ROX

We at PMCL, the leading digital operator in Pakistan, take great pride in offering an extensive range of voice, data and digital services, carefully designed to cater to the diverse needs of both individuals and businesses from our selection of prepaid and post-paid plans, complete with a diverse range of packages and bundles, to our suite of digital apps, everything is designed with your needs in mind.Above all, we are fully dedicated to safeguarding your privacy, making it our top priority.

Our collection of personal data is geared towards enhancing the services we provide to you. Personal data is any set of information that relates directly or indirectly to you. This privacy notice outlines our privacy policy and our handling of your personal data, which includes why we collect it, the types of data we collect, how we process it, and how you can manage, correct and/or delete/erase your personal data.

Please note that this document may be supplemented with specific information, when necessary, particularly in the context of specific services or commercial engagements. Additionally, you will find dedicated privacy notices within each PMCL digital app, where applicable.

When PMCL determines the purpose and means of processing personal data, we assume the role of a data controller. If we act as a processor while providing services to a customer, we will process your personal data in compliance with the applicable laws of Pakistan. We will aid the data controller in satisfying data subject rights in accordance with the law, if applicable.

Scope and Application

We prioritize your privacy and handle your personal information with the utmost care, in compliance with applicable laws of Pakistan. If you have any questions or concerns about this privacy notice or your personal data, please do not hesitate to contact us at [email protected]. It is advised to please read this notice carefully to fully understand the measures taken to safeguard your privacy.

What personal information we collect?

The personal information we collect adheres to, inter alia, clause 6.8 of our licensing requirements, Subscriber’s Antecedents Verification Regulations, 2015 & Branchless Banking Regulations and depends on the PMCL products and services you use and subscribe to. This information is categorized as Common Data, Usage Data,Traffic Data/Billing Data, and Location Data.

What we refer to as Common Data?

  • your CNIC, name, date of birth, biometrics, signature, and contact details including your physical address, email address and phone number
  • your preference for products, services, or lifestyle activities when you tell us what they are
  • any additional information relating to you that you provide to us directly through our websites or apps or by physically visiting our centres

What we refer to as Usage Data?

This is the type of data that is not directly provided by you but instead collected through the use of our services or obtained when you complete our surveys. This information is crucial for us to offer you the best possible service. It may include:

  • your preference for products, services or lifestyle activities or your preference based on how you use our products and services
  • the websites you visit and the online searches you perform using our services. For further information, refer to Technology used to collect information
  • your use of mobile voice, SMS, and data services
  • any additional information relating to you that you provide to us indirectly by using our websites or applications or services
  • the make and model of the device being used, its IMEI (International Mobile Equipment Identity) and MEID (Mobile Equipment Identifier)

Technology used to collect information while visiting websites / apps through our services:

  • User-agent string or header information: A string that the browser sends to the web server, providing information about the browser version, operating system, and other relevant details
  • Geolocation: The approximate geographic location of the user based on the cell tower they are connected to or other location data*
  • Cookies: Data stored on the user's device by websites or applications to track user preferences, login sessions, and other information

What we refer to as Traffic Data or Billing Data:

  • the phone numbers that you call or send messages to or the phone numbers that you receive calls and messages from
  • the date, time and length of the calls and messages you send or receive through our network, and your general location at the time these calls and messages take place
  • the level of service you receive (e.g., network faults and other network events which may affect our network services)
  • the number of bytes consumed while using our data services

What we refer to as Location Data:

  • Location triangulation (general estimation of a user's location)
  • Global Positioning System (GPS) location
  • GPS location is different from network location. We don't control it. GPS is based on satellites and is set up on the phone itself. Look at your phone's settings to configure it.

How we collect your personal information?

We protect this information according to the practices described in this privacy notice, plus any additional restrictions imposed by the source of information. It is vital to note that these sources may vary over time.

We collect your personal information when you:

  • make a purchase from us, whether it is at a PMCL shop/franchise, online, over the phone, or elsewhere
  • sign up or inquire about becoming a PMCL customer
  • participate in market research
  • file a complaint with us via any physical or digital channel
  • participate in surveys, promotions, contests, or prize draws
  • make changes to or close your PMCL account
  • visit our website, or apps. (Refer to the technology use section)
  • submit content, including photographs, or comments to participate in discussion threads
  • use any of our networks – mobile, WIFI (dongle) or other PMCL products and services
  • sign up for a service with us that necessitates us verifying your information with credit reference and fraud prevention agencies, and/or NADRA
  • apply for a job with us directly or via a third party

Information we collect automatically:

  • Your interactions with our emails and texts
  • Details of your interactions with our customer service, such as the date, time and reason for contacting us, transcripts of any chat conversations
  • Device IDs or other unique identifiers
  • Information collected via the use of cookies, web beacons and other technologies, including ad information (such as information on the availability and delivery of ads, the site URL, as well as the date and time)

We also obtain Information from other sources:

  • IP addresses, device IDs or other unique identifiers, as well as associated pre-paid promotion, billing and user interface information.
  • Security service providers that provide us with information to secure our systems, prevent fraud and help us protect the security of our Company’s accounts.

How we seek your Consent?

Our website always has the latest version of our Customer Privacy Notice, and significant updates to this notice (as required by law and regulations) will be communicated to all customers via SMS or via digital channels. A hyperlink to this Customer Privacy Notice is included in all agreements with corporate clients. We will seek your consent before we collect, process and/or share your personal data as mentioned herein.

How we use your information?

We at PMCL initially use your personal information and/or data to improve our products and services, ensuring your privacy is protected. We anonymize and aggregate the data to analyze usage patterns. This allows us to tailor our offerings, maintain communication, and occasionally recommend products and services tailored to your interests, all while safeguarding your identity. Depending on the circumstance, we may rely on your consent or the fact that that the processing is necessary to protect your vital interests or those of other persons, or to comply with the applicable laws. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests rights, and expectations.

Only after this internal use, we consider sharing anonymized insights with third parties, ensuring that no personal information is disclosed. In specific cases where sharing data is necessary for service requests, marketing, or customer profiles, we share only the required data and uphold privacy protections in line with our policy.

In particular, this means using your information to:

  • manage and help you manage your account
  • sort out a payment, put your payment order through our system or send you a payment order.
  • to communicate with you i.e. to respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or requestion information or feedback.
  • analyse markets, write reports or carry out research and number crunching. And, if the law allows observe information related to you (including the calls you make, your spending, what you use the internet for and where you are when you do it)
  • ensure security and prevent fraudulent activity i.e. to protect individuals, employees and our company.
  • manage our network and your use of our network
  • look into any complaints or concerns you may raise
  • check whether you qualify for credit or other products, services and offers. We use automated systems to analyse your information to help us make fair and objective decisions about whether we can give you (and members of your household) credit, credit-related services, other similar facilities, or insurance. As part of this we may also need to check the financial status of people connected to you (e.g., your spouse or other family members)
  • trace and recover debts, manage credit, detect, and prevent fraud and money laundering.
  • recover any outstanding payments you may owe us

Or to:

  • notify you of changes to the functionality of a service or introduce you to a new service that we believe may catch your attention or be of interest to you.
  • determine your interests and eligibility to provide you with relevant products, services, and surveys and to develop them accordingly
  • enhance our own products and services and those of our third-party partners and create new ones
  • use various communication methods such as phone, email, post, text, picture message, online banner advertising, or other means to provide you with information about our products and services or those of selected third parties that we believe may interest you. In certain cases, we require your consent for this marketing activity, and we will stop sending you messages if you unsubscribe from the service. You can modify your marketing preferences anytime by utilizing the link provided or short code in any marketing communication you receive
  • inform you of offerings from other companies that we believe may appeal to you or allow chosen third parties to directly inform you about their products and services

We use and share your information for the following purposes:

  • to meet the terms of our agreement with you and provide you with our products and services and manage your account
  • to comply with legal and regulatory obligations, such as preserving call records for a specific period
  • to meet our legitimate business interests, including direct marketing, market research, fraud, and money laundering prevention to mitigate credit and fraud risks and safeguard our business
  • when you have given your permission for us to use your data for certain purposes
  • in the event of an emergency where we perceive a potential danger to you or others
  • when you have obtained permission from any third parties whose personal or sensitive information you have provided to us in connection with PMCL products and services (such as PMCL’s insurance products and Jazz Advance), allowing us to receive and handle that information for those purposes

We do not use or disclose sensitive personal date for any purposes that would require a user to exercise a right to limit processing. We retain your personal information/data only for so long as necessary to fulfill the purposes for which it was collected, including as described in this privacy notice. We will retain your personal data for the period necessary to fulfill the purposes outlines in this privacy policy and our service specific privacy summaries. When assessing retention, we first carefully examine whether it is necessary to retain the personal data collected and if retention is required we work to retain the personal data for the shortest possible period permission under the applicable law.

Who can we provide your personal information to?

PMCL may share personal data with its affiliated companies, partners, developers, publishers etc. For the reasons stated above, we may share your information (along with the information of any third parties that you’ve included while applying for or using a PMCL product or service) with other entities.

This might mean sharing that information with:

  • law enforcement agencies, regulators, and local courts as required by law or licensing requirements
  • Our partner companies or agencies and their sub-contractors or prospective partners who help us run our services, such as billing or customer service centres and initiatives
  • Other companies in the VEON Group, including their respective partners, agents, and sub-contractors
  • Third party vendors such as customer care centres and financial institutions
  • Insurance providers when you take out a policy through our insurance services
  • Third parties whose products and services we market to you. Third parties who have submitted their undertaking to PMCL have the right to send marketing, promotional, and informational messages to subscribers using various channels provided by PMCL, unless the subscriber chooses to opt-out
  • We resell services like MS 365 and Samsung Knox (MDM, BYOD) which involve sharing personal information that is beyond our control. These services are governed by third-party EULAs directly with users.
  • We may use anonymized data and metadata as part of our agreement with third parties, including digital ad-exchanges, data management platforms, and ad agencies. In this situation, no personal information is shared with any third party. However, customized advertisements, services, and offers may be received by end-users as part of a particular dataset or user group
  • Third parties whose services or offers you sign up for and who may market to you, for example through the application
  • Our partners and contractors for market research and other purposes
  • We may share anonymized cookie data with third parties (please refer to How we use cookies section for more information)
  • Third parties in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock
  • With other telecommunications companies
  • Credit reference and fraud prevention agencies. When we check your credit score with a credit reference agency, the information that we give them (including details of your credit application and financial details) as well as the fact that we have requested that search will also be recorded by the credit reference agency. We exchange information with credit reference agencies on payment performance and your financial situation on an ongoing basis and this information could be used by us and third parties to make future credit assessment decisions. Your data will also be linked to the data of your spouse, any joint applicants or other financial associate. If fraud is detected, you could be refused services, finance and/or employment.
  • Third parties for analysis and insights of your use of our services, to conduct polls on customer preferences and choices, to determine the number of customers at a specific location or site, to understand the results of SMS marketing campaigns, and to identify the number of people of a certain age residing in a particular area.

Whenever in the course of sharing information we transfer personal information to third parties, we will ensure that the information is transferred in accordance with this privacy notice and as permitted by the applicable laws on data protection.

Protection of Personal Data at PMCL

We use administrative, technical and physical safeguards to protect data, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure.

What are your rights?

PMCL believes that respecting privacy and maintaining the trust of our customers is not just about legal compliance, but also about building a culture of privacy. We recognize that personal information shared with us is an essential part of our customers, and we are committed to ensuring that our customers have the right to access and control their personal information.

You can request the following at any time:

  • access to your personal information held by PMCL
  • withdrawal of your consent to the use of your personal information (if PMCL is relying on your consent) but note that we may still be entitled to process your information if we have another legitimate reason for doing so
  • correction of your inaccurate or incomplete personal information
  • deletion of your personal information in certain circumstances, although there may be legal reasons why we cannot comply with your request
  • restriction of the processing of your personal information in certain circumstances. However, we may be legally entitled to refuse your request in some cases.

We reserve the right to decline requests if fulfilling them is not mandated by law or if they are deemed to be excessive or unreasonable. For instance, if a request would demand an unreasonable amount of technical resources or time, if it poses a risk to our operations (like creating opportunities for fraudulent activities) or if it is impractical to a degree that it would disrupt our services (like shutting down servers for an extended period), we may choose not to comply with such requests.

Access to personal information

You can request access to your personal information held by us by contacting us (see contact details below). Before granting access, we may need to verify your identity by checking your identification or asking questions. If you believe that your personal information held by us is inaccurate, incomplete, irrelevant, out of date, or misleading, you can ask us to correct it.

There are some exceptions to this access, such as if it is unlawful, poses a threat to safety or health, impacts the privacy of others unreasonably, or involves commercially sensitive information or legal dispute resolution proceedings.

We may also refuse access if the request is frivolous or vexatious. If we deny your access request, we will provide you with reasons for our decision.

How can you opt-out of?

PMCL Analytics and Blocking of Promotional SMS

If you wish to opt-out of PMCL Analytics data processing or block promotional SMS from PMCL, you can use the DNCR (Do Not Call Register) short code 3627. You can send a blank SMS to this short code and receive a message confirming that promotional SMS and calls will be blocked within two business days. If you are not able to send a blank message, you can type a dot "." and send it to 3627. If you do not receive a reply to your SMS, you can contact the help line at "111" to register your complaint. It's important to note that essential information about your account, changes to your service or plan, and other information required by law will still be sent to you.

From Receiving Spam Messages

Receiving spam messages or unsolicited texts can be extremely irritating, particularly those claiming that you have won a competition. However, customers who receive spam messages can report them by sending the texts to “9000” using the appropriate format.

We take these reports seriously and will investigate the matter. If deemed appropriate, we will take action by disconnecting the SIM that is generating the spam texts on our network. To avoid receiving spam, it is best to be cautious about who you give your phone number to, especially online. Additionally, you can check privacy policies and marketing opt-outs when ordering goods.

PMCL has developed a new feature called “No Action Tagging” that customers can use to restrict the blocking of their number through USSD and over the helpline. Customers can contact PMCL helpline or visit a PMCL Experience Center/Franchise Center to get their number marked as “No Action” tagged in PMCL’s system. If you wish to undo this, you can visit a PMCL Experience Center to get your number de-tagged.

Customers can also opt for "Sensitive Tagging" to restrict any action on their number at Franchise and Retail channels. To do this, you can visit the nearest PMCL Experience Center to get your number marked as "Sensitive" tagged in PMCL's system. If you wish to undo this, you can visit the nearest PMCL Experience Center to get your number de-tagged.

Why we keep hold of your information?

We retain information about our current and former customers for varying durations, as long as necessary to serve specific purposes. For instance, tax certificate information is kept for a duration ranging from 1 to 7 years. This retention is essential for the following purposes:

  • to keep your information as required by law or legal proceedings
  • to resolve any disputes that may arise during or after your engagement with us
  • to prevent and detect fraudulent activities, ensuring the security of our services
  • to verify your account history and provide you with accurate and efficient services
  • to comply with legal and regulatory obligations that necessitate the retention of certain information

Factors Influencing Retention Period

Several factors influence the duration for which we retain your information, including:

  • The nature and sensitivity of the information
  • The purpose for which your data is collected and processed
  • How you use our products or services

Information Sharing

We may share your data with third parties, specifically for credit referencing. Additionally, these third-party agencies may retain customer information as required by their own policies and legal obligations.

What is our Retention Period?

Specifically, we retain information for our legitimate interests and essential business purposes, such as operating, maintaining and improving our services; complying with our legal obligations; and exercising our legal rights and remedies, including enforcing out terms of use.

Our retention period for customers’ traffic or billing data varies based on the purpose of the data. According to clause 6.8 of our licensing requirements, we are required to maintain call records including called and calling numbers, date, duration, time, IMEI, and location details for communications made on our telecommunication system for one year for scrutiny by or as directed by the Pakistan Telecommunication Authority and law enforcing agencies. Additionally, we must also record and store data session logs/info along with IP addresses for one year for scrutiny by or as directed by the Pakistan Telecommunication Authority.

For billing purposes, there is no specified retention period in our license. However, we maintain billing data for post-paid subscribers for ninety days and prepaid subscribers for thirty days. In some cases, our reconciliation for payment to vendors may run for more than 6-9 months, which requires us to retain billing information both at our end and the vendor’s end for more than a year.

We take reasonable measures to destroy or de-identify personal information in a secure manner when it is no longer required.

Other Important things to know

How we use cookies?

We use cookies and web beacons to collect information about how you use our online products and services, which helps us make them more relevant to you. Cookies are small text files that stay linked to your browser and allow us to recognize you when you visit our website again. They also enable us to keep track of the products or services you view so that we can send you news about them. We use cookies to measure traffic patterns, determine which areas of our website have been visited, and improve our online products and services. Additionally, we may log IP addresses to analyze trends, administer the website, track user movements, and gather demographic information.

It should be noted that any data usage tracking done by third parties through cookies, pixels integration, applets, or scripts over the web and mobile applications is not covered in this document. PMCL only provides access to such resources, and any terms or agreements with third party web service providers are agreed upon by the user and the third party, without PMCL being a party unless explicitly mentioned otherwise.

To learn more about cookies, including how to manage and delete them, please visit www.allaboutcookies.org.

What security measures do we use to protect your personal information?

PMCL is dedicated to preserving the confidentiality of personal information in accordance with legal and regulatory requirements, as evidenced by its policies and procedures. Upholding privacy conditions and requirements is an essential aspect of PMCL’s business operations. Protecting personal information is a top priority for us, and we take reasonable measures to securely store your information to prevent unauthorized use, access, modification, or disclosure. We use physical and electronic security measures to ensure the security of your information.

Where to report Stolen Phones

Mobile phones are frequently stolen in Pakistan, especially high-value smartphones. PMCL blacklists reported stolen phones, preventing them from being used on any Pakistani network.

To report a stolen phone, you can call the police at 15, PTA toll-free number at 080025625, or CPLC Citizen Police Liaison Committee at Tel: 021-35662222, Fax: 021-35683336, or email [email protected].

When reporting a stolen phone, provide the IMEI number (dial *#06# and note down IMEI number of your mobile set), cell phone number, name, national ID card number, address, and contact number.

We blacklist all phones reported as stolen so they can’t be used on any Pakistani network.

How accurate is the personal information we hold about you?

To ensure the accuracy of personal information, PMCL takes reasonable measures, but it largely depends on the information provided by the customer. To update personal information, individuals should inform PMCL of any changes by visiting a PMCLoffice or calling their helpline. If privacy has been breached, individuals can fill out a privacy breach form and submit it to the provided address, and a member of PMCL’s privacy team will contact them within 10 business days. For further questions, individuals can contact Customer Care through the provided numbers and address.

Changes to this privacy notice

We will update this privacy notice from time to time in response to changing legal, regulatory or operational requirements.

Contact us

If you have any other questions about your privacy, feel free to call Customer Care on following numbers and address:

shades

Customer Privacy Complaint Form