Telenor Software Lab AS Privacy Notice
Welcome to Telenor Software Lab AS, and thank you for your interest.
Telenor Software Lab AS (TSL) is a Norwegian company within Telenor Group that develops, provides and maintains mobile apps and web applications. These are currently:
* Capture, a cloud storage and automated backup solution for your photos;
* My Contacts, a cloud storage and automated backup solution for your contacts/address book;
* Fremkalle.no, a photo print service;
* Mine Papirer, a cloud storage solution for your valuable digital assets.
For these services TSL is the data controller.
Contact:
Telenor Software Lab AS
Snarøyveien 30
1331 Fornebu, Norway
Org. No. NO 884 640 202
Contact us and our Data Protection Officer online via privacyoffice-telenornorge@telenor.com or Mine Papirer support email.
User Rights
The Privacy Service gives access to the privacy settings and allows for customised adjustments. Additionally, customer service will support you with exercising your rights:
Right to withdraw consent:
Where you have previously given consent for us to process your personal data, you can withdraw that consent any time. Use the Control section of our Privacy page to adjust your privacy settings.
Right to access your information:
You can ask for more detail regarding the data we collect about you and how we process it. Use the Review section of our Privacy page to request a report that reflects what personal information we hold about you. Our customer service department will handle your request and answer your questions.
Right to rectification:
You can request that we correct any incorrect personal data which we are processing. For most of our services, the simplest way of achieving this is through updating your user profile yourself. You may also get in touch with our customer service.
Right to object:
When we process your personal data on the legal basis of legitimate interest, as discussed below, you have the right to object to such processing. You may submit objections either in the Control section of our Privacy page for the most common objections, or you can contact Mine Papirer support directly.
Right to erasure:
You can request that we erase the personal information we hold about you. This kind of request must meet certain criteria. For example, we cannot delete information required to fulfil our contract with you.
Right to restrict processing:
In certain cases, you may request that we cease processing of your personal data for certain purposes. For instance, you might claim that our use of your data is unlawful, but you may ask us to restrict the processing of data, as opposed to deleting it.
Right to portability:
You can request the personal data concerning you, which you have provided us with and that we are processing based on your consent or in order to perform a contract with you, in a structured commonly used and machine-readable format, provided that the data is processed using automated means. This includes a direct transfer to another controller, where technically feasible. . You can submit a request to download your data using the Review section of our Privacy page. Customer Service will provide access to this data in a machine-readable format via our file-sharing solution. Please note that this right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. We also will not be able to extend this right in a way that would adversely affect the rights and freedoms of others.
You also have the right to lodge a complaint with a supervisory authority.
Data Categories, Data Sources and Retention Policies
TSL obtain personal information as follows:
Direct: Information users provide us with upon our request when subscribing to or otherwise using our services, or when getting in touch with us.
Automatic: Data generated automatically by the use TSL services.
Indirect: Information that TSL may receive from third parties, i.e. your mobile operator.
TSL’s data retention policies vary based on the purpose of processing. As a general rule, personal data will be kept only as long as is necessary for the purposes outlined in this privacy notice.
Account-related data is kept for the period in which the account is active. Subsequently, personal data is being deleted after 30 days, except in cases where there are legal reasons to retain it.
Personal Data Categories for Capture
| Personal Data | Retention | Details | |
|---|---|---|---|
| Customer Service & Customer Communication | Standardised end-user Push Notification | Indefinite | Deleted if the user chooses to delete the Capture account, or the user opts out of Capture sending data to 3. parties. |
| Data Subject Identifier | Full Name | Indefinite | Deleted only if user chooses to delete the Capture account. |
| Device And Object Identifier | Other Device Identifier | Indefinite | Deleted only if user chooses to delete the Capture account. |
| General User Data | Link To User Generated Content | Indefinite | Will be useless when sharing is disabled or content is deleted. |
| User Generated Content | Indefinite | Deleted when the user chooses to delete the content they have created. | |
| User Generated Content Meta Data | Indefinite | This is data automatically attached to an image by the device capturing it. It can include technical data, such as aperture and exposure time, generic information such as the timestamp, or the GPS location if the camera supports it and the user makes use of that function. Capture stores such EXIF metadata exactly as the user uploads it, neither adding nor removing any of it. | |
| User Rights | 30 days | Deleted when the user right expires + 30 days. | |
| Account Identifier | Email Address | Indefinite | Deleted only if user chooses to delete the Capture account. |
| (End-)User Account ID | Indefinite | Deleted only if user chooses to delete the Capture account. | |
| IP-Address — End-User | 30 days | IPs are only logged for 30 days, then deleted automatically. | |
| MSISDN | Indefinite | Deleted only if user chooses to delete the Capture account. | |
| Technical Data — User | Hardware Environment | Indefinite | Deleted only if user chooses to delete the Capture account. |
| Software Environment — Other | Indefinite | Deleted only if user chooses to delete the Capture account. | |
| Software Environment — User Agent | Indefinite | Deleted only if user chooses to delete the Capture account. | |
| Time And Location | Timestamp | Indefinite | Deleted only if user chooses to delete the Capture account. |
| User Behaviour | Service usage metadata | Indefinite | Deleted only if user chooses to delete the Capture account. |
| User Behaviour — History | Indefinite | Deleted only if user chooses to delete the Capture account. | |
| User Behaviour — Other | Indefinite | Deleted only if user chooses to delete the Capture account. |
Personal Data Categories for My Contacts
| Personal Data | Retention | Details | |
|---|---|---|---|
| Customer Service & Customer Communication | Standardised end-user Push Notification | Indefinite | Part of core customer information, required to provide the service, or the user opts out of My Contacts sending data to 3. parties. |
| Data Subject Identifier | Full Name | Indefinite | Part of core customer information, required to provide the service. |
| Device And Object Identifier | IMEI | Indefinite | Part of core customer information, required to provide the service. |
| Other Device Identifier | Indefinite | Part of core customer information, required to provide the service. | |
| Logic Account Identifier | Identity Token | Indefinite | Part of core customer information, required to provide the service. |
| MSISDN | Indefinite | Part of core customer information, required to provide the service. | |
| Email address | Indefinite | Part of core customer information, required to provide the service. | |
| User Name | Indefinite | Part of core customer information, required to provide the service. | |
| IP-Address - End-User | 30 days | IPs are only logged for 30 days, then deleted automatically. | |
| Time and Location | Timestamp | Indefinite | Part of core customer information, required to provide the service. |
| User Behaviour | User Behaviour - Other | Indefinite | Part of core customer information, required to provide the service. |
| User Behaviour | Indefinite | Part of core customer information, required to provide the service. | |
| Technical Data - User | Hardware Environment | Indefinite | Part of core customer information, required to provide the service. |
| Software Environment - User Agent | Indefinite | Part of core customer information, required to provide the service. | |
| Software Environment - Other | Indefinite | Part of core customer information, required to provide the service. | |
| Carrier Network Information | Indefinite | Part of core customer information, required to provide the service. | |
| General User Data | User Base Data | Indefinite | Part of core customer information, required to provide the service. |
| User Generated Content | Indefinite | Part of core customer information, required to provide the service. | |
| User Generated Content Meta Data | Indefinite | Part of core customer information, required to provide the service. | |
| User Rights | Indefinite | Part of core customer information, required to provide the service. |
Personal Data Categories for Fremkalle.no
| Personal Data | Retention | Details | |
|---|---|---|---|
| Data Subject Identifier | Full Name, address, e-mail and phone number | Order data is stored based upon requirement in Bokføringsloven | Part of core customer information, required to provide the service. |
| User Generated Content | Photos | 90 days | Photos are stored to be able to re-process an order. |
Personal Data Categories for Mine Papirer
| Personal Data | Retention | Details | |
|---|---|---|---|
| Account Identifier | Full Name | Indefinite | Deleted when the service is terminated. |
| Indefinite | Deleted when the service is terminated. | ||
| MSISDN | Indefinite | Deleted when the service is terminated. | |
| Account ID | Indefinite | Deleted when the service is terminated. | |
| IP address | 30 days | Data is automatically deleted after 30 days. | |
| Technical Data - User | Hardware Environment | Indefinite | Deleted when the service is terminated. |
| Software Environment | Indefinite | Deleted when the service is terminated. | |
| User Generated Content | Photos | Indefinite | Deleted when the service is terminated. |
| User Generated Content - metadata | Indefinite | Deleted when the service is terminated. | |
| User Generated Content - history data | Indefinite | Deleted when the service is terminated. |
Processing Purposes
The majority of TSL’s data processing is an integral part of our applications and essential to provide the functionality that users request (such as “image upload” or “address book synchronisation”). Such data processing therefore is necessary to deliver the services that we have committed to in the user agreement.
Some supporting data processing is beneficial to the provision of our services, while not an integral part of it, such as developing new features or measuring the performance of existing features to further improve the product. In that case, that data processing serves the legitimate interests - as listed below - of TSL or other members of Telenor Group
For some specific data processing TSL will ask your prior explicit consent
Processing Purposes in Detail:
| Product | Processing Purpose | Details |
|---|---|---|
| Capture | Customer Support | Assisting customers with demands and requests that they may have, and helping them to solve potential issues. |
| Developing Product - New Features | Developing Capture to extent its features and capabilities. | |
| Establish User Account | Gathering the basic user data to allow a new user to start using the service. | |
| Maintain Confidentiality and Security of User Data | Taking measures to protect user data against data loss, unauthorised access/alteration, etc. | |
| Maintain Confidentiality and Security of Non-User Data, Systems and Services | Taking measures to protect data other than user data, as well as infrastructure, against data loss, unauthorised access/alteration, etc. | |
| Maintain Integrity of User Data | Taking measures to protect user data against inaccuracy. | |
| Marketing of the Product | Providing the user with updates and other relevant information on Capture. | |
| Service Provision | Providing the service requested by the user to the user. | |
| Product Performance Improvement | Improving the performance of the product, such as caching data. | |
| Transferring Data within Telenor Group for Administrative Purposes | Intra-Group data exchange Telenor, i.e. for the purpose of reconciliation of different databases or service bundling. | |
| Unsupervised image analysis | For the purpose of protecting minors from child abuse. To provide features for image classification. |
|
| My Contacts | Customer Support | Assisting customers with demands and requests that they may have, and helping them to solve potential issues. |
| Establish User Account | Gathering the basic user data to allow a new user to start using the service. | |
| Maintain Confidentiality and Security of User Data | Taking measures to protect user data against data loss, unauthorised access/alteration, etc. | |
| Maintain Integrity of User Data | Taking measures to protect user data against e.g. fraudulent attacks. | |
| Marketing of the Product | Providing the user with updates and other relevant information on My Contacts. | |
| Product Performance Improvement | Improving the performance of the product performance. | |
| Service Provision | Providing the service requested by the user to the user. | |
| Transferring Data within Telenor Group for Administrative Purposes | Intra-Group data exchange in Telenor, i.e. for the purpose of reconciliation of different databases or service bundling. |
Legitimate Interests
| Legitimate Interests | Details |
|---|---|
| To improve our customer service. | TSL is committed to providing customers with quick, effective and convenient assistance, should they encounter an issue.,Quality assurance of customer service is essential to improving processes and providing the help that is needed. |
| To improve customer experience. | To ensure an effective presentation of websites and apps, and to facilitate troubleshooting and easy accessibility, TSL needs to understand by which means services are accessed (such as device types, operating systems, browser type), and where potential issues with the user interface occur. |
| To integrate and interlink our services within the Telenor Group. | TSL provides centralised services to other members of Telenor Group, which is why i.e. your mobile operator will exchange information with us for various administrative purposes. This includes information on the performance of our services to improve integration or supporting internal reporting. |
| To improve our performance. | Understanding how our products are used across different markets and over time in order to optimise them accordingly, is a basic interest of TSL. In many - but not all - cases, this data will be aggregated. Such aggregated statistics do not include information that can personally identify a user. In other cases, numeric indexes are used to distinguish between different users without concretely identifying them. |
Cookies and tracking technology
Telenor Software Lab uses HTTP cookies (also known as internet cookies) to enhance performance and to provide certain features to the service.
Can I opt out of cookies used for product improvement?
You can customise your permissions in the Telenor Digital Privacy Dashboard. To opt out of product improvement cookies, toggle the "Help us improve" options to off. Following is a list of the cookies we use, and a brief explanation as to why we use these cookies.| Identifier | Origin | Type | Reason for use |
|---|---|---|---|
| __utma | Performance | This helps us understand how often users visit our site. All information is anonymised. | |
| _ga | Performance | This will help us distinguish unique visitors. All information is anonymised. | |
| __zlcmid | Zendesk | Functionality | This will allow us to provide chat support across our services. |
| _zendesk_session | Zendesk | Functionality | This will allow us to provide customer support for our services. |
| _zendesk_shared_session | Zendesk | Functionality | This will allow us to provide customer support for our services. |
| _help_center_session | Zendesk | Functionality | This will allow us to provide customer support for our services. |
| CraftSessionId | Craft CMS | Strictly Necessary | This will allow us to provide visitors with an anonymised session identifier. |
| __cfduid | CloudFlare | Strictly Necessary | This cookie allows us to speed up load times for the service. |
| __cfruid | CloudFlare | Strictly Necessary | This will allow us to identify trusted web traffic. |
| JSESSIONID | JSP | Strictly Necessary | This will allow us to provide visitors with an anonymised session identifier. |
| lang | capture-app.com | Strictly Necessary | This allows us to store preferred language. |
| consent | fremkalle.no | Strictly Necessary | This will allow us to store user decision related to our services. |
| km_ai | Kissmetrics | Performance | This will help us understand how visitors use our services. |
| km_lv | Kissmetrics | Performance | This will help us understand how visitors use our services. |
Data Transfers
Telenor Software Lab transfers data to third parties:
Telenor Group: As a service provider in the Telenor Group, we collaborate with other Telenor companies. These activities may require data transfer - e.g. to or from your mobile operator.
External vendors: We use external vendors to host services and to help improve and maintain our products. These vendors are data processors to TSL, which means they are legally and contractually obligated to follow our instructions, maintain the data securely, delete data upon request, and so forth.
If TSL decides to sell, buy, merge or otherwise re-organise its business, we will need to conduct any data transfers needed to complete such an operation.
Third-Country Data Transfers
There are specific setups, in which TSL transfers data to countries outside the European Economic Area (EEA)/European Union (EU). Such transfer occurs when a user’s country of residence is outside EU/EEA, the user is a subscriber to the local Telenor mobile services provider and TSL services are offered as a bundle with the subscription; or when we use processing capacities of a vendor based outside EU/EEA.
When required, TSL transfers personal data to the United States on the basis of the “Privacy Shield”. For all other data transfers to third-country, not pre-approved by the EU as having an adequate level of protection, TSL enters into standard data protection clauses adopted by the European Commission (“EU Model Clauses”).
Changes to the Privacy Notice
We may update this Privacy Notice from time to time, as our data processing may change and we would like to keep you informed. When appropriate, and in the event that we make substantial changes to our privacy notice, we will notify you that our privacy notice has been updated.