This document provides regulation on the use of subscriber's personal data. Globacom
recognizes customers' right to privacy, and is committed to honoring relationships using
great care to responsibly protect the customer information in our custody.
Globacom data privacy policy detailed in this document, serves as the standard for all
Globacom employees in the collection, use, sharing, retention, and security of individual
data.
Protection of subscriber data is a high priority at Globacom. Globacom will continue to
maintain the high standards necessary to ensure that customer information is kept
private and secure at all times.
Globacom uses customer data only for business purposes consistent with ethical,
telecommunication practices and in compliance with applicable laws and regulations.
Globacom may disclose customer data to a third party, as permitted by law, but will insist— through a written agreement—that the third party maintain the confidentiality and integrity of the data.
GENERAL PRINCIPLES
Collection and Use of Personal Information
Globacom only collects information that are necessary for specified, concrete, explicit and legitimate purposes and will ensure that the information is not further processed in a manner that is incompatible with those purposes. Globacom have the right to choose whether or not to provide personal information.
Lawfulness of Data Processing
Globacom ensures that processing of personal data is lawful and documents the lawful grounds of processing. For personal data to be processed lawfully, it must be processed based on one of the following legal grounds:
- The data subject's consent to the processing (e.g. Job applicantions, Marketing communication services, Value Added Services, Promotions and adverts, management of billing traffic, subscriber enquiries, prevention and detection of fraud, etc.)
- The processing is necessary for entering in to or for the fulfilment of a contract with the data subject (e.g. employment contract),
- For the compliance with a legal obligation to which Globacom and its affiliates (the data controllers) is subject to (e.g. social security and tax filings)
- For the legitimate interest of Globacom or the party to whom the personal data is disclosed (e.g. user log files or IP addresses may be temporarily stored, and this is justified to assure proper network function and security)
- For the vital interest of the public and other stakeholders
- For public tasks and obligations.
The processing of special categories of personal data must be expressively permitted or prescribed under national law. Additionally, processing can be permitted if it is necessary for the responsible authority to fulfil its rights and duties regarding employment law. The employee may also expressively consent to processing. Except for storage, processing shall cease immediately where there are no longer lawful grounds.
Storage of Personal Information
The personal information collected with customers consent shall be stored in accordance with the laws and regulations on the personal privacy data protection of Nigeria. To the extent not prohibited by local laws and regulations, we may also store the collected personal information in countries or regions outside the country where the business is located.
Rights to Personal Information
As a data subject, customers have series of rights to their personal information, including the right to confirm, access, correct, delete, withdraw consent, and lodge complaints (hereinafter referred to as "request"). Globacom fully understands and respects customers’ rights, and such rights will be subject to specific exclusions and exceptions under applicable laws. Globacom will also take active steps to ensure that customers rights are effectively protected for security reasons. Globacom shall verify customers identity before processing customers’ request. No fee is charged for customers lawful and reasonable request, except for repeated requests that exceed the reasonable limit, a fee would be charged where applicable, and based on actual administrative costs permitted by the applicable laws. We may reject requests that are unreasonably repetitive, require excessive technical means (for example, to develop new systems or fundamentally change existing practices), pose risks to the legal rights of others or are extremely impractical, or violate the mandatory provisions by law.
Employees are made aware of the company’s privacy policy and trained in procedures that maintain confidentiality and integrity. Employees who violate provisions of the privacy policy are disciplined and retrained if need be.
Protecting Customer Personal Information
Globacom has committed to the implementation of administrative, technical and physical measures required according to law to safeguard data subject information. These include:
- Several policies and procedures that address information security
- Designate one or more employees to coordinate information security program.
- Identify “reasonably foreseeable” internal and external risks to the security and confidentiality of consumer information that could lead to unauthorized disclosure, use, alteration, destruction or other compromise of such information and “assess the sufficiency” of the company's safeguards in place to control these risks. Such risk assessment includes, at a minimum, risks in areas of operation such as: detecting, preventing and responding to attacks against the company's systems.
- Evaluate and adjust the company's security program in light of such risk assessment, any material changes to company's business operation or any other circumstances that may have impact on the company's security program.
- Implement safeguards to manage the identified risks and regularly test or monitor such safeguards.
- The company information security program incorporates the following safeguards as appropriate:
- Ensure that storage areas are protected against unauthorized access, destruction or potential damage from physical hazards.
- Storing electronic data subject information on a secure server
- Maintain secure backup media and keep archived data secure.
- Encrypting data subject information when it is transmitted electronically over networks.
- Locking and ensuring only authorized access to rooms and file cabinets where information records are kept.
- Using strong passwords and password-activated screen savers.
- Changing passwords periodically.
- Referring calls or other request for data subject information to designated individuals who are required to address such requests.
- Reporting incidents of fraudulent or suspicious attempts to obtain data subject information.
Retention of Customer Personal Information
Globacom will not keep customers' personal information for longer than required. Globacom will only retain customers' personal information for the duration of customer relationship with Globacom and as required to comply with Nigeria Communication Commissions (NCC) regulation, Security agencies and other applicable laws.
Globacom Use of Cookies
Globacom will not use cookies for any purpose other than those stated in this Policy. Customer can manage or delete Cookies according to your preferences. Customer can clear all the cookies saved on your mobile device or System through the "Setting" option of the corresponding software or browser and product (paths may slightly differ for different device and service), or customer can choose not to be tracked and opt out based on interests by deleting all Cookies or resetting your mobile device software or the system browser (clearing the content and data).
Supplement and Update of the Policy
Globacom reserves the right to update or modify this Policy from time to time in order to reflect the changes in its business, technology and applicable law and practice. In case of any modification of this Policy, Globacom will notify customer of the latest Policy via the official Glo website CLICK HERE or mobile device notifications. Please pay attention to Globacom official website and mobile device notifications for the latest updates of this Privacy Policy. Although this Privacy Policy may be modified, customer rights under this Policy will not be diminished without customer explicit consent.
How to Contact Us
For any comments, questions or concerns with respect to this Privacy Policy or practices of personal information protection, please contact us via: [email protected] or [email protected]. Globacom will review customers' privacy or personal information requests as soon as possible and respond to the customer in 15-30 days after verifying the customer' user identity. If the customers' request itself involves any complicated or significant issue, Globacom may ask for more information. For further escalation please seek remedy from relevant data protection regulatory authority in your jurisdiction.
REVIEW
This policy is subject to review as business requirements demands.