Privacy protection and security

The processing of personal data in Norway is primarily regulated by the Personal Data Act, but a range of other laws such as the Electronic Communications Act, the Marketing Control Act, and the Accounting Act also provide guidelines for how information that can be connected to a person should be processed.

Telenor is also subject to provisions that specifically limit how long we can retain certain types of information, and that require us to release information to organisations such as directory enquiry services and catalogue services unless you opt out of this. You can find out more information about privacy protection and related matters at the website of The Norwegian Data Protection Authority.

All products or subscriptions have a registered owner, a bill payer, and optionally one or more users. You may fulfil one or several of these roles for a Telenor product or subscription.

Personal data is used to manage your customer relationship, for billing, orders, order processing, and in all other contexts where Telenor must know who we are in contact with. Personal data is also essential in order to provide you with access to your services with us. We sometimes use personal data to, among other things, ensure that only you can read your email or listen to your voice messages as part of your mobile and voicemail services. The data is also our basis for providing you with relevant information about products and services so that you can choose the services that suit you best.

All telecommunications operators, including Telenor, are required to supply customers' names, dates of birth, addresses, and phone numbers to catalogue and directory enquiry services, unless they have opted out of such a disclosure. See the separate point about disclosure and opt outs.

The daily responsibility for processing personal data lies with the CEO of each company within Telenor. Telenor has appointed a Data Protection Ombudsman for its wholly-owned Norwegian subsidiaries. The role of the ombudsman is to ensure that Telenor adheres to the Personal Data Act and regulations, and they should be the resource for both the company and those registered in matters concerning privacy protection at Telenor.

When making calls, browsing the internet, or sending messages via the Telenor network in Norway, all domestic traffic normally remains within Norway.

Should our network within Norway not work, Telenor in Norway has passive reserve lines that run via Sweden. This means that they are not in daily use and are only used in exceptional cases for Norwegian traffic, i.e. in those cases where we have a break in lines of communication that may put national traffic in a crisis situation (includes all operators in our network).

When making calls, browsing the internet, or sending messages via the Telenor network from Norway to abroad, all traffic goes via the network to Sweden before being routed into the wider world to the call, message, or browsing destination address.

As is well know, and in accordance with Swedish law, the Swedish authorities may under certain conditions request access to specific traffic that is routed through Sweden. The same may apply to all other countries that the traffic is routed through, on the basis of legislation in each respective country.

In order to communicate with other computers on the Internet, your computer must have an IP address. This address is used as identification by your machine when it communicates with other machines online. By connecting to www.telenor.no, your IP address will be recorded. The IP address will be used to address the contents of the website to the correct recipient.

The connection between an IP address and you as a subscriber is deleted after 3 weeks. However, we have an overview of who has which IP address right now, together with information about when they were assigned this IP address. This means that we will retain an overview of which subscription had a given IP address at a given point in time until 3 weeks after the connection was closed. To get a new IP address or a new date for the allocation of an IP address it is generally necessary to restart the modem - it is therefore not sufficient to turn off and turn back on your PC/terminal.

When you visit Telenor's websites your IP address is recorded. Telenor does not connect this data directly to you, the user. The time you spend on our sites is logged, but you remain anonymous to us. We use this data to administer and maintain our websites. This makes it possible for us to constantly develop better and more user friendly offers. Some specific functions that we use in this area are:

• We see if you are visiting us from abroad and use this to provide you with relevant content in that situation, such as information about international rates on our site.

• We see what type of device/operating system/browser you are using in order to provide you with the correct information as quickly as possible, e.g. a link to download an iOS app rather than an Android app if you are using an iPhone to visit our websites.

• We see if you are using Telenor mobile broadband or cabled broadband in order to provide you with relevant content such as help for your mobile broadband on our websites rather than an offer for mobile broadband that you already have.

Our websites also used so-called cookies. These are small pieces of data stored on your computer or mobile phone by the browser that you use. A cookie belongs to a particular website, and cannot be read by other websites. What is stored in a cookie varies, but ordinarily is ID keys that make it possible to store user settings or to remember a user who has visited the website on a previous occasion.

A cookie is created by the website you visit. If content (e.g. an advertising banner) from one website is included on another website then cookies from this website will also be created. These cookies are referred to as third party cookies (because they belong to another website than the one you are visiting). Such cookies are generally used for the collection of statistics.

Our websites use cookies to identify user sessions so that, among other things, you avoid having to enter your username and password for each page view within Mine Sider or Min Bedrift.

If we conduct user surveys we also store cookies that tell us if you have declined to respond or have already responded so that you avoid being asked to participate every time you visit our websites.

We use cookies to keep forms (e.g. order forms) filled when you navigate backwards and forwards between the different stages of them.

In addition, we collect statistics about how our websites are used in order to improve the user experience, and in that regard cookies are used to observe how users navigate around a website. These cookies, and the data that is collected, are anonymised and cannot be used to identify you personally.

To opt out of the use of cookies you must change the security settings in your browser. You can find links to instructions on how to do this for the most common browsers below. Where there are no Norwegian guidelines available we have linked to the English version.

• Chrome

• Firefox

• Safari

• Safari på iPhone, iPad eller iPod

• Opera

• Internet Explorer

Telenor also users anonymised statistics to create a better user experience online. The tools we use to collect statistics are Adobe Analytics and CrazyEgg, and in some cases we also use Google Analytics. We manage these tools with the assistance of a Tag Management System: Tealium.

Telenor has commercial agreements with Adobe Analytics and CrazyEgg, which guarantee that users will remain anonymous and that no personally identifiable data will be transmitted or shared.

If you do not want Telenor to collect anonymous data from you then you may opt out of this at the following addresses:

• CrazyEgg

• Adobe Analytics

• Google Analytics

In addition, Telenor uses tools to manage advertisements and to track traffic from paid services. These are tools used by Telenor's media agency and the data collected from these is regulated by commercial agreements between the media agency's and provider of the tool. The following tools are used:

• Adform

• Mediamath

• Google Adwords Conversion Tracking

You may opt out from some of these tools here:

• Mediamath

• Google Adwords Conversion Tracking

• Adforms opt out

When you log in to our websites, for example using your phone number/username and password, you are no longer anonymous. We use the knowledge of who you are to provide you with information, offers, and self-service functionality related to your subscriptions and services.

When you are logged in using your phone number or username and password all data is encrypted using Secure Socket Layer (SSL). When the connection is encrypted, it should say "https://" at the start of the address bar in your browser. In the bottom right corner of the screen you should also see a symbol that confirms that the connection is encrypted. In Internet Explorer the symbol is a small padlock.

In order to protect your safety in the best way possible, you will be automatically logged out if you do not conduct any activity for a certain period of time. This reduces the risk that others may access your subscription if you leave your computer while you are logged in. If you are logged out in this way you may naturally log back in at any point.

Telenor is obliged to hand over data about you to directory enquiry services and catalogues. The data handed over is your phone number, name, date of birth, and address. You may opt out of one or more of these disclosures by contacting Customer Services. As a customer with an ongoing customer relationship with Telenor, you may also contact Customer Services to opt out of marketing communications from us if you do not wish to receive them. An "ongoing customer relationship" means that you have an agreement for the supply of services from us. Customers with secret numbers are automatically opted out from the disclosure of their data to directory enquiry services and catalogues.

Telenor provides a catalogue of email address for and featuring its own customers. You may opt out of inclusion in this catalogue under settings in your email account. Please contact the Brønnøysund Register Centre if you wish to opt out of marketing communications from companies that you are not in an ongoing customer relationship with.

Personal profiles are a compilation of data we have received from you, such as your name, address, other data provided by you, which services you use, and traffic information. We use such profiles to adapt our offers to individual customers and as basis upon which we develop new products.

To ensure that the processing of data by us is done in a secure manner, only specially approved persons at Telenor have access to the data you provide us with. The number of employees with such approval is limited. Access to the data is secured by access control mechanisms.