Telenor Software Lab AS Privacy Policy

# Telenor Software Lab AS Privacy Policy **Posted: 2025-04-02** **Effective: 2025-07-10** You can read the previous Privacy Policy [here](./privacy-previous-en.html). This Privacy Policy (“Policy”) explains how Telenor Software Lab AS (“Telenor Software Lab”, “TSL”, “we”, “us”, “our”) collects and uses your information when you use our services, client software, and websites (“Service”, “Services”). We are registered in Norway under company registration number 884 640 202. This Policy applies to any TSL websites or apps that link to it. It also applies when you contact us via telephone, SMS, email, live chat, letter, or any other form of communication. For the purposes of this Policy, the data controller is Telenor Software Lab AS. ## Our Privacy Promise We are committed to protecting your personal information, being transparent about the data we hold, and giving you control over how we use it whenever possible. It's important that you read this Policy to understand the information we may hold about you, how we use it, and how you can access or update your information, modify your preferences, or request deletion of your personal data. This Policy explains: - What information we collect about you - How we collect and use information about you - Whether we disclose your details to anyone else - The choices available to you regarding the personal information you provide to us - When and how your data may be shared with third-parties - Information regarding the use of cookies on our websites We regularly review this Policy to ensure it is accurate and up to date. Amendments or updates may be made periodically, and any revisions will be posted on this page so you will always be aware of the information we collect. Please check this page regularly to stay informed of any changes. We use your information in compliance with all applicable Norwegian and European laws and regulations regarding the protection of personal information, including Personopplysningsloven 2018, Ekomloven 2002, and the General Data Protection Regulation (GDPR), along with any amendments, updates, or successor regulations. ## Your Rights Within each of our Services, your Privacy settings allow you to control and customise your privacy preferences. Here you can find information on your rights under GDPR: ### Right to Withdraw Consent Where you have previously given consent for us to process your personal data, you can withdraw that consent at any time. You can use the Privacy settings of the Service to control your preferences. ### Right to Access Your Information You can request more details regarding the personal data we collect about you and how we process it. You can use the Privacy settings of the Service to request a report that reflects the personal information we hold about you. ### Right to Rectification You can request that we correct any inaccurate personal data we are processing. In most cases, the simplest way to do this is by updating your user profile within the Service yourself. You may also contact our [Customer Support team](https://capture-app.com/support) for assistance. ### Right to Object You have the right to object to certain types of processing, such as direct marketing, automated processing, or profiling. You can use the Privacy settings of the Service to control your preferences. You may also contact our [Customer Support team](https://capture-app.com/support) for assistance. ### Right to Erasure You can request that we erase the personal data we hold about you and delete your account. You can use the Privacy settings of the Service to request account deletion. This will result in the irreversible deletion of all content in your account, so please ensure you take a backup before making this request. The process may take up to 30 days to complete. ### Right to Restrict Processing Depending on the processing activity, you can request that we stop or limit the processing of your personal data. You can use the Privacy settings of the Service to control your preferences. ### Right to Portability You can request the personal data you have provided to us, which we are processing based on your consent or to perform a contract, in a structured, commonly used, and machine-readable format, provided the data is processed using automated means. You can use the Privacy settings of the Service to request this report. This right does not apply to processing necessary for performing a task in the public interest or exercising official authority vested in the controller. We are also unable to extend this right in a way that would adversely affect the rights and freedoms of others. You also have the right to lodge a complaint directly with the Norwegian supervisory authority [Datatilsynet](//datatilsynet.no/). ## How Do We Get Information? We obtain personal information in the following ways: - *Direct:* Information you provide us with upon our request when subscribing to or otherwise using our Services, or when getting in touch with us. - *Automatic:* Data generated automatically by the use of our Services. - *Indirect:* Information that we may receive from third-parties. ## How Long Do We Keep Information? Our data retention policies vary based on the purpose of processing. As a general rule, personal data will be kept only as long as necessary for the purposes outlined in this Policy. Account-related data is kept for the period in which the account is active. If you decide to close your account, your personal data will be deleted within 30 days, except where legal reasons require a longer retention period. Information retained in backups of our systems will be deleted on a rolling 30-day schedule. ## What Legal Basis Do We Use to Process Information? Under data protection laws, we are required to have a legal basis to process your personal information. We have set out below the legal bases we rely on: - *Performance of Contract:* To perform a contract entered into with you and fulfil our contractual obligations to you or to take steps at your request prior to entering into a contract. This processing is necessary for us to provide the Service. - *Legitimate Interests:* Where necessary for our legitimate interests or those of a third-party. Where possible, we may give you the opportunity to opt-out of this processing. - *Consent:* Where you have provided explicit consent for specific processing activities. You have the right to withdraw your consent at any time, and we will cease processing your information for the purposes you have consented to. However, withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. - *Legal Obligation:* Where processing is necessary to comply with our legal or statutory obligations. This may include co-operating with Police or Law Enforcement Agencies in relation to their investigations, or to comply with a court order. ## Why and How Do We Process Information? The majority of our data processing is integral to the functionality of our Services and essential for providing the features users request. As such, this processing is necessary to deliver the Services as outlined in our respective Terms of Service. Some supporting data processing is beneficial to the provision of our Services, while not an integral part of it, such as developing new features or measuring the performance of existing features to further improve our Services. In that case, that data processing serves the legitimate interests - as listed below - of us or other members of Telenor Group. Below you can find further detail on the key ways we process information and the legal basis for each. ### Performance of Contract #### Service Provision To facilitate the upload, download, storage, and sharing of your content, as requested by you to provide the Service. You can close your account at any time, after which all user data will be deleted within 30 days. ### Legitimate Interests #### Customer Service We will process your data to provide you with effective assistance when you contact us, for quality assurance, and to improve our processes. Once we have resolved any issues you may have, we will retain information relating to it for 90 days, after which it will be deleted. #### Additional Service Features We will process data to provide useful functionality within our Services. For specific types of advanced filtering and categorisation, including object detection and optical character recognition, you can opt-out of this processing at any time within your Privacy settings, and any data of yours that we hold for this purpose will be deleted. #### Digital Legacy We will process data to provide the Digital Legacy feature, which allows users to nominate a legacy contact who can access their stored content after they pass away. The user provides the name, address, email, and phone number of the legacy contact, who is then informed via email. If a legacy contact does not wish to be nominated, they can object by contacting our [Customer Support team](https://capture-app.com/support), and we will remove their details and inform the original user, allowing them to choose someone else. #### Service Improvement We will process data to ensure the smooth operation of our websites and apps, to facilitate troubleshooting and easy accessibility when needed, to understand how Services are accessed (such as device types, operating systems, browser type), and to identify where potential issues with the user interface occur. You can opt-out of this processing at any time within your Privacy settings, and any data of yours that we hold for this purpose will be deleted. #### Performance Improvement We will process data to understand how our Services are used across different markets and over time in order to optimise them accordingly. You can opt-out of this processing at any time within your Privacy settings, and any data of yours that we hold for this purpose will be deleted. #### Telenor Group Integration Data will be processed to provide centralised services to other members of Telenor Group. Data may be shared to help with the integration of these services, and to ensure that user rights are allocated. For example, your mobile operator may share data with us so we know that you have one of our Services bundled as part of your subscription. This may also include information on the performance of the Service to improve integration or supporting internal reporting. #### Direct Marketing of Telenor Software Lab Products & Services Data will be processed to provide you with updates and tips on how to use the Service effectively. These usually take the form of push notifications, emails, and SMS messages. You can opt-out of these communications at any time, and you have granular control over the methods we use to contact you e.g. opting out from email and SMS contact, but allowing push notifications within your Privacy settings. #### Security We will process data to ensure that our Services are free from abuse. This includes, but is not limited to, processing for the purposes of fraud and cybercrime prevention, ensuring the security and integrity of our networks and data, and the detection and reporting of possible criminal acts or threats to public security. ### Consent #### Face Grouping With your explicit consent, we will process data to provide useful functionality within our Services, such as grouping similar faces together. You can change your mind and opt-out of this processing at any time within your Privacy settings, and any data of yours that we hold for this purpose will be deleted. #### Digital Legacy You may nominate a legacy contact who will receive details of your account such as your registered email address and telephone number via email. In the event of your death, the legacy contact may also request access to your stored content. To process this request, we will require verification of your passing and confirmation of the identity of the nominated legacy contact. You can change or remove your nominated Digital Legacy contact within your Privacy settings at any time. ### Cookies and Tracking Technology We use cookies and similar technologies (“cookies”) to provide essential functionality, improve, secure, and promote our Services. The cookies we use are classed as *strictly necessary*. This means they are essential to the operating of the Service, and enable core functionality such as security, network management, and accessibility. To find out more about cookies, including how to see what cookies have been set, visit [www.aboutcookies.org](http://www.aboutcookies.org) or [www.allaboutcookies.org](http://www.allaboutcookies.org). #### How Can I Control The Data Collected Through Cookies? You can set your web browser to reject cookies, but please be aware that this may cause the Service to function improperly or not function at all. #### Overview of Cookies Used by TSL Below is a list of the cookies we use, and a brief explanation as to why we use these cookies. | Name | Origin | Category | Functionality | | ------------ | ------ | ------------------ | ------------------------------------- | | imbox | ImBox | Strictly Necessary | To provide live chat support | | __stripe_mid | Stripe | Strictly Necessary | To prevent fraud | | __stripe_sid | Stripe | Strictly Necessary | To prevent fraud | ## Data Transfers We transfer some data to third-parties. ### Telenor Group As a service provider in the Telenor Group, we collaborate with other Telenor companies. These activities may require data transfers, for example, to or from your mobile operator. ### External Vendors & Parties We use external vendors to host services and to help improve and maintain our Services. These vendors act as data processors for us, which means they are legally and contractually obligated to follow our instructions, maintain the data securely, delete data upon request, and so forth. If we decide to sell, buy, merge, or otherwise reorganise our business, we will need to conduct any necessary data transfers to complete the operation. ### Third-Country Data Transfers We transfer some data to countries outside the European Economic Area (EEA)/European Union (EU). Such a transfer occurs when a user's country of residence is outside EU/EEA, the user is a subscriber to the local Telenor mobile services provider and our services are offered as a bundle with the subscription, or when we transfer data to an external vendor, party, or other processor based outside EU/EEA. For all data transfers to a third-country not pre-approved by the EU as having an adequate level of protection, we enter into standard data protection clauses adopted by the European Commission (“EU Model Clauses”). ## Updates We continually work to improve our services and may update this Privacy Policy to reflect changes in our practices or legal requirements. For significant changes that could materially affect your privacy rights or how your personal data is processed, we will provide you with clear, advance notice, either by email, through in-app notifications, or other appropriate channels. Such changes will take effect no sooner than 30 days after you have been notified, giving you time to review the updates. If you continue to use the Service after the changes take effect, it will indicate your acceptance of the revised Privacy Policy. ## Complaints and Contact If you wish to make a complaint about how your personal data is being processed by us (or third-parties as described above), in the first instance please speak with our [Customer Support team](https://capture-app.com/support). If they are unable to assist you satisfactorily, you can email our [Data Protection Officer](mailto:personvernsenter@telenor.no). You also have the right to lodge a complaint directly with the Norwegian supervisory authority, [Datatilsynet](//datatilsynet.no/). If you have any questions about the use of your personal data, please contact our [Customer Support team](https://capture-app.com/support).