Telenor Software Lab AS Privacy Notice
Last updated: 2021-09-03
Who we are
Telenor Software Lab AS ("Telenor Software Lab", "TSL", "we", "us", "our") is a Norwegian company within Telenor Group that develops, provides and maintains mobile apps and web applications. These are currently:
- Capture, a cloud storage and automated backup solution for your photos
- Mine Papirer, a cloud storage solution for your valuable digital assets
For the purposes of this Policy, the data controller is Telenor Software Lab AS (registered in Norway under organisation number NO 884 640 202) and whose registered office address is at Snarøyveien 30, 1331 Fornebu, Norway.
Our Privacy PromiseWe are committed to protecting your personal information, being transparent about the data we hold, and wherever possible giving you control over how we use it.
It’s important that you read this policy to understand the information we may hold about you, how we use it and how you can access or update your information, modify your preferences or request deletion of your personal data.
- What information we collect about you
- How we collect and uses information about you
- Whether we disclose your details to anyone else
- The choices available to you regarding the personal information you provide to us
- When and how your data may be shared with third parties
We keep our privacy notice under regular review to make sure it is up to date and accurate. Amendments and updates to this Policy may be made from time to time. Any revisions will be posted on this page so you will always be aware of the information we collect. Please review this page regularly so that you are aware of any changes.
We use your information in line with all applicable Norwegian and European laws and regulations concerning the protection of personal information from time to time in force, including Personopplysningsloven 2018, Ekomloven 2002, and the General Data Protection Regulations (GDPR), and including any amendments or updates to these and any equivalent or successor applicable laws and regulations.
The Privacy Pages section of the Website allows you to control and customise your privacy settings. Additionally, here you can find assistance with exercising your rights under GDPR:
Right to withdraw consent:
Where you have previously given consent for us to process your personal data, you can withdraw that consent any time. Use the "Consents" section of our your Privacy Pages to adjust your privacy settings.
Right to access your information:
You can ask for more detail regarding the personal data we collect about you and how we process it. Simply click the "Request Export" button under the "Access your data" section of your Privacy Pages to request a report that reflects what personal information we hold about you. Please note, this won't include any of your photos or videos, but you can always access them at https://web.min-sky.no.
Right to rectification:
You can request that we correct any incorrect personal data which we are processing. For most of our services, the simplest way of achieving this is through updating your user profile yourself. You may also get in touch with our Customer Support team.
Right to object:
You have the right to object to certain types of processing such as direct marketing, automated processing, or profiling. Use the "Consents" section of our your Privacy Pages to adjust your privacy settings, and the "Stay up to date" section to control how we contact you.
Right to erasure:
You can request that we erase the personal data we hold about you and delete your account. To do this, click the "Request Deletion" button under the "Delete your account" section of your Privacy Pages. This will include the irreversible deletion of all photo and video content in your Capture account, so make sure you take a backup before making this request. It may take up to 30 days for us to complete this request.
Right to restrict processing:
Depending on the processing activity, you can request that we stop or limit processing of your personal data. Use the "Consents" section of our your Privacy Pages to adjust your privacy settings.
Right to portability:
You can request the personal data concerning you, which you have provided us with and that we are processing based on your consent or in order to perform a contract with you, in a structured commonly used and machine-readable format, provided that the data is processed using automated means. Simply click the "Request Export" button under the "Access your data" section of your Privacy Pages to request a report that reflects what personal information we hold about you. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. We also will not be able to extend this right in a way that would adversely affect the rights and freedoms of others. Please note, this export will not include any media (i.e. photographs or videos) uploaded to TSL services. You are able to export your media easily using the relevant app or website.
You also have the right to lodge a complaint with a supervisory authority.
Data Categories, Data Sources and Retention Policies
We obtain personal information as follows:
Direct: Information users provide us with upon our request when subscribing to or otherwise using our services, or when getting in touch with us.
Automatic: Data generated automatically by the use of our services.
Indirect: Information that we may receive from third parties.
Our data retention policies vary based on the purpose of processing. As a general rule, personal data will be kept only as long as is necessary for the purposes outlined in this privacy notice.
Account-related data is kept for the period in which the account is active. Subsequently, personal data is deleted after 30 days, except in cases where there are legal reasons to retain it.
Personal Data Categories for Our Services
|Personal Data Type||Retention Period||Details|
|Customer Service & Customer Communication||Standardised end-user Push Notification||Indefinite||Deleted if the user chooses to delete the account, or the user opts out of us sending data to 3rd parties.|
|Data Subject Identifier||Full Name||Indefinite||Deleted only if user chooses to delete the account.|
|Device And Object Identifier||Other Device Identifier||Indefinite||Deleted only if user chooses to delete the account.|
|General User Data||Link To User Generated Content||Indefinite||Will be useless when sharing is disabled or content is deleted.|
|User Generated Content||Indefinite||Deleted when the user chooses to delete the content they have created.|
|User Generated Content Metadata||Indefinite||This is data automatically attached to an image by the device capturing it. It can include technical data, such as aperture and exposure time, generic information such as the timestamp, or the GPS location if the camera supports it and the user makes use of that function. We store such EXIF metadata exactly as the user uploads it, neither adding nor removing any of it.|
|User Rights||30 days||Deleted when the user right expires + 30 days.|
|Account Identifier||Email Address||Indefinite||Deleted only if user chooses to delete the account.|
|(End-)User Account ID||Indefinite||Deleted only if user chooses to delete the account.|
|IP-Address — End-User||30 days||IPs are only logged for 30 days, then deleted automatically.|
|MSISDN (Telephone Number)||Indefinite||Deleted only if user chooses to delete the account.|
|Technical Data — User||Hardware Environment||Indefinite||Deleted only if user chooses to delete the account.|
|Software Environment — Other||Indefinite||Deleted only if user chooses to delete the account.|
|Software Environment — User Agent||Indefinite||Deleted only if user chooses to delete the account.|
|Time And Location||Timestamp||Indefinite||Deleted only if user chooses to delete the account.|
|User Behaviour||Service usage metadata||Indefinite||Deleted only if user chooses to delete the account.|
|User Behaviour — History||Indefinite||Deleted only if user chooses to delete the account.|
|User Behaviour — Other||Indefinite||Deleted only if user chooses to delete the account.|
The Legal Basis for processing your information
Under data protection laws, we are required to have a legal basis to process your personal information. We have set out below the legal bases we rely on:
- Contract: To perform a contract entered into with you and fulfil our contractual obligations to you or to take steps at your request prior to entering into a contract. This processing is necessary for us to provide the Service.
- Consent: To provide information and take actions in relation to services which you have opted-in to receive. This includes where you specifically request for your details to be passed onto a third party or where you opt-in to receive relevant marketing communications from us.
- Legal Obligation: Where processing is necessary to comply with our legal or statutory obligations. This may include cooperating with police in relation to their investigations.
- Legitimate interest: Where necessary for our legitimate interests or those of a third party. We rely on this basis in order to monitor and improve our Services, understand how visitors and customers use our Services, to personalise content provided to you, to deal with enquiries and complaints, undertake market research and inform our general marketing, to run our business and maintain the security or our Service for you, us and other Service users and customers.
The majority of our data processing is an integral part of our applications and essential to provide the functionality that users request. Such data processing therefore is necessary to deliver the services that we have committed to in the user agreement.
Some supporting data processing is beneficial to the provision of our services, while not an integral part of it, such as developing new features or measuring the performance of existing features to further improve our products. In that case, that data processing serves the legitimate interests - as listed below - of us or other members of Telenor Group.
For some specific data processing we will ask your prior explicit consent.
Processing Purposes in Detail:
|Customer Support||Assisting customers with demands and requests that they may have, and helping them to solve potential issues.|
|Developing New Features||Developing new features and capabilities.|
|Establish User Account||Gathering the basic user data to allow a new user to start using the service.|
|Maintain Confidentiality and Security of User Data||Taking measures to protect user data against data loss, unauthorised access/alteration, etc.|
|Maintain Confidentiality and Security of Non-User Data, Systems and Services||Taking measures to protect data other than user data, as well as infrastructure, against data loss, unauthorised access/alteration, etc.|
|Maintain Integrity of User Data||Taking measures to protect user data against inaccuracy.|
|Marketing of Telenor products & services||Providing the user with updates and other relevant information on Telenor products and services.|
|Service Provision||Providing the service requested by the user to the user.|
|Product Performance Improvement||Improving the performance of the product, such as caching data.|
|Transferring Data within Telenor Group for Administrative Purposes||Intra-Group data exchange Telenor, i.e. for the purpose of reconciliation of different databases or service bundling.|
|Automated Content Processing||To provide features for search and image classification.|
|Illegal Content Detection||To aid in the prevention and detection of crime.|
|To improve our customer service||We are committed to providing customers with quick, effective and convenient assistance should they encounter an issue. Quality assurance of customer service is essential to improving processes and providing the help that is needed.|
|To improve customer experience||To ensure an effective presentation of websites and apps, and to facilitate troubleshooting and easy accessibility, we needed to understand by which means services are accessed (such as device types, operating systems, browser type), and where potential issues with the user interface occur.|
|To integrate and interlink our services within the Telenor Group||We provides centralised services to other members of Telenor Group. Your data may be shared to help with the integration of these services, for example, your mobile operator will exchange information with us so we can assign you extra storage. This also includes information on the performance of our services to improve integration or supporting internal reporting.|
|To improve our performance||We wish to understand how our products are used across different markets and over time in order to optimise them accordingly. In many - but not all -cases, this data will be aggregated. Such aggregated statistics do not include information that can personally identify a user. In other cases, numeric indexes are used to distinguish between different users without concretely identifying them.|
|To detect and prevent abuse of our products||We will process data to ensure that our products are free from abuse. This includes (but is not limited to) processing for the purposes of fraud and cybercrime prevention, ensuring the security and integrity of our networks and data, and the detection and reporting of possible criminal acts or threats to public security.|
Cookies and tracking technology
We use HTTP cookies (also known as internet cookies) to enhance performance and to provide certain features to the Service. You can learn more about how computer cookies work by visiting www.whatarecookies.com.
Can I opt out of cookies used for product improvement?
If you do not want cookies to process your visit to our website, you can turn off the cookies in your browser on the device that you use to visit our website (typically on your mobile phone, your PC, your laptop or tablet – see “Settings” in the browser software on the device you use when visiting our website).
You can also further customise your permissions in your Privacy Pages. To opt out of product improvement cookies, toggle the "Help us improve" options to off.
Overview of Cookies used by TSLFollowing is a list of the cookies we use, and a brief explanation as to why we use these cookies.
|Identifier||Origin||Type||Reason for use|
|__utma||Performance||This helps us understand how often users visit our site. All information is anonymised.|
|_ga||Performance||This will help us distinguish unique visitors. All information is anonymised.|
|__zlcmid||Zendesk||Functionality||This will allow us to provide chat support across our services.|
|_zendesk_session||Zendesk||Functionality||This will allow us to provide customer support for our services.|
|_zendesk_shared_session||Zendesk||Functionality||This will allow us to provide customer support for our services.|
|_help_center_session||Zendesk||Functionality||This will allow us to provide customer support for our services.|
|CraftSessionId||Craft CMS||Strictly Necessary||This will allow us to provide visitors with an anonymised session identifier.|
|__cfduid||CloudFlare||Strictly Necessary||This cookie allows us to speed up load times for the service.|
|__cfruid||CloudFlare||Strictly Necessary||This will allow us to identify trusted web traffic.|
|JSESSIONID||JSP||Strictly Necessary||This will allow us to provide visitors with an anonymised session identifier.|
|lang||capture-app.com||Strictly Necessary||This allows us to store preferred language.|
|km_ai||Kissmetrics||Performance||This will help us understand how visitors use our services.|
|km_lv||Kissmetrics||Performance||This will help us understand how visitors use our services.|
We transfer some data to third parties:
Telenor Group: As a service provider in the Telenor Group, we collaborate with other Telenor companies. These activities may require data transfer, for example, to or from your mobile operator.
External vendors: We use external vendors to host services and to help improve and maintain our products. These vendors are data processors for us, which means they are legally and contractually obligated to follow our instructions, maintain the data securely, delete data upon request, and so forth.
If we decide to sell, buy, merge or otherwise re-organise its business, we will need to conduct any data transfers needed to complete such an operation.
Third-Country Data Transfers
There are specific setups, in which TSL transfers data to countries outside the European Economic Area (EEA)/European Union (EU). Such transfer occurs when a user’s country of residence is outside EU/EEA, the user is a subscriber to the local Telenor mobile services provider and TSL services are offered as a bundle with the subscription; or when we use processing capacities of a vendor based outside EU/EEA.
For all data transfers to third-country not pre-approved by the EU as having an adequate level of protection, we enter into standard data protection clauses adopted by the European Commission (“EU Model Clauses”).
Complaints and Contact
If you wish to make a complaint about how your personal data is being processed by us (or third parties as described above), or how your complaint has been handled, in the first instance please email your concerns to our Customer Support team. You can contact our Data Protection Officer online via firstname.lastname@example.org.
You also have the right to lodge a complaint directly with the Norwegian supervisory authority Datatilsynet.
If you have any questions regarding the use of your personal data please contact our Customer Support team.