Telenor Privacy Notice - v 6.0 - August 2016

Telenor Digital AS Privacy Statement

This Policy was last updated 13 December 2016

It is important to us you understand how we collect and work with your personal information. Please take a moment to read this notice, and if you have any questions, you can speak to us at any time.

When you are reviewing this notice, please note that it applies to the processing of your personal information when you use any of Telenor Digital AS’s products or services, websites, and any of our products and services that we offer in conjunction with our partners, which do not contain a separate notice, or that link to this notice.

Depending on the type of services that we provide to you, you may also receive service- specific and/or region specific terms. You should read these terms in conduction with this privacy notice, as they may set out additional service and/or region specific terms. In the event of differences, the service and/or region specific terms prevail.

Telenor’s Commitment to Your Privacy

Telenor Digital AS is a wholly owned subsidiary of Telenor Group ASA. Our companywide commitment to your privacy is reflected in Telenor Group’s Privacy Position.

We believe that all of our customers should be able to trust Telenor with their information, regardless of where they reside. This is why we apply the following key privacy principles in every country in which we operate:

  • We will process your personal information in accordance with this privacy notice and all applicable laws.
  • We will do our best to be transparent on how we handle your personal information.
  • We will only process your personal information for legitimate purposes, and only for as long as it is necessary to achieve those purposes. We will dispose of your personal information safely and securely once they are no longer needed.
  • We will enable you to exercise choice and control over our processing of your personal information, not only when we are required to do so by the applicable law, but also in other circumstances where we think it is the right thing to do.
  • We will respect your privacy rights, and we will help you to exercise those rights.
  • We will make sure that your personal information is safe through appropriate security measures.
  • We will take steps to ensure that your personal information is adequately protected no matter where in the world it is.
  • We build privacy and data protection into our products and services by design and by default. This means that we prioritise the privacy of your data, and we will endeavour to build privacy safeguards in everything we develop.

The what, why and how

How we collect, what we collect and the way we collect your personal information vary depending on the reason why we are collecting your personal information.

Generally, we collect and use your personal information for the following reasons:

  • the information is necessary for us to perform the services you use
  • the information is required for us to better improve our service and your user experience
  • the information is required for us to help protect your security
  • you consented to us collecting and using the information.

We may also collect your information from other sources.

1. Information that is necessary for us to perform the services

There is certain personal information that is necessary for us to perform services you use. These include:

  • Your name, phone number, email address, postal address, date of birth, and other information when you register to use our services;
  • Payment related information, such as credit or debit card information or other banking and payment information;
  • Services related information, such as your preferences regarding the services we provide and information in order to provide you with more relevant services.

We may collect this information:

  • When you sign up, buy, or use our products or services;
  • When you subscribe to our newsletters or promotions about our products or services;
  • When you contact us for information, question or feedback about our product, service or website.

We use this information to:

  • perform the relevant service or provide the relevant product;
  • manage your account;
  • carry out credit check;
  • request payments, and
  • communicate with you.

2. Other information that is required for us to provide and improve our services

During the course of you using our products, services or websites, we will also need to collect other information from you. Some examples of such information include:

  • Information about your account and our communications with you, such as any customer support requests that you make or any feedback that you provide, dates of payments, and date of invoices;
  • Network data, including mobile calls and sms data, such as the date and time of the calls and texts you send or receive, and the duration of calls received and made through our network;
  • Your location data, when:
    • you use our telecommunications services, such as call, sms or broadband services.
    • you choose to use our location based service. For example, when you enable direction applications on your mobile phone; and
    • you signed up to a certain location based promotional activities.
  • Some of your browsing data, when you visit one of our websites and/or use one of our online services, through using cookies and similar technologies.
    Information that we collect may include:
    • information relating to your device, such as IP address, device model and settings;
    • network information;
    • details and logs of when, where and how you used the service;
    • browser information such as type and version and browser plug-in; and information about your visit, including the websites that directed you to us, the pages on our website that you visited, services and products that you viewed or searched for, length of visit, our interaction
    • with you, and the next websites you visit after our website.

We use the information above and any other information necessary to:

  • perform our services upon requests. For example, where you have requested that we link your digital services with third parties such as social network, we will collect any information necessary to enable us to linking and integrating our services;
  • improve customer experience, such as for troubleshooting, network management and network optimisation purposes;
  • use the recorded communications information for training quality assurance, feedback or for records purposes;
  • find ways in which we can better improve our service, such as using personal and/or aggregated statistics or de-identified information about sales, services, customers, network traffic and location patterns to conduct research to help improve our understanding of your behaviours;
  • conduct research that create values for the community. You can find out more about Telenor Group and our research activities here;
  • create customer profiles about you to offer you personalised content, provide a more relevant user experience or products and services, and to ensure that we will not be recommending you products and services that you may not be interested in. We may also use this information to find out whether you enjoy receiving our personalised services;
  • analyse use of our network and services to identify general trends and partner with third parties to develop new services for you;
  • send you marketing communications about products and services based on your preferences and interests; and/or share your information within the Telenor Group, for processing, advertising, service development, product and service creation, measurement, analytics and research purposes.

3. Information required for us to protect your security

We use the information we have to keep our services and communities safe and secure:

  • we may investigate or take action regarding suspicious and illegal activities that violate our Terms of Services, or the applicable law; and or share your information with the relevant authorities, for example, to protect you or someone else from harm or damage.

You can find out more about how we cooperate with the local law enforcement authorities here.

Information you consented to providing us

We may also collect and process information about you when you consent to us collecting and processing this information. Examples are your demographic and other personal information when you participate in one of our competitions, prize draws, research surveys or consumer panels, or health information when you utilise our Tele- health or mobile health products and services.

You can withdraw your consent at any time by contacting us.

Information that we collect from other sources

We sometimes collect personal information about you from third parties. Examples the type of information that we collect are:

  • Your credit information, to help us with customer authentication and credit-related decisions;
  • If you consented, other information, such as demographic information, to better understand you and your interests and to offer you personalised services. Examples of third parties that we collect the information from include payment and delivery services, advertising networks, analytics providers, search information providers; and
  • Social media information, such as your interests, “likes” and friends list, when you use your social media credentials to interact with a Telenor webpage or offer.

You can object to any of the processing above by contacting us, unless the information was required for us to perform the services.

How we share your information and other responsible entities

We may share your personal information within the Telenor Group or with third parties for the purposes listed above. Sometimes, the third party with which we share your personal information with may determine the purposes for which and the means by which your personal information is processed, and therefore become legally responsible for ensuring that your personal information is processed in accordance with our key privacy principles, this privacy notice and applicable law.

More detailed examples of the third parties we may share your information with include:

  • Any of the company operating in or as a subsidiary of the Telenor Group;
  • Data processors to process your information on our behalf;
  • Third party services whom you have asked us to integrate with, such as social networks;
  • Third party who conduct research, analytics or marketing in conjunction with us or on our behalf;
  • Relevant third parties whom you consented, or that you requested that we share the information with;
  • Prospective business partners, following your consent, if we decide to sell, buy, merge or otherwise re-organise our business;
  • Directory inquiry services for some countries where we operate, where we have been requested to provide details including your name, date of birth, address and phone number to, unless you specifically asked that we do not disclose this information;
  • Following your consent, third parties that conduct advertising, measurement and analytics;
  • Law enforcement agencies, where we are required to provide our cooperation for law enforcement purposes; and
  • Third parties service providers such as debt collection agencies and credit check agencies.

Data exports

In order to take advantage of our strong international presence and operation to deliver better value to our customers, we use partners, service providers and technical infrastructure (such as servers) that may not be located in the country in which you reside and which you use our services.

The transfer of your data will only take place where the recipients provide appropriate safeguards. Such safeguards include ensuring that there is a valid legal basis for the transfer of data. For subscribers to Telenor EEA entities, we will endeavour to enter into the EU model clauses or through Privacy Shield for international transfers of data. For subscribers to non-Telenor EEA entities, we will enter into other contractual agreements with our partners to ensure privacy and security of the data transfer.

The standard data protection clauses are available here. You can also request a copy of the clauses directly from us.

How we protect your personal information

We ensure that your personal information is safe and secure through the following measures:

  • When you log into your account to use our services with your phone number or username and password, all of the data is encrypted using cryptographic protocols such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages on our websites where we collect personal information. To make purchases from these web pages, you must use an TLS or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected white it is transmitted over the Internet;
  • When you log into your account to use our services with your phone number or username and password, all of the data is encrypted using cryptographic protocols such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages on our websites where we collect personal information. To make purchases from these web pages, you must use an TLS or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected white it is transmitted over the Internet;
  • When we use service providers or other data processors to process your personal information on our behalf, we ensure that the relevant providers and processors will implement appropriate technical and organisational measures to protect the information. Such controls include access control to the information and the infrastructure that stores the information, contractual arrangement that requires the third parties to comply with all relevant laws, We apply privacy and data protection by design and by default , and build privacy and data protection into the foundation of our products and services;
  • We conduct Data Protection/Privacy Impact Assessment when we feel that it is appropriate to measure and reduce the impact of a particular activity to the privacy of your personal information

How long we keep your personal information for

Generally, we keep your personal information for the duration of your relationship with us. When you no longer utilise our products or services, we will dispose of your personal information when there is no reason to retain your information, and where the law does not require us to retain it.

Your rights

It is important to us that you understand your privacy rights. Therefore, we have listed out below a non-exclusive list of privacy rights that you could exercise whilst entrusting us with your information:

  • Right to withdraw consent: Where you have consented for us to use, process, or share your personal information, you can withdraw that consent any time, unless the information is required for us to perform our services.
  • Right to access your information: You can access and request a copy of the personal information that we hold about you any time by contacting us, or access the information directly through your online account.
  • Right to erasure: You can request that we erase some of the personal information we hold about you, provided that certain circumstances apply:
    • The information is no longer needed by us;
    • You withdraw consent for the processing of certain information;
    • You have concerns over the grounds for our processing of your information;
    • You object to our profiling of your information, also in instances where the profiling is conducted for direct marketing purposes; and
    • Other legal grounds which permit you to do so.
  • Right to restrict processing: You can request us to temporarily suspend some processing activities of your personal information when you believe that there are questions over the accuracy, legitimacy and lawfulness of the processing. You can also request us to retain the information for legal claims reasons.

We will do our best in accommodating the request, but please bear in mind that this may result in you being ineligible to receive certain services.

You can speak to us any time to discuss these privacy rights in more details.

Handling Children’s Information

As a general rule, we do not process personal information of children under the age of 16, unless we have the consent from the guardians. If we become aware that we have collected information about children under the age of 16 without consent, we will take steps to inform the guardians, seek consent, and if consent is not obtained, erase the information. Where services are designed for use by children under the age of 16, we will seek the consent of guardians and inform the guardians of their privacy rights.

Revision of this privacy notice

We commit to reviewing this notice at least once annually, and on an ongoing as needed basis.

If there are substantial changes to the notice, we will inform you through ways in which we think fit, which may include a prominent announcement on our homepage, emails or texts. We will consider factors such as materiality of the change, the services affected by the change, and the reach when we choose a method of notification.

Questions about this privacy notice

Telenor Digital AS is responsible for the handling of your personal information, and the legal frameworks in which we operate include the European General Data Protection Directive. If you have a question, concern or complaint about this privacy notice or our handling of your information, you can contact our Privacy Officer via the following methods:

  • Local Privacy Officer
  • Telenor Digital AS
  • Snarøyveien 30, 1331 Fornebu, Norway
  • Business organization number NO 996 516 288

We will respond to your query as soon as we can and try to resolve it to the best of our capability.

If you lodged a complaint and are unsatisfied with our response, you can refer your complaint to the relevant local regulator. We can also provide you with the relevant information on the applicable avenues in which you can further pursue your complaint with the regulator.