Privacy and data protection at ice
Last updated: 08.11.2021
Last updated: 08.11.2021
Personal data means any information or assessment that can be associated with you as an individual. This includes information that can be directly linked to you, such as your name or national identity number, but also information that indirectly identifies you, such as your purchasing history or browser history. You can find a more detailed definition of personal data on the Norwegian Data Protection Authority’s website.
The purpose of the Personal Data Act (which has implemented the General Data Protection Regulation; “GDPR”) is to protect individuals against infringement of their privacy and regulate companies’ processing of personal data. Other laws, such as the Digital Communications Act, the Marketing Control Act and the Bookkeeping Act also prescribe how personal data may be processed in specific circumstances. Ice processes its customers’ personal data in compliance with all applicable legislation.
How we collect personal data
What personal data is being processed
Purpose of processing personal data
Disclosure of personal data
Secure storage of personal data
How long we retain your personal data
Consent and opt-outs
Contact us about privacy questions
Lodging a complaint
ice Retail AS
Ice sells and provides different products and services. What information we collect about you depends on which services you purchase, subscribe to, or actually use, as well as what information you provide when entering into an agreement, or in other contexts.
We collect personal data that:
It is voluntary to provide personal data. However, lack of personal data may result in us not being able to provide you with the products and services that you want. We register information about the legal owner of the subscription. If someone other than the owner is to use the service, we register information about that person too. Therefore, much of the information below will not only apply to the legal owner, but also users, such as information about usage and contact with customer service. For corporate customers, multiple contact persons may be registered, as well as information related to users.
We normally process the following personal data:
Children’s personal data is processed with the consent of parents/guardians or when it is necessary and permitted under applicable legislation to provide products and services.
Ice processes personal data to provide the agreed products and services, for activities you have consented to, where it is necessary to fulfil legal requirements or where we have a legitimate interest, such as for certain types of marketing, customer surveys, analysis, and follow-up of fraud attempts.
The personal data we process will typically be necessary to process for the following purposes:
Personal data is only processed to the extent it is necessary and in accordance with the stated purposes.
Ice is responsible for the processing of your personal data and for ensuring that the personal data we process is not misused or fall into the wrong hands. We share your personal data with companies in Ice Group and with companies who are Data Controllers, such as:
Disclosure of personal data may also happen in the event of transfer of business, e.g. as part of a merger, purchase, sale of assets, transfer of services to another company or other reorganization of Ice Communication Norge AS.
We share personal data with our sub-processors who deliver and perform services on our behalf. In these cases, we enter into a data processor agreement where we, among other things, assure that personal data transferred and processed will not be used for any purpose other than to provide the service agreed with us. We also ensure that the data processor provides satisfactory mechanisms and methods for secure processing of personal data. We use sub-processors in connection with providing and developing products and services, delivery- operation and maintenance of the network, logistics (shipping of physical products), analysis and marketing, mailing, invoicing, sales, customer service, updating the address register, operation and maintenance of IT-systems and solutions, as well as self-service solutions and authentication-services.
Our sub-processors are located primarily within the EU/EEA. In certain special circumstances, personal data is processed in a third country. Before that happens, we will ensure that there are valid grounds for the data transfer. It may be that the country concerned is included in the EU’s list of countries with an adequate level of personal data protection or that the EU’s standard contractual clauses for data protection are applied. For more information, go to the Norwegian Data Protection Authority’s website: https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/overfore/.
In addition to the above, we only share your personal data with other parties if you have given your consent.
Protecting your personal data is important to us, and we do our utmost to ensure that it does not fall into the wrong hands. This is ensured by implementing the necessary physical, technical and administrative measures, such as safeguarding infrastructure, office buildings, base stations and by setting requirements for personnel. We perform regular risk assessments, review legal requirements, and assess new technology.
Sub-processors who process personal data on our behalf must also have necessary security measures in place.
We only process your personal data for as long as is necessary for the purposes for which the personal data are processed. The personal data is then anonymized or deleted, unless we are obligated by law to retain the data, or there are other valid grounds for further processing. Anonymization is equated with deletion.
To the greatest possible extent, we implement automatic procedures for anonymization and deletion, and we focus on this when purchasing and developing systems.
You will be anonymized in or deleted from our systems when you no longer have a customer relationship with us, with the exception of information where we have a legal obligation for retention, such as for accounting information in accordance with the Bookkeeping Act, which must be stored for five years after the last financial year. We also store name, contact information, date of birth, telephone number and product information for up to two years after the end of the customer relationship to facilitate any return. Some personal data will be stored for a period for documentation purposes. This applies, for example, to dialogue with the police and courts, which consents and opt-outs that was applicable, as well as inquiries about your rights and our response to those inquiries.
Credit information in connection with the purchase of products and services are deleted after 90 days.
Signaling data and traffickdata is anonymized within 30 days and 90 days, respectively.
Voice recordings that you have consented to in connection with customer service quality assurance will be deleted within 30 days.
We do not delete information in cases of outstanding debt.
Customers, and other data subjects, have legal rights in accordance with the Personal Data Act:
Having a customer relationship with us will involve processing of your personal data. You have the right to know which personal data we use and what we use it for.
On My page/Min side you will find much of the information we have registered about you.
We have a form you can use when you want information or access to the personal data we process about you.
Download form for right of access
We also process personal data about non-customers, for example in connection with a potential customer relationship or re-targeting if you have looked at our products and services online.
You have a right to rectification of your personal data if it is incorrect or inaccurate. It is important that we have the correct information about you, so that we for example don’t send invoices or other information to the wrong address.
You can update your information on My page/Min side, in the ice app or by contacting our customer service.
You have the right to erasure of your personal data when they are no longer necessary for the purposes they were processed for, or if you withdraw your consent for the processing. This applies unless there is another legal ground for the processing. You also have the right to erasure of personal data if the personal data have been unlawfully processed.
You do not have a right to erasure for personal data that is processed on the basis of a legal obligation. The same applies to personal data that is necessary to establish, exercise or defend a legal claim.
Control over one’s own personal data is an important principle. As a customer, you shall be able to transfer your personal data from one company to another. The right to data portability only applies to information you have given us yourself, and that is used for fulfilling an agreement, or information that is based on a consent.
You have the right to keep your phone number when transferring your subscription to another supplier.
In certain cases, you have the right to object to the processing of your personal data. This does not apply to processing that is related to providing the products and services in your contract with us, or for purposes that are necessary for managing your customer relationship with us.
Usually, when we talk about the right to object, we talk about the right to opt out, such as the right to opt out of receiving electronic marketing or opting out of disclosure of information to the public telephone directories.
You have the right to restriction of processing of your personal data. This entails that the personal data can’t be used for anything, it can only be stored.
You may, for example, ask that we do not delete information that you need to establish, exercise, or defend a legal claim.
You can find more information about your rights on the Norwegian Data Protection Authority’s website.
You can choose which information you wish to receive from us.
You can choose to consent to receiving news and offers about all of Ice Groups products and services, for example offers form the ice stores, and whether you wish to receive such marketing by e-mail or SMS.
You can also choose to consent to receiving offers and information about products and services that ice is marketing on behalf of partners.
You may withdraw your consents at any time. Withdrawal of consent will not affect the legality of our communications based on previous consent.
We will send you relevant offers and information about products and services which are similar to those you already have from us, unless you opt out of receiving such communications. This is in accordance with the Marketing Control Act given that you are our costumer and the communication received is about such “similar” products and services. You shall at any time be able to opt out.
Furthermore, we may send you relevant offers and information via social media and web pages, for example Facebook. To do this, we need to know who you are when you use the relevant social media platforms and websites. Therefore, we link contact information that you have provided to us, such as telephone number and e-mail, to information that you have provided to the external channel. You may opt out of this at any time.
We wish to understand our customer’s needs, so that we as a company can improve. We perform analysis on your and other customers data to be able to be more relevant to you. You may opt out of such use of your customer information.
You may also opt out of receiving customer surveys. These surveys are conducted to gain insight about how we are experienced by our customers, and how we may improve our products and services.
Regarding electronic communication, we process name, phone number and e-mail that we have received in connection with the creation of your customer relationship. For customer surveys we also process the answers you give in the survey.
You can manage your consents and opt-outs at any time via My Page/Min side, in the ice app, or by contacting our customer service.
You may also opt out of disclosure of your contact information to the public telephone directories. Customers with unlisted phone numbers (secret phone number) is automatically opted out of such disclosure.
Furthermore, consumers can opt out of telemarketing in The Brønnøysund Register Centre. Customers may also opt out directly at ice. Even if you have opted out in the The Brønnøysund Register Centre, it is permissible to direct marketing by telephone to existing customers as long as the marketing relates to the trader’s own products and services that correspond to those on which the customer relationship is based.
If you have any questions about how ice processes personal data, please contact our Customer Service. You are entitled to a reply without undue delay, and within 30 days at the latest, if the question concerns your privacy.
If assistance is needed, customer service can forward the inquiry to the Data Protection Officer.
The Data Protection Officer advice on privacy subjects and is a contact person and resource both for ice, customers, and other data subjects in privacy questions. The Data Protection Officer is reached via; email@example.com.
If your complaint concerning our processing of your personal data is denied, and you are of the opinion that we do not respect your rights in accordance with the Personal Data Act, you may lodge a complaint to the Norwegian Data Protection Authority.
In addition to the processing mentioned above, ice Retail processes the following personal data: