In 2020, we recorded 307 ‘significant’ incidents relating to the violation of privacy with respect to customer data. Under these, Customers submitted justified reports of the data being shared with an unauthorised person, as well as reports related to the issue of lost documents which contained our Customers’ data (e.g., due to an act of a courier company, without the loss of these data in the systems). In the past year, there were no major or large-scale incidents.
As part of corrective measures, we constantly improve our internal standards of action to minimise the number of such incidents in the future. We react swiftly to any breaches recorded, and we deliver personal data protection training and awareness campaigns for our employees. We have also implemented relevant procedures for reporting personal data breaches. All incidents are considered on a case-by-case basis.
When data are shared by our employees, the employee and their manager are informed of the breach found. In this way, we want to minimise the risk of recurrence of any further breaches. A disciplinary interview is also held with the manager of the employee concerned. Additionally, employees are recommended to exercise due care and diligence to ensure that a similar breach is not repeated in future.
We also verify that courier companies fulfil their obligations under the agreement concluded, including the obligations to act in accordance with the instructions and guidelines received from T-Mobile. The recommendations proposed and possible doubts as regards complying with the existing rules and standards are discussed on an ongoing basis during meetings with courier companies. Liquidated damages may be awarded for data breaches as provided for in the contractual clauses.