Your privacy is a priority for us. Learn how we process and protect your personal information.
The law defines personal data as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the “data”). If you conclude an electronic communication services contract and do not take advantage of our offer of pre-paid services, then you are a data subject in accordance with valid legislation, and the data that we process about you is personal data.
Anonymous and/or aggregate data, i.e., data that cannot be attributed to specific person from the onset, does not constitute personal data, but rather a result created from an accumulated amount of information.
If you become a customer that uses our services, we will request that you share your personal data.
The data that we process about you is dependent on the products and services that you ordered and/or use, the way that the products and services are used and on your interactions with Vodafone, e.g., depending on the data that we obtained from third parties, but only based on the consent that you have given to such third parties for disclosure.
In the field of electronic communications, a differentiation is made between the three different types of data processed by Vodafone: personal data, operating data and location data.
Vodafone processes personal data designated as identification data. The data that we list does not mean that Vodafone processes the data to such an extent. Vodafone is only fulfilling its obligation to inform, with the scope of data always being individualised for each specific client, with the exception of data that Vodafone is under the statutory obligation to process.
For the sake of completeness, it should be mentioned that under the law, data related to legal entities is not considered personal data.
Personal and identification data is understood to mean the following information in particular: name; surname; address; date of birth; birth registration number or national identifier; age; honorific (sex); numbers of presented documents; company/business name; registered office/business premises; registered office of branch; name, surname and address of persons authorised to act on behalf of a legal entity; identification number; tax identification number; contact telephone number; SIM card number; invoicing information (e.g., type, method and volume of services used); information about end device; type or category of end device; e-mail address; banking information; customer’s behavioural conduct; and other data obtained from the customer in an authorised way.
Only data related to natural persons is protected under personal data protection legislation.
The Act on Electronic Communications defines operating data as any data processed for the needs of transmission of messages via electronic communication networks or for the billing thereof.
So, what is operating data? Operating data is all information needed for customer to make calls, send SMS or MMS messages and use data or other services provided by Vodafone, such as: calling number (A-number); called number (B-number); in the case of forwarded calls, information also about the original number called; start and end of connection; date and frequency of executed connection; IMEI; configuration data; kind of services provided; data connection address (e.g., IP address); and data connection address including operation-related location data, which is necessary information about the locations in the network from which and to which the message was transmitted, with such data only being generated for message transmission.
The law defines location data as any data processed in the electronic communication network or the electronic communication service that determines the geographic position of the telecommunication end device of a user of publicly accessible electronic communication services.
Location data is understood as any data that is processed in the electronic communication network and determines the geographical position. Location data is thus data about the position of the end user of the device, such as information about the network the customer is connected to.
We collect simultaneously written and telephonic communication between you and Vodafone regarding your complaints about services and products, questions about our services, etc. With respect to your telephone number, we also always have information about the services that you order and/or are using. If you share your personal data when ordering products and services through a Vodafone Sales operator or in connection with a marketing event or Vodafone offer, you can be sure that we will use such information in compliance with the law and only to arrange and maintain contact between you and Vodafone.
If you take advantage of some of our marketing offers, we are also allowed to process information necessary to satisfy and check the conditions set out in such offer. You will be informed of such processing in advance. You may also provide us with information about your age, telephone number and electronic address, lifestyle, banking information or other information that you provided during registration or through a survey. If you decide to impart personal information to us, it will only be used for the purpose stated at the time such information was gathered and according to the stated conditions.
You can view our website, speak with Vodafone operators or salespeople at our points of sale without providing us with any personal data (with the exception of cookies, which are required for our website to operate properly).
In such case, you can take advantage of pre-paid services. It needs to be mentioned, however, that even in such case operating and location data are processed, and especially the obligations related to his (e.g., handing over such data to the public authorities). In addition, we will process data about the use of services, the history of recharging, the use of marketing events and the like. If you have your SIM sent to your address or if you use one of our marketing events the use of which requires provision of contact data, we will also process these contact data.
If you decide to use our services or products and enter into an agreement on the provision of electronic communications services or similar agreement, Vodafone is obliged to obtain your personal or identification data to fulfil its contractual obligations.
We process these data in full extent for the period of 6 months from the end of the agreement termination and subsequently in limited extent for to the general limitation period of 3 years.
Pursuant to applicable legal regulations we are obliged to process some of your personal data, such as data generated by electronic communications services, the so-called traffic and location data, and other data - especially personal, contact, identification and payment data, data on services used, billing, and … which are used for the purpose of providing electronic communications services, related services, payment transactions, ensuring interconnection and access to the network, billing and related operations, accounting and tax purposes, identification of abusing the network or services, recovering debts, selling third party products or services through our network or billing them, for calling emergency numbers;
The period of processing these personal data varies according to the laws under which the processing is carried out, for example for tax purposes it is the period of 11 years; with location data it is the period of 6 months from the moment of generating such data. We always process your personal data only for the time required by law.
The legal title of the controller´s legitimate interest applies to such personal data processing where legitimate interests or rights of the controller (Vodafone) or third parties prevail over the interests or rights of data subjects (our customers, taking into account reasonable expectations of data subjects based on their relationship with the controller). These include, for example, protecting of the controller´s property, life and health of employees, persons entering the controller´s premises, debt collection, etc. These data may include your personal, contact or identification data, details of paid invoices, services and products used, data obtained from publicly available sources (registers and databases) and possibly other data.
We process these data only for the duration of the particular purpose, for example during the period of debt recovery and for 21 days with camera recordings.
If you give us your consent to the processing of your personal data, including traffic and location data for marketing and business purposes, we will be able to offer you a “tailored made” offer of new services, products, discounts or other interesting things. Similarly, if you give us your consent to sending you third-party business offers, we will be able to offer you, from time to time, offer of services or goods from our business partners.
Granting of the above consent is voluntary, free and unconditional. You can learn more about the processing of your personal data based on your consent here:
We process the personal data provided based on your consent until you revoke your consent, until it is necessary for the purpose of processing or unless otherwise specified in the wording of the consent.
Within three basic types of personal data used in electronic communications, which are identification, traffic and location personal data, we may process the following categories of your personal data depending on the use of our services and products:
|Customer data||Main customer identification data, such as name, surname, address, date of birth, etc.|
|Authentication data||Data required for customer verification|
|Biometric data||Identifiers relating to physical characteristics of a person (such as call recording when communicating with our call centres, call recording as part of interaction at selected points of sale)|
|Service usage data (calls, SMS, data)||Information on the use of telecommunications services. The data always contains the date and time of the service using (e.g. call, SMS sending), service type and subscriber number of both parties.|
|Content||We process the particular content of the communication, such as the content of SMSs, calls, accessing URLs, in the form of data transmission within our systems.|
|Cookies||Identification for tracking of one person's behaviour on online channels (web, app).|
|Customer care||Customer care data, such as recording of contacting support, satisfaction of claim solution, complaints.|
|Customer value data||Marketing preferences|
|Device data||Device data such as device number and type, manufacturer, colour.|
|Data from device||Device content, such as installed applications, location, or other data if you give us your consent, for example, when using the Device Backup service|
|Financial data||Data on financial flows (invoices and payments)|
|Location data||Location data (GPS position of the device, network or wifi location).|
|Identification data||Identity card number, passport number, copy of an identity card|
|Other unstructured data||The personal data you provide to us while interacting with us without asking you, for example, during a call with our customer service you will mention your health disability|
Vodafone is, among other things, the provider of electronic communication services. If you decide to make use of our services or products and conclude an electronic communication services contract or other similar contract with us, Vodafone is obliged to obtain your personal or identification data and process them for a period specified by law. At the same time, we are obliged, based on valid legal regulations, to process data that arise during the provision of electronic communication services, specifically operating and location data. In such case we are talking about mandatory processing, where data is used for the provision of electronic communication services, related services, payment transactions, arrangement of connection and access to the network, billing and related operations, accounting and tax purposes, identification of unauthorised use of the network or services, debt enforcement, sale of products or services to third parties through our network or billing them, and for the purposes of making calls to emergency numbers. We are further authorised to process your data to protect our company’s legitimate interests.
For us to be able to better target, i.e., “tailor” to you, our offer of new products, services, discounts and other things that may be of interest to you, you can grant us consent to process your operating and location data. Similarly, if you give us consent to send commercial offers from third parties, we can then present you with our business partners’ special offers from time to time. In both cases, this is “voluntary processing” of personal data, which we carry out based on your consent.
Data can be processing automatically or manually.
We collect your personal data if you purchase a product or service from us (including via the internet, by telephone, at a point of sale or through any other sales channel); register for a certain product or service (e.g., by stating your name, surname and address when setting up an email account); order information materials, brochures, magazine and similar services; ask for more information about a product or service or contact us with some other questions and request an explanation; take part in any game or competition organised by Vodafone; use our network and Vodafone products and services; or visit our website.
We can also collect data about you from other sources (“indirect collection”), e.g., from the commercial register, trade licence register or other lists of businesses, debt registers etc. Such collection is also done in compliance with the law.
As part of the process of concluding a contract or anytime thereafter, you are entitled to refuse to grant us consent to processing personal data in the case of voluntary data processing, or revoke such consent at any time.
You always grant consent to data processing for a specific purpose:
Information about the consents that you have granted are available on the Můj Vodafone (My Vodafone) web self service or mobile app. If consent has ben granted, the respective field is crossed out. If consent has not been granted, the field is left empty. Through My Vodafone you also have the possibility to manage your consents.
If you do not find the above described method suitable for you, we will be happy to assist you and provide further information at our points of sale or customer care centre on line *77.
You can revoke your consent at any time.
In case of “voluntary processing”, you have the right to revoke consent at any time. The option to revoke granted consent or the option to grant consent to personal data processing is available on the Můj Vodafone web self service or mobile app.
If you do not find the above described method suitable for you, we will be happy to assist you and provide further information at our points of sale or customer care centre on line *77.
You also have the option of informing us that you are not interest in being sent information about our services. This can be done either in the web self service or app, as mentioned in the previous sentence, or at the contact stated in the respective commercial communication (e.g., by calling *77).
For us to be able to perform our obligations under the contract, i.e., for you to be able to make calls, send text messages and use internet in your phone, we can use your data for purposes related to the provision of services, which includes processing orders, concluding or negotiating a contract, segmenting offers to ensure the contract is advantageous for you, managing and administering your account, sending billing statements, connecting and allowing access to the networks of other operators and providing services and products or information requested by or in response to a complaint or questions about your account. In addition to personal data, we process “operating data” for the purpose of providing electronic communications services and “location data” for the purposes of providing services with added value, as well as for other purposes that the Act on Electronic Communications defines for us.
As it is important for us that Vodafone functions properly, we also process data based on our legitimate interests. We can perform analyses on how you use and how satisfied you are with our services and products, and contact you in this respect as well. We further process data to be able to offer direct marking, i.e., send you offers that suit you. Your data may also be processed to avoid fraud (to protect you and us) and if necessary to conclude or perform a contract between you and us.
A list of the processing operations based on legitimate interests is as follows: general prescription period for enforcement, lawsuits; satisfaction measurement and analysis – TNPS, NPS; direct marketing; unsettled account; and fraud detection. When carrying such processing operations, we assess whether our legitimate interests override your rights. In such cases, you have the right to lodge an objection again such processing.
To be better able to target, i.e., “tailor” to you, an offer of new services, products, discounts and other items that may be of interest to you, you can grant consent to us to process your operating and location data. Similarly, if you grant consent to us to send you business offers from third parties, we may offer you appropriate offers from our business partners from time to time (of course without disclosing your personal data to such third parties).
Like everyone else, we also have statutory obligations, e.g., accounting and tax requirements. To satisfy them, we process the necessary data. Last but not least, your data is processed for technical and safety purposes, i.e., to allow the capacity of our network to be correctly configured and maintained and to identify unauthorised use of our network or services.
We process your data mainly while we are providing the products and services ordered by you, i.e., until they are settled. We process your data only for the time necessary in line with valid legal regulations. This chiefly concerns processing where the processing period is imposed on us by the law or necessary for the controller’s legitimate interests. If you terminate a contractual relationship with us, we are entitled to process your name, surname, address and information about services/goods for the purpose of offering Vodafone business and services even for a reasonable mount of time if you do not let us know you are not interested in this. You always have the possibility to contact us if you do not agree with the processing.
For these purposes, Vodafone uses personal data, such as your name, mobile phone number or records of calls made. Based on this information, Vodafone then creates aggregated and statistical reports for management that do not identify you as an individual. We can anonymise such personal data for the purpose of carrying out a deeper analysis of our roaming services, thanks to which we can development roaming services for customers without identifying each user.
As our customer, we will inform you about new products and services, send you newsletters or official notifications, welcome you to take part in surveys or inform you about offers, promotional events, draws or contests. We modify these messages according to the type of product or services that you have purchased from us (we know, for example, that we should not contact you with more offers if your contract pertaining to the phone is only halfway towards expiration) and according to what services of ours you utilise (for example, we know from the invoice you utilise a lot of data; so, in order to provide you the best from the telecommunication services contract concluded with us, we would offer to modify the tariff).
If you are our non-business customer, before each sale, a risk assessment procedure takes place based on an automated individual decision. This risk assessment processes the following: identification data, such as name, surname, address, birth number, information about already activatd services at Vodafone, information about past debts at Vodafone; information from the Solus register; information from the insolvency register; in the case of legal entities, information from the ARES register; information about invalid documents; in the case of student offers, information from the ISIC card database; and, in case of sales to foreigners, passport number and the country that issued the document etc. – all in compliance with the law. Information so obtained is then assessed in the context of the value and nature of the order. The result of the risk assessment is used to stipulate the security deposit – CZK 0, CZK 2,000, CZK 5,000, or CZK 10,000 – depending on the risk level of the request made.
If you are a business customer, the risk assessment and business customer credit rating are conducted manually. The following is processed in connection with such assessment: company identification data, data about any past debts at Vodafone; information from the Solus register; information from public registers/registries, such the insolvency register, commercial register, ARES register and Trade Licence Register; information obtained from third parties containing information about asset interrelationships between the statutory bodies of a company; and information about a company’s financial results. The result of the assessment determines the steps taken to ensure risk coverage in the form of an amendment to the contractual offer or whether additonal deposit is required depending on the risk rating.
If you are a natural person (individual), you can of course express your opinion and request a re-examination/review by a salesperson as part of your entitlement to exercise your right to objection.
It can happen that customers are unable to pay their debts to us. In such case, the prioritisation of claim recovery and other related steps is carried out. For us to be able to do this, we carry out an internal calculation of the claim prioritisation coefficient. This internal calculation serves as a partial TelcoScore, provided you express consent to the TelcoScore. Find more information about TelcoScore. To calculate this coefficient, the following data may be used: (a) data related to type and method of use of the provided services (e.g., type of tariff, how often you make calls), (b) amount of provided services (e.g., average number of minutes on phone, number of SMS messages), and (c) amount of credit purchased in the case of pre-paid services. The coefficient may also take into account data about the amount paid for flat-rate services, payment behaviour and any information about length of delays and unpaid amounts.
Provided we have your consent, we collect your data on our website, at our points of sale and on the customer help line, during marketing events and even in other ways in order to prepare fitting business offers. We will always contact you within six months. Such consent can, however, be easily revoked (see below for more details).
If you wish, we can contact you even later than the mentioned six months, for example because the term of your contract with a competitor is longer. You have to consent to this, however, and you will be informed via text message in this regard.
Revocation of consent granted to the provision of a business offer
You can revoke this consent at any of our points of sale or on the customer help line (you have to know the contact number that was submitted for us to be able to find your data). If the contact is confirmed by text message, then it will be easier for you to respond to such text message according to the instruction contained in it. Nevertheless, if this method does not suit you, you can also opt to visit a point of sale or call the customer help line or send email to email@example.com to revoke your consent.
We communicate information regarding your personal data to you, our customers, only after sufficiently verifying your identity. This is done primarily by using a customer password. If you do not know your customer password, there are alternative documented procedures for verifying the inquiring party.
Vodafone has in place a certified information security management system in line with international standard ISO/IEC 27001.
Only a limited group has access to the data processed by Vodafone, and binding technical and organisational measures exist for this group. Such measures are revised regularly by Vodafone’s or Vodafone Group’s internal controls and by the public authorities. The measures define the basic rules for obtaining your personal data by unauthorised or third parties. This includes information classification, access authorisation management, workplace conduct, but also Data Loss Prevention, and the code of ethics binding on Vodafone’s business partners and others.
We can disclose your personal data and/or data about your account to third parties only under the conditions set out in the law and in compliance with the General Terms and Conditions, these rules and any other documents that we will agree with your directly.
Vodafone will of course not disclose your personal data to third parties (other than those listed below) if (a) you do not give your consent, (b) it is not necessary for providing services or products that your ordered or are using, (c) if the law does not require it or (d) if Vodafone is not authorised to by the law.
Your personal data may only be disclosed to the following entities:
If we process personal data outside the Czech Republic through one of our partners or our parent company, we shall observe all legal regulations and fulfil all obligations imposed on us by the law.
We may share your data within Vodafone Group (a business group with ownership or control links), particularly in connection with the provision of electronic communications and related services.
Data sharing may also occur when Vodafone has a subsidiary, or in the event of a merger of Vodafone with another company.
A recipient is any person given access to the data, based on either (a) the law or (b) a personal data processing agreement (processors).
If data is given to processors/companies within the Vodafone group, they are obliged to observe not only valid legal regulations, but also the personal data processing agreement, including “minimum security requirements”. Minimum security requirements are technical and organisational safety measures that are observed across Vodafone Group and that guarantee the security of processing of all your personal data not only in our systems, but also in case your data is disclosed to third parties/processors.
Our suppliers and partners must also fulfil our codes, including the Information Protection Code for Partners, which also included information that is by nature personal data.
A list of processors to whom data is disclosed can be found here. The mentioned list can be changed in connection with changes to the business relationships between Vodafone companies and their suppliers.
We may need to transfer your information to other Vodafone Group companies (such as Vodafone service centres in India, Romania, Hungary, Germany and Egypt) or service providers in countries outside the European Economic Area (EEA). The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.
If Vodafone sends your information to a country that is not in the EEA, we will make sure that your information is properly protected. We will always ensure that there is a proper legal agreement that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will ask the third party to enter into a legal agreement that reflects those standards.
To exercise your individual rights, three channels can be used:
If your data is not accurate, you have a right to have it rectified. If the data we have about you needs to be updated or if you believe it to be inaccurate, you can contact us and we will make the necessary corrections.
You have the right to information about the data we are processing about your and to request a copy of the personal data that Vodafone stores about you. The request can only be filed as a natural person, where we can be sure it is in fact you who is making the request. We may charge a reasonable fee for additional copies based on the administrative costs that arise.
Under certain conditions, you have the right to obtain the data provided. Vodafone, e.g., allows monthly billing to be downloaded from the Můj Vodafone mobile app.
Under certain conditions, you also have the right to object to the processing of your personal data by Vodafone.
Falling into this category are situations where we process your personal data based on our legitimate interests. You can also object to direct marketing or satisfaction surveys.
You can apply this right if you believe that the personal data we store about you is inaccurate or should not be processed by us. Under certain circumstance you have the right to request restriction of the processing of the data.
Vodafone strives to process and store your data only for the absolutely necessary amount of time. Under certain circumstances, you have the right to request deletion of your personal data stored by us. If you believe we are storing your data longer than absolutely necessary, we first recommend checking whether your contract with Vodafone has expired, which you can do by contacting customer service. Even if your contract with Vodafone has expired, we may still have justified reasons for processing your personal data.
If you wish to contact us regarding any of your rights or to complain about how we use your data, contact our customer service team or send an email to the personal data protection officer at firstname.lastname@example.org. Our aim is to accommodate your needs to the maximum extent possible; however, if you are still not satisfied, you can turn to the Office for Personal Data Protection (see https://www.uoou.cz/ for more information).
In order for us to be able to satisfy some of your requests to exercise your rights, we have to be entirely sure that it is in fact you, the respective data subject, who is exercising your rights. We have set up the process for granting rights in a way that prevents others from exercising your rights, so that no person other than you obtains data about you. Identification of the data subject thus protects both us and you.