1.1    Orange Botswana is a leading telecommunications provider in Botswana, offering a wide range of services to both individuals and businesses. Our services include amongst others, mobile phone plans, and internet connectivity. 

1.2    Orange Money Botswana is a leading mobile financial services provider in Botswana offering electronic payment services to individuals, business and government. Services offered include money transfers, payments, loans, international remittance etc.

1.3    Individually referred to as Orange Botswana and Orange Money Botswana respectively and collectively as “the Companies”, “we”, “us”, “our” herein after.

1.4    The Companies act as Controllers in respect of all customers personal data they collect or generate.

1.5    The Companies have their head office located at the Fields Precinct, Lot 54349 CBD, Block A, by the corner of Molepolole Road and Western Commercial Road. 

1.6    For the purposes of this Privacy Notice:

• “you” means the person/s who use, contract for, or show interest in Orange products and services or events, their representatives and any third parties connected to you that you have told us about.
• “Third party” means someone who is not you or us;
• “Partner” means external third-party business entity that provides value-added services;
• “Personal Data” refers to Personal Data about you as defined in the DPA and includes without limitation MSISDN (Mobile Station International Subscriber Director Number)  information (a unique identifier which is linked to your mobile phone number), location information, call data records, usage information, gender, nationality, age, language, education, identity number, telephone number, email, postal address, and financial, criminal or employment history.
• “Process or Processing” means to any operation or activity, whether automated or not, concerning Personal Data, including collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, degradation, erasure or destruction of information.

We may collect, use, store and transfer different types of Customer Personal Data which include but may not be limited to those we have categorized in the table below.

 

Category	Personal Data in category
Billing Data	the consumption data that the Companies collect from services that they provide to their Customers in order to calculate charging as well as billing information, to the extent related to natural persons.
Contact Data	first name, last name, email address, postal address and telephone numbers, job role within the Customer.
Support Data	Customers service ticket information, Customer Representatives’ or End Users’ telephone recordings for incident.
Identity Data	first name, last name, honorific (e.g. Ms., Mr. Dr.,), username or similar identifier, password, ID document / number.
Location Data	geographic location, device location, SIM card location for mobile services.
Financial Data	mobile money account number, transaction history, location of transaction, account balances, loan information.
Behavioral data	Frequency and volume of transactions, types of services used, transaction patterns and time.
Regulatory data	Tax identification number, source of funds declarations, beneficial ownership, suspicious activity report, transaction amount report
SIM and device data	SIM card number, device IMEI
Marketing and Communications Data	preferences in receiving marketing from us and/or third parties and communication preferences.
Technical Data	internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other technology on the devices natural persons use to access areas of our website or other technical data generated through the use of the service.
Traffic / Connection Data	data revealing a communication’s origin, destination, route, format, size, time duration, IP address, time zone setting, MAC address.
Hosted Data	any categories of Customer Personal Data that may be recorded or stored (such as voicemails, call recordings, files) by Customer and which is hosted on the infrastructure provided by Orange Botswana.
Usage Data	information about how customers use our products and services and website.
Visual Data	photographs and other visual records we take during events hosted by the Companies or related third party entities that we process based on your consent.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Where you have provided us with the Personal Data of a third-party (for example your spouse or family member), you guarantee that such third- party has given you consent to provide us with their Personal Data. Where you provide us with the Personal Data of a person under the age of 18 years (a minor), you confirm that you have the necessary legal authority to provide their Personal Data to us.

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us (for example, a new address or change of surname). Kindly notify us of any such changes within 30 days to help us keep our records accurate and up to date.

 

We use different methods to collect data from and about you including but not limited to: 

3.1    Your interactions with us

You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

1. apply for our products or services;
2. subscribe to our service or publications;
3. request marketing to be sent to you;
4. enter a competition, promotion or survey; or
5. give us feedback or contact us.

3.2    Automated technologies or interactions
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies (server logs) and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

3.3    Third parties or publicly available sources
We may access personal data about you from various third parties (and public sources) including but not limited to the ones set out below:

1. Law enforcement
2. Credit bureaus
3. Court records
4. Government registers (e.g. CIPA, eKYC)

3.4    Aggregated/ anonymized data
We also collect, use and share aggregated and anonymized information such as statistical or demographic information as requested by mandated organizations for research purposes under the laws. 

Aggregated or anonymized data could be based on Customer Personal Data but is not legally considered to be Personal Data. For example, we may aggregate or anonymize Usage Data to calculate the percentage of users accessing a specific function on our website. If we combine or link aggregated or anonymized data with any Customer Personal Data so that it can identify an individual, we treat the combined data as Personal Data which will be used in accordance with this privacy notice.

3.5    Special categories of Personal Data
Where necessary, we may process, as Processor, “special” or “sensitive” categories of Personal Data (information revealing race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning sex life or sexual orientation) relating to Customers or End Users, only if it is contained in Hosted Data. However, we do not collect it for our own purposes and we are not aware of when we are processing such Personal Data, as such, we don’t use such Personal Data outside of a data subject’s reasonable expectations.

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
• Our legitimate business interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
• Partner Financial Institutions: We may share your personal data with institutions that we have partnered with to provide you with value adding services such as short-term loans and bank to wallet services.

 

We have set out below, in a table format, a non-exhaustive list of the ways we plan to use the various categories of personal data, and which of the legal bases we rely on to do so. We have further identified what our legitimate interests are where appropriate.

Our Activity	Categories of Personal Data Processed	Our Lawful Bases for Processing
To manage the sales and contractual relationships with our Customers	Contact Data Identity Data Profile Data Billing Data Traffic/Connection Data Financial Data Regulatory Data	Performance of a contract - Necessary to develop and manage our sales activities and the relationship with our customers, including ordering, performing transactions, billing and collection of payments
To build, operate and secure our network	Traffic/Connection Data	Performance of a contract - Necessary to assess the amount of data moving across at a given point in time, to manage such data Necessary to comply with legal obligations (to prevent or detect fraud and remit such information to the regulating body)
To assist national law enforcement/ security agencies, to respond to requests from public governmental and regulatory authorities, to comply with court orders, litigation procedures and other legal processes	All	Necessary to comply with legal obligations we may have under applicable laws (for example to provide lawful intercept and/or data retention by national law enforcement/ security agencies)
To complete a survey, provide customer satisfaction feedback, take part in service improvement programs, and attend any events that we organize	Identity Data Contact Data Profile Data Usage Data Marketing and Communications Data Visual Data Behavioral Data	Necessary for our legitimate interests to study how customers use our products/ services, to try to increase and improve interaction with Customers, to find out how we can improve our services, and to develop and grow our business, to communicate about our events
To provide access to you, as an individual, to on-line portals for your own individual usage management	Identity Data Contact Data Technical Data Profile Data	Necessary for the performance of a contract – to advance interests of your organization/yourself, our Customer, to provide you with this feature to improve and facilitate your use of this service;

 

Direct Marketing 
We may process your Personal Information for the purpose of providing you with information regarding services that may be of interest to you. In this regard, we may tell you about our and our Partners exclusive offers, products and other information which we think you may like.

We provide Customers with choice regarding the use of Customer Personal Data around marketing and advertising. You can always ask us to stop sending you marketing messages by contacting us at any time.

You may opt out of receiving marketing and advertising messages by using the following channels:

• USSD: *121#
• Email: customerservice@orange.com 
• Call Centre:123
• Social media: Facebook messenger

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

 

 

 

 

 

 

Where applicable, we share information about you with:

• Companies in the Orange Group, located across the globe, for reporting purposes and where they are involved in providing products and services that you have signed up for;
• Partners, suppliers, or agents involved in delivering the products and services you’ve ordered or used;
• Companies who are engaged to perform services for, or on behalf of Orange which companies may be located outside of the borders of Botswana;
• Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies;
• Debt collection agencies or other debt-recovery organisations;
• Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law;
• A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement
• Emergency services (if you make an emergency call), including your approximate location
• Third parties for joint promotions with that third party or for contacting you about their specific products and services. They’ll be responsible for their own compliance with applicable privacy laws;
• Other third parties when you are signing up to their service and it is used by them for authentication and fraud-prevention purposes; or
• Third parties that we use to serve you marketing.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may transfer and process Customer Personal Data to/ in countries other than the country in which the Customer Personal Data is initially collected. We share your personal data within the Orange Group and/or authorised third parties beyond the borders of Botswana to achieve a defined purpose. The defined purposes include the:

1. achievement of its business functions,
2. provision of products and services that the customer has requested, 
3. hosting or storage of some of its systems and infrastructure, 
4. data warehousing activities and for the 
5. provision of centralised business activities within the Orange Group of companies such as where we share technology and resources.

When we transfer Customer Personal Data to an external supplier in another country, we make sure that a similar degree of protection is afforded to the Customer Personal Data. We ensure that our external partners are held to relevant national and international data protection laws. Further, any such transfers shall be made in accordance with the exemptions captured in the DPA as may be amended from time to time.

 

We may transfer and process Customer Personal Data to/ in countries other than the country in which the Customer Personal Data is initially collected. We share your personal data within the Orange Group and/or authorised third parties beyond the borders of Botswana to achieve a defined purpose. The defined purposes include the:

• achievement of its business functions,
• provision of products and services that the customer has requested, 
• hosting or storage of some of its systems and infrastructure, 
• data warehousing activities and for the 
• provision of centralised business activities within the Orange Group of companies such as where we share technology and resources.

When we transfer Customer Personal Data to an external supplier in another country, we make sure that a similar degree of protection is afforded to the Customer Personal Data. We ensure that our external partners are held to relevant national and international data protection laws. Further, any such transfers shall be made in accordance with the exemptions captured in the DPA as may be amended from time to time.

 

9.1    We retain Customer Personal Data only for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain Customer Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with our Customers.

9.2    To determine the appropriate retention period for Customer Personal Data, we consider:

• the amount, nature and sensitivity of the Customer Personal Data;
• the potential risk of harm from unauthorized use or disclosure of Customer Personal Data.
• the purposes for which we process Customer Personal Data and whether we can achieve those purposes through other means; and 
• the applicable legal, regulatory, tax, accounting or other requirements. 

9.3    In some circumstances we will anonymize your personal data, so that it can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

Our customers, data subjects have the following rights:

• Access their personal data
• Request rectification of their data 
• Request erasure of their data
• Request restriction of processing
• Request transfer of data from the Companies to another data controller (data portability)
• Object to processing of personal data 
• Refuse to be the subject of a decision based solely on automated processing
• Lodge complaints with the Information and Data Protection Commissioner 

We will not discriminate or retaliate against you for exercising your Personal Data protection rights.

10.2    Who should you contact?
If you want to exercise your rights in respect of your Personal Data, you can send any enquiries to our data protection officer at this email address: dataprotectionoffice.obw@orange.com 

10.3    How will the Companies deal with my request?
You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, where we have reasonable grounds, we could refuse to comply with your request in these circumstances.

10.4    What we require
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

10.5    When we will respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you updated.

 

You have the right to lodge a complaint at any time to the Information and Data Protection Commissioner’s Office (IDPCO), the regulator for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the IDPCO so please contact us in the first instance.

If you have any questions about our Privacy Notice or if you would like to lodge a complaint, please submit your query to dataprotectionoffice.obw@orange.com and a member of our dedicated team will respond to you.

If you would like to mail us by post, send it to:

• The Data Protection Officer – Legal & Corporate Affairs
• Orange (Botswana) (Pty) Limited
• Private Bag BO64
• Gaborone

 

We are continually improving our methods of communication and adding new functionality and features to this Website and to our existing products and services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data protection practices will change from time to time. If and when our data protection practices change, we will update this privacy policy to describe our new practices. We encourage you to check this page regularly.