agb logo vertical
Top searches
Recent searches
 Get In Touch
agb logo vertical
Back
  • MEDIA
Get In Touch
Office Building Overview
Get to know how Axiata is going from being a telco-business oriented Group to a fully digital company.
OUR COMPANY
Our People
Corporate Structure
Corporate Governance
Our Story
BUSINESS FOCUS
Our Portfolio
Digital Telcos Infrastructure Digital Businesses
ACHIVEMENTS
Awards & Milestones
Empower Overview
Our Portfolio – comprising Telecoms and Technology assets.
Telecoms (Digital Telcos)
Logo Celcomdigi
CELCOMDIGI
Logo Xlsmart
XLSMART
Logo Dialog
DIALOG
Logo Robi
ROBI
Logo Smart
SMART
Telecoms (Infrastructure)
Logo Edotco
EDOTCO
Logo Linknet
LINKNET
Technology (Digital Businesses)
Logo Boost
BOOST
Logo Ada
ADA
Logo Adl
ADL
Document Chart Overview
Integrated Annual Report 2024 Integrated Annual Report 2024
Download Downloads
Contact IR Contact
FINANCIAL PERFORMANCE
Quarterly Results
Integrated Annual Reports
Financial Highlights
Dividends
Financial Outlook
Debt Securities
EVENTS
IR Events
IR Presentations
Annual General Meetings
Extraordinary General Meeting
STOCK INFORMATION
Stock Exchange Announcements
Stock Quotes & Charts
Shareholdings
Equity Analyst Coverage
Suitcase Overview
Axiata’s commitment to safeguarding people, data, and systems as we drive digital inclusion across Asia.
CYBERSECURITY
Cybersecurity
DATA PRIVACY
Data Privacy
Integrating Data Privacy into Business Operations
Globe Green Overview
Advancing Asia as the Next Generation Digital Champion — Axiata aspires to deliver sustainable value for all.
FRAMEWORK
Advancing Digital Societies
Advancing Green Economy
Advancing Our People & Communities
Driving Governance Risk
Driving National Development
Top searches
Recent searches

Integrating Data Privacy into Business Operations

In order to comply with and operationalize the T.R.U.S.T. principles, Axiata shall implement the following Data Privacy Practices: 

Banner illustration

LAWFULNESS, FAIRNESS, AND TRANSPARENCY 



   1. Data must be collected and processed from data subjects in a lawful, fair and transparent manner



To process personal data lawfully, fairly and in a transparent manner. To provide the data subjects with a Privacy Notice which specifies details on the purpose for which the personal data is being collected and processed, source of the personal data, class of the third parties to which the personal data is disclosed or may be disclosed to, security measures towards protection of personal data, data retention requirements, rights available to data subjects and other relevant information in line with applicable Privacy laws.


 


  2. Lawful basis for processing Personal Data: 

 


We will process Personal Data when it is necessary and meets at least one of the following lawful basis where:

  • The data subject has consented for their personal data to be processed, strictly within the purposes for which the consent is given
  • The processing is necessary for the performance of a contract with the data subject
  • Steps are taken at the request of the data subject to enter into a contract
  • The processing is necessary to comply with legal obligations/regulatory requirement
  • It is required for administration of justice
  • To protect the vital interests of data subjects
  • Any other lawful base for processing personal data as stated by applicable Privacy laws 

 

3. Lawful basis for processing Sensitive Personal data:

We will ensure that while processing Sensitive Personal Data explicit consent is required of data subjects except for other lawful basis stated below:

 

  • Exercising obligations which are imposed by law on the Company in connection with employment
  • Any legal proceedings
  • Obtaining legal advice
  • Establishing, exercising or defending legal rights
  • The processing is necessary to protect the vital interests of the data subject or another person
  • Any other lawful base for processing sensitive personal data as stated by applicable Privacy laws

 

4. We will take reasonable steps to maintain accurate, complete, not misleading and up to date personal data only for the purpose(s) identified in the Privacy Notice.

5. We will ensure that personal data collected and processed shall be adequate, relevant and not excessive for the purpose(s) identified in the Privacy Notice.


DATA SUBJECT RIGHTS

Axiata respects the rights of data subjects and shall provide them with the opportunity and platform to exercise their rights. We have established processes for receiving, recording and responding to such requests.

 

 


RETENTION AND DISPOSAL

We will define and document retention periods for various categories of personal data in accordance with the stated purpose or as required by the law. We will ensure that personal data is retained as per the defined retention periods. Post expiry of the retention period, personal data shall be securely disposed or de-identified.

 

 


PRIVACY BY DESIGN 


Privacy by Design is a methodology that enables Privacy to be built into the design and architecture of systems, products and processes.

Axiata has adopted Privacy by Design methodology to ensure that Data Privacy issues are considered at the design phase of any system, service, product or process and then throughout the personal data lifecycle.

 

We will conduct Data Protection Impact Assessments (DPIAs) to identify underlying Privacy risks in the high-risk personal data processing activities.

 

 
VENDOR PRIVACY MANAGEMENT AND CROSS BORDER DATA TRANSFERS



Axiata has established processes with respect to managing high-risk data processing vendors from a Data Privacy standpoint. The processes include the following activities:

 

Due Diligence

Conduct due diligence on prospective high-risk vendor’s information security and Privacy posture prior to onboarding.

Data Processing Agreements

 Include adequate Privacy and information security clauses in all contractual agreements.

Periodic Vendor Assessment    

 Conduct periodic assessment of existing high-risk vendors’ compliance with contractual and regulatory obligations.

DPIAs for Projects    

 Conduct DPIAs prior to onboarding high-risk projects from existing vendors.

 


We will assess the permissibility of Cross-Border Data Transfers in accordance with applicable Privacy laws. Further, the Company shall also ensure that necessary safeguards (such as Data Transfer Agreements) are in place to protect all the Cross-Border Data Transfers.

 

 

PRIVACY INCIDENT AND DATA BREACH MANAGEMENT

We have defined and implemented a process for reporting, assessing, resolving, communicating, escalating, notifying, and performing of any other actions required in the effective management of Privacy incidents and data breaches.

 

 

SECURITY


We have implemented appropriate technical safeguards and organizational measures to maintain  the confidentiality, integrity and availability of personal data.

 

 

AUDIT, REVIEW AND REPORTING


Axiata will carry out periodic Privacy audits on our data processing environment to monitor its compliance against this Policy, Group Privacy standards and applicable Privacy laws.

 

 

TRAINING AND AWARENESS

Axiata mandates annual Data Privacy awareness trainings for our employees and contract staff. We will also raise awareness through knowledge sharing sessions, e-mailers, posters, Privacy campaigns and other such means.