Privacy and data protection at ice

Personal data means any information or assessment that can be associated with you as an individual. This includes information that can be directly linked to you, such as your name or national identity number, but also information that indirectly identifies you, such as your purchasing history or browser history. You can find a more detailed definition of personal data on the Norwegian Data Protection Authority’s website.

The purpose of the Personal Data Act (which has implemented the General Data Protection Regulation; “GDPR”) is to protect individuals against infringement of their privacy and regulate companies’ processing of personal data. Other laws, such as the Digital Communications Act, the Marketing Control Act and the Bookkeeping Act also prescribe how personal data may be processed in specific circumstances. Ice processes its customers’ personal data in compliance with all applicable legislation.

Data Controller
How we collect personal data
What personal data is being processed
Purpose of processing personal data
Disclosure of personal data
Secure storage of personal data
How long we retain your personal data
Your rights
Consent and opt-outs
Contact us about privacy questions
Lodging a complaint
Changes to the privacy policy
Use of cookies
ice Retail AS

Data Controller

This privacy policy applies to the processing of personal data done by ice Communication Norge As and ice Retail AS (collectively called ice).

How we collect personal data

Ice sells and provides different products and services. What information we collect about you depends on which services you purchase, subscribe to, or actually use, as well as what information you provide when entering into an agreement, or in other contexts.

We collect personal data that:

• You provide to us, for example when purchasing a subscription or when you contact our customer service.
• Is registered automatically, for example by using our services or visiting our webpages.
• Sometimes we use external sources of information. This is, for example, when we acquire credit information related to the purchasing process, identify you in our self-service solutions, update our address register or obtain demographic information for analytical and marketing purposes.

What personal data is being processed

It is voluntary to provide personal data. However, lack of personal data may result in us not being able to provide you with the products and services that you want. We register information about the legal owner of the subscription. If someone other than the owner is to use the service, we register information about that person too. Therefore, much of the information below will not only apply to the legal owner, but also users, such as information about usage and contact with customer service. For corporate customers, multiple contact persons may be registered, as well as information related to users.

We normally process the following personal data:

• Identification information; Name, national identity number.
• Contact information; Telephone number, address, and e-mail address(es).
• Financial information; service and order information, credit score, invoice and payment history, as well as relevant bank and account information, such as account number.
• Demographic information, such as gender, age, residence, housing type and holiday home.
• Contact with our customer service.
• Service history.
• Traffic data and other location data, such as data necessary to transmit a call or text message from you to the receiver, time and duration, and where you are located when using the services.
• Username and password that is necessary to gain access to the self-service solutions.
• Technical user information such as which phone or PC you have, model, settings, operating system, web browser, IP-address, screen size.
• Other personal data you have given consent for us to collect and process based on specific information about which personal data is used and for what purpose.
• Customer surveys and user panels.
• Cookies from visitors to our website and webshop.

Children’s personal data is processed with the consent of parents/guardians or when it is necessary and permitted under applicable legislation to provide products and services.

Purpose of processing personal data

Ice processes personal data to provide the agreed products and services, for activities you have consented to, where it is necessary to fulfil legal requirements or where we have a legitimate interest, such as for certain types of marketing, customer surveys, analysis, and follow-up of fraud attempts.

The personal data we process will typically be necessary to process for the following purposes:

• Creating the customer relationship, such as identifying you as a customer or user, verifying the purchase by voice recording (for telemarketing sales) and conducting a credit check.
• Provide agreed products and services, such as transmit a call, text message or e-mail to the receiver.
• Administration of the customer relationship, such as invoice and collecting outstanding debt.
• Provide customer service, such as follow-up of events and improve the service through voice recordings for quality assurance and internal training.
• Analyse the use of the network and services to understand customer needs and improve and further develop services by using statistical data based on consumption data, the duration of the customer relationship, or how residence, age or other characteristics affect the use of the services. We may also use personal data to adjust our webpages, optimize the network or for other analysis and profiling needs.
• Provide product recommendations based on your preferences and interests.
• Marketing of products and services via different channels through targeted offers or recommendations based on your given consent or the right to opt-out.
• Match contact information to the customer registers of Facebook, Instagram, Snapchat, Google and other digital actors to be able to communicate with you and other users through these channels.
• Conduct customer surveys to improve our customer communication and improve the quality of our products and services so that we can be as customer-friendly and as competitive as possible.
• Ensure that we have the correct contact address by checking against the address registered in the National Population Register.
• Handle customer complaints and improvement suggestions from customers.
• Follow up breach of contract and other breaches.
• Detect, avert, and stop misuse of services and networks, such as fraud.
• Operate the network.
• Ensure information security, such as improve, develop, and test the services.
• Error correction.
• Fulfill legal obligations, such as storage of accounting information in accordance with the Bookkeeping Act or disclosure of information to the police.
• Assisting in emergencies.
• Network planning by using location data.
• Anonymize personal data for analysis and testing.
• Make it easier to transfer your number when changing provider (number portability), by storing name, phone number and information about previous services and products for up to 2 years.
• Document information in order to establish, exercise or defend of legal claim.
• Specific purposes you have consented to.

Personal data is only processed to the extent it is necessary and in accordance with the stated purposes.

Disclosure of personal data

Ice is responsible for the processing of your personal data and for ensuring that the personal data we process is not misused or fall into the wrong hands. We share your personal data with companies in Ice Group and with companies who are Data Controllers, such as:

• Companies who conduct credit checks.
• Banks in connection with financing agreements related to “mobile swap”.
• Other telecom operators or service providers when you use their networks.
• Partners, if necessary to deliver a service.
• Public authorities who in certain cases may order the disclosure of personal data in accordance with the law, such as the courts and the police.
• Public authorities in emergencies where there is risk to human life or health, such as The Joint Rescue Coordination Centres.
• Public telephone directories which we are obliged to provide your name, phone number, and address unless you have opted out.

Disclosure of personal data may also happen in the event of transfer of business, e.g. as part of a merger, purchase, sale of assets, transfer of services to another company or other reorganization of Ice Communication Norge AS.

We share personal data with our sub-processors who deliver and perform services on our behalf. In these cases, we enter into a data processor agreement where we, among other things, assure that personal data transferred and processed will not be used for any purpose other than to provide the service agreed with us. We also ensure that the data processor provides satisfactory mechanisms and methods for secure processing of personal data. We use sub-processors in connection with providing and developing products and services, delivery- operation and maintenance of the network, logistics (shipping of physical products), analysis and marketing, mailing, invoicing, sales, customer service, updating the address register, operation and maintenance of IT-systems and solutions, as well as self-service solutions and authentication-services.

Our sub-processors are located primarily within the EU/EEA. In certain special circumstances, personal data is processed in a third country. Before that happens, we will ensure that there are valid grounds for the data transfer. It may be that the country concerned is included in the EU’s list of countries with an adequate level of personal data protection or that the EU’s standard contractual clauses for data protection are applied. For more information, go to the Norwegian Data Protection Authority’s website: https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/overfore/.

In addition to the above, we only share your personal data with other parties if you have given your consent.

Secure storage of personal data

Protecting your personal data is important to us, and we do our utmost to ensure that it does not fall into the wrong hands. This is ensured by implementing the necessary physical, technical and administrative measures, such as safeguarding infrastructure, office buildings, base stations and by setting requirements for personnel. We perform regular risk assessments, review legal requirements, and assess new technology.

Sub-processors who process personal data on our behalf must also have necessary security measures in place.

How long we retain your personal data

We only process your personal data for as long as is necessary for the purposes for which the personal data are processed. The personal data is then anonymized or deleted, unless we are obligated by law to retain the data, or there are other valid grounds for further processing. Anonymization is equated with deletion.

To the greatest possible extent, we implement automatic procedures for anonymization and deletion, and we focus on this when purchasing and developing systems.

You will be anonymized in or deleted from our systems when you no longer have a customer relationship with us, with the exception of information where we have a legal obligation for retention, such as for accounting information in accordance with the Bookkeeping Act, which must be stored for five years after the last financial year. We also store name, contact information, date of birth, telephone number and product information for up to two years after the end of the customer relationship to facilitate any return. Some personal data will be stored for a period for documentation purposes. This applies, for example, to dialogue with the police and courts, which consents and opt-outs that was applicable, as well as inquiries about your rights and our response to those inquiries.

Credit information in connection with the purchase of products and services are deleted after 90 days.

Signaling data and traffickdata is anonymized within 30 days and 90 days, respectively.

Voice recordings that you have consented to in connection with customer service quality assurance will be deleted within 30 days.

We do not delete information in cases of outstanding debt.

Your rights

Customers, and other data subjects, have legal rights in accordance with the Personal Data Act:

Right of access

Having a customer relationship with us will involve processing of your personal data. You have the right to know which personal data we use and what we use it for.

On My page/Min side you will find much of the information we have registered about you.

We have a form you can use when you want information or access to the personal data we process about you.

Download form for right of access

Send the form to our customer service

We also process personal data about non-customers, for example in connection with a potential customer relationship or re-targeting if you have looked at our products and services online.

Right to rectification

You have a right to rectification of your personal data if it is incorrect or inaccurate. It is important that we have the correct information about you, so that we for example don’t send invoices or other information to the wrong address.

You can update your information on My page/Min side, in the ice app or by contacting our customer service.

Right to erasure

You have the right to erasure of your personal data when they are no longer necessary for the purposes they were processed for, or if you withdraw your consent for the processing. This applies unless there is another legal ground for the processing. You also have the right to erasure of personal data if the personal data have been unlawfully processed.

You do not have a right to erasure for personal data that is processed on the basis of a legal obligation. The same applies to personal data that is necessary to establish, exercise or defend a legal claim.

Right to data portability

Control over one’s own personal data is an important principle. As a customer, you shall be able to transfer your personal data from one company to another. The right to data portability only applies to information you have given us yourself, and that is used for fulfilling an agreement, or information that is based on a consent.

You have the right to keep your phone number when transferring your subscription to another supplier.

Right to object

In certain cases, you have the right to object to the processing of your personal data. This does not apply to processing that is related to providing the products and services in your contract with us, or for purposes that are necessary for managing your customer relationship with us.

Usually, when we talk about the right to object, we talk about the right to opt out, such as the right to opt out of receiving electronic marketing or opting out of disclosure of information to the public telephone directories.

Right to restriction of processing

You have the right to restriction of processing of your personal data. This entails that the personal data can’t be used for anything, it can only be stored.

You may, for example, ask that we do not delete information that you need to establish, exercise, or defend a legal claim.

You can find more information about your rights on the Norwegian Data Protection Authority’s website.

Consent and opt outs

You can choose which information you wish to receive from us.

You can choose to consent to receiving news and offers about all of Ice Groups products and services, for example offers form the ice stores, and whether you wish to receive such marketing by e-mail or SMS.

You can also choose to consent to receiving offers and information about products and services that ice is marketing on behalf of partners.

You may withdraw your consents at any time. Withdrawal of consent will not affect the legality of our communications based on previous consent.

We will send you relevant offers and information about products and services which are similar to those you already have from us, unless you opt out of receiving such communications. This is in accordance with the Marketing Control Act given that you are our costumer and the communication received is about such “similar” products and services. You shall at any time be able to opt out.

Furthermore, we may send you relevant offers and information via social media and web pages, for example Facebook. To do this, we need to know who you are when you use the relevant social media platforms and websites. Therefore, we link contact information that you have provided to us, such as telephone number and e-mail, to information that you have provided to the external channel. You may opt out of this at any time.

We wish to understand our customer’s needs, so that we as a company can improve. We perform analysis on your and other customers data to be able to be more relevant to you. You may opt out of such use of your customer information.

You may also opt out of receiving customer surveys. These surveys are conducted to gain insight about how we are experienced by our customers, and how we may improve our products and services.

Regarding electronic communication, we process name, phone number and e-mail that we have received in connection with the creation of your customer relationship. For customer surveys we also process the answers you give in the survey.

You can manage your consents and opt-outs at any time via My Page/Min side, in the ice app, or by contacting our customer service.

You may also opt out of disclosure of your contact information to the public telephone directories. Customers with unlisted phone numbers (secret phone number) is automatically opted out of such disclosure.

Furthermore, consumers can opt out of telemarketing in The Brønnøysund Register Centre. Customers may also opt out directly at ice. Even if you have opted out in the The Brønnøysund Register Centre, it is permissible to direct marketing by telephone to existing customers as long as the marketing relates to the trader’s own products and services that correspond to those on which the customer relationship is based.

Contact us about privacy questions

If you have any questions about how ice processes personal data, please contact our Customer Service. You are entitled to a reply without undue delay, and within 30 days at the latest, if the question concerns your privacy.

If assistance is needed, customer service can forward the inquiry to the Data Protection Officer.

The Data Protection Officer advice on privacy subjects and is a contact person and resource both for ice, customers, and other data subjects in privacy questions. The Data Protection Officer is reached via; personvernombud@ice.no.

Lodging a complaint

If your complaint concerning our processing of your personal data is denied, and you are of the opinion that we do not respect your rights in accordance with the Personal Data Act, you may lodge a complaint to the Norwegian Data Protection Authority.

Changes to the privacy policy

Ice reviews the privacy policy annually to ensure that necessary changes are made, in line with operation and development of our products and services. If the changes are significant, we will notify you by e-mail, newsletter, and/or on our webpages/digital platforms.

Use of cookies

For information about the use of cookies read here.

ice Retail AS

In addition to the processing mentioned above, ice Retail processes the following personal data:

• Pictures, to sell personalized phone covers. Pictures are deleted as soon as the cover is printed.
• Username and password (for example Appel ID) to set up and improve mobile phones and other hardware on behalf of the customer so that its ready for use (for example transfer information from an old phone to a new iPhone). The personal data is deleted as soon as the set-up of the phone or other hardware is done.