Public Privacy Notice - MTN Zambia
We respect your right to privacy, it is very important to us, and we take the protection of your privacy and ensuring the security of your Personal Data very seriously.
We are committed to the fair and transparent Processing of your Personal Data. This Privacy Notice describes how we Process your Personal Data, explain your rights in relation to the Personal Data we Process, and states our commitment when Processing your Personal Data in a compliant, ethical and secure manner.
Who are we?
We are MTN Zambia Limited
In this privacy notice “MTNZ”, “we”, “our” and “us” refers to MTN Zambia Limited
Who does this notice apply to?
This notice applies to individuals that are:
- any person(s) who contracts with us for the provision of products and services, or who purchases a product from us (“customers”), including potential customers to the extent MTNZ Processes your Personal Data;
- any person(s) who uses our website, mobile applications or any products or services (“users”);
- all suppliers, contractors and service providers of MTN (“suppliers”) including potential suppliers to the extent MTNZ Processes your Personal Data;
- resellers such as MTNZ distributors and agents as well as partners (“resellers”) including potential resellers to the extent MTN Processes your Personal Data; and
- any other persons (save for employees and job applicants) who share Personal Data with MTNZ including beneficiaries, trustees or donors to MTNZ trusts or charitable causes; MTNZ guests (“other Data Subjects”).
Important terms you need to understand when reading this notice?
Data Subject | Means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person from, or in respect of whom personal information is processed. It shall also include any additional persons afforded data privacy rights and protection of Personal Data in terms of Applicable Data Privacy Law(s). |
Local Regulatory Requirements | Legal, statutory, regulatory, license conditions rules, guidelines, Ministerial/National Security orders or directives, and Directives relating to Public safety (where applicable) and Data Sovereignty*-related requirements with which MTNZ is required to comply by applicable authorities in Zambia. *Data Sovereignty relates to the laws and governance structures that Personal Data is subject to, due to the geographical location of where it is Processed. |
Personal Data | Means any information relating to a Data Subject who can be directly or indirectly identified from that data which includes the following: • a name • any identifying number, symbol; • contact information (e.g. e-mail address, postal address, telephone number); • location data or physical address; • online identifier or other assignment to the person; • the biometric information of the Data Subject; • any identifying number, symbol; • or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; • the personal opinions, views or preferences of the Data Subject; • correspondence sent by the Data Subject that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; • the views or opinions of another person about the Data Subject; • the name of the Data Subject if it appears with other Personal Data relating to the Data Subject or if the disclosure of the name itself would reveal information about the Data Subject; and • Sensitive Personal Data. |
Processing | Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, including collection, receipt, recording, organisation, structuring, collation, storage; adaptation or alteration, updating, retrieval, consultation, use, dissemination, disclosure by means of transmission; or otherwise making available, alignment or combination, merging, restriction, blocking, erasure, destruction, disclosure of the information or data by transmission, dissemination or otherwise making available. and/ or degradation. |
Sensitive Personal Data | Means personal data which by its nature may be used to suppress the data subject’s fundamental rights and freedoms and includes revealing a Data Subject’s racial or ethnic origin; sex; marital status; political opinions or persuasions; religious or philosophical beliefs and other beliefs of a similar nature; trade union membership; criminal behaviour relating to the alleged commission of a crime or proceedings relating to the alleged commission of a crime; genetic data; biometric data; data concerning health; both physical and mental health; data concerning a Data Subject’s sex life or sexual orientation, and child abuse data |
What Personal Data does MTN collect and use?
To run our business, we may be required to collect, use, store and otherwise Process your Personal Data. The Personal Data that we may collect and Process can vary depending on the MTN products and services that you use, contract for or that you supply to us; how you may be using or delivering those products and services; and the means by which you may be interacting with us.
We will only collect the Personal Data of yours that is adequate, relevant and limited to what is needed in relation to the specific purposes for which we are collecting it, as described in this privacy notice.
The Personal Data collected and Processed by us may include:
- contact information: which may include your name, contact information (email address, postal address, residential address, telephone number), date of birth, identifying numbers (identity document number, passport numbers and/or other national ID numbers as required) Phone type, any other information required to comply with regulatory requirements;
- location information: we collect information regarding your physical location/ geolocation when you use your device, our products or services and they connect with cellphone towers, wifi routers,, beacons, CPS satelites and/or other MTN technologies or infrastructure;
- network performance:we collect information which inform our network performance such as your use of our products, services or equipment;
- financialinformation:such as your bank account or credit card details; financial history (including information to determine your creditworthiness);
- usage of your devices, our services and products: data usage (including browsing history); telephone records (including information regarding your incoming and outgoing telephone calls); text message records; video streaming (including your selected packages and usage); purchase activities; and other similar information;
- web browsing and application usage: we collect your Personal Data when you visit our website or use our mobile applications. This may include, your IP address, browser type; operating system; mobile carrier; your ISP; URLs of sites from which you arrive or leave the website and mobile applications and sites that have our platform technology embedded; time you spend on our website or mobile applications; links or advertisements you see; purchases made through our website; first party cookies and other webtracking technologies. We may also collect information identifying or related to equipment accessing our networks including the software, configuration, equipment type and other unique identifiers (such as your username and password). Third party cookies will also be collected from our selected marketing technology partner(s), third party websites and applications.
- supplier, reseller, contract and service provider information: which may include name, contact information, billing information, background checks, financial history, employment history, tax information, information related to your performance; any other information which may be required in terms of regulatory requirements applicable to MTN and/or our policies;
- multimedia, data:such as unaltered photographs, audio recordings, or video recordings;
- social media information: we collect your information related to your interaction with our social media accounts, content and marketing campaigns (including your details when you enter into a competition or interact with an advertisements; your comments, your reactions (i.e. ‘likes’)), Personal Data available from your public profile and information you have allowed social media platforms to share with us in terms of your privacy preferences on that platform; and your social media handles;
- biometric information: such as images of you, fingerprints, voice recording or voiceprint, scan of your face in order to identify you;
- demographic information: we may collect information related to your gender, race or ethnic origin, age, education, financial status;
- views, opinions and interests: we collect information regarding your views, opinions and preferences (for example when you participate in a survey or when you provide feedback regarding our products or services or online based behaviour) as well as your interests. In the case of suppliers and resellers, we will obtain the views and opinions of others regarding your performance (e.g. references).
Where does MTN collect my Personal Data from?
In most circumstances we collect Personal Data directly from you, for instance, when you buy or use any of our products or services, visit our website, interact with our customer services departments.
In some instances, however, we will also collect your Personal Data indirectly from third parties, such as from:
- Credit check or vetting agencies;
- Social media platforms;
- Marketing agencies;
- Other entities within the MTN Group (e.g. based on the usage of their applications, websites and sharing of Personal Data);
- Resellers in respect of the Personal Data of customers, users and suppliers;
- Third parties providing supplier and reseller references.
For what purposes does MTN use your Personal Data?
MTN will use your Personal Data for purposes of:
- Verification: we Process Personal Data necessary to verify your identity when you are purchasing our products and services, when you make contact with us, or when we contact you;
- Credit checks: we perform credit checks, including using the services of a credit bureau, where you are applying for a contract for products and/or services with us, and to assess your application;
- Contracting and processing orders: we Process your Personal Data in order to conclude and contract, to process your request to provide products and services and to keep you updated with your order progress and to provide our products and services to you;
- Billingand collection: your Personal Data is Processed to perform billing of your account for your use of our products and services. We also Process your Personal Data to collect outstanding monies due to us through our collection processes;
- Monitor and improve services: we perform research and statistical analysis on our customers’ and/or users’ behaviour for purposes of monitoring the performance of our network, products and services and maintaining or improving our products and services to you;
- Improve value proposition: we analyse our customers and/or users preferences and interests based on their use of MTN websites, mobile applications, products, services and/or social media interactions to improve on our services, products, to perform marketing, online behavioural advertising and to develop new services or products which may be suitable to you;
- Network performance: we Process your Personal Data to protect our network and manage the volume of calls, texts and other use of our network. For example, we identify peak periods of use, so we can ensure the network can handle the volume during those times.
- Marketing: we use your Personal Data to promote and/or market our products and services to you by means of text and voice messaging, email, post, telephone calls, or through social media campaigns, but only if this is permitted in terms of our policies, local regulations and you have not opted-out from the type of direct marketing communications (e.g., where you have opted-out of certain categories of direct marketing but not all categories of direct marketing).
- Fraud and crime prevention: we Process your Personal Data to detect and prevent fraud or criminal activity through the use of our products or services;
- Security: we Process your Personal Data to prevent Personal Data Breaches, and to safeguard our IT systems, networks, assets, buildings and places of work;
- Compliance and Reporting: we Process your Personal Data where this is required to comply with any legal obligations imposed on MTN by applicable law or in response to directives from law enforcement or court orders (for example “know your client” requirements) and to discharge any prescribe reporting obligations.
Customer service: we Process your Personal Data to provide you with customer services including to respond to any question, query, requests, concerns or complaints you may have about MTN, including our network, products, services, employees or our Processing activities. MTN will not further Process Personal Data for any purpose that is incompatible with the original purpose that the Personal Data was collected for unless:
- such further Processing is authorised in terms of applicable data privacy laws;
- we have obtained your consent to the further Processing;
- the further Processing is necessary to comply with an obligation imposed by Local Regulatory Requirements or for conducting proceedings in a court or tribunal; or
- it is for scientific or historical research purposes or statistical purposes.
Is MTN allowed to Process my Personal Data?
We are allowed to Process your Personal Data, so long as we have a legal basis to do so (i.e. there is a justification to Process your Personal Data in terms of laws applicable to MTN and/or our policies permit such Processing). When we Process your Personal Data, we will rely on one of the following legal bases, as appropriate, having regard to the purpose of Processing:
- Performance of a contract: this is when the Processing of your Personal Data is necessary to conclude a contract or perform our obligations under a contract entered into with you
- Legal obligation: this is when we are required to Process your Personal Data to comply with a legal obligation
- Legitimate interests of MTN or a third party: we will Process information about you where it is in our or a third party’s legitimate interest provided these interests are not overridden by your interests and fundamental rights and freedom to data privacy
- Vital interests of the data subject or another natural person: the Processing is necessary to protect the vital interests of the relevant Data Subject or of another natural person
- Public Interest: the Processing is necessary for the performance of a task carried out in the public interest.
- Your consent: in some cases, we will ask you for specific permission to Process some of your Personal Data. This consent may withdrawn at any time.
In those instances when we Process your Sensitive Personal Data, we will rely on one of the following legal bases as appropriate having regard to the purpose of Processing:
- You have given explicit consent to the Processing of your Sensitive Personal Data for one or more specified purposes. You may withdraw such consent at any time;
- Processing is necessary to protect your vital interests or of another natural person and you are physically or legally incapable of giving consent;
- Processing relates to Sensitive Personal Data which was intentionally made public by you;
- Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- Processing is necessary for scientific or historical research purposes or statistical purposes provided such Processing is proportionate to the aim pursued, MTN respects the essence of the right to data protection and MTN provides for suitable and specific measures to safeguard your fundamental rights and the interests.
- Processing of Personal Data related to criminal behaviour is obtained and used in accordance with Local Regulatory Requirements.
Is it mandatory to provide MTN the Personal Data asked for?
It is not mandatory for you to provide any Personal Data to us. However, failing to provide certain Personal Data to us, particularly where that Personal Data has been requested by us may impact our ability to, amongst other things:
- provide our products or services to you;
- to support you with and manage our products and services;
- provide you full functionality to all our webpages;
- on-board you as supplier, reseller, contractor or service provider;
- to allow you access to our premises or buildings.
Does MTN Process my Personal Data automatically?
MTN does not perform any automated decision making (including profiling) which results in legal consequences for you and/or which affects you in a similarly significant manner. Should this change in the future, we will notify you and update this privacy notice accordingly.
How long does MTN keep my Personal Data for?
We will not retain your Personal Data for any longer than is necessary for achieving the purpose(s) for which the Personal Data is Processed, unless:
- retention of the Personal Data is required or authorised by Local laws;
- you have consented to the retention of the Personal Data; or
- the Personal Data is required for historical, statistical or research purposes and provided that we have established appropriate safeguards against the Personal Data being used for any other purposes.
We will ensure that Personal Data which is no longer required, or which we are no longer authorised to retain, is as soon as reasonably practicable, de-identified or destroyed through secure means, alternatively through permanent erasure by appropriate and effective mechanisms.
Does MTN transfer my Personal Data to third parties?
Yes, we do share Personal Data with affiliated third parties, as necessary for our legitimate business needs, to carry out your requests, and/or as required or permitted by law. This would include:
- Our service providers: We transfer your Personal Data to our third-party service providers, such as our (IT) systems providers, our hosting providers, consultants (such as legal advisers), eys balling partners, and other goods and services providers. These providers Process your Personal Data on behalf of MTN in terms of a binding agreement with appropriate security safeguards. MTN will only transfer Personal Data to such a service provider when they meet our strict standards on the Processing of data and security. We only share Personal Data that allows our service providers to provide their services and they are not allowed to Process your Personal Data for any other purpose.
- If we are reorganised or sold to another organisation : MTN may disclose Personal Data in connection with the sale, assignment, or other transfer of the business to which the data relates.
- Courts, tribunals, law enforcement, or regulatory bodies: MTN may disclose Personal Data in order to respond to requests of courts, tribunals, government, or law enforcement agencies or where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government regulations.
- Audits: disclosures of Personal Data may also be needed by our auditors including to perform financial audits, data privacy or security audits and/or to investigate or respond to a complaint or security threat.
- Insurers: our business requirements mean that we carry significant insurance cover in respect of business activities. There are several different participants in the insurance market (e.g., brokers, insurers, and reinsurers, as well as their professional advisors and other third parties involved should there be a claim). Some of these insurance market participants will require that we disclose Personal Data about you to them. The information will be used by the insurance market participants in the underwriting and ongoing administration of the insurance products, where there is a claim that you are relevant to and to allow the insurance market participants to comply with their legal and regulatory obligations. Some of these insurance market participants will handle this information on our behalf (like our service providers described above), but others will want to Process information about you independent of us.
- Other third parties: we may share information with other third parties who use MTN platforms / systems to advertise their product. However, the Personal Data collected is anonymised and/or aggregated prior to sharing with such third parties.
Does MTN transfer my Personal Data internationally?
MTN may only transfer Personal Data outside of Zambia only if such transfers are permitted in terms of Local Regulatory Requirements and on meeting such requirements prescribed by law.
MTN may transfer your Personal Data to other entities within the MTN group of companies. All MTN entities are bound by binding corporate rules which ensures that the MTN entity receiving your Personal Data protects your Personal Data in accordance with those binding corporate rules.
MTN may also transfer certain Personal Data outside of Zambia] to third parties working with us or on our behalf for the purposes described in this Privacy Notice if permitted in terms of Local Regulatory Requirements. When transferring Personal Data internationally to third parties we ensure your Personal Data will continue to be protected for example, by entering to binding data transfer agreements or by ensuring there are adequate data privacy laws, which requires the relevant third party to adhere to the data handling and data protection requirements, acceptable to MTN.
How does MTN secure my Personal Data?
MTN secures the integrity and confidentiality of the Personal Data in its possession or under its control by implementing appropriate, reasonable technical, physical, and organisational measures to prevent:
- accidental loss of, damage to, or unauthorised destruction of your Personal Data;
- unlawful or unauthorised access to your Personal Data; and
- unlawful or unauthorised Processing of your Personal Data.
As part of its processes, MTN takes reasonable measures to regularly identify and assess all reasonably foreseeable internal and external risks to Personal Data in its possession or under its control and implements reasonable and appropriate technical, physical and organisational security measures to protect against the identified risks.
How does MTN handle Personal Data Breaches?
While MTN implements reasonable measures to prevent or reduce the likelihood and impact of Personal Data Breaches, this risk can’t be completely eliminated. If MTN becomes aware of or reasonably suspects a Personal Data Breach has occurred or that the integrity or confidentiality of Personal Data has been compromised, MTN adheres to its incident management Policies, Procedures and supporting documents governing the handling and reporting of Personal Data Breaches.
What are my rights?
If MTN Processes Personal Data about you, you have all the rights provided to you under the Data Protection Act No. 3 of 2021 of the Laws of Zambia as may be amended and any other relevant or regulation in Zambia providing for the rights of Data subjects. The rights include but are not limited to :
- Access and correction: you have the right to access the Personal Data retained by MTN. This is sometimes called a ‘Data Subject Access Request’. If we agree that weare obliged to provide Personal Data to you, we will provide it to you free of charge. Before providing Personal Data to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your Personal Data. If the Personal Data we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the Personal Data. If the personal data is incomplete, you have the right to have completed personal data, taking into account the purposes of the processing.
- Right to Data Portability: You have the right to receive personal data in a structured, commonly used, machine readbale or otherwise legible format and you may transmit the data to another data controller.
- Purpose of processing: You have the right to understand the purpose for which your personal data is being processed, the category of data the process relates to, and the categories of recipients the data is disclosed to, and the envisaged period for which the personal data shall be stored, where possible or if not possible, the criteria used to determine that period, the data being processed, as well as the source of that data. You have the right to notification of all third parties to whom your data has been disclosed and the measures put in place to safeguard your personal information
- Object to Processing: you have the right to object to us Processing your Personal Data, on grounds relating to your particular situation, under certain circumstances (including to receiving direct marketing from us). For example, if we are Processing your Personal Data on the basis that is necessary for purposes of our or a third party’s legitimate interest or in the public interest. You may also object if you believe there is no legal basis for us to Process your Personal Data anymore.
- Withhold consent: you have the right to withhold your consent without any fear of negative repercussions in circumstances that we seek your consent to Process your Personal Data. If you experience any intimidation or negative repercussions for withholding your consent you should report this to our whistleblower hotline at 7475 or send an email to ethics@mtncloud.onmicrosoft.com or DataprivacyOffice.zm@mtn.com.
- Withdraw consent:you also have the right to withdraw your consent at any time and we cease Processing your Personal Data unless there is an alternative legal basis to continue Processing your Personal Data. We will advise you if we intend to continue Processing your Personal Data in these circumstances.
- Disposal/Restrictions: in addition, you may have rights to have your information deleted I destroyed if we are keeping it too long or have no legal basis to Process it. You may also request that the Processing of your Personal Data is restricted in certain circumstances.
- Erasure: You have the right to erasure of personal data as soon as practicable and the data controller shall have the obligation to erase personal data without undue delay where the personal data is nolonger in relation to the purposes for which it was collected, consent has been withdrawn, the data has been unlawfully processed, or where the personal data has to be erased for compliance with a legal obligation.
- Lodge complaints: you have the right to lodge a complaint regarding the way your Personal Data is being Processed with MTN or if you believe there has been a breach of MTN privacy policies and/or data privacy laws.
You can make a request or exercise these rights by contacting MTN at Dataprivacy0ffice.zm@mtn.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and internal policies.
Finally, you always have the right to lodge a complaint with the supervisory authority in charge of protecting Personal Data, the Data Protection Commission, whose contact details are:
- Postal Address: Data Protection Commission, P.O Box 50464 Lusaka.
- Email Address: likando.luywa@mots.gov.zm
- Telephone number: 0966762407
- Website: www.mots.gov.zm
Contact us
If you have any questions or concerns regarding this Privacy Notice and would like further information about how we protect your information and/or when you want to contact your local Data Protection Officer (DPO), please email us at DataprivacyOffice.zm@mtn.com.
If you Feel that your questions or concerns have not been adequately dealt within or otherwise Feel uncomfortable raising them with the local DPO you may contact groupdataprivacy@mtn.com.
You may also lodge any perceived non compliance with privacy policies and/or breach of privacy laws with 7475 or send an email to ethics@mtncloud.onmicrosoft.com
Changes to privacy policy
MTN may modify this Privacy Notice from time to time to reflect our current privacy practices. When we make changes to this notice, we will revise the “effective” date at the top of this notice and any changes affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.