In SIA “Telia Latvija” (“Telia”) we recognize that privacy is important to our customers and cooperation partners and we are committed to respect and safeguard our customers’ and cooperation partners’ privacy. We have been trusted with your private information and we are responsible for living up to this trust placed in us every day.
We have developed this Privacy Notice to:
• Demonstrate Telia’s commitment and accountability to protect and respect your privacy,
• Explain how we, acting as personal data controller, collect, use and safeguard your personal data, and
• Help you to understand how your personal data is collected and used and what rights you have.
When processing your personal data, we comply with Latvian legislation, General Data Protection Regulation (the “GDPR”) and the mandatory regulations and instructions issued by the competent authorities.
This Privacy Notice (last updated October 07, 2021) applies when you use our products and services, when you cooperate with us, as well as visit our websites. This Privacy Notice does not apply to any other company’s website or services, even if accessed through Telia’s network or services.
Before we go into the detail we find it useful to define a few terms used in this Notice.
Anonymized data is information that no longer relates to you as an individual, because all identifying elements have been eliminated from a set of personal data.
Customer is anyone who subscribes, purchases or uses our Services. The customer with whom Telia has an agreement is responsible for making sure that all users (e.g. family members) under his/her subscription understand and agree to this Notice.
Cooperation partner is anyone with whom we have a cooperative relationship, for example, regarding the placement of telecommunication networks and infrastructure on real estate, the provision of various services to us, etc.
Personal data is any information that can be directly or indirectly related to you as an individual. The types of personal data that we process are described in more detail later in this Notice.
Services refer to all the products and services offered by Telia whether available online or offline.
Traffic data means any information used or processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing of communication services. When using communication services, data is created which may, for example, convey the subscriptions and terminal devices used by the communicating parties, the start and end times of communications, the duration and routing of communications, the data transfer protocol, the volume of transferred data, the location of a subscription or terminal device in the coverage area of a particular network or some other location, the format of the data transferred in the communications network, and other similar information processed in the communications network while transferring, distributing or providing messages. If traffic data is directly or indirectly identifiable to you as an individual, it is also classified as personal data.
Telia provides a broad spectrum of Services. The information we collect about you depends on the Services you use, subscribe or purchase and what details you provide to us when you purchase or register for Services we provide.
We collect personal data, which:
• You provide e.g. when you communicate or do business with us, for example, when you buy our Services or register to our Services, contact us requesting information.
• Generates when you use a Service, where permitted by applicable law, for example, when you use our network and other Services (e.g. when you make a phone-call, send an e-mail or visit our websites).
• We obtain from other sources like, other service providers or from publicly available registers e.g. Population Registration Centre, post office registers.
You are not required to provide any personal data to Telia, but if you decide not to do so, it is possible that we will not be able to provide our Services to you.
We collect personal data belonging to the following categories:
• Basic information, such as name and contact information;
• Demographic information, such as age, date of birth, personal identification number;
• Data related to the customer relationship, such as Service and order details, invoicing, credit and payment details, marketing permissions and prohibitions, customer contacts and related recordings, such as calls to our customer service;
• Data generated in connection with use of communications and other Services, e.g. traffic data related to calls and email messages; information on the parties to communications, time of the connection, data transfer protocol, location data, and terminal-related data;
• Other data on the service use, such as data collected by means of cookies and similar technologies in connection with Internet or mobile browsing;
• Data related to the identification and registration of a customer or user, such as the user IDs and passwords information required in the management of device certificates;
• Other data, which is collected based on your consent and defined in more detail when consent is asked from you;
Telia collects, processes and uses personal data, which is needed for operational purposes, efficient customer care and relevant commercial activities, including the processing of anonymized data.
We primarily process your personal data based on an agreement concluded with you or under legitimate interests in connection with utilization or provision of our Services. Further we may process your personal data based on other lawful criteria such as consent or when required by applicable law.
Telia processes your personal data for the purposes listed below:
Provision of Services: We process personal data in order to provide and deliver Services to you. For example, your data is processed related to the provision of the communications services e.g. to transmit a call or e-mail to the recipient. Moreover, the provision of Services requires that we process personal data for identifying customers or users, processing and delivering orders, invoicing for the Services, debt collection, customer service, and for fixing various faults and incidents or for processing complaints. We process personal data in customer communications, e.g. when sending notifications related to Services, and in order to contact customers in issues related to our Services. For this purpose, the data processing is based on Art. 6(1)(b) of the GDPR (processing is necessary for the fulfillment of agreement). If you represent legal person, your personal data processing (e.g., your basic information and data on your basis of representation) will be based on Art. 6(1)(f) of the GDPR (legitimate interest to ensure the fulfillment of the agreement and to ascertain that you have a right to represent Customer – legal person).
Receipt of Services: We process personal data of Cooperation Partners to enter cooperation relationships, receive services, etc. We may process the basic information of Cooperation Partners in order to conclude an agreement, verify the representation rights, communicate regarding the cooperation relationship. For this purpose, the data processing is based on Art. 6(1)(b) of the GDPR (processing is necessary for the fulfillment of agreement). If you represent legal person, your personal data processing (e.g., your basic information and data on your basis of representation) will be based on Art. 6(1)(f) of the GDPR (legitimate interest to ensure the fulfillment of the agreement and to ascertain that you have a right to represent the Cooperation Partner – legal person).
Development and analysis: We process personal data for Telia’s internal purposes of general development and managing our business and Services and the related processes. We process personal data also for better understanding your needs as a customer. We may process traffic data for the development of a communications service, such as for optimizing the operations of communications networks. We may compile statistics for developing Services or for other analysis needs. We may group our customers based on invoicing, data volumes and duration of the customer relationship or external classifications, e.g. draw up reports on how different user groups use communications services. For these purposes data processing is based on Art. 6(1)(f) of the GDPR (legitimate interests to further develop our Services based on their use by our Customers).
Sales and marketing: We process and utilize both anonymized data and personal data for marketing purposes and for forming target groups for marketing in accordance with applicable law. We may process personal data for personalizing and targeting Services for instance by giving recommendations and by showing targeted contents in our Services or customer channels. We may use personal data within the limits of the law for marketing, both our own and our cooperation partners’ products and services, for direct marketing and market research, and for customer satisfaction surveys, for example, by sending them to e-mail address indicated by you. For these purposes data processing is based on Art. 6(1)(f) of the GDPR (legitimate interest to inform our Customers about our news, new services) or based on Art. 6(1)(a) of the GDPR (if you have provided your consent to receive marketing materials).
Information security and misuse of services: We may process personal and traffic data in order to ensure the information security of all our Services and communications networks. We may also process personal data in order to detect or prevent various types of misuse of Services and fraud, e.g. in such instances where communications services subject to charge have been used for free and also when the customer uses softwares illegally in Telia cloud computing infrastructure. For these purposes data processing is based on Art. 6(1)(f) of the GDPR (legitimate interest to ensure the security of our Services).
Compliance with laws: We process personal data in order to meet our statutory obligations, e.g. in relation to accounting and to provide data to competent authorities when required by law, which, among others, may include the processing and transfer of such personal data as your basic information data, data related to the customer relationships, data generated in connection with the use of our Services and other data which in accordance with law must be processed and transferred. For these purposes data processing is based on Art. 6(1)(c) of the GDPR (processing is necessary to comply with legal obligations).
Other purpose(s) you have given your consent to: We may process your personal data to any other purpose you have given your consent to. You will have a right to revoke your consent at any time. For these purposes data processing is based on Art. 6(1)(a) of the GDPR (your consent). Please note that verbal consents may be recorded, prior which you will be informed. Recordings are made to protect our rights, to prove that consent has been acquired.
In all of the above cases, we process personal and traffic data only to the extent necessary for the purpose, always taking into account the protection of your privacy.
Your personal data will be used by Telia only in a manner consistent with the purpose for which we obtained it. We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose. We never process personal data in a manner that is inappropriate in view of the defined purpose.
Safeguarding your personal data is of the utmost importance to us.
Telia continuously works to protect our customers’ interests. Our security work embraces protection for personnel, information, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Special attention is given to information such as your personal data.
Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands.
Information security and ensuring appropriate protection of customer information is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to unauthorized parties.
We may share your information with:
Telia group companies within the limits of applicable law. Our subsidiaries may use your information for the purposes indicated in this document, including to market their products and services to you.
Subcontractors working for us and processing your data on behalf of Telia. These third parties may not use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we take appropriate care to ensure that also our subcontractors operate in accordance with this Notice. Companies that perform these services may be located outside Latvia or the European Union or the European Economic Area. If we transfer your personal data this way, we will take the appropriate steps in line with applicable laws to ensure that your right to privacy is continued to be protected.
Other telecommunications operators or service providers that provide or are engaged to perform services to you e.g. for billing or investigation of faults and errors.
Other parties with your consent that can be obtained e.g. in connection with a particular service.
We may also share your information:
In response to legal process or authority request in order to comply with applicable law or court order or in connection with judicial proceedings or other legal process. For example personal data may be disclosed for a copyrights’ owner or respective spokesman based on a court decision. We also disclose data to competent authorities (e.g. to the police or emergency services) when required by law and always in accordance with strict predefined processes.
As required or otherwise authorized by law, for example, providing itemized bills to subscribers.
In connection with business transfers such as part of any merger, acquisition, sale of Telia assets or transition of service to another company.
We may also process anonymized or aggregated data, which does not relate to you as an individual. Such data can be processed for other purposes and shared with other parties.
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by applicable law. Retention of anonymized data is not governed by such limitations or requirements.
We aim not to keep outdated or unnecessary information and to make sure that the personal data and other customer information are up-to-date and correct.
Data that is processed for the fulfilment of agreement is usually kept during the contractual relationship or for as long as is necessary for the provision of the service. Upon termination of the contractual relationship or termination of the Service, personal and traffic data will be retained for as long as necessary, such as for pending transactions, invoices, complaints or the warranty period. The data retention period is usually at least 3 years from the end of the year in which the customer relationship ended. Some types of data can also have a shorter retention period: for example, Internet usage logs (IP addresses) are stored for 18 months.
Data processed based on legitimate interests is processed for as long as there are grounds for its processing. If the customer has the right to object to the processing, the data is deleted once the customer’s request for the objection has been processed and approved. An example of this type of processing that has a legitimate interest is direct marketing to the customer after the end of the contractual relationship.
Data processed based on legal obligations is processed and stored for as long as required by law. Obligations regarding the retention of personal data are set out, for example, in the laws on accounting or money laundering (5-6 years), the Electronic Communications Law (6-18 months).
The retention period of data processed based on your consent is determined according to the purpose of the processing. If you have given your consent to the processing of traffic data for direct marketing purposes and then withdraw your consent, we will no longer process the traffic data for the purpose of direct marketing. However, we still have the right or obligation to process traffic data, for example under contractual or legal obligations. Electronic recordings of oral consent may be kept for as long as the consent is valid and for a specified time thereafter if there is appropriate purpose for retaining the data (for example, during the period in which potential claim may be brought to be able to prove that the consent has been acquired).
In situations provided by law you have the right to:
• check what information we have collected and retained about you, unless applicable laws otherwise stipulate.
• require that incorrect, unnecessary, defective or outdated personal data are corrected or removed.
• prohibit (opt-out) the use of your personal data for direct marketing or for market research and opinion polls.
• withdraw any consent given by you. If you decide to do so, it is possible that we will no longer be able to provide our Services to you;
• request rights to personal data portability;
• request restriction of personal data processing as well as object to the processing of personal data.
Please know that in order to fulfil your request we may have to process additional personal data and request your identification.
If you are concerned that Telia has not complied with this Privacy Notice or applicable privacy laws, you may make a complaint to Telia or you may decide to make a formal complaint with the a competent data protection authority (Latvian Data State Inspectorate (Datu valsts inspekcija)).
We may need to update this Notice as our operations and Services develop, and therefore we encourage you to check for the latest version of this Privacy Notice regularly on our website.
We encourage you to contact us using the contact information provided below for any questions about this Privacy Notice or processing of your personal data:
SIA “Telia Latvija”
Registration number: 40003057571
Address: Lielvardes street 8a, Riga, LV-1006
Customer care : +371 67082 222
Fax: +371 67550083