Privacy
VodafoneZiggo has a major responsibility for the protection of customer data and for safeguarding the confidentiality of communication. This goes beyond compliance with laws and regulations. The success of our company is highly dependent on the trust that customers have in us. They must be sure that we treat their personal data responsibly. Protecting privacy is therefore a structural part of our policy and plays an important role in the choices we make.
A special privacy team ensures that our customers' data is safe. Our privacy policy complies with the rules of the General Data Protection Regulation (GDPR). In our privacy statement we inform our customers extensively about how we handle personal data.
Customer Data Belongs to the Customer
Telecom providers are forbidden by law to view the content of calling, texting and internet traffic. Naturally, we abide by the law. The content of conversations, messages and data files therefore remains classified. What we can do, however - with the explicit permission from customers - is to make targeted offers based on usage, interests and demographics. We can recommend a data plan based on a customer’s usage data of the past months, for instance. Needless to say, we do not share personal data with others without permission. We are, however, obliged by law to cooperate in the case of a request for information from a government agency.
Privacy Dashboard
Our customers and our employees have access to a ‘privacy dashboard’, a secure online environment in which they can see what information we record about them. They can make a data protection request, change their contact details, change permission-for-use-of-data settings or request that their data be removed. We received an average of 1,000 data protection requests per month from customers who wanted to know what personal data we recorded about them. In response to customers’ enquiries and additional requests, we regularly update and improve the ‘privacy dashboard’.
Big data
VodafoneZiggo uses data to gain knowledge and insight into the performance and use of services and products with a view to better and more swiftly helping customers. The idea is, after all, that the best service we can offer customers is ‘no service needed’. That means making our services and products so good that everything works as customers should expect it to work.
What we do, for instance, is monitor the use of services so that we can predict when certain network equipment or other devices can be expected to fail. As a result, we can better anticipate and prevent outages by taking pre-emptive measures. Moreover, we gain insight into factors that contribute to a less pleasant customer experience, such as poor WiFi reception. Using this information, we have developed new services with which customers can measure WiFi range in their homes. Upon customer request, we can also investigate remotely what the cause of an outage may be.
In all these examples, we guarantee the confidentiality of customer data by processing anonymous data as much as possible. We do not make personal data available to employees who do not need it to perform their duties. Internal reports can therefore not be traced to individuals. Whenever we do require information on individual data traffic, we request the customer’s permission.
Children
When it comes to privacy, children are a particularly vulnerable group. We take this into account in our policies and marketing activities. We only enter into contracts with individuals of at least 18 years of age and our marketing efforts only target customers of at least 18 years of age. In our Online Masters teaching program, we teach children the meaning of privacy and how to safely use apps and surf the Internet.
Product Design
VodafoneZiggo also takes privacy into account when designing new products and services. Employees must test new projects, systems and applications in advance for privacy risks, so that they can take measures if such risks exist. This is mandatory according to privacy legislation. They use an online privacy management tool, which allows them to easily check for privacy issues. In 2019, employees tested more than 100 new initiatives in this way. When teams come up with new applications with an existing data set, they have their idea tested by our Data Usage Board. The board comprises a group of internal experts who meet every two weeks to determine the conditions under which the teams can continue to develop their ideas.
Privacy Course
We regularly circulate memos among staff concerning matters of privacy and security. Almost everyone did an e-learning module about privacy in 2019. In addition, we also provided a tailored course to 500 employees who play an important role in personal data processing. They learned how privacy legislation works and what it means for their work. We have appointed approximately 50 ‘Privacy Champions’, who have been trained to help their colleagues with privacy issues and answer their privacy-related questions. The Privacy Champions will get every opportunity to learn more in 2020, and to gain IAPP accreditation through e-learning.
More than 500 people were given a tailored course in privacy - employees who perform important roles in the processing of personal data.
About 50 have been trained to become a Privacy Champion. They are the first point of contact for colleagues with questions about privacy.
Privacy Incidents
If something goes wrong with the protection of someone's personal data, we report this to the Dutch Data Protection Authority (Dutch DPA) immediately. If an incident has adverse consequences for customers, they are informed as soon as possible. We also inform them about what we are doing and what they can do to minimise any consequences. Customers with complaints can go to our customer service, or contact our Privacy Office directly. If customers disagree with our response, they can file a complaint with the Dutch Data Protection Authority. This body then takes up the matter with our Data Protection Officer.
2019 | 2018 | |
Number of successfully completed data requests from the organization | 100 | n/a |
Complete Data Protection Impact Assessments (DPIA) | 60 | n/a |
Privacy by Design assessments done (PIAs) | 40 | n/a |
Supplier Security & Privacy Impact Assessments (SSPAs) | 30 | n/a |
In the Processing Register (according to Art.30 GDPR obligation) | 140 | n/a |
Percentage of employees who have followed privacy e-learning | 500 | n/a |
Employees with a higher privacy risk who have followed additional training | 79% | n/a |