How we process users’ personal data

You are here

Как събираме лични данни

In order to conclude a contract with Telenor, respectively to register a prepaid card, it is necessary for the user to provide his/her personal data. Providing this data allows us to identify the respective user (including to prevent attempts of abuse, identity theft, etc.) as a party to the contract and as a holder of the rights/obligations under it.

The full name, the personal identification number and the user's address are part of the minimum content of each contract for mobile or fixed services (respectively application for registration of a prepaid card), in accordance with the requirements of the Electronic Communications Act. For transactions in the e-shop, for the purposes of concluding a contract, we should be provided with an e-mail address so that we can send a confirmation on a durable medium, and when ordering goods we must also receive a delivery address to which to send the ordered goods.

In case a user refuses to provide them, Telenor will not be able to conclude a contract or register a prepaid card. In the process of concluding contracts, data about the user's identity document are also processed in order to check its validity, which aims to prevent possible attempts at fraud and/or misuse of personal data.

In order to be able to fulfill the contracts concluded with users, it is necessary to process their personal data. Otherwise, it will be impossible to meet our contractual commitments to the users.

We process users' data to ensure that the goods and/or services provided comply with their contracts.

In order to be able to fulfill our obligations under a contract with a user, it is necessary to process his/her personal data. Thanks to them, Telenor identifies the user as the holder of the contract, delivers the ordered goods and services, observes the parameters of the agreed service, the conditions of the respective subscription plan, etc.

If we do not know the address of a user, we will not be able to send him/her goods ordered through our online store;
If we do not know the email address of a user, we will not be able to send a confirmation on a durable medium for an order made through our online store;
If we do not know that a user has the right to use services over a 4G network in accordance with the contract, the user will be deprived of the opportunity to use them through this technology;
If we do not know that a user has the right to use unlimited minutes to all national mobile and fixed networks in Bulgaria, it is possible that he/she will be charged consumption according to the standard price conditions of Telenor;
If we do not know that a user wishes to receive paper invoices, they may not be sent to him/her;
In order to send an issued invoice to the respective user, it is necessary to process data for his/her address.

We process users' data so that we can provide them with the contracted services.

In order to be able to provide services to users, as well as to charge them correctly (including to prove the authenticity of the prepared invoices), we process their basic data, contract data, as well as traffic data. In order to provide you with the services, your terminal device connects to the network. For mobile services, as well as for fixed services provided through our mobile network, the terminal device connects to a specific base station that serves the respective location. Therefore, in such services we also process data about the approximate location of users, which are part of the traffic data.

Without processing data for a mobile number dialed by a user, it is impossible to direct the call to the correct recipient;
Without processing data on the type and duration of a call, it is impossible to charge the same in accordance with the contract with the user;
Without processing the traffic data of a user, it is impossible to provide an itemized bill (also called detailed usage summary), in case such is requested by him/her.

We process personal data because according to the applicable legislation we are obliged to ensure the security of our network and information systems (including our users’ personal data)

In order that we can prevent, establish, investigate and/or tackle: (а) security vulnerabilities and/or breaches; or (b) personal data security breaches in certain cases we have to process users’ personal data.

We process users' data for the purpose of interconnection payments

In order for users of different operators and networks to be able to communicate with each other, operators and networks must be interconnected. For this purpose, the two operators conclude a contract under which their networks are connected. Under this contract, operators owe each other payments for calls made by their subscribers.
For example, if a Telenor user calls a subscriber of another mobile operator in Bulgaria, Telenor will owe a certain amount to the respective mobile operator, the amount of which is determined based on the duration of the telephone call.

We process users' data for payment purposes in connection with roaming services provided.

In order for Telenor users to be able to use roaming services (i.e. outside the territory of the Republic of Bulgaria), Telenor must settle its relations with the operators whose mobile networks serve them. To this end, Telenor enters into agreements with the relevant mobile operators. Under these agreements, Telenor owes payment when its user uses services provided through the network of another mobile operator.
For example, if a user located in the territory of the Hellenic Republic makes a telephone call, Telenor will owe payment to the relevant Greek mobile operator, the amount of which is determined on the basis of the type and duration of the telephone call.

We process users' data for charging and billing purposes

We process basic data, contract data, as well as traffic data (when electronic communication services are provided) in order to be able to prepare subscriber accounts, to exercise internal control over their accuracy and reliability, as well as to issue invoices for the services provided.

We process users' data to administer the process of servicing their payments

When a user makes a payment under a contract with Telenor, as well as when a customer wishes to defer or reschedule their obligation to Telenor, we process his/her basic data, contract data, obligation data and payment data.

We process users' data for the purpose of payments with our partners

In order for Telenor users to enter into contracts, register prepaid cards, pay bills (including recharge prepaid cards), submit orders and/or be serviced at business premises of our partners' trade network (e.g. sales representatives, franchisees, distributors, payment service providers, etc.), Telenor enters into agreements with them. Such are also the cases in which the users use digital or other services provided by Telenor's partners, as well as in case of insurances concluded through Telenor's mediation. Under these agreements, Telenor owes amounts for the determination of which it is necessary to process users' data.
Examples:
•Without processing the information that a user has entered into a contract for mobile services in business premises of our franchisee, it will be impossible to determine and pay the due remuneration to the latter;
•Without processing information that a user has paid his/her bill at the premises of our sales representative, it will be impossible to determine and pay the due remuneration to the latter.

We process users' data to notify them of certain circumstances in connection with their contracts.

In order to fulfill our obligation to inform users about the occurrence or impending occurrence of certain facts or circumstances that affect the provision of our products and/or services, we process the following personal data: basic data; contract data; data on obligations; payment data; traffic data; data for communication with users and others.

Notification for exhaustion of the applicable credit limit or for reaching a certain amount of it, in compliance with the provisions of the General Terms and Conditions of Telenor;
Notification of issued invoice, including its value and maturity;
Notification in case of temporary suspension of access to the services, in compliance with the provisions of the General Terms and Conditions of Telenor;
Prior notification in case of planned preventive inspections, repairs and/or changes in the network, in compliance with the provisions of the General Terms and Conditions of Telenor;
Notification when Telenor establishes a predominant presence and consumption of the user in the EU/EEA, which may lead to the application of a mark-up in accordance with Regulation 531/2012, in compliance with the General Terms and Conditions of Telenor;
Notification that a number dialed by the user that has been excluded or out of range can be searched;
Notification of the applicable prices and conditions when the user is in roaming;
Notification for successful recharging of a prepaid card;
Notification of the forthcoming expiration of the validity of the prepaid card credit;
Notification of payment made with the "Pay with Telenor" service;
Notification of forthcoming actions for out-of-court collection of unpaid financial obligations, including the use of services of third parties (credit bureaus, debt collection agencies, etc.), in accordance with the General Terms and Conditions of Telenor and others.

We process users' data to fulfill their requests.

In order to be able to fulfill a user's requests in connection with a concluded contract(s), it is necessary to process his/her basic data, the data for the respective contract(s), as well as data on obligations and/or payments (if applicable).

In order to perform an operation for recharging a prepaid card, it is necessary to process the basic data of the respective user, data about the contract, as well as data about the payment made, on the basis of which recharging is performed;
In order to implement a request from a user for replacement of a SIM card (for example in case of damage or loss), it is necessary to process his/her basic data, as well as contract data;
In order to fulfill users' requests (e.g. for activating or deactivating roaming services or the mobile internet service, for issuing a duplicate of a contract, invoice, etc.), it is necessary to process their basic data, data about their contracts and other relevant data to the request.

We process users' data for customer service purposes.

We process personal data of our users in order to be able to provide them with quality and timely customer service, including, but not limited to, the processing of user suggestions, applications, requests, inquiries and/or complaints. The type and volume of personal data that we process in such cases depend on the nature and content of the relevant proposal, application, request, inquiry and/or complaint.
Example:
In order to check the received inquiry or complaint of a user, as well as to prepare a response to it, respectively to send the response to the user, it is necessary to process his/her basic data, data about his/her contract, other data in connection with the inquiry or complaint (e.g. traffic data, data on liabilities, data on payments, etc.), as well as data on communication.

We process users' data when performing number portability from/in the Telenor network

In order to be able to provide the number portability service from/to the Telenor Network, it is necessary to process the personal data of the respective users.

We process consumer data when performing the out-of-warranty support of goods requested by them

In order to be able to fulfill users' requests for out-of-warranty repairs of goods, it is necessary to process their personal data.

We process users' data to prevent, detect, investigate and stop abuse

In order to prevent, detect, investigate and deter illegal actions that contradict the terms of use of our products and/or services or violate applicable law, we process personal and traffic data of users. In such cases, the processing of data, although not a specific obligation under a contract with a user, is compatible with this, as has a direct connection with the counter-obligations of the users to Telenor, arising from the concluded contract.
Example:
In case of "atypical behavior" of our users, it is necessary to process their data to determine whether there is abuse, violation of the General Terms and Conditions or applicable law. In case of established behavior that threatens or interferes with the normal use of the services, Telenor may restrict the access to services of the users in question.

We process personal data of users when necessary in order to exercise our rights under contracts concluded with them

The contracts that Telenor conclude with its users create rights for both parties. Both Telenor and the users use these rights to satisfy their interests. The terms and conditions for their exercise are regulated in the contracts themselves, and sometimes derive directly from the applicable legislation. In order to exercise its rights towards users, Telenor needs to process certain personal data about them. In such cases, the processing of data, although not a specific obligation of Telenor under a contract with a user, is compatible with this, as has a direct connection with the counter-obligations of the users to Telenor, arising from the concluded contract.
Examples of hypotheses in which Telenor processes personal data in order to exercise rights under concluded contracts with users:
• In the event that a user voluntarily terminates a contract ahead of time, Telenor may process his/her personal data in order to charge penalties in accordance with the contract;
• In order to perform a current credit assessment of the user according to the General Terms and Conditions of Telenor, it is necessary for Telenor to process his/her personal data in order to analyze whether the consumer meets the requirements of the current trade policy;
• In order to exercise its right to limit and stop the use of the services by a user in excess of the applicable credit limit, according to the General Terms and Conditions of Telenor, it is necessary for Telenor to process his/her personal and traffic data.

We process personal data of users when it is necessary to collect unpaid amounts under concluded contracts

When a user does not pay the amounts due to Telenor as agreed in the contract, Telenor has the right to seek payment out of court or in court. For this purpose, the following users' data need to be processed: basic data, contract data, liability data and payment data. If the user disputes the charged consumption in order to prove the authenticity of the account, Telenor may also process the relevant traffic data. In such cases, the processing of data, although not a fulfillment of a specific obligation of Telenor under a contract with a user, is compatible with this, as the obligation to pay is the main obligation of the user under the contract.
When conducting the out-of-court debt collection process, Telenor may use the services of third parties (debt collection companies), to whom the above-described data may be disclosed. PIN data are disclosed to such companies only after obtaining the consent of the user.
When conducting a court debt collection, Telenor may use the services of lawyers and/or law firms, to which the above-described data, including PIN data, may be disclosed.

In certain cases, the applicable national and European legislation requires Telenor to process personal data about its users for certain purposes, in a certain way and/or for a certain period of time. The following are the main cases in which Telenor processes personal data in order to fulfill its regulatory obligations.

We process personal data when, under applicable law, we are required to provide information to competent authorities

The legislation of the Republic of Bulgaria requires Telenor to store certain personal data about users for a certain period. In the presence of prerequisites established by law, these personal data processed by Telenor should be provided to the competent authorities.

According to the Criminal Procedure Code (CPC), at the request of a court, prosecutor or investigative body, Telenor is obliged to provide papers or data that are relevant to the case. The required papers or data may contain personal data about the users;
- According to the Criminal Procedure Code, in the investigation of serious crimes at the request of the court or on the basis of an order of a judge at the request of a supervising prosecutor, Telenor is obliged to provide traffic data for a period not exceeding 6 months;
According to the Disaster Protection Act, in case of a signal for a natural person who has fallen or may fall into a situation that endangers his/her life or health, Telenor is obliged to provide location data at the request of the relevant authorities, insofar as permission has been obtained from the court.

We process personal data of users when, according to the applicable legislation, we are obliged to provide assistance to competent state and/or municipal authorities in carrying out inspections by them.

In the provision of public electronic communication services Telenor is subject to control by various state and municipal authorities - e.g. Communications Regulation Commission (CRC), Consumer Protection Commission (CPC), Personal Data Protection Commission, National Revenue Agency (NRA) and others. In the course of carrying out this control, these authorities have the power to carry out inspections, as well as to require Telenor to provide documents and information in its possession. The required documents and information may contain personal data of users.
Refer to example:
In case of a received signal or complaint from a user, CRC, CPC and PDPC have the power to request from Telenor to provide relevant documents and information, which may contain the following data: basic data, data on contracts, data on obligations, data on payments, as well as data for communication with the respective users;
•When performing a tax audit, the bodies of the National Revenue Agency have the power to require Telenor to provide accounting documents, which may also contain personal data for certain users.

We process personal data because according to the applicable legislation we are obliged to ensure the security of our network and information systems (including the personal data of our users)

In order to prevent, identify, investigate and/or resolve: (a) security vulnerabilities and/or breaches; or (b) breaches of personal data security, we may in certain cases process users' personal data.

We process personal data to provide warranty support for goods, in accordance with consumer protection legislation

When a user buys a product from Telenor, according to consumer protection legislation, Telenor is obliged to provide free repair or replacement of the product if at the time of its provision it has a defect that occurs within two years after its provision to the user. In order to be able to fulfill this obligation, Telenor should process the basic data of the user (through which the right to file a complaint is established), as well as the data for the respective contract (through which it is established whether the respective product is under warranty). Refer also to data disclosure to external service centers.

We process personal data in order to fulfill obligations arising from accounting and tax legislation

The tax and accounting legislation in the Republic of Bulgaria requires Telenor to compile certain accounting and trade information, including to store for a certain period of time this information, as well as any other information and documents relevant to taxation.
Upon fulfillment of this obligation, the relevant information and documents, which also contain personal data of the users, are stored by Telenor for terms, provided in the respective laws. These terms are long (for example, invoices, which are documents for tax and social security control, should be kept for eleven years).

We process personal data in order to fulfill our obligations to provide electronic communications in case of disasters, when declaring a state of war or a state of emergency, in accordance with the Electronic Communications Act


We process personal data in order to fulfill obligations arising from the legislation in the field of electronic communications

Sectoral laws in the field of electronic communications provide for a number of obligations to companies providing public electronic communication services, such as Telenor. During and on the occasion of their implementation, Telenor may process personal or traffic data of users, including by providing them to third parties.
Refer to example:
• According to the Electronic Communications Act, Telenor must provide information on the existence of unpaid debts to a user when it receives a request for this from another company providing public electronic communication services, insofar as there are prerequisites for this;
• According to the Electronic Communications Act, before converting fixed-term contracts into open-ended ones and at least once a year, Telenor must inform its users about the best tariffs for the services they use. In fulfilling this obligation, based on the processing of their personal data, Telenor assesses which tariffs (according to Telenor) are best for them and informs them about it.

We process personal data when performing internal analyzes in order to improve Telenor's products and services, to develop new ones, as well as to develop and improve customer service.

In order to understand the needs of our users, to improve and further develop our products and services, and to improve the quality of customer service, we process personal data.
We process personal data in summary form also in order to establish the results of campaigns, which allows us to assess their effectiveness, the company's performance, including business goals, as well as to properly plan our future activities.
We also process personal data of our users in order to evaluate the performance of employees in our stores, in the stores of our partners, as well as in the customer service center.

We process personal data of users in order to study customer satisfaction with Telenor products and services.

In order to improve our products and customer service, we sometimes seek the opinion of consumers through surveys that we send via short text messages (SMS), telephone calls or e-mail (if the user has provided Telenor with an e-mail address).
In processing the results of these surveys, Telenor processes the following personal data of users: basic data; contract data; data on liabilities; summarized consumption data; payment data; data for communication with users. With the consent of the users, when conducting satisfaction surveys of Telenor's products and services, we may also process their traffic data, location data and data on the device used.

We process personal data of users in order to prepare appropriate offers for them

Telenor values the time of its users and strives for the company's products and services to be better and more appropriate. Therefore, we process the following personal data in order to be able to offer this product or service, which is most consistent with the needs and/or preferences of users.
In order to prepare or select offers for our products or services that would be as appropriate as possible for the users, we process the following personal data: basic data; contract data; data on liabilities; payment data; summarized consumption data; data for communication with users. These offers are non-binding on users and do not create any commitments for them.
Telenor's standard offers, as well as those prepared or selected for a given user, can be obtained at a Telenor store, at a site of our partner network or by calling the Customer Service Center. Proposals may also be sent in the form of direct marketing, unless the user has refused to receive marketing SMS, notifications or calls, as provided in this Personal Data Policy.
To make our offers even more relevant, with the consent of users, we also process their traffic data, location data and data about the device used.

We process personal data of users when conducting direct marketing

Telenor processes the data of the users in order to inform them about appropriate offers for Telenor products and services, by means of short text messages (SMS), by telephone calls or by notifications from the MyTelenor mobile application (for the users who use it), or by electronic mail (in case the user has provided Telenor with an e-mail address).
Users may at any time opt out of receiving:
• SMS - by submitting a written application in a Telenor store or in a site of our partner network, by sending a free SMS to the short number 149, by calling the Telenor Customer Service Center, at privacy.telenor.bg (available with mobile data included), via the MyTelenor mobile application or at my.telenor.bg;
• Phone calls - by submitting a written application in a Telenor store or in a site of our partner network, by calling the Telenor Customer Service Center, at privacy.telenor.bg (available with mobile data included), via the MyTelenor mobile application or at my.telenor.bg;
• notifications from the MyTelenor App mobile application, through the application itself.

We process personal data of users when transferring receivables (assignments)

In accordance with the legislation of the Republic of Bulgaria, Telenor has the right to transfer to third parties its receivables from users (such receivables are, for example, those arising from issued but unpaid invoices), without the need for their consent. To this end, a contract for the transfer of claims ("assignment contract") is concluded with the third party concerned.
Upon concluding an assignment agreement, Telenor ceases to be the holder of the respective receivable, which passes to the third party (new creditor). One of Telenor's obligations under the assignment agreements is to hand over to the new creditor all documents establishing the transferred receivables. In fulfilling this obligation, Telenor provides the new creditor with personal data about the users, the receivables against which are the subject of the assignment agreement.
When concluding assignment agreements, the respective users will be duly notified on behalf of Telenor.

We process personal data when necessary for the settlement of legal disputes.

Sometimes, in order to exercise its rights or legitimate interests, Telenor may need to process personal data of certain users in order to make an out-of-court claim or to file a lawsuit against:
• third parties from whom Telenor has received personal data about the respective users in accordance with this Personal Data Policy; or
• third parties to whom Telenor has disclosed personal data of the respective users in accordance with this Personal Data Policy.
Accordingly, it is possible for the above-mentioned persons, as well as the users themselves, to file an out-of-court claim or file a lawsuit against Telenor. In such cases, Telenor may need to process personal data of certain users in order to be able to organize and conduct defense in the relevant claim or case (thus Telenor aims to protect itself from unlawful encroachments on its property and/or reputation).
The type and volume of personal data processed depend on the nature of the out-of-court claims or cases initiated.
Refer to example:
A user claims in court that the amounts charged in his/her invoice are not due. This requires Telenor to carry out an internal investigation into the case in order to establish the validity of the user's claim, as well as to present the necessary evidence to the court (e.g. contracts, invoices, measurement results, etc.);
• A competent authority, to which Telenor has refused to provide data on a user, has sanctioned Telenor and Telenor has challenged the sanction in court, which requires the processing of personal data on the respective user and the provision of evidence before the relevant court.

It is possible to process personal data of users for other purposes, with the consent of users. The given consent can be withdrawn at any time by the users, completely free of charge, in any of the following ways: by submitting a written application in a Telenor store or in a site of our partner network, at privacy.telenor.bg (available with mobile data included), the MyTelenor mobile application or at www.mytelenor.bg.

Withdrawal of consent shall not affect:
• the lawfulness of the processing of personal data based on the withdrawn consent before its withdrawal; and
• the processing of personal data for purposes for which consent is not required in accordance with this Personal Data Policy.

Up-to-date information on the cases in which Telenor processes users' data on the basis of consent can be found at the following website: www.telenor.bg/privacy.