Privacy Policy
Kcell has adopted the principles stated in this policy. In our day-to-day operations we expect every employee of Kcell to follow the policy as our way of conducting the business. We also work towards adopting the principles of the policy in all the operations in which Kcell has ownership interests.
1. Introduction
In Kcell we recognise that privacy is important to our customers.
Kcell supports international standards on human rights. The purpose of this policy is to set high and consistent Kcell standards to respect privacy.
The primary objective is to ensure that customers feel confident that Kcell respects and safeguards their privacy. Another objective is to reduce legal and regulatory risks as well as reputational and brand exposure in this respect. Kcell is a telecom operator managing significant networks and data volumes and we therefore aim to ensure network integrity and data security to protect privacy.
Kcell has adopted the Β«Code of Ethics and ConductΒ», based on the Β«TeliaSonera Group Code of Ethics and ConductΒ» (click http://www.teliasonera.com/en/about-us/corporate-governance/codeof-ethics-and-conduct/), upon which this policy is based.
2. Principles
Kcell strives to protect the personal data of customers and to safeguard their privacy. We shall therefore:
- Use best practice in each market to inform customers that Kcell is collecting their personal data and to explain how this data will be used.
- Use free, unambiguous and informed user-consent for collection and processing as the prime method of choice, ensuring transparency.
- Collect only personal data which is relevant and not excessive in relation to the purpose for which it is collected and only collect it for explicit and legitimate purposes.
- Process personal data fairly and lawfully in all operations including when processing such data outside the country where it has been collected. Process personal data only to the extent necessary for performing the processing task in question while always paying attention to the protection of customer privacy. Processing of personal data should be limited to what is needed for operational purposes, efficient customer care and relevant commercial activities, including the processing of anonymous user patterns.
- Not retain personal data longer than is legally required or necessary for operational purposes, efficient customer care and relevant commercial activities. When personal data is no longer necessary to fulfil the purposes which legitimised its original collection and processing, we shall permanently delete or make anonymous such data.
- Keep personal data accurate and reasonably up-to-date. Provide reasonable measures for customers to obtain information about personal data retained about them and to correct inaccuracies.
- Only provide personal data to authorities to the extent required by law or with the customerβs permission. Written demands from authorities are preferable although it is recognised that communications will be oral instead of written in certain circumstances, such as when the law permits verbal demands and in emergency situations.
- On a regular basis assess privacy risks associated with the collection, processing and retention of personal data and develop appropriate mitigation strategies to address these risks.
- Require suppliers, in line with the level of protection in this policy, to exercise special care to prevent loss, theft, unauthorised disclosure or inappropriate use of personal data collected by Kcell. Expect suppliers to process such data fairly and lawfully in all operations, including when such data is processed outside of the country where it was collected or received.
- Protect, with appropriate technical and organizational measures, messages and related information that are transferred in Kcell networks and communications services as well as information concerning the location of a subscription or terminal device.
- Expect every Kcell employee to respect duty of confidentiality by law and written agreements regarding non-disclosure.
To ensure privacy, Kcell protects assets such as personnel, customers, information, IT infrastructure, internal and public networks as well as office buildings and technical facilities. Kcell implements measures to prevent and detect disclosure of sensitive information to unauthorised parties. Kcell takes appropriate measures to detect and promptly respond to security incidents and fraud. Kcell maintains a zero acceptance policy towards criminal activities and fraud. Special attention is given to information affecting customer privacy. Security audits (follow-ups) are continuously conducted to ensure implementation of corrective actions and compliance to Group policies, instructions and legal/regulatory demands.
3. Compliance and handling of infringements
Relevant and sufficient organizational resources shall be in place and secured to ensure proper implementation of this policy and corrective measures shall be taken when necessary.
The impact of this policy should be identified and addressed during the development or procurement of information systems, or the development of products and services.
Employees are encouraged to report violations of these principles by reporting misconduct via the web-based whistle-blowing function or by contacting his/her immediate superior or any member of local executive management or the TeliaSonera Group General Counsel. Regardless of the reporting channel, all allegations of potential violations of these principles that are made in good faith will receive a swift, fair and comprehensive investigation conducted with the relevant internal and/or external assistance.
4. Scope
It is Kcellβs objective to live by the letter and spirit of the law. Any obligations and regulations in the laws that may impose stricter rules or additional limits on the collection and other processing of personal data shall remain unaffected by this policy. This policy applies to how Kcell deals with customer privacy and does not apply to any company outside the Kcell, to any other companyβs website or other companyβs services, even if accessed through Kcellβs network. The type of personal data Kcell collects about individuals, when Kcell collects it and how Kcell processes it, may be further regulated in conjunction with particular services and in the contractual terms for the respective services or otherwise by local legislation. The latest version of this policy is published on http://www.kcell.kz