Wednesday, 27 September 2023
Timor Telecom, S.A. ("TT") is the fixed and mobile telecommunications operator of Timor-Leste, whose activities include the provision of electronic communications. TT is committed to protecting the personal data of Clients/Users, its products and services, as well as the personal data of its data subjects, in all cases where personal data is processed. In this context, TT has drawn up this Policy, which demonstrates its commitment to respecting the rules of personal data protection.
WHAT IS THE PURPOSE OF THIS DATA PROTECTION POLICY?
The purpose of this policy is to inform Clients/Users of the general rules governing the processing of personal data, which will be collected and processed in strict compliance with the provisions of the legislation in force on the protection of personal data, in particular articles 36 and 38 of the Constitution of the Democratic Republic of Timor-Leste and Government Decree No 9/2008 of 16 April 2008 regulating the provision of mobile network services.
TT complies with the best practice in the area of security and personal data protection. To this end, it has taken the necessary technical and organisational measures to comply with the law on the protection of personal data and to ensure that the processing of personal data is lawful, fair, transparent and limited to authorised purposes.
TT is committed to the protection and confidentiality of personal data and has adopted the measures it deems appropriate to ensure the accuracy, integrity and confidentiality of personal data, as well as all other rights of the data subjects.
The rules set out in this Personal Data Protection Policy are complementary to the provisions relating to the protection and processing of personal data contained in the contracts that Clients/Users sign with TT, as well as to the rules contained in the terms and conditions governing the offer of various products and services, which are duly advertised on the respective websites.
WHAT DOES THIS PERSONAL DATA PROTECTION POLICY COVER?
This Personal Data Protection Policy applies exclusively to the collection and processing of personal data for which TT is responsible for the respective processing, in the context of the services and products provided to its Clients/Users and in all other situations in which personal data is processed by TT, through social intervention activities.
TT websites may contain links to other websites that are external to TT. Such links are provided in good faith and TT does not accept any responsibility for the collection and processing of personal data carried out through these websites, nor does it accept any liability in respect of such websites, including in relation to their accuracy, credibility and the functionality provided therein.
DEFINITION OF PERSONAL DATA
Any reference to personal data means any information, of any kind and regardless of its medium, including sound and image, concerning an identified or identifiable natural person.
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers or one or more features specific to their physical, physiological, genetic, mental, economic or social identity.
WHAT IS ‘PROCESSING OF PERSONAL DATA’?
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure of destruction.
WHO IS THE CONTROLLER?
TT is responsible for the processing of personal data and determines the methods and purposes of the processing of such data.
To this end, if the data subject should need to contact the data controller, they may send a written communication addressed to the data controller at the address indicated below:
Timor Telecom, SA.
Rua Presidente Nicolau Lobato
4º Piso - Caixa Postal 135
Comoro - Díli
WHAT TYPES OF PERSONAL DATA ARE PROCESSED?
Within the scope of its activities, the company processes the personal data necessary for the provision of services and/or the supply of products, as well as, at the level of social intervention, the processing of data such as name, address, telephone number and e-mail address, according to the more detailed information provided to the data subjects.
Without prejudice to compliance with the legal regulations on the storage and transmission of data for the purpose of investigating, detecting and prosecuting serious crimes and for other purposes to which it is legally bound, the traffic data, geographical location, profile and/or consumption of the Client/User will be processed by TT to the extent that they are necessary for the provision of the services. Thus, based on the location, profile and/or consumption, the Client/User will have access, namely, to specific functionalities of the services, content suggestions and proximity information services.
Location information may also be recorded and forwarded to organisations authorised by law to receive emergency calls for the purpose of responding to incoming calls.
With the consent of the data subject, personal, traffic, geographic location, profile and/or consumption data are also processed for marketing purposes or for the dissemination of offers of TT services.
Where prior consent has been given by the Client/User, such consent may be withdrawn at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent previously given.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
TT collects your personal data by telephone, in writing, via its websites and the customer area. Where appropriate, TT will obtain the prior consent of the data subject.
Some personal data are collected for the sole purpose of fulfilling a contract and, if it is missing or inadequate, TT will not be able to provide the relevant product or service.
If the data subject is not a TT Client/User, the personal data will only be processed if it is made available, namely by subscribing to the newsletter, in which case the provisions of this Personal Data Protection Policy will apply.
The personal data collected may be processed by computer in automated or non-automated form, in all cases in strict compliance with the legislation on the protection of personal data, and will be stored in specific databases created for this purpose; in no case will the data collected be used for any purposes other than those for which they were collected or for which the data subject have given their consent.
WHO ARE THE RECIPIENTS OF THE PERSONAL DATA?
Notwithstanding the recipients specified in this Policy, TT may disclose the Client’s/User’s personal data for the purpose of complying with legal and regulatory obligations.
WHAT ARE THE PURPOSES AND LEGAL GROUND FOR PROCESSING PERSONAL DATA?
In general, the personal data collected will be processed for the following purposes: management of the contractual relationship, provision of the contracted services, adaptation of the services to the needs and interests of the Client/User, in particular for access to specific functionalities of the services, content suggestions, proximity information services, information and marketing activities, and the inclusion of the Client/Users in subscriber lists/directories.
In addition, personal data may also be processed for the purposes of complying with legal obligations and for the investigation, detection and prosecution of serious crimes.
Without prejudice to the additional information provided at the time of data collection, TT may also use the personal data provided by the data subject for other purposes, where permitted by law, such as responding to complaints and suggestions, disseminating TT institutional information and/or publicising campaigns, promotions, advertising and news about TT products and/or services, and conducting market research or evaluation surveys.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The length of time we keep your data depends on the purpose for which the information is processed.
Nevertheless, there are legal requirements that specify the minimum period for which data must be retained. Therefore, where there are no specific legal requirements, the data will be stored and kept for the time strictly necessary for the purposes for which they have been collected or processed, as defined by law.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
As data subjects, Clients/Users may, at any given time, exercise their right of access, correction, updating, limitation and deletion of their personal data (except for data that is essential for the provision of services by TT duly identified in the Form as being of a mandatory nature or to comply with legal obligations to which the controller is subject), the right to object to the use of data for commercial purposes by TT and to withdraw consent, without this affecting the lawfulness of the processing carried out under such consent.
HOW CAN YOU ACCESS, CORRECT, UPDATE, RESTRICT, DELETE, OPPOSE TO THE PROCESSING OF YOUR PERSONAL DATA, OR WITHDRAW YOUR CONSENT?
Without prejudice to the data protection law, data subjects may access, correct, update, restrict, delete, or object to the processing of their personal data or withdraw their consent either directly or by written request addressed to the Data Controller through the following means and contacts:
Timor Telecom, SA.
- Customer Service Helpline (172 – Personal Clients; 178 – Corporate Clients);
- At any TT shop;
- Written communication addressed to the Controller:
Rua Presidente Nicolau Lobato
4º Piso - Caixa Postal 135
Comoro - Díli
HOW CAN YOU OBJECT TO BEING CONTACTED FOR MARKETING PURPOSES?
TT may market new products or services to its Clients/Users, including by telephone, e-mail, SMS, MMS or any other electronic communications service, where the data subject has given their consent.
If the data subject does not wish to continue receiving these communications they may withdraw their consent to the use of their data for marketing purposes at any time.
WHO IS THE DATA PROTECTION OFFICER?
The Data Protection Officer plays an important role in the processing of personal data, including ensuring that data processing complies with applicable legislation, verifying compliance with this Personal Data Protection Policy and establishing clear rules for the processing of personal data, ensuring that all those who entrust TT with the processing of their personal data are aware of how TT processes their personal data and what rights they have in this regard.
Therefore, data subjects may, if they so wish, contact the Data Protection Officer on matters relating to the processing of personal data at the following address :
HOW CAN YOU LODGE A COMPLAINT?
Without prejudice to the possibility of lodging a complaint directly with TT through the contact points provided for this purpose, the Client/User may lodge a complaint directly with ANC through the following contacts provided for this purpose by this entity.
WHAT MEASURES HAS TT IMPLEMENTED TO ENSURE THE SECURITY OF YOUR PERSONAL DATA?
TT is committed to protecting the security of personal data that provided and has adopted and implemented strict rules in this regard. All those who have access to personal data are required to comply with these rules.
In view of TT’s concern and commitment to the protection of personal data, various security measures have been put in place, such as technical and organisational measures necessary to protect such data against dissemination, loss, unlawful use, alteration, processing or unauthorised access, and against any other form of unlawful processing.
In addition, third parties who process the personal data of Clients/Users when providing services on behalf of TT are required to implement appropriate technical and security measures that comply at all times with the requirements set out in the legislation in force and ensure the protection of the rights of the data subject (in particular the protection of the privacy and personal data of its Clients/Users).
In this sense, the data collection forms available on all TT’s websites require encrypted browser sessions and any personal data you provide to us will be securely stored on our systems, which are in turn stored in a TT data centre covered by physical and logical security measures that we believe are essential to protect your personal data.
Notwithstanding the security measures implemented by TT, you are reminded that when accessing the Internet you should take additional security precautions, in particular that you use a computer and browser that are properly configured in terms of security patches, with an active firewall, anti-virus and anti-spyware. You should also make sure that the websites you visit are authentic, and avoid those whose reputation you do not trust.
HOW CAN I FIND OUT ABOUT ANY CHANGES TO TT’S PERSONAL DATA PROTECTION POLICY?
TT reserves the right to amend this Personal Data Protection Policy at any time and such changes will be duly publicised on TT’s various communication channels and in compliance with the applicable legislation.