Vodafone Group Privacy Policy
Overview of Vodafone's Privacy Policy
Introduction
Vodafone is entrusted with the confidentiality of millions of peoples' communications and for managing an immense volume of personal information. Vodafone recognises the importance of continuing to foster the trust and confidence of customers and employees in the way it handles their personal information and provides services.
In addition, as an organisation Vodafone has undergone, and is continuing to undergo, important changes in the way it operates. The nature of Vodafone's business, and the increasing need to integrate and operate globally, requires that Vodafone Group companies' (VGC) privacy practices be aligned to ensure that the global business can manage information and data, and develop and provide products and services, in a manner that enables Vodafone to achieve its business objectives, while providing the necessary protections and safeguards required to protect the privacy of the individuals concerned.
Privacy comprises a number of separate, but related, concepts, each of which is important to Vodafone. These include "information privacy", often referred to as data protection, which concerns the protection of information about individuals, "communications privacy", which concerns the confidentiality and privacy of peoples' communications, and "territorial privacy", which concerns issues such as unsolicited communications, spam and intrusive surveillance. The Vodafone Privacy Policy is intended to provide a framework for establishing minimum standards across the Group in all of these areas.
What are the objectives of the policy?
1. To pro-actively address customers' expectations concerning their privacy and security in order to create and ensure trust and confidence in Vodafone and the products and services it provides.
2. To facilitate business integration and consolidation by ensuring that privacy practices across the Group are consistent, aligned and meet the Group’s business objectives.
3. To enable compliance with relevant privacy and data protection laws thereby minimising legal liability, regulatory risk and brand and reputational exposure.
Who and what is covered?
4. The policy concerns the handling of customer personal information, which includes the collection, storage, access, use, updating, disclosure, disposal, destruction or any other processing of such information. It is intended to provide a comprehensive set of rules for the management of customer personal information throughout the customer lifecycle, including:
4.1 Requirements concerning the collection of customer personal information.
4.2 Requirements concerning obtaining consent from the customer, where necessary.
4.3 Identification of permitted business purposes for the collection and use of customer personal information.
4.4 Usage and data management principles.
4.5 Security requirements for customer personal information.
4.6 Requirements concerning the use of third parties for handling customer personal information.
4.7 Requirements concerning disclosures and transfers of customer personal information.
4.8 Requirements concerning the destruction, retention and anonymisation of customer personal information.
4.9 How to manage customer requests about their personal information.
4.10 Specific requirements concerning intra-group management of customer personal information.
5. These requirements are set out in detail in separate policy and procedural documents. Best practice guidelines and recommendations may also be issued from time to time to provide further guidance on specific issues or aspects of the policy.
6. To the extent that the policy is incompatible with any applicable legal requirements relating to a VGC, the applicable legal requirements take precedence over the requirements of this policy.
How is the policy applied?
7. Each VGC is required to appoint a senior manager to act as Privacy Officer with day-to-day responsibility for overseeing and co-ordinating compliance with the policy.
8. It is one of the responsibilities of the Privacy Officer in each VGC to raise awareness of the requirements of the policy and the specific impact upon employees’ roles and responsibilities and to conduct appropriate training.
9. The development and oversight of the policy is the responsibility of a Privacy Steering Group. The Privacy Steering Group may also issue guidance on the policy or recommended best practice from time to time.