Privacy

Our commitment 

We recognise that privacy is an important value and an essential element of public trust. At Prosus, we strive to be a trusted company. As a responsible investors, we expect our businesses to adhere to our ‘seven data privacy principles’ and implement the ‘key elements of an accountable privacy programme’.

Our policies

The links below provide information regarding the processing of your data and insight into how data privacy is managed across our group:

• Prosus General Privacy Statement
• Talent acquisition privacy statement
• Cookie notice
• Group policy on data-privacy governance
• Responsible AI Policy

Please see Investee Privacy Policies below to learn more about how our investees manage your data.

Our approach

Our Group policy on data-privacy governance is designed to define and document how data privacy is managed across our group; to promote best practices; to accommodate different business models, resources, culture and legal requirements across the jurisdictions where our investees operate, and support trust in our businesses’ products and services.

Seven overarching privacy principles

Each business is expected to respect and implement seven core data privacy principles:

1. Notice - We offer appropriate notice about our data-privacy practices


2. Individual control - We honour date subjects’ choices for their data.


3. Respect for context - We recognise that data subjects’ expectations about the fair and ethical use of their data are informed by the context in which their data was first collected.


4. Limited sharing - We limit unnecessary personal data sharing with third parties.


5. Retention - We retain personal data only for as long as needed.


6. Security - We ensure appropriate security. 


7. Governments - We engage with governments responsibly.

Security

Prosus is also committed to identifying and managing cyber risks as part of its risk management framework. Our Group-wide cybersecurity policy sets the expectations for our businesses to focus on implementing governance, striving to become cyber secure, vigilant, and resilient. For more information on our security approach, please see our security page.

Clear accountability

Each business is directly responsible for managing data privacy and security in its organisation, with responsibility resting ultimately with the CEO of each business. Our CEOs are directly accountable for the data protection programmes outlined in our Group policy on data-privacy governance.

Our operating companies appoint data privacy leads and, where required, Data Protection Officers to manage and contribute to reporting at the Group level.

At the Group level, we monitor the progress of our majority-owned investees in privacy & security programme implementation. We also support the businesses, DPOs & CISOs with training resources, facilitate intra-group contracting, compliance and AI projects, and support M&A initiatives. In addition, our group audit functions and third-party capabilities are deployed to enhance our companies' ability to assess and improve these programmes over time.

Seven key elements of our privacy programme

Our programme has seven key elements:

1. Ensuring executive buy-in


2. Knowing your data


3. Setting policies


4. Training employees


5. Managing vendors and third parties


6. Legal compliance


7. Reporting

Our privacy network: investing in expertise

We maintain and grow a global network of data privacy and protection experts across the group: data protection officers, deputies, regional privacy leads, privacy managers and privacy champions.

We provide development opportunities for them through engagement in the global privacy community and the International Association of Privacy Professionals (IAPP).

For more information, please see the Prosus annual report.

Prosus privacy technologists.

Open to employees from any of our businesses, including our minority investees, the Prosus Privacy Technologist Programme is designed to enable group companies to develop their capabilities to implement privacy by design.

For more information, please see the Prosus annual report.

Artificial intelligence and data policy

Artificial Intelligence (AI) is essential to our business. Therefore, we have adopted the Responsible AI Policy, which sets the guiding principles that inform the work of the AI and data science teams in developing ethical and responsible AI. Each of our businesses are expected to implement responsible AI practices in a way that is adapted to their own circumstances, business models and jurisdictions in which they operate. As a Group, we strive to ensure that social and ethical dimensions of AI are seamlessly included within the product or feature development process.

Our Responsible AI principles are used as a starting point for us to develop and deploy AI as effectively and responsibly as possible to support business growth, to innovate, and to improve our competitive advantage. Responsible AI has also been identified as one of the material domains for our Group’s ESG strategy and reporting.

Contact our privacy team

For any privacy-related questions or to report a privacy concern directly to Prosus, please contact our privacy team: [email protected].

Investee Privacy Policies

Although Prosus does not process significant volumes of personal consumer data, most of our investee companies do. To learn more about how any of our investees manage your data when you use their services, please refer to the list of our investees and access their Privacy Policies and/or Privacy Portals through the links on this page.