Telenor Linx Privacy Notice

We value your privacy and take protection of personal information very seriously. Therefore, it is important for us that you understand how we collect data and process personal information.

This privacy notice will provide information about what kind of personal information we process, and how and when we gather such information. It should also preferably be read in connection to the service conditions from your operator for the applicable service you use.

Key Privacy Principles

Our position on privacy can be summarized as follows:

  • We are open about how we collect and use your personal data.
  • We are committed to using personal data to provide you with good quality services.
  • We always take steps to ensure that we keep personal information safe and secure.
  • We believe that all users of our services should enjoy the same standards of privacy protection.

This is why we apply our key privacy principles in every country in which we operate. No matter where in the world we collect personal information about you, we will process it in accordance with the following key principles:

  • We will process personal information in accordance with this privacy notice and any applicable laws.
  • We will be transparent about what personal information we collect, as well as why and how we collect and process it.
  • We will only process personal information if we have a legal basis for doing so, and only for as long as it is necessary to achieve the relevant purposes or for as long as we are otherwise required by applicable law to retain it.
  • We will respect the privacy rights under applicable law.
  • We will implement appropriate security measures to keep personal information safe and secure.
Data Controller and Data Processor

To deliver our services, Telenor Linx step into one of two roles: Data controller or data processor.

  • As data controller we determine why and how personal data is processed. In this case, we are your primary partner when it comes to your privacy rights. You can read more about your rights and how to exercise them below.
  • As data processor we deliver technology or services to another company (usually your mobile operator). In this case, the other company acts as the data controller and makes decisions regarding data processing, while we are legally obligated to follow their instructions. Any questions or objections regarding privacy in these cases should be directed to the data controller.

Telenor Linx is the data controller for the services for which you have entered into an end-user agreement with us. This controllership extends to support services for those contracted services like Customer Care, Permissions Management, and Analytics. Telenor Linx is also the controller for our e-com services like international voice, messaging and data transfers and roaming services.

As a data processor, Telenor Linx’ contribution is a background support activity which only exists to enable services offered by another company, usually your mobile operator. In this case, the other party is the data controller and will respond to your privacy concerns.

Information we collect, countries of transfer, and legal basis for processing

The personal data we collect, the purpose we process them for and for how long we retain the various data vary according to the kind of service or product. Countries where we process data, or transfer data to, and the legal basis for processing also vary depending on service and product Please see the relevant service or product for details.

In addition to what you will find under each service as a purpose for processing, there will be a few use cases in which we are obligated to process personal data by applicable law.

International voice and SMS

Purpose
Telenor processes signalling data from the originating “home” network to the called “terminating” network. Signalling is a process used to set up a connection in a telephone network and for authentication. In this process we collect personal data automatically from the network when you use our services via your local operator when calling or texting a foreign number.
Telenor Linx delivers international wholesale services to other international wholesale carriers, mobile network operators (MNO), virtual mobile network operators (MVNO), OTT players and calling card operators around the world. Where we store, share and process your personal data outside of EU/EEA we only do so with appropriate legal basis and where necessary contractually oblige our partners to apply a sufficient level of security in accordance with European Data Protection Laws.

Personal Data processed and retention periods

When you make an international call or SMS a record is generated from the signalling data based on the use of the service. This record is called a Call Detail Record (CDR). Telenor processes CDRs for invoicing, and they are retained for a maximum of 12 months depending on the interval for invoicing between the various operators involved in the international calls.

Categories of data processed for voice services
Personal Data Retention policy Reasons for retention
Call details A-number MSISDN (i.e phone number) of calling party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details B-number MSISDN (i.e phone number) of receiving party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Redirecting number Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Generic number/additional calling number Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Calling line identity presentation Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Original called number Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call date Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call time Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Originating carrier/country Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Terminating carrier Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Duration of call Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Type of service (voice, ISDN or video telephony) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Source and destination IP-address Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Release cause of the call Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Fate of the call Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call detail record (CDR) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.

Categories of data processed for text-services/SMS
Personal Data Retention policy Reasons for retention
Call details A-number MSISDN (i.e phone number) of calling party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details B-number MSISDN (i.e phone number) of receiving party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call date Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call time (started sent and end) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details IMSI (International mobile subscriber identity) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Calling global title (GT) (Operator’s short message service centre, SMSC) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Called global title (GT) (which Mobile Switching Centre (MSC) registered to) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Source SMS HUB operator ID Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Destination SMS HUB Operator ID Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Source SMS Hub ID Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Transactional message flag/value Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Registered flag/value Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Receipt message flag/value Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Blocked message flag/value Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Message result ID Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call detail record (CDR) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.

Legal basis
Telenor Linx bases its data processing activities for international voice and SMS on Article 6 no. 1 b) GDPR, the performance of a contract. Telenor delivers the international services of your local telecommunications service provider and therewith partly performs the contract between you and your local telecommunications service provider.
Telenor Linx determines how personal data is processed for international voice and SMS, and thereby act as a controller. We only gather information from your local operator and the operators you roam with, and we do not have knowledge of the identity of individual users or subscribers in our network. As such, only your local operator would have a full set of your traffic data, together with subscription- and any other user data – including the data sets we have. Your local operator would therefore be the easiest contact point for you to access your traffic data.
Processing of personal data by Telenor Linx is also subject to the confidentiality and use restrictions set out in the Norwegian ecom act § 2-7 and 2-9.

Roaming

Purpose
Roaming is the ability to use your mobile phones or other mobile devices outside the geographical coverage area provided by your normal network operator. When you travel abroad and use your phone or laptop whilst on a foreign (“visited”) network, this is known as international roaming. There are three types of services offered:
  • Sending and receiving calls
  • Sending and receiving SMS text messages whilst roaming abroad is called SMS roaming
  • Data roaming refers to the use of mobile data services whilst abroad
When you arrive in a foreign country and switch on your phone, a request is sent allowing you access to the local network (“visited” network) in that country: “Does this customer “your (IMSI) number” have permission to roam?” If the answer from the home network is yes, then the visited network allows you access to their network. The visiting network then shares the necessary part of the Call Detailed Records (CDR’s) with your home operator for invoicing purposes.

Personal Data processed and retention periods

When you roam, we generate a record based on the use of the service. This record is called a Call Detail Record (CDR). Telenor processes CDRs for invoicing, and they are retained for a maximum of 12 months depending on the interval for invoicing between the various operators involved in the roaming calls.

Categories of data processed when roaming
Personal Data Retention policy Reasons for retention
Call details Call date Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call time Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details A-number MSISDN (i.e phone number) of calling party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details B-number MSISDN (i.e phone number) of receiving party) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details IMSI (international mobile subscriber identity) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Visited-PLMN-id (in which mobile network the subscriber is roaming) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Origin-Realm (in which mobile network the subscriber is roaming (for incoming messages)) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Origin-Host: Same as Origin Realm if visited network is configured according to best practice. If not, this may include which Mobility Management Entity (MME) the subscriber is connected to and thereby the rough location in the country) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Destination-Host (same as Origin Realm if visited network is configured according to best practice. If not, this may include which MME the subscriber is connected to and thereby the rough location in the country) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.
Call details Call detail record (CDR) Maximum 12 months, depending on the interval for invoicing between operators. Needed for invoicing and settlement between various international mobile operators.

Legal basis
Telenor Linx bases its data processing activities connected to roaming on Article 6 no. 1 b) in GDPR, the performance of a contract. Telenor delivers the international services of your local telecommunications service provider and therewith partly performs the contract between you and your local telecommunications service provider.
Telenor Linx determines how personal data is processed for the part of the roaming service we control, and thereby act as a controller. We only gather information from your local operator and the operators you roam with, and we do not have knowledge of the identity of individual users or subscribers in our network. As such, only your local operator would have a full set of your traffic data, together with subscription- and any other user data – including the data sets we have. Your local operator would therefore be the easiest contact point for you to access your traffic data.
Processing of personal data by Telenor Linx is also subject to the confidentiality and use restrictions set out in the Norwegian ecom act § 2-7 and 2-9.

DCB – Direct Carrier Billing

Purpose
Direct Carrier Billing (hereafter ‘DCB’) is a service that allows you to pay for digital content through your phone bill.
Telenor Linx can be either a data controller or processor regarding the DCB service. As a data processor, we are delivering the service to the mobile network operators, and you would need to go to the operator to learn more about their terms and how they process personal data.
This privacy notice specifically applies to the cases in which Telenor Linx is the data controller.
The majority of Telenor Linx’ data processing to provide Direct Carrier Billing is essential to provide the functionality that users request (such as the processing of payment transactions or providing refunds to users). Such data processing therefore is necessary to deliver the DCB services that we have committed to.
Processing Purpose Details
Service Provision Providing the service requested by the user to the user. These include authentication of the user, the processing of payment transactions and refunding of transactions where necessary.
Customer Support Assisting users with demands and requests that they may have and helping them to solve potential issues.
Maintain Confidentiality and Security of User Data Taking measures to protect user data against data loss, unauthorised access/alteration, etc.
Maintain Confidentiality and Security of Non-User Data, Systems and Services Taking measures to protect data other than user data, as well as infrastructure, against data loss, unauthorised access/alteration, etc.
Maintain Integrity of User Data Taking measures to protect user data against inaccuracy.
Product Performance Improvement Improving the performance of the product, such as caching data.
Transferring Data within Telenor Group for Administrative Purposes Intra-Group data exchange across Telenor, i.e. for the provision of the service or for the purpose of reconciliation of different databases.

Personal Data processed and retention periods
In order to provide the DCB services, Telenor Linx obtains data indirectly from either:
  • your mobile operator in order to provide your bill
  • our partners, i.e., the stores or services from which you make a purchase
Telenor Linx’ data retention policies vary based on the purpose of processing. As a general rule, personal data will be kept only as long as is necessary for the purposes outlined in this privacy notice.

Personal data categories for DCB
Personal Data Retention policy Reasons for retention
Account identifier MSISDN (i.e phone number) 1 year – deleted 1 year after transaction date the date of the most current transaction We retain this to support you with any queries or refunds regarding transactions
Account identifier End-user profile (post-paid, pre-paid etc) 1 year – deleted 1 year after transaction date

We retain this to support you with any queries or refunds regarding transactions.

In some cases, however, this information is not passed to us by the operator.

General user data ACR (encrypted unique customer identifier) 1 year – deleted 1 year after transaction date Not every transaction has an ACR. If it does, we retain this to support you with any queries or refunds regarding transactions.
General user data Operator ID 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions.
Purchase information Amount – purchase value 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions
Purchase information Description of purchase 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions
Purchase information Transaction ID 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions
Purchase information Name of the partner purchased from 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions
Time stamp Time of purchase 1 year – deleted 1 year after transaction date We retain this to support you with any queries or refunds regarding transactions
DCB SMS SMS service messages in relation to the DCB service 1 year – deleted 1 year after communication takes place We retain this to support you with any queries about the transaction eg. PIN delivery, receipts, etc…

Legal basis

Some supporting data processing is beneficial to the provision of our services, while not an integral part of it, such as developing new features or measuring the performance of existing features to further improve the product. In that case, that data processing serves the legitimate interests of Telenor Linx:

Details
To improve our customer service. We are committed to providing you with quick, effective, and convenient assistance, should you encounter an issue with one of our services. Quality assurance of our customer service is essential to improving our processes and meeting your needs.
To maintain security. We are committed to maintain both the integrity and confidentiality of your data and the reliability of our services. Therefore, we take measures to recognise events that indicate an attack on our systems or fraudulent attempts to access or alter data. We also keep log-files, accessible only to few of our colleagues and only on documented exceptional circumstances, which allow us to investigate security incidents and learn from them.
To improve customer experience. We need to understand how you access our services to ensure an effective presentation of our websites and apps on your devices. This includes troubleshooting and preventive measures to maintain the stability of our services.
To improve our performance.

This includes understanding how our products are used across different markets and over time to optimise them accordingly. In many cases, this data will be aggregated, and such aggregated statistics do not include information that can directly identify you. In other cases, numeric indexes are used to distinguish between different users without directly identifying them.

We use this information for research to provide a better customer experience and to create new services.

To integrate and interlink our services within the Telenor Group. Telenor Linx provides centralised services to other members of Telenor Group, which is why your mobile service provider will exchange information with us for various administrative purposes. This includes information on the performance of our services to improve integration or supporting internal reporting. Where we process data for this purpose, this is performed at an aggregate, depersonalised level.

For some specific data processing Telenor Linx will ask your prior explicit consent.

Millom

Purpose
Digital sales and customer care is a service natively embedded in 3rd party apps and operating systems. Telenor Linx operates this service as a data processor on behalf of Mobille Network Operators and other service providers.
Telenor Linx do however have a controller role for the purposes of product improvement and improvement of operation of the Millom services as listed below under “legal basis”. This processing will use aggregated values, and data on individual level will not be retained for Telenor Linx’ own purposes.

Personal Data processed and retention periods

Categories of data processed:

Personal Data Retention policy Reasons for retention
Identity token userKey 5- 10 years, or deleted if service is no longer delivered to MNO Part of core customer information, required to provide the service.
Account Identifier MSISDN 0 – 1 day (no retention) Not retained. In certain limited cases used as an identifier between Telenor Linx and MNO.
Technical data

IP-Address – end user

UserAgent

1 day – 1 month Information sent from the client when obtaining the AccountIdentifier
Account Identifier Carrier Provided ID (CPID) 5-10 years or deleted if service is no longer delivered to MNO

Part of core customer information, required to provide the service.

CPID let operators mask data before sharing it with service providers, so the service providers cannot identify the users of the service directly.

Time And Location Timestamp 5-10 years or deleted if service is no longer delivered to MNO

The time of the day when an event occurred.

Retained to identify temporary issues and track statistics evolution over time.

User base data – all Notifications, Plan and account information, block/allow-list 5-10 years or deleted if service is no longer delivered to MNO Part of core customer information, required to provide the service. Product improvements to e.g. reduce user spam and be more relevant when user interacts with the service.
Service usage metadata AppID 5-10 years or deleted if service is no longer delivered to MNO Part of core customer information, required to provide the service. Product improvements to e.g. reduce user spam and be more relevant when user interacts with the service.
Payment wallets Whether or not user has payment options available 5-10 years, or deleted if service is no longer delivered to MNO Part of core customer information, required to provide the service. Product improvements to be more relevant when the user interacts with the service.
Purchase Fact / Transaction data Successful/failed purchase, error codes 5-10 years, or deleted if service is no longer delivered to MNO Required to provide the service. Product improvements to be more relevant when the user interacts with the service, for reconciliation and to support MNOs with potential customer queries.

Legal basis
Telenor Linx’ processes most of the personal data in Millom to provide and support service providers with their services. In these cases, Telenor Linx is acting on instructions from agreements between your service provider and us. Your service provider should be able to answer any questions regarding their use of personal data in connection with this service where they are the data controller.
For the few cases related to the Millom service where Telenor Linx is controller, our processing is based on “legitimate interests”:
Details
To improve our customer service. We provide the customer (MNO) the insight into their subscribers’ purchasing history on the platform to allow handling of possible complaints from their subscribers.
To maintain security. We are committed to maintain both the integrity and confidentiality of your data and the reliability of our services. Therefore, we take measures to recognise events that indicate an attack on our systems or fraudulent attempts to access or alter data. We also keep log-files, accessible only to a few of our colleagues and only on documented exceptional circumstances, which allow us to investigate security incidents and learn from them.
To improve customer experience. We need to understand how you use our services to ensure we present you with the best possible customer experience where you interact with the services we provide. This includes troubleshooting and preventive measures to maintain the stability of our services.
To improve our performance.

This includes understanding how our products are used across different markets and over time in order to optimise them accordingly. In many cases, this data will be aggregated, and such aggregated statistics do not include information that can directly identify you. In other cases, numeric indexes are used to distinguish between different users without directly identifying them.

We use this information for research to provide a better customer experience and to create new services.

To integrate and interlink our services within the Telenor Group. Telenor Linx provides centralised services to other members of Telenor Group, which is why your mobile service provider will exchange information with us for various administrative purposes. This includes information on the performance of our services to improve integration or supporting internal reporting. Where we process data for this purpose, this is performed at an aggregate, depersonalised level.

Telenor ID / Connect ID

Purpose

Telenor Linx’ authentication service is designed to protect end-users of digital services from Telenor by providing a safe and convenient login solution. Telenor Linx will for this service act as a controller, often in cooperation with other controllers.

Categories of data processed for ID
Personal Data Retention policy Reasons for retention
Data Subject Identifier Full Name

End user provides this by own choice

Deleted when account is deactivated

Part of core customer information, required to provide the service.
Logic Account Identifier Email Address

Entered on signup or when requested by a service (if not already present)

Deleted when account is deactivated

Part of core customer information, required to provide the service. Used as username by the end-user.
(End-)User Account ID

Generated on signup

Deleted when account is deactivated

An unique identifier that is used internally by the system to identify each user.
Identity Token

0 to 1 hour

Deleted immediately when token is invalid

The identity token generated by ConnectID and passed to confirm an end-user’s identity.
IP-Address — End-User

1 month to 2 years

Retained in basic logs for investigation of bugs and other incidents for 30 days. Retained in security logs for 2 years for investigation of security incidents

Security logs are accessible only to few individuals, and only in defined, exceptional circumstances, where the access is required for the investigation of security incidents.
MSISDN

Entered on signup or when requested by a service (if not already present)

Deleted when account is deactivated

Part of core customer information, required to provide the service. Used as username by the end-user.
One-time PIN

30 mins

Invalidated after 30 minutes or 3 wrong attempts

A one-time pin that you may receive during sign-up and sign-in, depending on the chosen method.
Password

Entered on signup

Deleted when account is deactivated

Password for your account
Geolocation

1 month to 2 years

Retained in basic logs for investigation of bugs and other incidents for 30 days. Retained in security logs for 21 years for investigation of security incidents

The geolocation of the end-user (based on geolocation of IP). Used to identify operational issues related to specific locations, and in security investigations.
Technical Data — B2B API Credentials

Generated when partner is integrating

Deleted when account is deactivated

Used by our partner services to configure the integration. Not related to end-users.
Technical Data — User Hardware Environment

1 month to 2 years

Same policy as other log data (see IP address)

Information on the end-user device
Software Environment — Integrating App

Stored whenever ID is used to log into a 3.party service

Deleted when account is deactivated

The service, for which you use ID to sign-in.
Software Environment — User Agent

1 month to 2 years

Same policy as other log data (see IP address)

Information sent by your browser.
Time And Location Timestamp

1 month to 2 years

Same policy as other log data (see IP address)

The time of the day, when an event happens. This is relevant for example to recognise malicious sign-in attempts, due to high frequency of sign-in attempts.
User Behaviour Event Stream

1 month to 2 years

Same policy as other log data (see IP address)

Information on how users traverse the login of the ID application,where they may get stuck and where components may not work as intended.
User Behaviour — Logs

1 month to 2 years

Same policy as other log data (see IP address)

Historic logs of user activities, such as sign-in attempts, used i.e. under exceptional circumstances to investigate security vulnerabilities.
Other User Events

1 month to 2 years

Same policy as other log data (see IP address)

Other user triggered events of potential IT-security relevance.

Personal Data Categories for Customer Service

What personal data is used by the customer care service is highly contextual and strongly depends on what you are seeking assistance with. The list below is comprehensive, but usually only a small fraction of it will apply, depending on your request.

Personal Data Retention Policy Remarks
Customer Service & Customer Communication Customer Service Interaction – All

1 month to 2 years

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Your interaction with the Customer Service.
Data Subject Identifier Full Name

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Part of core customer information, required to provide the service.
Logic Account Identifier Email Address

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Part of core customer information, required to provide the service. Used as username by the end-user.
(End-)User Account ID

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

An unique identifier that is used internally by the system to identify each user.
IP-Address

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

The IP-address linked to your customer service ticket.
MSISDN

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Part of core customer information, required to provide the service.  Used as username by the end-user.
One-time PIN

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

A one-time PIN that you receive in order for customer service to assess that you are the rightful owner of an account.
Ticket-ID

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Customer Service operates on so-called tickets, to be able to follow-up your request over a longer period, if needed.
User Behaviour Service Usage Metadata

1 month

To follow-up an issue on repeated occurrence (i.e. sporadic technical issues)

Overview of which services the end-user has used ID to log into.

Personal Data Categories for Privacy Service
Personal Data Retention Policy Remarks
Logic Account Identifier (End-)User Account ID

Stored when you make a request

Deleted when account is deactivated

Your ID

Retained to be able to display and check consent decisions and objections.

Personal Data Categories for Analytics
Personal Data Retention Policy Remarks
General User Data User Base Data — All 1 year Retained to have a historical comparison of user base data frequencies between seasons of different years.
Logic Account Identifier (End-)User Account ID 1 year Retained to have a historical comparison of number of distinct users between seasons of different years.
IP-Address — End-User 1 year Retained to have a historical comparison of user density in different estimated locations between seasons of different years.
MSISDN 1 year Retained to have a historical comparison of number of distinct users between seasons of different years.
Email Address 1 year Retained to have a historical comparison of number of distinct users between seasons of different years.
Technical Data — B2B Operation Status Confirmation Message 1 year Retained to have a historical comparison of the API call status frequencies between seasons of different years.
Technical Data — User Software Environment — User Agent 1 year Retained to have a historical comparison of browser usage between seasons of different years.
Time And Location Timestamp 1 year

The time of the day when an event occurred.

Retained to track statistics evolution over time.

User Behaviour Service usage metadata 1 year

User-triggered events that allows insights on the performance of the product and potential technical issues.

Retained to have a historical comparison of number of service usage patterns between seasons of different years.

Event Stream 1 year Retained in order to build information about how the service performs (e.g. where users quit the service)

Legal basis
Telenor Linx uses much of the personal data we process to provide you with the services you use. Your data makes these services run. This kind of data processing is referred to as “processing for the performance of contract”.
In addition, we process some data for purposes defined as “legitimate interests” under the law. This usually refers to cases where we process data to better understand your experience with our products and services. The insights we gain by analysing this kind of data help us to improve and fix our existing products, as well as develop new features to meet your needs. Telenor Linx use legitimate interests as legal basis for processing in the following cases:
Details
To improve our customer service. We are committed to providing you with quick, effective and convenient assistance, should you encounter an issue with one of our services. Quality assurance of our customer service is essential to improving our processes and meeting your needs.
To maintain security. We are committed to maintain both the integrity and confidentiality of your data and the reliability of our services. Therefore, we take measures to recognise events that indicate an attack on our systems or fraudulent attempts to access or alter data. We also keep log-files, accessible only to a few of our colleagues and only on documented exceptional circumstances, which allow us to investigate security incidents and learn from them.
To improve customer experience. We need to understand how you access our services to ensure an effective presentation of our websites and apps on your devices. This includes troubleshooting and preventive measures to maintain the stability of our services.
To improve our performance.

This includes understanding how our products are used across different markets and over time in order to optimise them accordingly. In many cases, this data will be aggregated, and such aggregated statistics do not include information that can directly identify you. In other cases, numeric indexes are used to distinguish between different users without directly identifying them.

We use this information for research to provide a better customer experience and to create new services.

To integrate and interlink our services within the Telenor Group. Telenor Linx provides centralised services to other members of Telenor Group, which is why your mobile service provider will exchange information with us for various administrative purposes. This includes information on the performance of our services to improve integration or supporting internal reporting. Where we process data for this purpose, this is performed at an aggregate, depersonalised level.

For some specific data processing, we will ask your prior explicit consent.

Transfer of personal data to Third Parties

Third party companies help us to provide and maintain our services. These third parties fall into the following categories:

  • Network Operator: We integrate and collaborate with other network operators, for example, other Telenor companies. These activities require data transfers to or from your mobile service provider.
  • Partners: Occasionally, we integrate our services with partners outside the Telenor Group. In such a case, each party is responsible for their part of the data processing as a data controller.
  • External vendors: We use external vendors to host, deliver, improve, and maintain our services and products. These vendors are data processors to us, which means they are legally and contractually obligated to follow our instructions, maintain your data securely according to our standards, delete your data upon request, and so forth.

Finally, if we decide to sell, buy, merge or otherwise re-organise a business, we may transfer your personal information to purchasers, or partners and their advisers.

Data transfers outside of the EU/EEA

In some specific cases, we transfer data to countries outside the European Economic Area (EEA)/European Union (EU). Such transfers occur when:

  • a user’s country of residence is outside EU/EEA, and the user is a subscriber to the local mobile network operator and Telenor Linx services are offered with the subscription; or
  • a user use Telenor ID to sign into a service based outside EU/EEA; or
  • we use the processing capacities of a vendor based outside EU/EEA; or
  • we use Telenor Linx own capacities outside of EU/EEA.

In the first two cases, the countries to which we transfer the data are determined by the location of your mobile service provider or the location of the services you are using with Telenor ID. Unless it is necessary to transfer the data to a country outside the EU/EEA for the performance of our contract with you, we enter into standard data protection clauses adopted by the European Commission (“EU Model Clauses”).

Many of our vendors are located in the United States. The hosting services we purchase limit however the location of processing to EU, which means that data is not transferred to nor accessed from outside of EU. For vendors that help us improve and maintain our products, data might be transferred to the USA. In such cases we assess the risk and make the adequate security measures before any transfer starts up.

For the last category, Telenor Linx has full control of the entities and full insight in any authority requests coming into the local Telenor Linx units. Here as well adequate security measures are taken.

All transfer of personal data out of EEA is furthermore based on a set-up with EU model clauses, either between Telenor Linx in Norway and the party outside of EEA, or via a European vendor who as a data processor establish a processor-to-processor model clause with the party outside of EEA.

Security and fraud prevention

In electronic communication as elsewhere in society there is a risk for malicious attacks and fraudulent attempts. Telenor process signalling and roaming data in various ways to prevent and stop fraud. We manage firewalls where recognizable fraudulent traffic is stopped, and we look for call patterns we know are likely to be fraudulent to close down traffic from such sources when necessary. Typical case for the latter could be sending thousands of messages in a very short time range to a high-cost number – Wangiri calls trying to trick the called party to call back on a missed call, or “fake support calls” used to scam the victim’s credit card. Characteristic for both types of calls is the sequential dialling generated by machines.

To be allowed to transfer calls to the USA, all calls coming from a sender with a phone number from the North American Numbering plan will be analysed as any other call going through Telenor’s network. In case such a robo-call would pass through to the recipient despite our efforts to prevent it, US authorities may require Telenor’s assistance to track back the real sender of the call.

Fraud detection and prevention is dependent on fresh data, and data used for this purpose will not be stored for more than 24 hours. For monitoring purpose, the last two digits are removed from both the calling and the receiving number (A and B number). The A and B numbers are not combined in any of the fraud alerts to further limit any possibility for reidentification of end-users.

User rights

Telenor Linx takes privacy rights seriously and offers in general the rights to access and information to the individuals whose data we collect and process. However, for the international voice and SMS services, as well as the roaming services, Telenor Linx only gathers information from your local operator and operators you roam with, and the full set of information will only be available at your local operator. Additionally, Telenor Linx do not know the identity of the individual users. For these reasons, you will have to ask your local operator for access to your traffic data.

For all other services Telenor Linx is controller of you have several rights regarding your personal data which you can exercise by visiting your privacy settings in your service or contact Telenor Linx directly. Customer Service will handle your requests and answer your questions. These include the:

  • Right to withdraw consent: Where you have previously given consent for us to process your personal data, you can withdraw that consent any time.
  • Right to access your information: You can ask for more detail regarding the data we collect about you and how we process it.
  • Right to rectification: You can request that we correct any inaccurate personal data which we are processing. For most of our services, the simplest way to correct your data is to update your user profile yourself.
  • Right to object: When we process your personal data on the legal basis of legitimate interest you have the right to object to such processing.
  • Right to erasure: You can request that we erase the personal information we hold about you. This kind of request must meet certain criteria. For example, we cannot delete information required to fulfil our contract with you.
  • Right to restrict processing: In certain cases, you may request that we cease processing of your personal data for specific purposes. For instance, you might claim that our use of your data is unlawful, but you may ask us to restrict the processing of data, as opposed to deleting it.
  • Right to portability: You have the right to receive the personal data we are processing concerning you. This pertains to the data which you have provided to us and that we are processing based on your consent or to perform a contract with you, provided that the data is processed using automated means. This right includes a direct transfer of your data to another controller, where technically feasible. Please note that the right to portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. We also will not be able to extend this right in a way that would adversely affect the rights and freedoms of others.

See the “Contact Details” section of this Privacy Notice to see options to how and where you may exercise your rights.

Business Customers and vendor management

All business customer data and vendor data are solely used for professional relationship management purposes. In addition to contact and follow-up, Telenor also runs an annual Net Promoter Score (NPS) survey. We then ask for and collect the NPS from our business customers and vendors. It is voluntary to participate. This data is stored for as long as the customer or vendor has a relationship with our company. At any point in time, contacts can opt out of the survey, and/or ask to have their own data deleted.

Telenor Linx typically log your activities when you log on to our customer portals.

We collect your e-mail address/username and your log-data based on legitimate interest as a legal basis. Our legitimate interest in collecting your log-data is to secure and control access to the (personal) data in the system.

We do not share information about you with any third parties for other purposes than the ones described in this privacy notice.

Changes to the Privacy Notice

We will at all times keep our privacy notice updated and notify on our website or application with any changes. For products where we have registered your e-mail address, we will also notify you by e-mail if we make substantial changes relevant to this product.

How can I contact Telenor Linx regarding my privacy rights?

For requests about access to data, objection to data processing, correction of your data, deletion of data or accounts or to see your history for relevant services, please go to our “Make a request” page: https://privacy.telenordigital.com/pages/review

For opting out of, please go to https://privacy.telenordigital.com/pages/consents

Telenor Linx AS
Snarøyveien 30
1331 Fornebu, Norway
Org. No. NO 996 516 288

Any questions or complaints to Telenor Linx processing of personal data can be addressed to the Telenor Linx’s Data Protection Officer.

You also have the right to lodge a complaint with a supervisory authority.