How we process users’ personal data

You are here

Плати сметката си онлайн. Защото сега е важно да останеш вкъщи. Виж как

Как събираме лични данни

In order that we can perform the contracts entered into with users we need to process their personal data. Otherwise, it will be impossible for us to fulfill out contractual commitments to users.

We process users’ data to ensure that goods and/or services provided correspond to what is stipulated for them in users’ contracts.

In order that we can perform our obligations under a contract signed with a user we need to process his/her personal data. It is precisely by virtue of them that Telenor identifies the user as the principal under the contract, the conditions of the respective subscription plan, etc.

If we do not know that a user has the right to use services via a 4G network as per the contract signed the user will be deprived of the opportunity to use such technology;
If we do not know that a user has the right to use unlimited minutes to all national mobile and landline networks in Bulgaria, (s)he may be charged consumption as per the Telenor’s standard price conditions;
If we do not know that a user wants to receive paper invoices such invoices might not be sent to him/her;
To send an invoice issued to the respective user we need to process data regarding his/her address.

We process users’ data so that we can provide them with the agreed services.

In order that we can provide services to users as well as to properly charge them for such services (including in order that we can prove the authenticity of the prepared bills) we process their basic data, data regarding the contracts as well as traffic data. In contrast to landline services which are provided only to a specific address, mobile services are accessible at any place where Telenor’s network has coverage. In order that we can provide you with the services your mobile device connects to a specific base station of the network that services the respective location and thus we also process data regarding the approximate location of users.

It is impossible for us to direct the call to the proper addressee without processing data regarding the mobile number dialed by a user;
It is impossible for us to charge a call in compliance with the provisions stipulated in the contract with the respective user without processing data regarding the type and duration of the call;
It is impossible for us to provide a detailed printout, if such is requested by the user, without processing the traffic data of the user.

We process users’ data to maintain our mobile network and information systems

In order that we can prevent, discover, localize and make good faults and software errors in the network and our information systems, including when we receive complaints from users, we need to process their personal data and traffic data.

We process users’ data for the purposes of payments related to interconnection

In order that users of different operators and networks can establish a connection between each other operators and networks must be interconnected. To that end the two operators enter into a contract under which their networks are connected. By virtue of that contract the operators owe to each other payments for the calls made by their subscribers.

For example, if a Telenor user calls a subscriber of another mobile operator in Bulgaria Telenor will owe certain sum to the respective mobile operator as the amount of that sum is determined based on the duration of the phone call.

We process users’ data for the purposes of payments in relation to services provided in roaming.

In order that Telenor users can use services in roaming (i.e. outside the territory of the Republic of Bulgaria) Telenor must settle its relations with the operators whose mobile networks serve the users. To that end Telenor enters into agreements with the respective mobile operators. By virtue of such agreements Telenor owes a payment whenever a Telenor user uses services provided via the network of another mobile operator.

For example, if a user located on the territory of the Hellenic Republic makes a phone call Telenor will owe a payment to the respective Greek mobile operator whose amount is determined on the basis of the type and duration of the phone call.

We process users’ data for the purposes of charging and preparation of bills

We process basic data, data regarding the contracts as well as traffic data so that we can prepare the subscriber bills, carry out internal control of their accuracy and reliability and issue invoices for the services provided.

We process users’ data so that we can administer the process of servicing their payments

Whenever a user makes a payment under a contract with Telenor as well as whenever a user wants to defer or reschedule his/her liabilities to Telenor, we process his/her basic data, data regarding the contracts, data regarding the liabilities and data regarding the payments.

We process users’ data for the purposes of settlements with our partners

In order that Telenor users can enter into contracts, register prepaid cards, pay bills (including refill prepaid cards), submit requests and/or be served at an outlet of the trade network of our partners (e.g. trade representatives, franchisees, distributors, providers of payment services, etc.) Telenor enters into agreements with them. By virtue of such agreements Telenor owes sums for the determination of which data regarding the users need to be processed.

It will be impossible for us to determine and pay the remuneration due to a franchisee of ours without processing the information that a user has entered into a contract for mobile services at a trade outlet of such a franchisee;
It will be impossible for us to determine and pay the remuneration due to a trade representative of ours without processing the information that a user has paid his/her bill at an outlet of such trade representative.

We process users’ data to notify them of the occurrence of certain circumstances in relation to our contracts.

In order that we can perform our obligations to inform the users of the occurrence or the forthcoming occurrence of certain facts and circumstances that have impact on the provision of our products and/or services we process the following personal data: basic data; data regarding the contracts; data regarding the liabilities; data regarding the payments; traffic data; data regarding communication with users, etc.

Notification of the exhaustion of the applicable credit limit or reaching certain amount thereof in pursuance of the stipulations of Telenor’s General Terms and Conditions;
Notification of an invoice issued, including its value and maturity date;
Notification upon temporary discontinuation of the access to the services in pursuance of the stipulations of Telenor’s General Terms and Conditions;
Prior notice upon a scheduled routine maintenance checks, repair works and/or modifications of the network in pursuance of the stipulations of Telenor’s General Terms and Conditions;
Notification when Telenor establishes user’s predominant presence and consumption in EU/EEA which may result in the application of a markup according to Regulation 531/2012 pursuance of the stipulations of Telenor’s General Terms and Conditions;
Notification that a number dialed by the user, which was turned off or outside coverage, can be dialed;
Notification of the applicable prices and conditions when the user is in roaming;
Notification of a successful refill of a prepaid SIM card;
Notification of a forthcoming expiration of the validity period of the credit for a prepaid SIM card;
Notification of a payment made by using “Pay with Telenor” service;
Notification of a forthcoming actions to be taken to collect unpaid cash liabilities out of court, including the use of third parties’ services (credit reporting bureaus, debt collection agencies and others) in accordance with Telenor’s General Terms and Conditions, etc.

We process users’ data so that we can carry out their requests.

In order that we can fulfill the requests of a user in relation to a concluded contract(s) we need to process his/her basic data, the data regarding the respective contract(s) as well as data regarding liabilities and/or payments (if applicable).

In order that an operation of recharge a prepaid SIM card can be performed we have to process the basic data of the respective user, data regarding the contract as well as data regarding the payment made on the basis of which a recharge is made; In order that a user’s request for replacement of a SIM card (e.g. in case of damage or loss) we need to process his/her basic data as well as data regarding the contract; In order that users’ requests can be fulfilled (e.g. for activation or deactivation of services in roaming or the mobile internet service, issuance of a duplicate of a contract, an invoice, etc.) we need to process their basic data, the data regarding their contract and other data relevant to the request.

We process users’ data for the purposes of customer care.

We process personal data of our users so that we can provide them with quality and timely customer care, including but not limited to processing of user proposals, applications, requests, inquiries and/or complaints. The type and the volume of personal data we process in such cases depend on the nature and content of the respective proposal, application, request, inquiry and/or complaint.

In order that a check can be made in case that an inquiry or a complaint has been received from a user as well as in order that a response to it can be prepared, and sent to the user, respectively, his/her basic data, the data regarding his/her contract, other data regarding the inquiry or the complaint made (e.g. traffic data, data regarding the liabilities, data regarding the payments, etc.) as well as the communication data need to be processed.

We process users’ data when number portability from/to Telenor’s network is carried out

In order that we can provide the service of number portability from/to Telenor’s network we need to process the personal data of the respective users.

We process users’ data when out-of-warranty maintenance of goods requested by them is carried out

In order that we can fulfill users’ requests for performance of out-of-warranty repairs of goods we need to process their personal data.

We process users’ data in order to prevent, detect, investigate and discontinue abuses

In order that we can prevent, detect, investigate and hinder wrongful acts, which are contrary to the conditions on the use of our products and/or services or which violate the applicable legislation we process users’ personal and traffic data.

In cases of “atypical conduct” of our users we need to process their data in order to establish whether there is an abuse, a breach of the General Terms and Conditions or the applicable legislation. In case that conduct that threatens or hampers the normal use of the services is established Telenor may restrict the access to the services of the users in question.

We process users’ personal data when necessary in order to exercise our rights under contracts concluded with them

The contracts Telenor enters into with its users give rise to rights for both parties. Both Telenor and the users make enjoy such rights to satisfy their interests. The procedure and conditions on the exercise of such rights are regulated in the contracts themselves and sometimes they arise directly out of the applicable legislation. In order that Telenor can exercise its rights with respect to the users Telenor needs to process certain personal data on them.

Examples of hypothetical cases where Telenor processes personal data in order to exercise rights under contracts concluded with the users:
In the event that a user terminates early a contract at his/her will Telenor may process his/her personal data in order to charge penalties according to the stipulations of the contract;
In order that Telenor can make a current credit assessment of the user according to Telenor’s General Terms and Conditions Telenor needs to process his/her personal data so that it can analyze whether the user meets the requirements for the current trade policy;
In order that Telenor can exercise its right to restrict and discontinue the use of the services by a user when (s)he exceeds the credit limit applicable for him/her according to Telenor’s General Terms and Conditions Telenor needs to process his/her personal and traffic data.

We process users’ data where this is necessary for the collection of unpaid sums under concluded contracts

If a user does not pay the sums owed to Telenor as agreed in the concluded contract Telenor has the right to seek payment out of court or subject to court procedure. To that end the following user’s data must be processed: basic data, data regarding the contracts, data regarding the liabilities and data regarding the payments. If the user contests a charged consumption, Tlenor may also process the relevant traffic data in order to demonstrate the accuracy of the bill. When performing the procedure of out-of-court collection of liabilities Telenor may make use of the services of third parties (debt collection companies) to whom the aforesaid data may be disclosed. Data regarding personal identification number [EGN] shall be disclosed to such companies only after the user’s consent is obtained. When carrying out a legal collection of liabilities Telenor may make use of the services of lawyers and/or law firms to whom the aforesaid data may be disclosed, including data regarding personal identification number [EGN].

In certain cases the applicable national and European legislation requires that Telenor process personal data regarding its users for certain purposes, in a certain manner and/or for a certain period. The main cases where Telenor processes personal data in order to fulfill its statutory obligations are stated below.

We process personal data when under the applicable legislation we are obliged to provide information to competent authorities

The legislation of the Republic of Bulgaria requires that Telenor store certain personal data on the users for certain period. If there are premises established by the law such personal data processed by Telenor must be submitted to the competent authorities.

Pursuant to the Criminal Procedure Code (CPC) when requested by a court, a prosecutor or an investigating authority Telenor is obliged to provide papers or data in its possession which are important for the respective case. The requested papers and data might contain personal data on the users;
Pursuant to CPC when serious crimes are investigated, upon court’s request or based on an order issued by a judge further to the request of the overseeing prosecutor Telenor is obliged to provide traffic data for a period not longer than 6 months;
Pursuant to the Protection in Cases of Disasters Act upon the receipt of a warning concerning a natural person who finds or may find himself/herself in a position that puts his/her life or health at risk Telenor is obliged to provide location data at the request of the relevant authorities as far as a court permission is obtained.

We process users’ personal data when according to the applicable legislation we are obliged to provide assistance to competent state and/or municipal authorities while they carry out inspections

While providing public electronic communication services Telenor is subject to control on part of various state and municipal authorities – e.g. Communications Regulation Commission (CRC) Consumer Protection Commission (CPC), Personal Data Protection Commission, National Revenue Agency (NRA) and others. In the course of exerting such control these authorities have the power to make inspections as well as to require that Telenor provide documents and information in its possession. The required documents and information might contain users’ personal data.

Upon receipt of a warning or a complaint from a user CRC, CPC and PDPC have the power to require that Telenor submit documents and information relevant to the case, which may contain the following data: basic data, data regarding the contracts, data regarding the liabilities, data regarding the payments as well as data regarding communication with the respective user;
While carrying out a tax audit the bodies of NRA have the power to require that Telenor submit accounting documents, which might also contain personal data on certain users.

We process personal data because according to the applicable legislation we are obliged to ensure the security of our network and information systems (including our users’ personal data)

In order that we can prevent, establish, investigate and/or tackle: (а) security vulnerabilities and/or breaches; or (b) personal data security breaches in certain cases we have to process users’ personal data.

We process personal data in order to provide warranty maintenance for goods in accordance with the consumer protection legislation

Where a user purchases goods from Telenor, according to the consumer protection legislation Telenor is obliged to ensure a repair or replacement of the goods free of charge if the goods are defective as at the time when delivered and if such defect appears within two years after the goods are made available to the user. In order that Telenor can fulfill that obligation Telenor must process user’s basic data (by means of which the right to make a claim is established) as well as the data regarding the relevant contract (by means of which it is established whether the warranty period for the relevant goods has not expired). See also item 33 of this Privacy Policy.

We process personal data in order that we can fulfill obligations arising out of the accounting and tax legislation

Tax and accounting legislation in the Republic of Bulgaria require that Telenor prepare certain accounting and commercial information, including storage for a certain period of such information as well as any other information and documents that are important for taxation.

In pursuance of that obligation the relevant information and documents which contain users’ personal data, are stored by Telenor for such periods as stipulated in the relevant laws. Such periods are ones of great duration (e.g. the invoices, which are documents for tax and social security control must be stored for a period of eleven years).

We process personal data in order that we can fulfill our obligations to ensure electronic communications in cases of disasters, declaration of “martial law”, “state of war” or “state of emergency” in compliance with the Electronic Communications Act

We process personal data when performing internal analyses in order to improve Telenor’sproducts and services and to develop new ones

In order that we can understand the needs of or users, improve and further develop our products and services and increase the quality of customer care we process personal data. We also process personal data in summarized form in order to establish the outcomes of campaigns conducted, which enables us to assess their efficiency as well as to properly plan our future activities. We process our users’ personal data in order to make an assessment of employees’ performance at our trade outlets, at the trade outlets of our partners and in customer care center.

We process users’ personal data in order to study customers’ satisfaction with Telenor’s products and services

In order to improve the products and customer care sometimes we ask users for their opinion by means of studies that we send (not more than once or twice per two months) by short text messages (SMS), by phone calls or by e-mail (in case that the user has provided an e-mail address to Telenor). When processing the results of such studies Telenor processes the following personal data of the users: basic data; data regarding the contracts; data regarding the liabilities; summarized data regarding the consumption; data regarding the payments; data regarding communication with users. With users’ consent, when studying the satisfaction with Telenor’s products and services we might also process their traffic data, location data and data regarding the device used.

We process users’ personal data in order to prepare appropriate offers for them

Telenor holds the time of its users in high esteem and aims to make company’s products and services better and more appropriate. For this reason we process the personal data stated below so that we can offer such product or service that conforms to the greatest extent to users’ needs and/or preferences. In order to prepare or select offers for our products or services that would be as appropriate for users as possible we process their personal data as follows: basic data; data regarding the contracts; data regarding the liabilities; data regarding the payments; summarized data regarding the consumption; data regarding communication with users. Such offers are not binding upon the users and do not create any commitments for them whatsoever. Telenor’s standard offers as well as the ones prepared or selected for a user may be received at a trade outlet of Telenor, at an outlet of our partners’ network or by calling the Customer Care Center. Offers may also be sent in the form of direct marketing, unless the respective user has refused to receive marketing SMS, notifications or calls according to the provisions of this Personal Data Policy.
In order to make our offers even more appropriate, if we have the users’ consent we also process their traffic data, location data and data regarding the device used.

We process users’ personal data when carrying out direct marketing

Telenor processes users’ data in order to communicate to them (not more than once per month) appropriate offers for Telenor’sproducts and services by means of short text messages (SMS), phone calls or notifications from the mobile application MyTelenor (for users who use it).
Users may at any time refuse to receive:
SMS – by filing a written application at a trade outlet of Telenor or at an outlet of our partners’ network, by sending a free SMS at number 149, by calling Telenor’s Customer Care Center, at privacy.telenor.bg (accessible if mobile data is turned on), via the mobile application MyTelenor or at www.mytelenor.bg ;
phone calls: byfiling a written application at a trade outlet of Telenor or at an outlet of our partners’ network, by calling Telenor’s Customer Care Center, at privacy.telenor.bg (accessible if mobile data is turned on), via the mobile application MyTelenor or at www.mytelenor.bg ;
notifications from the mobile application MyTelenor App via the application itself.

We process users’ personal data upon assignment of receivables (cessions)

In accordance with the legislation of the Republic of Bulgaria Telenor has the right to assign to third parties its receivables payable by the users (such receivables are, for instance, the ones arising out of issued but unpaid invoices) without having to obtain their consent. To that end a contract on assignment of receivables (“cession contract”) is entered into with the respective third party. Upon the conclusion of a cession contract Telenor ceases to be the holder of the respective receivables, which pass to the third party (new creditor). One of Telenor’s obligations under the cession contracts is to deliver to the new creditor all documents establishing the assigned receivables. Upon the performance of that obligation Telenor submits to the new creditor personal data regarding the users the receivables payable by whom are the subject matter of the cession contract.
Upon the conclusion of cession contracts the respective users shall be duly notified of such conclusion on behalf of Telenor.

We process personal data where necessary for the settlement of legal disputes.

Sometimes in order to exercise its rights or lawful interests Telenor may have to process certain users’ personal data in order to lay out-of-court claims or initiate a lawsuit against:
third parties from whom Telenor has obtained personal data regarding the respective users in accordance with this Personal Data Policy; or
third parties to whom Telenor has disclosed personal data regarding the respective users in accordance with this Personal Data Policy,
Accordingly, the aforesaid persons and also the users themselves may lay out-of-court claims or initiate a lawsuit against Telenor. In such cases Telenor may have to process certain users’ personal data so that it can organize and conduct the defense under the respective claim or lawsuit (by doing so Telenor aims to protect itself against unlawful infringements on its property and/or reputation). The type and the volume of the personal data being processed depends on the nature of the out-of-court claims made or lawsuits initiated.

Examples:

A user claims in legal proceedings that the sums charged in his/her invoice are not owed. This needs an internal check to be made by Telenor under the case in order to establish the justifiability of user’s claim and to submit the necessary evidence top the court (e.g. contracts, invoices, results of measurements, etc.);
A competent authority to which Telenor has refused to provide user’s data sanctions Telenor and Telenor contests the imposed sanction in court, which necessitates that the personal data of the respective user be processed and evidence be submitted to the relevant court.

We might also process users’ personal data for other purposes if we have obtained users’ consent. The consent given may be withdrawn at any time by the users, free of any charge, in any of the following manners: by submitting a written application at a trade outlet of Telenor or at an outlet of our partners’ network, at privacy.telenor.bg (accessible if mobile data is turned on), via the mobile application MyTelenor or at www.mytelenor.bg .

The withdrawal of the consent shall not affect:
the lawfulness of personal data processing based on the withdrawn consent before the withdrawal thereof; and
personal data processing for purposes for which no consent is required according to the stipulations of this Personal Data Policy.

With users’ consent we process their traffic data, location data and data regarding the device used in order to prepare even more appropriate products and services of Telenor (see also item 24.3: We process users’ personal data in order to prepare appropriate offers for them).

With users’ consent we process their traffic data, location data and data regarding the device used when carrying out studies of their satisfaction with Telenor’s products and services (see also item 24.2: We process users’ personal data in order to study customers’ satisfaction with Telenor’s products and services).

In the event that a user has stated his/her refusal to receive direct marketing messages or calls with such use’s subsequent consent Telenor may resume the processing of personal data in order to send such messages or calls (see also item 24.4: We process users’ personal data when carrying out direct marketing).

With users’ consent Telenor processes their personal data (including data regarding personal identification number [EGN]) for the purpose of performance of a credit assessment where the users want to get a device on hire purchase or at a preferential price with a subscription plan. Such consent is voluntary. In the event that a user refuses to have a credit assessment made of him/her (s)he can purchase the desired device at its price in cash, without subscription.

With users’ consent Telenor processes data regarding their personal identification number [EGN], by making them available to third parties for the purposes of out-of-court collection of liabilities payable to Telenor.

With users’ consent their data may be included in telephone directories published by Telenor in accordance with Telenor’s General Terms and Conditions.

To conclude a contract with Telenor, or to register a prepaid card, the user needs to provide his/her personal data. Provision of such data allows us to identify the respective user as a party to the contract and as a holder of the rights/obligations thereunder.

User’s full name, personal identification number [EGN] and address are part of the minimum content of each contract for mobile or landline services (the application for registration of a prepaid card, respectively), according to the requirements of the Electronic Communications Act. In case that a user refuses to provide them Telenor will be unable to conclude a contract or to register a prepaid card.

In the process of conclusion of contracts data regarding user’s identity papers are also being processed in order to check the validity of the same as the purpose of such check is to prevent possible attempts to commit fraud and/or abuse of personal data.