Vodacom recognises that our customers trust us with their personal information and privacy – from the protection of their personal information, the confidentiality of their private communications to the way we develop our products and services. The way we handle their privacy is a vital part of our responsibility to customers and the success of our business. We aim to create a culture at Vodacom where employees have a clear understanding of how important privacy is and how to ensure it is protected, display an intuitive awareness of privacy and security risks and know how to manage them.
Our Privacy Commitments - which are set at the highest level, in our global Code of Conduct, which all Vodacom employees are bound by - establish the principles that govern our approach to privacy and how we engage with employees, partners and external stakeholders on relevant issues – such as designing products to protect privacy or assisting law enforcement. We value privacy because of its value to people.
Our privacy and security programmes govern how we collect, use and manage customers’ information. We can only ensure customers’ privacy if we first ensure the security of their information and communications. Information security is therefore an essential foundation for our programme. It is vital that we secure and manage this information and can ensure its:
• Confidentiality: Customer information must not be disclosed to, or accessed by, unauthorised people
• Integrity: Customer information and software must be accurate, complete and authentic so that it can be relied upon
• Availability: Customer information must be available when needed – including to our customers.
To deliver the quality of service customers expect, Vodacom needs to manage the flow of communications traffic across our network. We have clear, specified governance and traffic & network management policy requirements around the use and deployment of traffic management technologies which have the potential to monitor, filter, impact the speed or otherwise affect traffic that is conveyed over Vodacom’s network. Moreover, Lesotho has no legal interception legislation. As a result, Vodacom does not intercept or use technology which enables us to intercept our customers’ communications.
We are committed to building privacy considerations into our products and services from the outset, and using our influence to shape the technologies of our partners and peers. Our Privacy Design Principles provide a framework to make sure we will give customers control over how they manage their privacy and how their data is collected, used and shared. We bind our business partners to our privacy standards in order to ensure that they build privacy into the products and services they design and provide to us and our customers, and maintain those standards in their services.
The ability of mobile operators to reasonably identify the location of users has enormous potential to enrich services, applications and business offerings which benefit our customers. Our policies on application and service design ensure we build privacy requirements into every location-based product we offer and ensure that the technologies are not abused.
Assisting law enforcement
Vodacom Lesotho may release information for law enforcement purposes in compliance with the laws of Lesotho. These laws have many legitimate purposes, including fighting crime and terrorism, and protecting public safety. They may also grant law enforcement agencies with legal powers that require telecommunications operators to provide information about customers or users. Law enforcement powers must be balanced with the respect for civil liberties and freedoms, including individuals’ privacy and freedom of expression. Consequently, Vodacom closely manages and monitors compliance with these legal obligations and our relationship with law enforcement authorities to ensure human rights are respected. Our Policy Standard on Law Enforcement Assistance sets out our principles and standards on assisting law enforcement, including processes to ensure our actions are accountable at the most senior level.
Managing operational risks
Vodacom’s privacy officers use Vodacom’s comprehensive Privacy Risk Management System to help us live up to our Privacy Commitments in our day-to-day operations, while ensuring that we are prepared to respond to new privacy and security concerns and risks as they emerge. This system provides the flexibility to respond to local privacy concerns, legal requirements or stakeholder expectations, while providing a common framework to build and measure the maturity of our programme and implement improvements across all key areas of our business operations.
Our privacy programme is underpinned by extensive information and network security practices and technologies designed to secure the infrastructure and systems on which our business and our customers’ privacy is based. These include advanced security monitoring systems to detect and respond to incidents and issues, physical controls including appropriate vetting of people to manage against misuse of access or privileges by our own staff, and significant investment in security technologies. The robust information security policies, processes and procedures supporting these controls are regularly audited and tested.
We require our external suppliers and partners to meet defined minimum security standards, and we conduct risk assessments and due diligence exercises to provide assurance that these are being met in practice. We run a series of coordinated awareness and engagement programmes designed to ensure our staff understand the vital importance of privacy to our customers, including the role that individual employees have in protecting the security of customers’ information.
Questions and complaints
If you have a question or concern about any collection, use or disclosure of your personal information by Vodacom, or about a request for access to your own personal information, please contact our Privacy Team at Compliance@Vodacom.co.ls or call 52212401/52212300.
Our postal address is:
Vodacom Legal and Regulatory
PO Box 7387
You can also visit our office at: