The basics

Personal information we collect about you

The personal information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with us even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us.

We will process your personal data based on:

  1. The performance of your contract or to enter into the contractand to take action on your requests. For example, so you can make calls and texts, and browse the internet on your phone, we process things like the numbers you dial, how much data you’re using and when you’re doing it so we can provide connectivity. This also enables us to generate your bill, based on your usage. We also need to conduct credit checks in order to provide you with our products or services.
  2. Our legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, direct marketing, and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit the section of this policy.
  3. Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided; or
  4. Consent you providewhere We do not rely on another legal basis. Consent may be withdrawn at any time
    To withdraw your consent, you may use one of the following method:
  • By logging into My Account (  from our website and clicking on My Profile .
  • Visit any of our stores
  • Calls us on 247
  • If you are a business customer, by calling or sending an email request to your respective Account Manager, who will in turn pass it on to the Business Support Team to process. For more information on how to manage your consents go on section of this policy.

We will collect your information when you, for example:

  • Buy or use any of our products and services;
  • Use our network or our products and services;
  • Register for a specific product or service;
  • Subscribe to newsletters, alerts or other services from us;
  • Contact us through various channels, or ask for information or complain about a product or service;
  • Take part in a competition, prize draw or survey;
  • Subscribe to a My Account on our website or My epic app;
  • Visit, log in to or browse our website;
  • Have given permission to other companies, such as our business or joint-venture partners as well as our third-party suppliers or contractors, to share information about you;
  • Where your information is publicly available; or
  • Are the customer of a business that we acquire.

We also collect information from certain organisations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories, credit check reference/vetting agencies, billing calculating agencies and connected network providers.

We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website and My epic app). For more details on this and how to opt out of these, please see   section of this policy.

The types of information we may have are, where applicable, such as:

  • Your name, address, phone and/or mobile number, your proof of identification, your date of birth, gender and email address;
  • Your credit or debit card information, information about your bank account and other banking information – for example, you’ll have to give us this information when you open an account with us. We will collect the data necessary to process a payment whenever you make a purchase;
  • Your traffic data. This is data we see as part of providing you with connectivity like the numbers you call, the time and duration of the call or the amount of data you are using;
  • Your location data. This can be precise where it uses Global Positioning System (GPS) data or by identifying nearby mobile phone masts and you enable location-based services or features. Or less precise where, for example, a location is derived from your data such as country, a post code or name of a town or city;
  • Your contact with us, such as a note or recording of a call you make to one of our contact centres, a web chat, an email or letter sent, or other records of any contact with us;
  • Your account information, such as dates of payment owed or received, subscriptions you use, account numbers or other information related to your account or included in My Vodafone;
  • Credential information – we will collect passwords, hints and similar security information used for authentication and access to accounts and services;
  • Your preferences for particular products, services and lifestyle activities when you tell us what they are, or we assume what they are, based on how you use the products and services;
  • See section for details on what we collect using cookies, web beacons and other technologies, including ad data;
  • Your browsing history. We collect the categories of website you have browsed on your mobile, device or PC, for example Sports, Music or News. However, we don’t have a history of the sites you browse, as this is limited for a short period of time to enable the connection to be made. We use these interests to send you personalised marketing or show you personalised advertising. You can opt out of advertising through or, in the case of marketing, read more on how you can opt-out on Your section of this policy,
  • We can also obtain, from other data providers such as social media agencies, data related to demographic data, interest based data, and internet browsing behaviour (see Third Party Cookies in section of this policy).
  • Other Information we obtain from other sources, such as credit agencies and fraud-prevention agencies.

We will also get information about how you use our products and services, such as:

  • The level of service that you receive – for example, network or service faults and other events that may affect our network services or other services;
  • Details of your use of the specific services or products, for example:

o When subscribing to a Fixed Service connection, a record is kept as to where the service was subscribed to be used in and where the service is actually being used in. Also the MAC address is used for allowing the device to communicate with other devices in the same network with it. This is essential for the network to function.

o Every time you use your mobile phone, a record is kept. This includes the number you called or sent an SMS or MMS to, the length, date and time of that call, SMS or MMS and your approximate location at the time that the communication takes place (based on the location of the nearest cell that you sent that call or message from), the date and amount of data usage on your phone. The same is also recorded every time you receive an incoming call or message. We don’t, however, keep a record of the content of your calls and messages. From time to time when you contact our , this may be recorded for quality assurance and training purposes, but these recordings are retained so that any issues can be taken up.

How we use your personal information

We will use your personal information for the following purpose

  1. To provide you with your service

Processing your order and provide you with your products and service

  • • To process the products and services you’ve bought from us, keep you updated with the progress of your order and ensure compliance with the products’ and services’ terms and conditions;
  • • To provide the relevant product or service to you. This includes other services not included in your agreement with us (e.g. internet banking services offered by local banks), services that use information about where you are, and to make contact with you through messages about changes to the products or services.

 Billing and Customer Care

  • To bill you for using our products and services, or to take the appropriate amount of credit from you;
  • Contact you if the billing information you provided us with is about to expire or we are not able to take payment;
  • To respond to any questions or concerns you may have about our network, products or services.
  • For troubleshooting purposes in order to rectify any fault which is raised by the customer

Service messages

  • We will contact you with  messages to keep you updated with current information about products and services you’ve used. For example, changes to our terms and conditions, price plan and data use, upgrades you might be entitled to, roaming or service interruptions.

Provide Roaming Services

  • To improve your roaming experiences, to ensure that we’re meeting our commitments around fair use, to detect and resolve fraudulent use of our networks (and our partner roaming networks) and to solve technical issues if you are experiencing.
  • To understand how we are  performing in providing roaming services, whether Roaming Services and related products are working as intended, or whether improvements are needed to make roaming better.
  • To guarantee the interconnection service towards the network of the other operators and for the ability to affect payments in regards to this service.

We use personal data such as your name, email address, password, mobile phone number and call records in order to do this. We create aggregated and statistical management reports from this information that do not identify you individually. We may also take this personal data and anonymise it so that more in-depth analysis of our roaming services can be undertaken. This helps us to develop its roaming services for customers without identifying users in an individual way.

  1. To improve our service

Improving and innovating our products and services

  • We collect anonymous, de-identified or aggregate usage and account related information in order to improve the services we offer to everyone. None of these analytics are linked back to you in any way.

 

Manage our networks and understand network usage

  • To protect our networks and manage the volumes of calls, texts and other uses of our networks. For example, we identify peak periods of use so we can try and ensure the networks can handle the volume at those times;
  • To understand how you use our networks, products and services. That way we can seek to review, develop and improve these, develop more interesting and relevant products and services, as well as personalising our products and services.
  1. Marketing & tailoring our service to you

Direct Marketing and Profiling

  • As our customer we will contact you to let you know about our products and services (unless you opt out of such marketing messages from us). We will use your contact details to record your preferences and to keep you informed generally about new products and services, send you newsletters, invite you to participate in a survey or let you know about offers, promotions, prize draws or competitions. We tailor these messages based on the sorts of products and services you’ve bought from us (referred to by us as Basic Profiling). For example, we know not to market to you any top-up related products if you’re on a contractual subscription.
  • Also, we will further tailor these messages using your aggregated browsing, calling and messaging invoiced activities unless you have withdrawn permission for us to process this information for this purpose;
  • We can personalise these messages also using location information (referred by us as Advanced Profiling), if you have given your permission that we process this information for this purpose.
  • If you have given your permission, we will also contact you to let you know about products and services of other third party partner companies which we think may interest you (referred by us as Third Party Offers). For more information on third party partners, read more on section on this policy;
  • We will contact you by SMS, post, email, call or push notifications through our apps.
  • We may also engage third parties to send communications on our behalf (for more information see  information section on this policy)
  • If you are not our customer but have provided personal information along with your permission to be contacted about our products and services we will contact you to let you know about these products and services. We will use your contact details to keep you informed generally about new products and services, or let you know about offers, promotions, prize draws or competitions. You can object to direct marketing at any time. For more information on how to object, visit Your Rights section below.

 Advertising online

  • To deliver advertising that is relevant to you, you’ll also see targeted advertising online based on the use of cookies. This is known as interest-based advertising. It can be on websites or apps belonging to us, those of other organisations, as well as other online media channels such as social media sites. We may also combine data collected via the cookies with other data we have collected. If you don’t want any information processed through the use of cookies, check  section. It explains how to opt out of cookies.
  • To serve advertising messages that are particularly relevant to you, we may engage with third parties to deliver these adverts. In doing so we may share your contact details (limited to email or mobile number) with parties such as Facebook Inc (Facebook Products such as Instagram and Whatsapp) and Alphabet Inc. (such as Google). If you don’t want to receive our personalised adverts from third parties, check  section. For information on how to manage your marketing permissions with us go to section on this policy .
  • Remember that opting out of interest-based advertising will not stop advertisements from being displayed – but they won’t be tailored to your interests.

Research and analytics

We use a variety of analytics methods including what is commonly referred to as “Big data analytics”. Big data analytics are a mathematically driven analysis techniques where large and varied data sets (that is why it is “big” data) to uncover hidden patterns and hitherto unrevealed trends. We have a strict use case process that requires that privacy and data protection law checks are carried out before any use case commences. We have strict rules ensuring that personal information is anonymised or de-identified at the appropriate stage in the process.

We use our analytics to:

  • Market research and to carry out research and statistical analysis including to monitor how customers use our networks, products and services on an anonymous or personal basis;

We do not use analytics for automated decision-making (that is, decision making with no human involvement) which would produce legal effects or other similar significant impacts on you.

  1. Non Marketing Profiling

We will sometimes need to profile you, for credit, fraud and security purposes.

Credit checks and ID

  • We will carry out a credit check when you apply for a contract for any products or services with us.
  • We will also use your personal information for identity verification purposes, for access to your account and for general account management. We sometimes supplement the information we collect about you with information from other sources (e.g. the electoral registry) to assess the accuracy of the information that we have.

The information that you provide upon subscribing to a product or service with us will be used for the following purposes:

  • The personal information that you provide when you apply for a post-paid subscription with us such as your name, surname, address, identification verification, and date of birth – will be used to carry out a credit check with licensed credit vetting agencies, and to verify your identity. This is to protect you from identity theft and us from fraudulent credit applications.
  • Information held about you by the credit vetting agencies may already be linked to or associated with records relating to one or more of your partners where you have associated or joint financial arrangements. When you apply for a post-paid contract, we will assess any cases linked with the information you provided. You may only decline the cases if you declare that such a financial link does not have any adverse effect on your application. We will check the validity of your declaration with the credit reference agencies and if we discover any associated records, which would affect the accuracy of this declaration we may decide not to proceed with the application on this basis. If you still wish to proceed our sales agents will need to contact our Fraud Department who will carry out additional reviews.
  • If your application is still declined following a credit check, it is because of information held by the below credit vetting agencies used by us which you can contact on:
  •  
  • If your contract gets financially disconnected, we will disclose account details including client’s ID card number and amount due to the credit vetting agencies (Malta Association of Credit Management and Credit Info). This information will be retained by the credit vetting agencies, and may be used by us and other organisations to help make decisions about other credit applications made by you or members of your household with whom you are linked financially. For those cases that are passed to our debt collector and court cases opened, we would need to supply the information requested by court such as account details, payment history, payment defaults, account balances, disputes, queries and debts. Any information we hold about your account will also be used for debt tracing and claims assessments. In the event that you do not repay in full and on time, we may tell credit reference agencies who will record the outstanding debt. Once all pending and outstanding balances are cleared, we will update the credit agencies.

Fraud Prevention & Security

  • We will process your personal and traffic data in order to protect against and detect fraud, to protect and detect misuse or damage to our networks, to recover debts or trace those who owe us money resulting from the use of our services.
How we share your personal information

Where applicable, we share information about you with:

  • Partners or agents involved in delivering the products and services you’ve ordered or used;
  • Companies who are engaged to perform services for us, or on our behalf.;
  • Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies for more information, see Credit Checks and ID section under How we use your personal information section on this policy;
  • Debt collection agencies or other debt-recovery organisations;
  • Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law;
  • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement;
  • Emergency services (if you make an emergency call), including your approximate location;
  • Third parties for joint promotions with that third party. They’ll be responsible for their own compliance with applicable privacy laws;
  • Other third parties for authentication and fraud-prevention purposes.

 

Fraud management and law enforcement

  • We will release information if it’s reasonable for the purpose of protecting us against fraud, theft, money laundering, defending our rights or property, or to protect the interests of our customers.
  • If we suspect or detect that false or inaccurate information has been provided and fraud is identified, we can pass the details to fraud-prevention agencies and other telecommunication providers. We, and other organisations, may also access and use this information to prevent fraud, theft and money laundering, for example, when:
    • checking details on applications for credit or other credit-related facilities
    • managing credit and credit-related accounts or facilities
    • managing credit card use
    • managing abnormal phone usage
    • recovering debt

 

We, and other organisations, may also access and use any information recorded by fraud-prevention agencies from other countries.

  • We also may need to release your information to comply with our legal obligation to respond to the authorities’ lawful demands. Your personal data shall only be provided when we in good faith believe we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.

 

Mergers and Acquisitions

If we’re reorganised or sold to another organisation we will provide your information to that organisation.

Third parties that we work with

Where you’ve purchased our products and services using a third party or partner organisation, we often need to exchange information with them as part of managing that relationship and your account – for example, to be able to identify your order and be able to pay them.

If we have a contract with a service provider or contractor to provide us with services or provide a service on our behalf, and they may have access to your personal information, we don’t authorise them to use or disclose your personal information except in connection with providing their services.

We collect and combine information in order to monitor your use of products and services, and that of our other customers, as well as to help us to improve the quality of our products and services. We provide this information to third parties (for example, to content providers and advertisers) but any such third party reporting shall not include information which may identify an individual customer. Also see in How we use your personal information section on this policy under the heading of Advertising online.

If you have given consent, from time to time, we may contact you on behalf of any of our third party partner companies. We do not share your personal information with these companies for this purpose. Such third party partner companies may include any commercial and non-commercial organisations for example philanthropic associations, wholesalers and retailers, entertainment, health services, transportation industry, hospitality and restaurateurs, aviation, communication and information technology industry, real estate agencies, financial and insurance companies.

From time to time, with your permission, we may use third party social media platforms to validate users’ identification such as date of birth. We may also use third party social media, communication including automated customer service channels and platforms.

We will not share customer personal data that we hold with these platforms for this process however as these third party’s terms and conditions and privacy and cookies policies will separately apply to how they use your personal information which may include commercial purposes – please read them carefully before sharing your personal data.

Third party products that you buy through your account with us

Where you buy a third-party product or service through your account with us (such as a mobile application), the contract for it is with the party selling that product or service. We will only charge the amount directly to your bill as part of its arrangements with the seller. As part of this, you’re agreeing that we may pass certain personal information to the seller to complete your purchase with them.

The seller’s terms and conditions and privacy and cookies policies will apply to how it uses your personal information – please read them carefully.

International Data Transfers

We may need to transfer your personal information to other affiliated companies or other service providers in countries outside the European Economic Area (EEA). The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the EEA, if you use our services and products while visiting countries outside this area or if we make use of providers who provide us with a service which requires personal information

If we send your personal information to a country that is not in the EEA, we will make sure that your personal information is properly protected. We will always ensure that there is a proper legal agreement or mechanism that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will ask the third party to enter into a legal agreement or mechanism that reflects those standards.

How long we keep your personal information for

We will store your information for as long as we have to by law. If there’s no legal requirement, we’ will only store it for as long as we need to.

We’re required by law to keep certain personal information about how you use our services for 12 months. Some account information will be held for 5 years from your end of your contract or last transaction, whereas some personal information may be legally required for accounting purposes to be held for 10 years from the end of your contract or last transaction with us.

We will keep some personal information for a reasonable period after your contract with us has finished in case you decide to use our services again. We, or one of our partners, may contact you about our services during this time if you have not opted out of receiving marketing communications from us.

Keeping your personal information secure

We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.

Communications over the internet (such as emails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet.

We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

We will never ask for your secure personal or account information by an unsolicited means of communication. You’re responsible for keeping your personal and account information secure and not sharing it with others.

Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. So make sure you read that company’s privacy and cookies policies before using or putting your personal information on their site.

The same applies to any third-party websites or content you connect to using our products and services.

You may choose to disclose your information in certain ways such as social plug-ins (such as Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information.

 

Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you’re familiar with these.

Your rights

Right to correct personal data

You have the right to have personal information held about you corrected if it is not accurate. If what we hold on you needs updating, or you think it may be inaccurate, please fill out the online  here and email or post it to the address on the form. Alternatively, you can contact our Customer Services https://www.epic.com.mt/contact-us) team.

Right to access personal data

You have the right to make a request for a copy of the personal data that we hold about you. To make this request as an individual or an authorised 3rd party, please fill out the online  here and email or post it to the address on the form. Alternatively, you can contact the  team.

Right to data portability

You have the right to be able to take with you your data you provided to us in certain circumstances. For example, we ensure that you can take your data with you by allowing you to download your monthly bills, at the click of a button, in a format of your choice. In order to do this, log in to My Account ( ) and go to your billing area. If the information you require is not available via My Account please fill out the online form here email or post it to the address on the form. Alternatively, you can contact the  ) team.

Right to object to use of personal data

You have the right, in certain circumstances, to object to us processing your personal information.

To opt out of Marketing messages:

If you no longer want to receive marketing messages from us, you can select to opt out of all marketing communications or only selected methods (email, SMS, phone call or post or survey).

There are various ways to opt out:

  • Log in to your account and go on My Profile to manage your privacy settings; your privacy settings will also provide you with the ability to opt out or into receiving personalised marketing;
  • Contact our team;
  • Click the link to access your Privacy Settings at the end of a marketing email or SMS to unsubscribe;
  • Tell the adviser if you no longer want to receive a marketing call;
  • If you are a business customer, by calling or sending an email request to your respective Account Manager, who will in turn pass it on to the Support Team to process;
  • Disable push notification messages, at any time in our apps by changing the notification settings on your device or by uninstalling the app.

Opting out of marketing messages does not mean that you will stop receiving service-related messages.

In some cases, you may receive marketing from us, even if you’re not a customer or never had contact with us. This is a result of third-party marketing lists which we may acquire from time to time. If you’ve registered to opt out of such marketing, you shouldn’t receive such communications. If you do, we ask that you let us know immediately.

To manage Cookies and understand more about what they are:

Want to disable a cookie, or understand more about what these are? Check section of this policy for full details on how to do this.

To object to other processing where we rely on our legitimate interests:

Please fill in the here below form and press send so we can look into it and get back to you within 30 calendar days from receipt of objection. Alternatively, you can contact the 

Right to object to use of personal data

In case you wish to object to us processing your personal data for legitimate business purpose, you can fill in the following provided spaces.

Right to object to use of personal data

How to lodge a complaint

If you want to contact us about any of your rights or should you wish to complain about how we use your personal information, contact our  fill out the Individual Rights Request form here and email or post it to the address on the form.

Alternatively, you can email our Privacy team directly on privacy@epic.com.mt. We will do our best to help but if you’re still unhappy, you can contact the IDPC – their details are at https://idpc.org.mt/en/Pages/Home.aspx

Right to restrict use of your data

If you feel that the personal data we hold on you is inaccurate or believe we shouldn’t be processing your data, please fill out the Individual Rights Request form here and email or post it to the address on the form or contact our ) team to discuss your rights. In certain circumstances you will have the right to ask us to restrict processing.

Right to erasure

We strive to only process and retain your personal data for as long as we need to which is in accordance with the law, our retention periods and your restriction rights. In certain circumstances you have the right to request that we erase your personal data that we hold. If you feel that we are unlawfully retaining your data longer than we need, it is worth first checking that your contract with us has been terminated which you can do with team. If your contract with us has been terminated, we may still have lawful grounds to process your personal data (for more information on retention periods see How Long We Keep Your Personal Information for ) or to make a request, fill out the Individual Rights Request and email or post it to the address on the form.