Privacy Policy - Vodafone Egypt

Privacy Policy 

SUMMARY 

APPROVING COMMITTEE 


Vodafone Egypt provides services that reach 

deeply to the personal and business lives of our 

customers, who trust us to protect their privacy. 

Violating that privacy may result in serious 

criminal charges and civil liability for both the 

company and the responsible employee. To protect 

our customers‟ privacy, you should adhere strictly 

to the Privacy Policy. 

Head of Legal Department (HOD), Fraud Risk & 

Security Director and Legal Senior Manager 

OWNER Ayman Essam / Senior Legal Manager 

APPLIES TO All Vodafone Egypt employees 

STATUS Final 

THIS DOCUMENT REPLACES None – New Policy 

DISTRIBUTION Intranet & Legal Web Site 

REVIEW DUE DATE July 2011by the Policy Owner 

ISSUED BY: 

Tamer Wahba – Legal Compliance & Process Specialist 

ISSUE DATE: 

1 Vodafone Egypt Telecommunications S.A.E 

Legal Department


INTRODUCTION 

Vodafone is entrusted with the confidentiality of millions of peoples‟ communications and for managing 

an immense volume of personal information. We must continue to foster the trust and confidence of 

customers and employees in the way we handle their personal information and provide services. 

As an organization, Vodafone has undergone, and is continuing to undergo, important changes in the 

way it operates. Privacy comprises a number of separate, but related, concepts, each of which is 

important to Vodafone to establish its business. These include “information privacy”, often referred to as 

data protection, which concerns the protection of information about individuals, “communications 

privacy”, which concerns the confidentiality and privacy of peoples‟ communications, and “territorial 

privacy”, which concerns issues such as unsolicited communications and spam. This Policy provides 

clear lines of accountability and oversight within the business. 

1. What is the objective of this policy? 

1. To pro-actively address customers‟ expectations concerning their privacy and security in order to 

create and ensure trust and confidence in Vodafone and the products and services it provides; 

2. To facilitate business integration and consolidation by ensuring that privacy practices are consistent, 

aligned and meet the Group‟s business objectives; 

3. Minimizing legal liability, regulatory risk and brand and reputational exposure; 

4. To align security requirements for the protection of personal information with Group Security 

Policies. 

2. Who and what is covered? 

This Policy concerns the handling of customer personal information, which includes the collection, 

storage, access, use, updating, disclosure, disposal, destruction or any other processing of such 

information. It is intended to provide a comprehensive set of rules for the management of customer 

personal information throughout the customer lifecycle, including: 

2.1 Requirements concerning the collection of customer personal information; 

Collection methods 

2.1.1 The collection of Customer Personal Information where the Customer provides information about 

themselves to Vodafone, such as on subscription or registration forms (whether online or offline) 

2.1.2 The capture of Customer Personal Information where Vodafone records or logs information about 

the Customer while the Customer interacts with Vodafone in some way (e.g. by visiting a 

Vodafone web site or calling Customer care) or by using a Vodafone service (e.g. call logs, text 

messages sent, WAP pages visited, content purchased) 

2.1.3 The receipt of Customer Personal Information from third parties, such as information about 

Customers received from credit vetting or fraud agencies, from loyalty programme partners, or 

from marketing agencies providing information to enhance our understanding of, and knowledge 

about, our Customers 

2.1.4 VFE shall not collect Sensitive Personal Information unless the Customer has given their explicit 

consent or there is a legal obligation to collect such information where VFE believes there are 

substantial and legitimate reasons for collecting Sensitive Personal Information. Consultancy with 


Legal Department


the Privacy Officer in specific cases must be obtained to identify alternative lawful grounds (if 

available). 

2.2 Identification of permitted business purposes for the collection and use of customer personal 

information; 

Usage Principles 

2.2.1. VFE shall use Customer Personal Information fairly. 

2.2.2. VFE shall only use Customer Personal Information to achieve the relevant Permitted Business 

Purposes selected by the Marketing Department. Customer personal information should be 

anonymised if there is no relevant Permitted Business Purpose that requires a Customer to be 

identified. 

2.2.3 VFE shall not use Customer Personal Information for a purpose other than the relevant Permitted 

Business Purpose(s) for which it was collected. 

2.2.4 In case VFE wishes to use Customer Personal Information for a purpose not identified at the point 

of collection, VFE shall ensure that the use of Customer Personal Information is justified on one 

or more of the following legitimate grounds: 

Contractual necessity; 

Legal necessity; 

and shall ensure that Customers are informed about such additional purposes and that statements 

to Customers are updated with the additional Permitted Business Purposes selected by VFE 

accordingly. 

2.2.5. If neither contractual necessity nor legal necessity apply, nor is obtaining consent possible or 

appropriate, VFE shall consult with the Privacy Officer in specific cases to identify any 

alternative lawful grounds. 

2.2.6 In respect of the use of certain Customer Personal Information and certain uses of this information, 

specific additional requirements or restrictions may be mandated, particularly in relation to 

Sensitive Personal Information, such as certain content preferences, consumption habits or 

financial details. While the collection and use of Sensitive Personal Information will require 

Explicit Consent, not all information will fall into this category but may nevertheless require 

special treatment in order to protect the Customer‟s privacy. 

2.3 Requirements concerning the use of third parties for handling customer personal information; 

2.3.1 VFE shall use third party processors in many areas of their business. These include outsourcing or 

sub-contracting the processing of Customer Personal Information, but also include more everyday 

uses of third parties, such as the appointment of dealers, marketing agents, data analysts, and third 

party system maintenance companies where Customer Personal Information is collected, received 

or accessed on behalf of the VFE. 

2.3.2 VFE shall use all reasonable efforts to observe and guide the third party to protect our customers‟ 

privacy. 


Legal Department


2.4 Requirements concerning disclosures and transfers of customer personal information; 

2.4.1. Subject to any legal requirements to disclose Customer Personal Information, VFE shall only 

disclose or transfer Customer Personal Information to the extent that it is necessary for the 

Permitted Business Purpose(s) for which that Customer Personal Information was collected. 

2.4.2. As a general principle, VFE should not transfer Control of Customer Personal Information. In 

particular, VFE shall not trade in Customer Personal Information, including selling, hiring, or 

renting it to third parties. However, in certain limited circumstances the transfer of Control may be 

justified for a specific purpose, such as in connection with the operation of a loyalty programme 

operated in combination with a loyalty programme partner or partners to which the Customer 

concerned has subscribed. Any transfer of Control must be approved by the Privacy Officer. 

2.4.3. Disclosure of Customer Personal Information may take place where VFE provides or transfers 

Customer Personal Information to a third party, but also includes where a third party is given 

access to the systems (for example, for purposes of system maintenance). VFE shall ensure that 

any disclosures of Customer Personal Information are kept to a minimum, for example, by using 

use „dummy data‟, instead of „live‟ Customer Personal Information. Where it is not possible to 

anonymise Customer Personal Information or use „dummy data‟, VFE shall ensure that the third 

party is appointed as a third party processor and the requirements of this policy with regard to third 

party processors shall be observed in all respects. The Privacy Officer should be consulted on any 

proposed techniques to anonymise Customer Personal Information or use „dummy data‟. 

2.5 Requirements concerning the destruction, retention and anonymity of customer personal 

information; 

2.5.1. Certain Customer Personal Information may be required to be retained for legal reasons. Where 

this is the case, VFE shall maintain a register of the categories of Customer Personal Information 

and the time period and purposes for which it must legally be retained (“Mandatory Retention 

Requirements”). VFE shall retain the categories of Customer Personal Information set out in the 

Mandatory Retention Requirements for the periods and purposes specified. 

2.5.2. Subject to the Mandatory Retention Requirements, VFE shall ensure that Customer Personal 

Information identifies a Customer for no longer than is necessary for the relevant Permitted 

Business Purposes or is otherwise deleted. Therefore, upon the expiration of the Permitted 

Business Purpose(s), Customer Personal Information shall be either permanently deleted or 

anonymised. 

2.6 How to manage customer requests about their personal information; 

VFE shall establish appropriate points of contact to respond to questions, requests and complaints from 

Customers. In particular, VFE shall establish procedures for dealing with the following requests from 

Customers regarding their Customer Personal Information: 

2.6.1. Requests by Customers for copies or extracts of their Customer Personal Information: 

VFE Customer Complaints department shall establish a procedure to enable Customers to have 

copies or extracts of their Customer Personal Information 

2.6.2. Objections or requests regarding direct marketing by VFE: 

VFE Marketing department shall establish a procedure to enable Customers to object to receiving 

direct marketing material and shall ensure that any such objections are respected across all 

business units and communications channels; 


Legal Department


2.6.3. Requests for rectification or deletion of particular Customer Personal Information: 

VFE Customer Service shall establish a procedure to enable Customers to rectify any Customer 

Personal Information held about them where it is inaccurate or incorrect. 

All procedures for managing Customer interactions where the Customer, or an authorized third party 

acting on behalf of the Customer, is provided with information relating to them or their account shall 

include appropriate security controls to ensure that Customers or authorized third parties acting on their 

behalf are identified and verified before such information is provided. 

3. How is the policy applied? 

Responsibility for implementation and compliance 

3.1 The Chief Executive Officer will be responsible for ensuring this Policy is adopted and implemented 

and that the external affairs Director is appointed with responsibility for ensuring that the company 

complies with this Policy. 

3.2 A senior manager is appointed to act as a Privacy Officer with day-to-day responsibility for 

overseeing and co-coordinating compliance with this Policy. The Privacy Officer must have the 

necessary knowledge, skills, training, and resources to perform his / her tasks. However, the role of 

Privacy Officer does not need to be an exclusive role and can be combined with other duties. 

3.3 The Chief Executive Officer is responsible for ensuring that Privacy Officer is provided with 

appropriate support by Function and Department Heads to enable compliance with the requirements 

of this Policy. 

Policy Awareness 

All employees shall be made aware of, and shall be adequately communicated, the requirements of this 

Policy and the specific impact upon their roles and responsibilities. In particular, Department Heads shall 

ensure that all employees in their area of responsibility are aware of and comply with the requirements of 

this Policy. It shall be one of the duties of the Privacy Officer to support Departmental Heads in raising 

awareness and comply with this policy. 

Staff Responsibility 

According to the Egyptian Telecommunications Law; Article (73), any employee releases or helps in 

releasing the customers’ information, will be subject to be jailed and the company has the complete 

right to terminate the employee immediately. 


Legal Department

Privacy Policy - Vodafone Egypt

Create successful ePaper yourself

Delete template?

Save as template?