that preferences with respect to cookies and similar technologies must be implemented at the browser level on each device you use to access our websites.

If we deny your request, you have the right to appeal our decision. You can request further review through the request dashboard.

Specific information regarding Washington and Nevada residents’ Consumer Health Data

Washington and Nevada laws require specific disclosures regarding the Consumer Health Data we collect, how it is used and shared, and the access, deletion, appeal, and non-discrimination rights Washington and Nevada residents have with respect to the processing of such data. Consumer Health Data is personal information that identifies your past, present, or future physical or mental health status.

When you use our services, you may enable accessibility features or self-identify as having certain medical conditions (e.g., blindness). We use this information to deliver, maintain, and improve the services you request and use. If you subscribe to our broadband or mobile services, we may process health information related to your browser searches or the applications you use. This information is subject to the Xfinity Internet DNS Privacy Statement and is used only to deliver the services you request or use. We may also collect biometric information such as audio recordings and facial scans when used as a means of identification, in accordance with our Privacy Policy. If we collect biometric information about you, we comply with the laws of your state regarding notice and consent and will provide additional disclosures as appropriate.

We may use third party service providers or “processors” in connection with the delivery of our services; however, we require these service providers to treat any information shared with them as confidential and to use it only for the purpose of providing the services for which they have been engaged.

We do not sell this data to third parties for any purpose.

How to exercise your rights

If we deny your request, you have the right to appeal our decision. You can request further review through the request dashboard.

Specific Information Regarding Maine Residents’ Privacy Rights

Maine’s Broadband Internet Access Service Customer Privacy Act generally prohibits providers of broadband Internet access service (“Providers”) from using, disclosing, selling or permitting access to “customer personal information” without a customer’s express, affirmative consent, which may be revoked at any time.

However, no consent is required for the collection, retention, use, disclosure, or sale of or access to customer personal information when such activities are required to:

Provide the service from which such information is derived or for the services necessary to the provision of such service;
Advertise or market the Provider's communications-related services to the customer;
Comply with a lawful court order;
Initiate, render, bill for and collect payment for broadband Internet access service;
Protect users of the provider's or other providers' services from fraudulent, abusive or unlawful use of or subscription to such services; or
Provide geolocation information concerning the customer:
- For the purpose of responding to a customer's call for emergency services, to a public safety answering point; a provider of emergency medical or emergency dispatch services; a public safety, fire service or law enforcement official; or a hospital emergency or trauma care facility; or
- To a provider of information or database management services solely for the purpose of assisting in the delivery of emergency services in response to an emergency.

A Provider may not refuse to serve a customer who does not provide consent when required or charge a customer a penalty or offer a customer a discount based on the customer's decision to provide or not provide consent.

A Provider shall take reasonable measures to protect customer personal information from unauthorized use, disclosure or access, taking into account the nature and scope of the Provider's activities, the sensitivity of the data the provider collects, the size of the Provider, and the technical feasibility of the security measures.

In addition, a Provider may use, disclose, sell, or permit access to non-CPI, unless the customer opts out.

If you are an Xfinity customer, you can manage your account information and review your privacy settings at xfinity.com/privacy/your-privacy-choices. To review the full Xfinity privacy policy, visit xfinity.com/privacy. To learn more about our privacy commitments, including our commitment to protect your privacy when you use our broadband Internet service, please visit xfinity.com/privacy.

Additional information regarding EEA, Switzerland, and United Kingdom residents’ privacy rights

The EU General Data Protection Regulation ("GDPR") and the UK General Data Protection Regulation provide residents of the EEA, United Kingdom, and Switzerland the rights to receive notice regarding the purposes for which your data are processed and the legal basis for our processing, the categories of recipients of your personal information, whether the personal information will be transferred outside these jurisdictions, and the criteria we use to determine how long to retain your data. You also have the right to receive notice about your rights. These rights apply to all residents of these locations, regardless of whether you are a customer, business contact, or member of the workforce.

The GDPR defines “Personal Data” to mean “any information that is linked or reasonably linkable to an identified or identifiable natural person.” When we use the term “personal information” in our Privacy Policy, it includes Personal Data covered by this definition.

Learn more about your rights if you are an EEA, Switzerland, or United Kingdom resident and how to exercise them

Right to be informed

The general section of this Privacy Policy describes the types of personal information we collect, how we collect it, and how we use it in categories that are easy to understand. For information on our retention practices, please see How long we keep your information above.

LEGAL BASIS FOR PROCESSING

We rely on a variety of legal bases to process your personal information. We mainly process your personal information because it is necessary to perform our agreement to provide the Services to you or because the processing is necessary for our legitimate interests where those interests do not override your fundamental rights and freedoms related to data privacy. Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights. In limited circumstances, we may rely on other legal bases for processing your personal information, including when necessary to comply with a legal obligation or where you provide your consent for processing.

CROSS-BORDER TRANSFER OF INFORMATION

Certain personal information may be transferred to and processed in the US and other countries where we have facilities or in which we engage service providers. The laws in the U.S. regarding personal information may be different from the laws of your state or country. We implement appropriate safeguards to protect your personal information as required by relevant law, including supplemental measures, if we transfer your personal information outside of the EEA, UK, or Switzerland

EU AND UK REPRESENTIVE ENTITIES, DPO

Xumo LLC is a Data Controller operating Xumo Play, a free advertising supported video on demand service that primarily offers a selection of programming content through an app. The data protection officer (DPO) for Xumo LLC can be contacted at dpo@xumo.com.

For individuals who access Xumo LLC products and services from the EU or the UK and wish to exercise their rights under the EU GDPR or the UK Data Protection Act 2018, respectively:

Comcast International France SAS has been appointed as Xumo LLC's EU Representative under Article 27 of the GDPR, and Comcast International Holdings UK Limited has been appointed as Xumo LLC's UK Representative under Article 27 of the UK GDPR.

All inquiries from individuals in the EU or UK related to the processing of their personal information or any inquiries from Supervisory Authorities should be addressed to representative@Xumo.com, or send a letter to:

EU Inquiries: Comcast International France SAS 115-123 Avenue Charles de Gaulle, 5th Floor 92200 Neuilly Sur Seine Paris, France

UK Inquiries: Comcast International Holdings UK Limited 5 Churchill Place, 10th Floor London, UK

You can read more about how you can exercise your rights directly below.

Right of access, right to data portability, right to request correction, and right to request deletion of information

You have the right to request that we:

Give you access to, and a copy of, your personal information we hold in our systems;
Correct or update inaccurate or incomplete personal information we have about you; and
Delete all or some of the personal information we have about you (e.g., if it is no longer needed to provide Services to you).

To submit a request to exercise your rights, please complete the form available at www.xfinity.com/privacy/requests. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response. Please note that, in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Right to object, withdraw consent, and restrict processing

You have the right to request that we:

Stop using, and ensure that all third parties stop using, some or all of your personal information (e.g., if we no longer have a legal basis to process it); and
Stop contacting you with promotional messages.

You can exercise these rights by visiting the Xfinity Privacy Preferences Center (xfinity.com/privacy/your-privacy-choices) and making the appropriate selections in the Settings menu of your relevant Comcast/Xfinity issued devices.

Right to opt out of automated processing

You have the right to opt-out of automated processing where such processing would produce legal or other similarly significant effects. However, we do not use personal information of residents of the EEA, Switzerland, and United Kingdom to make automated decisions about you that would have these effects.

Right to lodge a complaint

You have the right to lodge a complaint with your local data protection authority about our use of your personal information.

Additional information regarding other laws and individual rights

California Notice at Collection

Additional information regarding certain state residents’ privacy rights

How to exercise your rights

Specific information regarding Washington and Nevada residents’ Consumer Health Data

Specific Information Regarding Maine Residents’ Privacy Rights

Additional information regarding EEA, Switzerland, and United Kingdom residents’ privacy rights

Want to learn more?

Review your privacy preferences