This privacy notice will provide information about what kind of personal information we process, and how and when we gather such information. It should also preferably be read in connection to the service conditions from your operator for the applicable service you use.
Understanding our Privacy Position
We value your privacy and take protection of personal information very seriously. Therefore, it is important for us that you understand how we collect data and process personal information. (Status: April 2021)
Our position on privacy can be summarized as follows:
- We are open about how we collect and use your personal data.
- We are committed to using personal data to provide you with good quality services.
- We always take steps to ensure that we keep personal information safe and secure.
- We believe that all users of our services should enjoy the same standards of privacy protection.
This is why we apply our key privacy principles in every country in which we operate. No matter where in the world we collect personal information about you, we will process it in accordance with the following key principles:
- We will process personal information in accordance with this privacy notice and any applicable laws.
- We will be transparent about what personal information we collect, as well as why and how we collect and process it.
- We will only process personal information if we have a legal basis for doing so, and only for as long as it is necessary to achieve the relevant purposes or for as long as we are otherwise required by applicable law to retain it.
- We will respect the privacy rights under applicable law.
- We will implement appropriate security measures to keep personal information safe and secure.
We collect personal data automatically from the network when you use our services via your local operator. This would typically be data like
- A-number (calling number)
- B-number (receiving number)
- Location update (the country you’re calling from)
We also collect personal data from our customers and vendors, including contact name, phone number and email address. This data is stored for as long as the customer or vendor has a relationship with our company.
International Signaling Data
Telenor processes signaling data from the originating “home” network to the called “terminating” network. Signaling is a process used to set up a connection in a telephone network and for authentication.
International Voice and SMS
When you make an international call or SMS a record is generated from the signaling data based on the use of the service. This record is called a Call Detail Record (CDR). Telenor processes CDRs for invoicing, and they are retained for a maximum of 12 months depending on the interval for invoicing between the various operators involved in the international calls.
Roaming is the ability to use you mobile phones or other mobile devices outside the geographical coverage area provided by your normal network operator.
When you travel abroad and use your phone or laptop whilst on a foreign (“visited”) network, this is known as international roaming. There are three types of services offered:
- Sending and receiving calls
- Sending and receiving SMS text messages whilst roaming abroad is called SMS roaming
- Data roaming refers to the use of mobile data services whilst abroad.
What personal data is collected when you roam? When you arrive in a foreign country and switch on your phone, a request is sent allowing you access to the local network (“visited” network) in that country: “Does this customer “your (IMSI) number” have permission to roam?” If the answer from the home network is yes, then the visited network allows you access to their network. The visiting network then shares the necessary part of the Call Detailed Records (CDR’s) with your home operator for invoicing purposes.
Security and fraud prevention
In electronic communication as elsewhere in society there is a risk for malicious attacks and fraudulent attempts. Telenor process signalling and roaming data in various ways to prevent and stop fraud. We manage firewalls where recognizable fraudulent traffic is stopped, and we look for call patterns we know are likely to be fraudulent in order to close down traffic from such sources when necessary. Typical case for the latter could be sending thousands of messages in a very short time range to a high cost number – Wangiri calls trying to trick the called party to call back on a missed call, or “fake support calls” used to scam the victim’s credit card. Characteristic for both types of calls are the sequential dialling generated by machines.
To be allowed to transfer calls to the USA, all calls coming from a sender with a phone number from the North American Numbering plan will be analysed as any other call going through Telenor’s network. In case such a robo-call would pass through to the recipient despite our efforts to prevent it, US authorities may require Telenor’s assistance to track back the real sender of the call.
Fraud detection and prevention is dependent on fresh data, and data used for this purpose will not be stored for more than 24 hours. For monitoring purpose the last two digits are removed from both the calling and the receiving number (A and B number). The A and B numbers are not combined in any of the fraud alerts to further limit any possibility for reidentification of end-users.
Customer and vendor management
All customer and vendor data is solely used for professional relationship management purposes. In addition to contact and follow-up, Telenor also runs an annual Net Promoter Score (NPS) survey. We then ask for and collect the NPS from our customers and vendors. It is voluntary to participate. This data is stores for as long as the customer or vendor has a relationship with our company. At any point in time, contacts can opt out of the survey, and/or ask to have their own data deleted.
Telenor bases its data processing activities on Article 6 no. 1 b) GDPR, the performance of a contract. Telenor delivers the international services of your local telecommunications service provider and therewith partly performs the contract between you and your local telecommunications service provider.
In all aspects of international wholesale services, Telenor hereby acts as Data Controller.
For customer and vendor management, Telenor base its processing on legitimate interests, article 6 nr. 1f) in GDPR.
TGS bases its data processing activities on Article 6 no. 1 b) GDPR, the performance of a contract. TGS delivers the international services of your local telecommunications service provider and therewith partly performs the contract between you and your local telecommunications service provider.
In all aspects of international wholesale services, TGS acts as Data Controller.
TGS delivers international wholesale services to other international wholesale carriers, mobile network operators (MNO), virtual mobile network operators (MVNO), OTT players and calling card operators around the world.
Where we store, share and process your personal data outside of EU/EEA we only do so with appropriate legal basis and where necessary contractually oblige our partners to apply a sufficient level of security in accordance with European Data Protection Laws.
TGS takes privacy rights very seriously, and offers in general the rights to access and information to the individuals whose data we collect and process. However, for the services described above, TGS only gathers information from your local operator and operators you roam with, and additionally TGS do not know the identity of the individual users. For these reasons, you will have to ask your local operator for access to your traffic data.
Any questions or complaints to TGS’ processing of personal data can be addressed to the TGS’ Data Protection Officer. You also have the right to lodge a complaint with a supervisory authority.
If you are an employee working for one of our business customers, we typically log your activities when you log on to our customer portals.
We therewith collect your e-mail address/username and your log-data based on legitimate interest as a legal basis. Our legitimate interest in collecting your log-data is to secure and control access to the (personal) data in the system.
If you, as an employee of one of our business customer, have chosen to receive news from TGS by e-mail and register your e-mail address with us, TGS does not utilize this information for any other purpose. You may end your subscription at any time and unsubscribe at www.telenorglobal.com.
We do not share information about you with any third parties for other purposes than the ones described in this privacy notice.
Telenor Global Services AS
1360 Fornebu, Norway
You can also contact our Data Protection Officer by e-mail: