At Ownit, we process information about you and how you use our services. Ownit Broadband AB is responsible for personal data. As the entity responsible for personal data, we are responsible for the processing of your data, how and for what purposes the processing is done. You will find our contact details further down in this document.

The information we save due to the fact that we have an obligation to do so in accordance with law or other statutes, government regulations, decisions or government requests, is stored for as long as the current requirement states.

What type of data do we process

We collect and process two types of data about you:

Customer information is information that is related to your service, such as your name, social security number, address, telephone number, e-mail address, information about which agreements and services you have with us and how you use our services, login information, information about your financial status that we can obtain within the framework of credit information.

Traffic information is information that is related to what happens when you use one of our electronic communication services. Traffic data is processed to transmit an electronic message over an electronic communications network when you use our services. This could be, for example, when you make a call or send an e-mail. Traffic data also includes information that we process to invoice for our services, and for call traffic. Examples of traffic data are information about who had a certain IP address during which time. However, we will never use, view or save which website you surf to.

How we collect data

We collect and process data

• You have entered yourself in connection with you becoming a customer with us and when you communicate with us, for example when you sign up for a subscription, contact customer service or when you sign up to receive newsletters from us.
• Which is created when you use one of our services, for example when you surf on ownit.se, call, send e-mail or watch TV.
• Which we retrieve from other sources, such as the SPAR register, registers used for credit assessments, from other operators and from partners (eg various social media and marketing networks).
• Which is collected by our websites placing cookies that collect information from your browser.

The type of information we process about you depends on which service (s) you use.

How we use your data

In order for us to process customer and traffic data, the processing must be based on a legal basis in accordance with current privacy legislation. This means that the processing must be done based on one of the following reasons: the processing is necessary (i) for us to be able to fulfill an agreement with you or (ii) for us within Ownit to fulfill a legal obligation, (iii) you have agreed to the treatment, or (iv) after a balance of interests.

Below you will find examples of purposes for which we process your customer and traffic data and what the legal basis is for such processing.

To comply with laws

We process data to fulfill our legal obligations, for example to comply with injunctions that we receive from the court, including blocking access to certain websites that contain copyrighted material and that are illegally provided from such sites. The legal basis for the treatment is then a legal obligation.

To deliver services

We process data in order to be able to deliver the services that you have ordered from us in accordance with the terms set out in the agreement between us. Such processing includes, for example, traffic management measures through filtering, blocking and restriction in order to be able to maintain the restrictions in the service we have agreed on regarding transfer speed, data volume, data consumption and services with a special tariff. We also process data to be able to charge for the services we have agreed on, to handle invoices and payments, to handle complaints and grievances, for troubleshooting and handling of other incidents. The legal basis for the processing of data under this paragraph is the fulfillment of said contract.

To communicate with you about the services

We process data to communicate with you about the services we deliver, for example when you contact us for information, make inquiries, use the services or provide feedback about our services and products. Based on your use of a service, we may give you recommendations on how you can use such a service, for example to get a better customer experience or learn about new features. We may also record phone calls when you call our customer service, or analyze the content of chat logs. We do this in order to train our staff. We also process data to be able to give you a better customer experience when you contact us, for example by directing your request to the right department. The legal basis for the processing of customer data for this purpose is a legitimate interest. Processing of traffic data for this purpose is done only after you have consented to such treatment.

To develop new services

We analyze both customer data and traffic data in order to improve our business, our existing services and networks and to optimize our networks and services, to develop new services, product portfolios and our way of working. We do such treatment by compiling statistics on the use of both services and networks. The legal basis for the processing of customer data is then a legitimate interest, and processing of traffic data is done based on your consent.

To prevent misuse of services and to protect you from unauthorized use

We process data to maintain the security of our electronic communications networks and services, to detect or prevent the illegal use of the services or use that violates our terms of service. We also process data to protect you from unauthorized intrusion and viruses, to prevent misuse of services and networks, and to prevent fraud. Our processing of customer data under this item is based on the fulfillment of agreements. The processing of traffic data under this item is based on the fulfillment of a legal obligation.

Processing for marketing purposes

We process data in order to market our products and services to you. We may send such marketing to you via e-mail, text message, letter and telephone, as well as through personalized marketing on public websites. We also perform profiling. This means that we compile information we have received from you (and information created when you use our services) with data that we receive from other parties and create a customer image of you. We then use the customer image, among other things, to tailor marketing that we believe is relevant to you and to be able to give you a better customer experience. We also use the profiling to investigate whether you are satisfied with the personal service we offer you. We also process data to create an image of how we think you would act in different situations and which subscriptions or offers we think would be suitable for you, for example when we suggest you a certain service based on your previous use of our services. We do this type of processing of customer data based on a balance of interests. We process traffic data for this purpose only after you have consented to it.

We may also, with the special consent of you, process data that is based on your geographical location that does not constitute traffic data.

In cases where the processing of personal data is based on a consent from you, you have the right to revoke the consent at any time. You will find more information on how to withdraw a consent below under the heading 'Withdraw consent'.

Who we share data with

To companies within the Telenor Group and to subcontractors that process data on our behalf

We may share your data with other companies within the Telenor Group or with third parties such as subcontractors who perform services on our behalf. Sometimes it may be necessary for us to hire subcontractors to be able to deliver our services to you. We are then still responsible for the processing of your customer data that we or subcontractors perform on our behalf. Such subcontractors may not use the data for purposes other than those we specify. The sharing of your information is then done in order to fulfill the agreement between us.

This means that your personal data may be transferred to companies both within the EEA and to countries outside the EEA. All such transfers is based on applicable law, and when we hire subcontractors to perform part of the service delivery, we will sign agreements for personal data processing with such actors. The European Commission has approved certain countries outside the EEA that have a sufficiently high level of protection of privacy. A list of such countries can be found here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#relatedlinks. If the processing of data is carried out in other countries outside the EEA, it will be based on an appropriate legal basis, such as the EU Commission's model clauses for such transfer or Binding Corporate Rules approved by the relevant privacy protection authority). A copy of the EU Commission's model clauses for the transfer of personal data to third countries can be downloaded here http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.

Authorities

We are sometimes, based on law or government decision, obliged to disclose such information that follows from the decision to authorities, for example to the police. The legal basis for this treatment is the fulfillment of a legal obligation.

Rightsholders according to IPRED legislation

Rights holders who suspect illegal file sharing of their copyrighted material (eg films) can apply to a court for a so-called information injunction. Following a decision by the court, we may be obliged to disclose information we have available about which customer has used a certain IP address at a certain given time. We only store troubleshooting information, including IP logs, as long as it is required to secure our delivery of broadband services. For this reason, we do not have IP information left in connection with such information injunctions.

SOS Alarm

We may disclose data, which may also include information about your geographical position to SOS Alarm both for the rescue service to be able to carry out its tasks but also for the transmission of important messages to the public. The legal basis for this treatment is the fulfillment of a legal obligation.

Miscellaneous

We may also, after you have given your consent, disclose your customer information to other actors, such as directory inquiries or third-party service providers with whom you have requested that we share your information.

How long do we save your data

We will process your personal data for as long as is necessary with regard to the purpose of the processing. This means that different data will be saved for different lengths of time. We must save certain information for a certain period of time in order to comply with applicable legislation.

As long as you are a customer with us, and no more than for three years thereafter, we save your customer information. In cases where there are legal requirements to save data for a longer period of time, we follow such laws. The Accounting Act is an example of legislation that states that documentation must be saved for a certain longer period of time.

We save traffic data for invoicing purposes. We save the information until the invoice is paid, and all legal circumstances to which the traffic information relates are regulated, and for a year thereafter with the exception of information that we must save according to the Accounting Act.

In order for us to prevent abuse and control the authorized use of the services, such as detecting or preventing internet fraud, illegal use of the services or the spread of viruses, spam and Trojans, we save IP addresses. We save IP addresses for this purpose for up to 3 days.

Because we want to be able to help you if an error should occur in the services we deliver to you, we will save traffic data for up to 7 days. You also have the opportunity to agree that we may process traffic data in order to improve and develop new and existing services. For such purposes, we save traffic data for up to 7 days.

We want to be able to give you relevant offers based on how you use our services, such as your telephone calls and which TV channels you usually watch. We save the information as long as you are a customer with us, but for a maximum of 36 months.

When you call our customer service, we may record calls for educational and teaching purposes. We save such calls for a maximum of 60 days.

Your rights

The new data protection legislation, which came into power on 25 May 2018, aims, among other things, to strengthen the individual's right to their data. Therefore, you have the right to know what we do with your data, for what purposes we process your data, how long we store them and who takes part in the data. Below you will find a review of what rights you have with regard to our processing of your personal data, and how you can contact us to find out more about how we process your data.

Data protection officer and supervisory authority

We have appointed a data protection officer who works to ensure that our personal data processing is carried out in a legal manner. If you have questions about our processing of personal data, want any incorrect information corrected, want certain information deleted or have complaints about the processing, you are welcome to contact our data protection representative at support@ownit.se or by calling customer service.

The Privacy Protection Authority (IMY) is the Swedish supervisory authority for the processing of personal data. If you are dissatisfied with our processing of your personal data, you can turn to the Privacy Protection Authority, whose contact information can be found here https://www.imy.se/om-oss/kontakta-oss/

Right to access

You should be able to know what personal data of yours we process. Therefore, you have the right to receive a subject access request from us free of charge once a year. To receive a subject access request, you must clearly state what information you want to receive. We must respond to your request without undue delay, and no later than within one month. If for any reason we are unable to fully respond to your request, we will justify why and we will also inform you of how long we need to respond to your request. In the event of a request for a subject access request, we will request that you identify yourself securely, and we will send your register extract to your population registration address, electronically via ownit.se or to Kivra if you have access to an electronic mailbox.

Right to rectification

If any of the data we process is incorrect or if more data needs to be processed with regard to the purpose for which we process data, you have the right to have such incorrect data corrected or to supplement with any additional data necessary. Once we have corrected your data, we will contact the parties to whom we have disclosed your data and inform them of any corrections that have been made, provided that it does not constitute an overburdening effort for us or if for any reason is impossible. We will also, if you request it, contact you and tell you to whom the correction has been handed out.

Right to delete

You also have the right in some cases to have your data that we process deleted. In this case, contact the data protection officer. You will find contact information above.

Right to restriction

You also have the right to in some cases restrict the data processing we do. Restriction means that the data is marked so that in the future it may only be processed for certain limited purposes. The right to restriction applies, among other things, when you believe that the data is incorrect and you have requested correction. In such cases, you can also request that the processing of the data be restricted while we investigate whether the data is correct or not. When the restriction expires, we will inform you of this.

Right to data portability

You also have the right to so-called data portability for the data you have given us in cases where we process based on your consent or when we process data to fulfill an agreement with you. This means that you have the right to obtain the data that you have given us and that we process about you in a certain format and that you have the right to transfer this to another person responsible for personal data. The right to portability only applies to the data we have processed automatically. This means that data that is only processed in paper files is therefore not covered by the right to data portability.

If you wish to exercise any of your rights as above, please contact our Data Protection Officer. Contact information can be found above.

Withdraw consent

We base some of the processing we do of your customer and traffic data on the fact that you have consented the processing. You usually consent in logged-in mode on your customer profile or with the standard usage of the service(s) you have purchased from us. You will find more information about your consent in connection with us asking for your specific consent for a specific treatment.

You have the right to withdraw your consent you have given us for a certain processing of your customer or traffic data at any time. To revoke your already given consent, you can log in to your customer profile or on your service and withdraw consent in the same way and in the same place where you have previously given us the consent. Above you will find more information about when we process customer or traffic data based on a consent. You should note that we also perform processing on other legal grounds than consent. We will therefore continue to perform certain processing of your customer and traffic data even if you withdraw consent.

If you are under 18 years of age, your guardian must leave and / or withdraw consent.

Contact information

Personal Data Manager

Telenor Sverige AB, (org. nr. 556421-0309)

Box 3081, 169 03 Solna

Requests for register extracts must be sent to

Telenor Sverige AB (Ownit)

Box 3081, 169 03 Solna

Data Protection Officer

Our data protection officer ensures that the processing of your data is done in a legal manner. If you want to talk to our data protection representative, we ask you to call Customer Service on 08-525 07 300, and they will make sure that you can talk to the right person. You can also email support@ownit.se

Miscellaneous

If we make changes to this privacy policy, we will publish an updated version at http://www.ownit.se/integritet where you will also have access to older versions of the policy.

Download this document here

Right to object

As a registered customer with us, you always have the right to object to how we process your information. When you trust us to process your data in order to deliver your services, you should always be able to feel confident that we process your data only with the intention we have agreed to.

So if you feel that we use your information in a way that deviates from what we have agreed, it is your full right to contact us with objections. An easy way for you to object is to use the contact form you see below.