Information on personal data processing
At InfraCom, we process information about you and how you use our services. As a personal data controller, we are responsible for the processing of your data, how and for what purposes the processing is done.
WHAT TYPE OF DATA WE PROCESS
We collect and process two types of data about you:
Customer data is data that is related to your service, such as name, social security number, address, phone number, email address, information about which services you have with us and how you use our services, login details, information about your financial status that we may receive within framework for credit information. Traffic data is data that is related to what happens when you use one of our electronic communication services. Traffic data is processed to transmit an electronic message over an electronic communication network when you use our services. This could be, for example, when you make a call or send an e-mail.
Traffic data also includes information that we process to bill for our services, and for inter-connection. Examples of traffic data are information about who has communicated with whom, at what time and how long the communication has been going on and which networks have been used for such communication. Information about where you are when you call or are connected, e.g. to which mast, is also traffic data.
HOW WE COLLECT DATA
We collect and process data:
* That your employer/contractor has provided to us in connection with your employer/contractor signing an agreement with InfraCom for the delivery of the services and when you communicate with us, e.g. when you contact customer service or when you sign up to receive newsletters from us .
* That is created when you use one of our services, e.g. when you call or send SMS.
* That we obtain from other sources, e.g. registers used for credit assessments and from other operators.
The type of data we process about you depends on which services you use.
HOW WE USE DATA
In order for us to process customer and traffic data, the processing must be based on a legal basis according to current privacy legislation. This means that the processing must be done based on one of the following reasons: the processing is necessary (i) for us to fulfill an agreement with you or (ii) for us at InfraCom to fulfill a legal obligation, (iii) you have consented to the processing, or (iv) after a balancing of interests.
Below you will find examples of purposes for which we process your customer and traffic data and what the legal basis is for such processing.
To deliver services and comply with laws
When we deliver the services to you in accordance with the terms of the agreement between us and your employer/principal, we process data to fulfill our legal obligations under, in particular, the Electronic Communications Act (2003:389). Such processing includes, for example, measures to provide services regarding mobile and fixed telephony, traffic management measures through filtering, blocking and throttling in order to be able to maintain agreed limitations in the service regarding transmission speed, data volume, data consumption and services with a special rate. We also process data to be able to charge for the services we have agreed on, to handle invoices and payments, to handle complaints and reclamations, for troubleshooting and handling other incidents. The legal basis for the processing of data according to this point is the fulfillment of a legal obligation.
To communicate with you about the Services
We process data to communicate with you about the services we deliver, for example when you contact us for information, make inquiries, use the services or leave feedback about our services and products. Based on your use of a service, we may give you recommendations about how you can use such service, for example to get a better customer experience or learn about new functions. The legal basis for processing customer data for this purpose is legitimate interest. Processing of traffic data for this purpose is only done after you have consented to such processing.
To prevent misuse of services and to protect you against unauthorized use
We process data to maintain the security of our electronic communications networks and services, to detect or prevent illegal use of the services or use that violates our terms of service. We also process data to protect you against unauthorized access, to prevent misuse of services and networks, and to prevent fraud. We base our processing of customer data under this point on the fulfillment of a legal obligation.
Processing for marketing purposes
We process data in order to market our products and services to you. We may send such marketing to you via e-mail, SMS, letter and telephone. We also carry out profiling. This means that we compile information we have received from you (and information that is created when you use our services), for example when we suggest you a certain service based on your previous use of our services. We do this type of processing of customer data based on a balancing of interests.
Who we share data with
To companies within the InfraCom group and to subcontractors who process data on our behalf.
In order to fulfill the purposes above, we may share your data with other companies within the InfraCom group or with third parties such as subcontractors who perform services on our behalf. Sometimes it may be necessary for us to engage subcontractors in order to deliver our services to you. We are then still responsible for the processing of your customer data that we or subcontractors carry out on our behalf. Such subcontractors may then not use the data for purposes other than those we specify.
All such transfer is based on applicable law, and when we engage subcontractors to carry out part of the service delivery, we will sign personal data processing agreements with such actors.
Agencies
We are sometimes, based on law or authority decisions, obliged to disclose such information that follows from the decision to authorities, for example to the police. The legal basis for this processing is the fulfillment of a legal obligation.
SOS Alarm
We may disclose data, which may also include information about your geographical position to SOS Alarm both so that the rescue service can carry out its tasks but also for the transmission of important messages to the public. The legal basis for this processing is the fulfillment of a legal obligation.
Others
We may also, after you have given your consent, disclose your customer data to other stakeholders, e.g. telephone directory companies or third-party service providers with whom you have requested us to share your data.
How long we save data
We will process your personal data for as long as is necessary taking into account the purpose of the processing. This means that different data will be saved for different lengths of time. We must save certain data for a certain period of time in order to comply with applicable legislation.
As long as you are a customer with us, and for three years thereafter, we save your customer data. In cases where there are legal requirements to save data for a longer period of time, we comply with such laws. The Accounting Act is an example of legislation that states that documents must be saved for a certain longer period of time.
We save traffic data for billing purposes. We save the data until the invoice is paid, and all legal conditions to which the traffic data relates are settled, and for a maximum of one year thereafter, with the exception of data that we must save according to the Accounting Act.
Because we want to be able to help you in the event of an error in the services we deliver to you, you can agree to us saving traffic data for 10 days.
We want to be able to give you relevant offers based on how you use our services, e.g. based on how large your data consumption is, number of text messages sent and calls made. We save the information as long as you are a customer with us, but for a maximum of 36 months.
Your rights
The new data protection legislation that came into force on 25 May 2018 aims, among other things, to strengthen the individual’s right to their data. Therefore, you have the right to know what we do with your data, for what purposes we process your data, how long we save it and who has access to the data. Below, you will find an overview of the rights you have with regard to our processing of your personal data, and how you can contact us to find out more about how we process your data.
Data protection officer and supervisory authority
We have appointed a data protection officer who works to ensure that our personal data processing is carried out in a legal manner. If you have questions about our processing of personal data, want any incorrect data corrected, want to have certain data deleted or have complaints about the processing, you are welcome to contact our data protection officer at info.icc@infracom.se.
Datainspektionen is the Swedish supervisory authority for the processing of personal data. If you are dissatisfied with our processing of your personal data, you can contact the Swedish Data Protection Authority/Integritetsskyddsmyndigheten.
Right to register extracts
You should be able to know which of your personal data we process. Therefore, you have the right to receive a register extract from us free of charge once a year. In order to receive a register extract, you must clearly state which information you want to receive. We must respond to your request without undue delay, and at the latest within one month. If for any reason we are unable to fully respond to your request, we will explain why and we will also inform you of how long we need to respond to your request. When requesting a register extract, we will ask you to identify yourself securely, and we will send your register extract to your registered address. Contact our customer service via email or phone to order a register extract
Right to rectification
If some of the data we process is incorrect or if more data needs to be processed with regard to the purpose for which we process data, you have the right to have such incorrect data corrected or to supplement it with such additional data as may be necessary for the processing. When we have corrected your data, we will contact such parties to whom we have disclosed your data and inform them of the corrections that have been made, provided that this does not involve an overly burdensome effort for us or if for any reason it would be impossible. We will also, if you request it, contact you and tell you to whom the correction has been released.
Right to erasure
You also have the right to have your data that we process deleted in certain cases.