In SIA “Telia Latvija” (“Telia”) we recognize that privacy is important to our customers and we are committed to respect and safeguard our customers’ privacy. Our customers trust us with their private information and we are responsible for living up to this trust placed in us every day.
We have developed this Privacy Notice to:
When processing your personal data, we comply with Latvian legislation, General Data Protection Regulation (the “GDPR”) and the mandatory regulations and instructions issued by the competent authorities.
This Privacy Notice (last updated September 14, 2021) applies when you use our products and services, as well as visit our websites. This Privacy Notice does not apply to any other company’s website or services, even if accessed through Telia’s network or services.
Before we go into the detail we find it useful to define a few terms used in this Notice.
Anonymized data is information that no longer relates to you as an individual, because all identifying elements have been eliminated from a set of personal data.
Customer is anyone who subscribes, purchases or uses our Services. The customer with whom Telia has an agreement is responsible for making sure that all users (e.g. family members) under his/her subscription understand and agree to this Notice.
Personal data is any information that can be directly or indirectly related to you as an individual. The types of personal data that we process are described in more detail later in this Notice.
Services refer to all the products and services offered by Telia whether available online or offline.
Traffic data means any information used or processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing of communication services. When using communication services, data is created which may, for example, convey the subscriptions and terminal devices used by the communicating parties, the start and end times of communications, the duration and routing of communications, the data transfer protocol, the volume of transferred data, the location of a subscription or terminal device in the coverage area of a particular network or some other location, the format of the data transferred in the communications network, and other similar information processed in the communications network while transferring, distributing or providing messages. If traffic data is directly or indirectly identifiable to you as an individual, it is also classified as personal data.
Telia provides a broad spectrum of Services. The information we collect about you depends on the Services you use, subscribe or purchase and what details you provide to us when you purchase or register for Services we provide.
We collect personal data, which:
You are not required to provide any personal data to Telia, but if you decide not to do so, it is possible that we will not be able to provide our Services to you.
We collect personal data belonging to the following categories:
Telia collects, processes and uses personal data, which is needed for operational purposes, efficient customer care and relevant commercial activities, including the processing of anonymized data.
We primarily process your personal data based on an agreement concluded with you or under legitimate interests in connection with utilization or provision of our Services. Further we may process your personal data based on other lawful criteria such as consent or when required by applicable law.
Telia processes your personal data for the purposes listed below:
In all of the above cases, we process personal and traffic data only to the extent necessary for the purpose, always taking into account the protection of your privacy.
Your personal data will be used by Telia only in a manner consistent with the purpose for which we obtained it. We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose. We never process personal data in a manner that is inappropriate in view of the defined purpose.
Safeguarding your personal data is of the utmost importance to us.
Telia continuously works to protect our customers’ interests. Our security work embraces protection for personnel, information, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Special attention is given to information such as your personal data.
Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands.
Information security and ensuring appropriate protection of customer information is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to unauthorized parties.
We may share your information with:
Telia group companies within the limits of applicable law. Our subsidiaries may use your information for the purposes indicated in this document, including to market their products and services to you.
Subcontractors working for us and processing your data on behalf of Telia. These third parties may not use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we take appropriate care to ensure that also our subcontractors operate in accordance with this Notice. Companies that perform these services may be located outside Latvia or the European Union or the European Economic Area. If we transfer your personal data this way, we will take the appropriate steps in line with applicable laws to ensure that your right to privacy is continued to be protected.
Other telecommunications operators or service providers that provide or are engaged to perform services to you e.g. for billing or investigation of faults and errors.
Other parties with your consent that can be obtained e.g. in connection with a particular service.
We may also share your information:
In response to legal process or authority request in order to comply with applicable law or court order or in connection with judicial proceedings or other legal process. For example personal data may be disclosed for a copyrights’ owner or respective spokesman based on a court decision. We also disclose data to competent authorities (e.g. to the police or emergency services) when required by law and always in accordance with strict predefined processes.
As required or otherwise authorized by law, for example, providing itemized bills to subscribers.
In connection with business transfers such as part of any merger, acquisition, sale of Telia assets or transition of service to another company.
We may also process anonymized or aggregated data, which does not relate to you as an individual. Such data can be processed for other purposes and shared with other parties.
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by applicable law. Retention of anonymized data is not governed by such limitations or requirements.
We aim not to keep outdated or unnecessary information and to make sure that the personal data and other customer information are up-to-date and correct.
Data that is processed for the fulfilment of agreement is usually kept during the contractual relationship or for as long as is necessary for the provision of the service. Upon termination of the contractual relationship or termination of the Service, personal and traffic data will be retained for as long as necessary, such as for pending transactions, invoices, complaints or the warranty period. The data retention period is usually at least 3 years from the end of the year in which the customer relationship ended. Some types of data can also have a shorter retention period: for example, Internet usage logs (IP addresses) are stored for 18 months.
Data processed based on legitimate interests is processed for as long as there are grounds for its processing. If the customer has the right to object to the processing, the data is deleted once the customer’s request for the objection has been processed and approved. An example of this type of processing that has a legitimate interest is direct marketing to the customer after the end of the contractual relationship.
Data processed based on legal obligations is processed and stored for as long as required by law. Obligations regarding the retention of personal data are set out, for example, in the laws on accounting or money laundering (5-6 years), the Electronic Communications Law (6-18 months).
The retention period of data processed based on your consent is determined according to the purpose of the processing. If you have given your consent to the processing of traffic data for direct marketing purposes and then withdraw your consent, we will no longer process the traffic data for the purpose of direct marketing. However, we still have the right or obligation to process traffic data, for example under contractual or legal obligations.
In situations provided by law you have the right to:
Please know that in order to fulfil your request we may have to process additional personal data and request your identification.
If you are concerned that Telia has not complied with this Privacy Notice or applicable privacy laws, you may make a complaint to Telia or you may decide to make a formal complaint with the a competent data protection authority (Latvian Data State Inspectorate (Datu valsts inspekcija)).
We may need to update this Notice as our operations and Services develop, and therefore we encourage you to check for the latest version of this Privacy Notice regularly on our website.
We encourage you to contact us using the contact information provided below for any questions about this Privacy Notice or processing of your personal data:
SIA “Telia Latvija”
Registration number: 40003057571
Address: Lielvardes street 8a, Riga, LV-1006
Customer care : +371 67082 222
Fax: +371 67550083