Our privacy and cookies policy

About our privacy and cookies policy

Our privacy and cookies policy gets updated from time to time; whenever we make a change, we’ll post this on our website and let you know if there is a material change.

Last updated: 23 May 2018

How to use this privacy and cookies policy

In this policy, we explain how we collect, use, share and protect your personal information when you use our products and services and our website.

Who we are

We are Vodafone Limited. VOXI is a sub-brand of Vodafone Limited.

In this privacy policy:

  • “we/us” means Vodafone Limited;

  • “third party” means someone who is not you or us; and

  • “Vodafone Group” means Vodafone Group Plc and any company or other organisation in which Vodafone Group Plc owns more than 15% of the share capital.

Our registered office is Vodafone House, The Connection Newbury, Berkshire RG14 2FN. We are registered in England under company number 1471587 and registered with the Information Commissioner’s Office (ICO), registration number Z1933885

How to contact us

Your opinion matters to us – if you have any questions about our privacy policy, you can email us or direct your question to the Data Protection Officer at: customerdataquery@vodafone.com, or you can contact us. If you would like to mail us by post directly, send it marked the “Privacy Team” to Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN.

Our principles

We are committed to respecting your privacy. We take privacy, security and complying with data protection and privacy laws seriously. You can find Vodafone’s core Privacy Commitments here. We aim to put these commitments at the heart of everything we do.

Personal information we collect about you

The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with us even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us. To find the privacy supplements for our products and services, please go to Privacy and our products and services.

We will process your personal data based on:

  1. The performance of your contract or to enter into the contract and to take action on your requests. For example, so you can make calls and texts, and browse the internet on your phone, we process things like the numbers you dial, how much data you’re using and when you’re doing it so we can provide connectivity. This also enables us to generate your bill, based on your usage.

  2. Our legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, direct marketing, and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit the Your Rights section of this policy.

  3. Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided; or

  4. Consent you provide where we do not rely on another legal basis. Consent may be withdrawn at any time. When you give your consent, you will be given details on how to change your mind or visit the Your Rights section of this policy for more information.

We will collect your personal information when you, for example:

  • Buy or use any of our products and services;

  • Use our network or other products and services of ours;

  • Register for a specific product or service;

  • Subscribe to newsletters, alerts or other services from us;

  • Contact us through various channels, or ask for information about a product or service;

  • Take part in a competition, prize draw or survey;

  • Visit or browse our website or other Vodafone Group websites;

  • Have given permission to other companies to share information about you;

  • Where your information is publicly available; or

  • Are the customer of a business that we acquire.

We also collect information from certain organisations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories credit reference/vetting agencies, billing calculating agencies and connected network providers. When you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures. We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). For more details on this and how to opt out of these, please see the Cookies section of this policy.

The types of information we may have are, where applicable:

  • Your name, address, phone and/or mobile number, your date of birth, gender and email address;

  • Your credit or debit card information, information about your bank account and other banking information – for example, you’ll have to give us this information when you open an account with us. We’ll collect the data necessary to process a payment whenever you make a purchase;

  • Your traffic data. This is data we see as part of providing you with connectivity like the numbers you call, the time and duration of the call or how you are using data;

  • Your location data. This can be precise where it uses Global Positioning System (GPS) data or by identifying nearby mobile phone masts and Wi-Fi hotspots and you enable location-based services or features. Or less precise where, for example, a location is derived from your IP address or data such as a post code or name of a town or city;

  • Your contact with us, such as a note or recording of a call you make to one of our contact centres, a Live Chat, an email or letter sent, or other records of any contact with us;

  • Your account information, such as dates of payment owed or received, subscriptions you use, account numbers or other information related to your account or included in My Vodafone;

  • Credential information – we’ll collect passwords, hints and similar security information used for authentication and access to accounts and services;

  • Your preferences for particular products, services and lifestyle activities when you tell us what they are, or we assume what they are, based on how you use the products and services;

  • See Cookies for details on what we collect using cookies, web beacons and other technologies, including ad data;

  • Your browsing history. We don’t have a history of the sites you browse, as this is limited for a short period of time to enable the connection to be made. If you have given permission, Vodafone may collect the categories of website you have browsed on your mobile, device or PC, for example Sports, Music or News and use these interests to send you personalised marketing or show you personalised advertising. You can opt out of advertising through Cookies and in the case of marketing, see “Opting out of Marketing” under Your Rights.

  • Information we obtain from other sources, such as credit agencies, fraud-prevention agencies, and from other data providers. This includes demographic data, interest based data, and internet browsing behavior.

We’ll also get information about how you use our products and services, such as:

  • The level of service that you receive – for example, network or service faults and other events that may affect our network services or other services;

  • Details of your use of the specific services or products, for example: every time you use your mobile phone, a record is kept. This includes the number you called or sent an SMS or MMS to, the length, date and time of that call, SMS or MMS and your approximate location at the time that the communication takes place (based on the location of the nearest cell that you sent that call or message from). The same is also recorded every time you receive an incoming call or message. We don’t, however, keep a record of the content of your calls or messages.


We will use your personal information for the following purposes:

1. To provide you with your service

Processing your order and provide you with your products and services

  • To process the products and services you’ve bought from us, and keep you updated with the progress of your order;

  • To provide the relevant product or service to you. This includes other services not included in your agreement with us, (e.g. PayPal), services that use information about where you are, and to contact with you messages about changes to the products or services.

Billing and Customer Care

  • To bill you for using our products and services, or to take the appropriate amount of credit from you;

  • Contact you if the billing information you provided us with is about to expire or we’re not able to take payment;

  • To respond to any questions or concerns you may have about our network, products or services.

Service messages

  • We will contact you with customer service messages to keep you updated with current information about products and services you’ve taken. For example, changes to our terms and conditions or service interruptions.

Provide Roaming Services

  • To improve your roaming experiences, to ensure that we’re meeting our commitments around fair use, to detect and resolve fraudulent use of our networks (and our partner roaming networks) and to solve technical issues if you are experiencing.

  • To understand how we are performing in providing roaming services, whether Roaming Services and related products are working as intended, or whether improvements are needed to make roaming better.

  • VOXI We use personal data such as your name, email address, password, mobile phone number and call records in order to do this. We create aggregated and statistical management reports from this information that do not identify you individually. We may also take this personal data and anonymise it so that more in-depth analysis of our roaming services can be undertaken. This helps us to develop its roaming services for customers without identifying users in an individual way.

2. To improve our service

Improving and innovating our products and services

  • We collect anonymous, de-identified or aggregate information in order to improve the service we offer to everyone. None of these analytics are linked back to you in any way.

Manage our networks and understand network usage

  • To protect our networks and manage the volumes of calls, texts and other uses of our networks. For example, we identify peak periods of use so we can try and ensure the networks can handle the volume at those times;

  • To understand how you use our networks, products and services. That way we can seek to review, develop and improve these, develop more interesting and relevant products and services, as well as personalizing our products and services.

3. Marketing & tailoring our service to you

Marketing

  • As our customer, we will keep you informed generally about new and existing products and services, invite you to participate in market research or let you know about offers, promotions, prize draws or competitions. We tailor these messages for example, based on the sorts of products and services you’ve bought from us.

  • We can further tailor these messages to make them more relevant to you using your calling and messaging activities, location information and browsing information, if you have authorised that we process this information for this purpose;

  • If you have given your permission, we will also contact you to let you know about products and services of Vodafone Group companies and those of other companies which we think may interest you;

  • There are various ways that we may do this – for example, by email, post, phone, SMS, MMS or notifications through our apps.

  • You can control your Marketing permissions and the data we use to tailor these communications at any time. See “opting out of Marketing” under Your Rights.

Advertising online

  • To deliver advertising that is relevant to you, you’ll also see targeted advertising online based on the use of cookies. This is known as interest-based advertising. It can be on websites belonging to the Vodafone Group, those of other organisations as well as other online media channels such as social media sites. We may also combine data collected via the cookies with other data we have collected. If you don't want any information processed through the use of cookies, check our Cookies Policy. It explains how to control and opt out of cookies.

  • Remember that opting out of interest-based advertising won’t stop advertisements from being displayed – but they won’t be tailored to your interests.

  • You will also see advertising in the social media, for example in your Facebook or Twitter feed. If you don’t want to receive those, go to the relevant platform’s ad settings.

4. Research and analytics

We use a variety of analytics methods including what is commonly referred to as “Big data analytics”. Big data analytics are mathematically driven analysis techniques on large and varied data sets (that is why it is “big” data) to uncover hidden patterns and hitherto unrevealed trends. We take governance of big data analytics seriously. Our data scientists are required to sign up to a Code of Ethics. We have a strict use case process that requires that privacy and data protection law checks are carried out before any use case commences. We have strict rules ensuring that personal information is anonymised or deidentified at the appropriate stage in the process.

We use our analytics to, for example:

  • Market research and to carry out research and statistical analysis including to monitor how customers use our networks, products and services;

  • Frame our marketing campaigns and determine how we might personalise those;

  • Provide reports to third parties (such reports don’t contain information which may identify you as an individual). These can be to third parties such as part of Vodafone Analytics.

5. Fraud prevention & security

We will sometimes need to profile you for fraud and security purposes.

Fraud Prevention & Security

  • We will process your personal and traffic data in order to protect against and detect fraud, to protect and detect misuse or damage to our networks, to recover debts or trace those who owe us money resulting from the use of our services.

For more details on these, check our fraud page.


Where applicable, we share information about you with:

  • Companies in the Vodafone Group;

  • Partners, suppliers or agents involved in delivering the products and services you’ve ordered or used;

  • Companies who are engaged to perform services for, or on behalf of, Vodafone Limited, or Vodafone Group;

  • Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies;

  • Debt collection agencies or other debt-recovery organisations;

  • Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law;

  • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement;

  • Emergency services (if you make an emergency call), including your approximate location;

  • Third parties for joint promotions with that third party. They’ll be responsible for their own compliance with applicable privacy laws;

  • Other third parties when you are signing up to their service and it is used by them for authentication and fraud-prevention purposes;

  • Third parties that we advertise with such as Facebook in order to serve you advertisements online;

  • Third parties that we use to serve you marketing, for example, MailChimp and Paragon.

Fraud management and law enforcement

  • We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.

  • We also may need to release your information to comply with our legal obligation to respond to the authorities’ lawful demands. Your personal data shall only be provided when we in good faith believe we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.

Mergers and Acquisitions

  • If we’re reorganised or sold to another organisation we will provide your information to that organisation.

Third parties that we work with

Where you’ve purchased our products and services using a third party or partner organisation, we often need to exchange information with them as part of managing that relationship and your account – for example, to be able to identify your order and be able to pay them.

If we have a contract with a service provider or contractor to provide us with services or provide a service on our behalf, and they may have access to your personal information, we don’t authorise them to use or disclose your personal information except in connection with providing their services.

We collect and combine information in order to monitor your use of products and services, and that of our other customers, as well as to help us to improve the quality of our products and services.


We may need to transfer your information to other Vodafone Group companies or service providers in countries outside the European Economic Area (EEA). The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.

If we send your information to a country that is not in the EEA, we will make sure that your information is properly protected. We will always ensure that there is a proper legal agreement that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will ask the third party to enter into a legal agreement that reflects those standards.


We’ll store your information for as long as we have to by law. If there’s no legal requirement, we’ll only store it for as long as we need to.

We’re required by law to keep certain personal information about how you use our services for 12 months. Some account information will be held for 6 years from the end of your last active plan with us.

We’ll keep some personal information for a reasonable period after your contract with us has finished in case you decide to use our services again. We, or one of our partners, may contact you about our services during this time if you haven’t opted out of receiving marketing communications from us.


We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.

Communications over the internet (such as emails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet.

We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

We’ll never ask for your secure personal or account information by an unsolicited means of communication. You’re responsible for keeping your personal and account information secure and not sharing it with others.

Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. So make sure you read that company’s privacy and cookies policies before using or putting your personal information on their site.

The same applies to any third-party websites or content you connect to using our products and services.

You may choose to disclose your information in certain ways such as social plugins (including those offered by Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information.

Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you’re familiar with these.

Your rights

Below we set out details on how you can exercise your rights. If you have a question or cannot find the answer, please contact our Customer Services team or email us at customerdataquery@vodafone.com.

Right to correct personal data

You have the right to have information held about you corrected if it is not accurate. If what we hold on you needs updating, or you think it may be inaccurate, you can log in to your VOXI account to update it or contact our Customer Services team.

Right to access personal data

You have the right to make a request for a copy of the personal data that we hold about you. To make this request as an individual or an authorised third party, please follow this link here for details on how to do this. Alternatively, you can contact our Customer Services team.

Right to data portability

You have the right to be able to take with your data you provided to us in certain circumstances. If you wish to make such a request, email us at customerdataquery@vodafone.com.

Right to object to use of personal data

You have the right, in certain circumstances, to object to us processing your personal information. Please contact our Customer Services team or email us at customerdataquery@vodafone.com.

To opt out of Marketing messages:

If you no longer want to receive marketing messages from us you can elect to opt out of all marketing communications or only selected methods (e.g. email, SMS MMS, phone or post).

There are various ways to opt out:
  • Contact our customer services team – see the contact us page;

  • Click the link at the end of a marketing email, SMS or MMS to unsubscribe;

  • Tell the adviser if you receive a marketing call;

  • Disable push notification messages, including marketing messages, at any time in our apps by changing the notification settings on your device or by uninstalling the app;

  • Email customerdataquery@vodafone.com for guidance.

Opting out does not mean that you won’t any longer receive service-related messages. You will still continue to receive those (unless we have indicated otherwise).

Please note that you may continue to receive marketing communications for a short period after changing your preferences while our systems fully updated.

If you do not wish to receive personalised marketing, or subsequently change your mind, email customerdataquery@vodafone.com.

If you have previously opted in to receive marketing that is even more relevant and tailored based on how and where you use our network, you can opt out at any time by texting “Stop Traffic” and/or “Stop Location” to 9774 on your VOXI mobile or, by contacting us. To opt-in you can text "Start Traffic" and/or "Start Location" to 9774 on your VOXI mobile or contact us.

Alternatively, email customerdataquery@vodafone.com. To opt out of receiving marketing communications from other Vodafone Group companies, just contact them directly.

In some cases, you may receive marketing from VOXI, even if you’re not a customer or never had contact with VOXI. This is a result of third-party marketing lists which Vodafone may acquire from time to time stating that you are comfortable to receive such marketing. I f you’ve registered with us to optout of such marketing from VOXI, you shouldn’t receive such communications. If you do, we ask that you let us know immediately by emailing customerdataquery@vodafone.com. This will only stop marketing from us.

To manage Cookies and understand more about what they are:

Want to disable a cookie, or understand more about what these are? Check the Cookies section of this policy for full details on how to do this.

To opt out of being included in Vodafone Analytics, or to understand about what it means for you:

While it can’t identify or contact you, it’s your choice whether you’re included. Please see the Analytics page.

How to lodge a complaint

If you want to contact us about any of your rights or complain about how we use your information, contact our Customer Services team or email us at customerdataquery@vodafone.com We’ll do our best to help but if you’re still unhappy, you can contact the Information Commissioner’s Office. Their website www.ico.org.uk has details on how to contact them.

Right to restrict use of your data

If you feel data we hold on you is inaccurate or believe we shouldn’t be processing your data, please contact our Customer Services team to discuss your rights. In certain circumstances you will have the right to ask us to restrict processing.

Right to erasure

We strive to only process and retain your data for as long as we need to. In certain circumstances you have the right to request that we erase personal data of yours that we hold. If you feel that we are retaining your data longer than we need, it is worth first checking that your account with VOXI has been terminated which you can check in the ‘Plan’ section when signed into your VOXI account Customer Services. If your account with VOXI has been terminated, we may still have lawful grounds to process your personal data. For more information on retention periods see the How Long We Keep Your Personal Information for section of this policy.

Download Privacy Policy PDF