Vodafone makes every effort to ensure that your personal data is properly and lawfully protected. At Vodafone, we have dedicated teams that continuously check the processing of your personal data, resolve discrepancies and continuously work to enhance security in accordance with relevant legal regulations. The security of our systems is also very important given the fact that Vodafone is part of the critical infrastructure of the state. Last but not least, the security of your data is one of the highest priorities of the global Vodafone Group, which is why the security measures are on a really high level and in line with the latest recommendations.
Similarly, when your personal data is processed by one of our suppliers, we ensure that their security rules for personal data processing are in line with Vodafone's high standards, i.e. that they contain appropriate security requirements, for example, for securing data access, data transmission or employee training. We regularly check compliance with these requirements. The suppliers process your personal data only for contractually defined purposes and for the necessary period of time.
Vodafone holds the Information Security Management System Certificate ISO/IEC 27001 and "D" classification level certificate from the National Security Authority of the Czech Republic.
Considering the condition of technology devices, costs, nature, extent, context and purpose of your personal data processing, as well as the potential and serious risks to your rights and freedoms, we apply the appropriate technical and organizational measures in order to ensure security of your personal data. These measures help us to ensure the continued confidentiality, integrity, availability and resilience of the systems and services when processing your personal data.
Vodafone has set up processes for regular testing, assessment and evaluation of the effectiveness of established technical and organizational measures to ensure security of the processing. Through our "Security and Privacy by Design" process, we assess every new product, service, project or internal process within the company and every major change to current products and processes to ensure that your personal data is secure and processed in accordance with applicable legislation. We also manage the sharing of your personal data within the company and Vodafone Group very rigorously.
Where it is efficient and technically feasible, we use the following security methods:
Vodafone provides mobile services in accordance with international standards for GSM services under the applicable Electronic Communications Act. According to international standards, the GSM network is designed for the transmission of unclassified messages with short-term validity, i.e. this can be interpreted to mean that no calls subject to any level of classification should be handled within the GSM network without additional security measures. Standard encryption algorithms are used to transmit communications between the mobile device and the network.
If, in an exceptional case, there is a specific risk of a breach of network security in relation to the protection of your privacy, we will inform you immediately, as well as of any remedies available.
To ensure the security of our internet services, Vodafone implements measures according to the highest international standards and certificates. The level of security is also subject to regular internal and external audits. To ensure that we are able to meet the highest standards of security for our Internet services, we use technologies such as advanced firewalls, web application firewalls, encryption of data flows within applications, multi-factor authentication, DDOS protection, advanced global cybersecurity monitoring, security zoning, security patching and other globally standardised cyber protection tools and methods.
However, when securing Internet services, it is important to remember that if you are using your own devices, or if the devices supplied by us are under your administrative control, it is important that you also place sufficient emphasis on the security of these devices. Otherwise, we are unable to ensure the complete security of the Internet services provided to you.
Our website or the content you access using our products and services may contain links to third party websites or, for example, social network plug-ins such as Google, Facebook, Twitter, SDK, beacons, etc. The operator of such websites is responsible for the security and content of such websites. We therefore recommend that you familiarise yourself with the privacy policy of the respective operator beforehand and keep your data safe.
Also, please be aware that if you connect your device to wireless networks via WiFi, we are unable to provide sufficient security for communications between your device and this WiFi.
In order to access the customer account, a password may be generated for the customer to communicate with the operator. This password is sent to the customer via SMS when the customer account is created. To ensure maximum security of the customer account, we recommend that you change this automatically generated password as soon as possible. When changing the password, it is necessary to choose a sufficient password containing 6 - 15 numeric characters without using descending or ascending character sets, combinations of the same numeric characters and other easily guessable combinations.
Vodafone staff in bricks-and-mortar stores and call centres does not have access to your full password. They can only ask for two digits, which are randomly determined by the system, for your authentication and cannot influence the choice of these digits. To protect your password, we recommend that you only ever state these required digits.
The customer password must be protected and not disclosed to third parties. This will ensure that no one can access your account. Protect your password, as anyone who proves your password may be deemed to be authorised to act for the customer. It should be remembered that if unauthorised access to a customer's account occurs due to a weak password or because the password has been given to a third party, Vodafone cannot be held liable for any damage incurred in such a case.
In the event that you forget your password, you will be asked to answer pre-defined and randomly selected questions to help us authenticate you in an alternative way. After completing the alternative authentication, you will be sent a newly generated administrator password. Again, we recommend that you change this generated password to a password that is easier for you to remember while meeting the password security requirements.
To ensure higher level of security for customer account access, there are different levels of permissions. Each of these permissions is assigned its own password, and we will make a determination as to the validity of your request based on the password you provide to us. For example, while the Administrator password allows you to fully manage your account, including ordering new services and accessing most data, the user password is limited to operations related to a specific phone number without the ability to order new services.
Administrator Password is common to the entire customer account - it can be used to log in under any phone number on that account. It provides full control over the entire account and all its phone numbers. It is possible to order new services, change the settings of existing services, change addresses and other data on the customer account. In general, any changes affecting the amount of the bill must be made using the administrator password. You also have the ability to change the value of passwords of all levels using the administrator password.
User password is required for each phone number and allows you to make only basic changes to your customer account. It is mainly used to access information about the phone number and to view the Smart Overview, i.e. your current spending. If you authenticate with this level of password when communicating with the operator, some of your requests will not be able to be processed if they are requests that can only be processed with a higher level of authorisation.
Payer password is optional and provides full control over a group of telephone numbers grouped under one billing number. It is therefore a kind of intermediate step between a user password and an administrator password. It is ideal for those customers who, for example, have multiple separate units within their organisation. If there is a customer account for a large company that has branches all over the country, a payer password will allow the responsible person to be able to manage services, billing, etc. for just one branch without having access to manage the customer account for the entire company. This level of password can also be useful for large family accounts.
E-mail login allows you to manage multiple customer accounts within a single profile. For more information about how to use E-mail login, please refer to your internet self-service. To log in by using e-mail, you choose e-mail and password to log in. The password you choose has to fulfill at least 3 of 4 conditions – small letter, large letter, number or special character. The minimum lenght of the password is 8 characters. The password you choose for e-mail login is not processed by Vodafone in its customer systems and therefore cannot be used to authenticate you when talking with customer service line or in stores. The passwords listed above, which you can find in your e-mail login, are used for authentication when you call the customer service line or visit our stores. The login details for the e-mail login are therefore only used to log in to the internet self-service. We would also like to point out that if you decide to activate e-mail login, the original numeric password will no longer be valid for logging in to the internet self-service. As stated above, other passwords will remain valid for authentication when communicating with our customer service line and visiting our stores. You may also select the two-factor authentication option within e-mail login.
You can use any of the above passwords in combination with your phone number or e-mail login to log in My Vodafone mobile application. In My Vodafone mobile application, you can choose to log in permanently; if you do so, you will not need to enter your login details every time you use the application However, please note that if you use the persistent login option, it may be possible that a third party who has access to your mobile device will be able to access the app and make changes to your services without your knowledge. Vodafone cannot be held responsible for any damage that may occur in such a case. You can also use biometric authentication such as fingerprint or facial recognition to log in the mobile application In this case, Vodafone does not process your biometric data, but only uses the already built-in authentication functionalities of your mobile devices from Google, Apple and others.
Login to other applications such as Vodafone TV, Automanažer, Vodafone Gallery and others is described in detail in the terms and conditions or instructions of these services. These login details are not used to communicate with the operator, only to log in to these applications. However, it is still important to protect these passwords and not to disclose them to third parties and to always choose a sufficiently strong and unique password.