\n\tAt A1 Group, data is only used when there is a legal basis for doing so. In addition to the statutory requirements in the respective countries, all companies are required to obey the information security standards created for this purpose and other country-specific guidelines on data security.<\/p>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tAs an operator of critical infrastructure, A1 is aware of the responsibility this entails. For this reason, the Group is involved in initiatives to constantly improve security (including cyber security) and availability beyond the extent required by law.
A1 Group has a privacy management governance model aligned with its strategy and approved by the Board of Directors to ensure effective and efficient privacy management.<\/p>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tAdherence to these principles forms the foundation of data protection management at the A1 Group. These principles are an essential component of A1 Group\u2019s internal regulations, which are in turn cascaded to the operating companies and implemented on a local level, aligned with
national regulations.
The A1 Group naturally follows the statutory procedures in the event of a personal data breach. These include notifying the data protection authorities and informing the data subjects of this event in line with data protection law.<\/p>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tThe respective Management Board of a company is responsible for living up to data protection
requirements. At A1 Austria, the Data Privacy unit and in the other A1 companies the Data Protection
Officer assist the management hand in hand with the Legal department.
A Data Protection Officer has duties in accordance with national legislation, including but not limited to notifying and advising the management and employees with regard to their duties under data protection provisions and monitoring their compliance.
The A1 Group via its subsidiaries demonstrates continuous efforts to promote and follow the best data privacy practices. A1 companies are subject to privacy risk assessments or audits on the companies\u2019 technologies and practices affecting user data, such as ISO audits, internal data protection controls in accordance with local regulations, etc., and thus conduct such controls and audits on a regular basis.<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tIn the Code of Conduct, which applies to the entire A1 Group, data protection and information security are a key principle for the actions of employees. The protection of privacy, and thus respecting the human rights of customers, employees, shareholders, suppliers and sales partners, is a guiding principle anchored in the Code of Conduct of the A1 Group.
The Group\u2019s contractual partners are required to comply with the principles governed by the Code of Conduct of the A1 Group and to respect human rights and data protection. The Code of Conduct is an integral component of the relationship with contractual partners and is further enhanced with respective agreements regulating data protection areas.
Regular assessments are performed to ensure the best possible protection of rights and liberties as well as respect for human rights. This applies in connection with whistleblowing, for example, thereby ensuring the confidentiality of information and any personal data while also avoiding any negative consequences for the informant.
<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tThe A1 Group has adopted a Group Data Governance Policy, which is approved by the Management Board of the Group. It is the combined result of requirements and interpretations regarding the successful EU-wide implementation of the GDPR, as well as various other regulations related to data protection.
The Group Data Governance Policy is binding with regard to the processing of personal data for all A1 companies. This document provides for the harmonization of the obligations binding for A1 companies. The Group Data Governance Policy provides A1 Group with a self-regulatory tool. When A1 companies act as either data controllers or data processors, it serves as proof of compliance. This applies in particular to the identification of risks associated with the processing, the assessment of the cause, nature, likelihood and severity of the risks. Corresponding measures are to be reviewed regularly and updated based on new information.
The proper adoption by A1 Group companies of the contents and best practices set out in the Group Data Governance Policy (and in the accompanying manual) supports the fulfillment of the implementation requirements and demonstrates compliance with the GDPR.
In addition, in accordance with the objectives of the Group Data Governance Policy (awareness, individual responsibility, structure and minimizing risks), the A1 Group implements corresponding changes to the Group Data Privacy Governance Manual in a good faith effort to reflect the respective regulations.<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\t
All data subjects (including employees, customers, etc.) are duly notified, via the privacy notice of each A1 Group company published on their web site, regarding the details about the processing of their personal data and the possibility of addressing any data privacy questions, concerns or requests concerning the assertion of the respective data subject\u2019s rights to the respective company.<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tEach A1 Group company has implemented data protection policies that regulate the processing of personal data in accordance with the law and the technical and organizational measures for protection of personal data.
Furthermore, taking into consideration local regulatory obligations, A1 companies are obliged to impose such technical and organizational measures on third parties (contractors) that process personal data (acting as data processors) by executing Data Processing Agreements. This ensures that third parties that process personal data on behalf of A1 Group companies pursuant to the given instructions follow the stringent technical, organizational and contractual safeguards for the protection of the personal data.<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tAll employees of the A1 Group are made aware of the importance of data protection and information security and are trained accordingly when they join the company.
All A1 Group companies have prepared respective training materials, conduct training at regular intervals, offer in-house e-learning courses and regularly publish awareness posts on an in-house social interaction tool used by all employees.
These range from company-wide e-learning and more in-depth sessions for the individual divisions and Data Protection Coordinators through to current information in internal communication media or events. All employees are required to maintain trade and business secrets. Such confidential information must be kept secure and may only be disclosed, including internally, to persons who require such confidential information for their professional work (need-to-know principle).<\/p>\t<\/div>\n\n\t\t<\/div>\n\t<\/section>\n<\/div>\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\n\n
\n\tA1 Group is particularly committed to continuously improving the environment in which we live.<\/p>
\n\tAs the leading telecommunications company in CEE, A1 Group is an attractive option for investors.<\/p>
\n\tThe A1 Group’s vision aims to deliver compelling benefits and a positive “experience” for customers and society.<\/p>