Telenor Pakistan (Private) Limited Privacy Notice
1- Our approach
Privacy matters to us, and we want to be transparent about how we collect and process with your personal information. Please take a moment to read this notice, and if you have any questions, you can contact us any time.
This privacy notice outlines your rights to your personal information and contains general principles that apply to the handling of your personal information when you use any of Telenor Pakistan’s products or services, websites, and any product or service that we offer in conjunction with our partners.
Depending on the product or service, you may also receive service- specific and/or region-specific terms. You will be legally bound by both this notice and the service/region specific term to the extent you have accepted them when signing up to service or product via biometric verification and/or agreement for service, therefore, you should read these terms carefully. In the event of conflict or inconsistency, the service and/or region-specific terms prevail.
2- Telenor’s Commitment to Your Privacy
Telenor Pakistan is a subsidiary of Telenor Group ASA. Our companywide commitment to your privacy is reflected in Telenor Group’s Privacy Position
We apply the following key privacy principles while processing your personal information:
I- We will process your personal information in accordance with this privacy notice and all applicable laws.
II- We will do our best to be transparent on how we handle your personal information.
III- We will only process your personal information for legitimate purposes, and only for as long as it is necessary to achieve those purposes. We will dispose of your personal information safely and securely once it is no longer required.
IV- We will enable you to the extent it is possible to exercise choice and control over our processing of your personal information, not only when we are required to do so by the applicable law, but also in other circumstances where we think it is the right thing to do.
V- We will inform you about your privacy rights, respect them and help you to exercise those rights.
VI- We will make sure that your personal information is safe through appropriate security measures.
VII- We will take steps to ensure that your personal information is adequately protected.
VIII- We build privacy and data protection into our products and services by design and by default. This means that we prioritize the privacy of your data, and we will endeavor to build privacy safeguards in everything we develop.
3- What, Why and How we process your Data
What we collect and the way we collect your personal information vary depending which one of our products and services you are using. Generally, we collect and use your personal information as per the following:
There is certain personal information that is necessary for us to perform services you use. These include but not limited to:
(a) Your name, phone number, email address, postal address, date of birth, and other information;
(b) Payment related information, such as credit or debit card information;
We use your information to:
(a) Perform the relevant service or provide the relevant product;
(b) Manage your account;
(c) Carry out credit checks;
(d) For better customer services;
(e) Request payments;
(f) Communicate with you;
(g) Compliance of law; and
(h) Legitimate interest
While using our products, services or websites, we may also collect other information from you. Some examples of such information include:
(a) Information about your account and our communications with you, such as any customer support requests that you make or any feedback that you provide, dates of payments, and date of invoices;
(b) Product usage data, such as your last active use of an application, the duration you spent on an application and how much you spent on a product;
(c) Network data, including mobile calls and SMS data, such as the date and time of the calls and texts you send or receive, and the duration of calls received and made through our network;
(d) Your location data, when:
1. You use our telecommunications services, such as call, SMS or broadband service
2. You choose to use our location based service. For example, when you enable direction applications on your mobile phone; and
3. You signed up to a certain location based promotional activities.
(e) Your browsing data, when you visit our websites and/or use some of our services. Information that we may collect may include:
1. Information relating to your device, such as IP address, device model and settings;
2. Network information;
3. Details and logs of when, where and how you used the service;
4. Browser information
5. Information about your visit, including the websites that directed you to us, the pages on our website that you visited, services and products that you viewed or searched for, length of visit, our interaction with you, and the next websites you visit after our website.
4- Processing for specific applications/products/services
Please click here to see processing of specific applications/products and services.
5- How we share your information with other responsible entities
We may share your personal information with third parties for the purposes listed above. We ensure that the third party follows the same privacy practices towards your information in accordance with our key privacy principles, this privacy notice and applicable law.
Examples of third parties we may share your information with include:
(a) Any of the affiliate companies;
(b) Data processors to process your information on our behalf;
(c) Third party services whom you have asked us to integrate with, such as social networks;
(d) Third /parties who conduct research, analytics or marketing in conjunction with us or on our behalf;
(e) Third party service providers such as debt collection agencies and credit check agencies.
6- How we protect your personal information
We ensure that your personal information is safe and secure through the following measures:
(a) When you log into your account to use our services with your phone number or username and password, all of the data is encrypted using cryptographic protocols such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages on our websites where we collect personal information. To make purchases from these web pages, you must use a TLS or SSL-enabled browser such as Internet Explorer, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected white it is transmitted over the Internet;
(b) If you have a username and password to access our services, and have been inactive for some time, we automatically log you out of the account to keep your details secure;
(c) When we use service providers or other data processors to process your personal information on our behalf, we ensure that the relevant providers and processors will implement appropriate technical and organisational measures to protect the information. Such controls include access control to the information and the infrastructure that stores the information, contractual arrangement that requires the third parties to comply with all relevant laws, We apply privacy and data protection by design and by default , and build privacy and data protection into the foundation of our products and services;
(d) We conduct Data Protection/Privacy Impact Assessment where appropriate to measure and reduce the impact of a particular activity to the privacy of your personal information.
7- How long we keep your personal information
We will only process your personal information for legitimate purposes which include service provisioning to our customer, and only for as long as it is necessary to achieve those purposes. We will dispose of your personal information safely and securely once it is no longer required subject to applicable laws for retention of data. The customer data is retained as per the regulatory obligations for a minimum period of 01 year stipulated in the license duly granted by Pakistan Telecommunication Authority.
8- Data subject rights
It is important to us that you understand your privacy rights. Therefore, we have listed out below a list of non-absolute privacy rights that you could exercise whilst entrusting us with your information:
(a) The Right to information:
You can access and request available personal information that we hold about you any time by contacting us. The information is maintained as per our license obligations which shall be furnished on request and subject to payment of applicable fee.
Please note that any information falling beyond the statutory period to maintain in our systems or restricted by any law or court order may not be furnished.
(b) The Right to Access Personal Data:
You can contact us to access to your own personal data upon request which includes call detail records and tax deduction certificate.
(c) The Right to erasure and rectification:
You can request us to update your personal information in our domain or erase some of the personal information we hold about you and Telenor Pakistan shall process your request strictly in accordance with local legal obligations. Please note that customer call detail records are maintained for a period of 01 year only as per our license obligations and no data can be deleted prior to the applicable period or due to any other legal requirement on us to retain the information..
(d) The Right to object to avoid damage & distress:
You can contact us to object any processing of your personal information which may cause any damage and distress to you and Telenor Pakistan will ensure appropriate action to avoid any damage or distress which may result due to certain processing.
Please note that any information which is mandatorily required for the provision of any relevant service and any such request to stop processing of personal data may render us fully or partially incapable of providing the requisite service.
We will do our best in accommodating the request, but please bear in mind that any action is subject to local legal obligations and may result in you being ineligible to receive certain services.
You can contact us any time to discuss these privacy rights in more details.
9- Compliance with Law & Cooperation with Authorities
As a law abiding and responsible corporate citizen, Telenor Pakistan carries out its operations and obligations with strict adherence to the laws of the land and applicable policies. Telenor Pakistan is legally bound to cooperate with and implement lawful directives/Authority Requests including such requests from Pakistan Telecommunication Authority, designated law enforcement agencies and other governmental functionaries as part of its license obligations as and when required. In line with best global and local practices, Telenor Pakistan strongly believes in protecting legal rights and maintaining the highest level of transparency when it comes to its stakeholders and customers, without compromising on its obligations to maintain confidentiality of sensitive information. In order to achieve that Telenor Pakistan also conducts a detailed assessment of such requests. For further details you can read the Authority Request Disclosure Report 2019. In case you have any comments or concerns related to the implementation of any Authority Request by Telenor Pakistan, we encourage you to contact us.
10- Handling Children’s Information
As a general rule, we do not process personal information of children under the age of 18, unless we have the consent from their guardians. Where services are designed for use by children under the age of 18, we will seek the consent of the guardians and inform the guardians of their privacy rights.
11- Handling of Customer Data while roaming:
During roaming, the storage, treatment and transfer of personal data of a customer(s) including but not limited to call detail records is subject to regulations of the host operator and may differ from the regulation in their own country of origin.
12- Revision of this privacy notice
We commit to reviewing this notice at least once annually, and on an ongoing as needed basis.
13- Questions about this privacy notice and contact information
Telenor Pakistan is responsible for the handling of your personal information, and the legal frameworks in which we operate include:
(a). Pakistan Telecommunication (Re-organisation) Act, 1996
(b). Prevention of Electronic Crimes Act, 2016
(c). Investigation for Fair Trial Act, 2013
(d). Telecom Consumer Protection Regulations, 2016
(e). Protection from SPAM, Unsolicited fraudulent and obnoxious communication Regulations 2009
(f). Critical Telecom Data and Infrastructure Security Regulations, 2020
(g). Number Allocation & Administration Regulations, 2018 (Amendment 2021)
(h). Telecom License
If you have a question, concern or complaint about this privacy notice or our handling of your information, you can contact our Data Protection Officer via the following methods:
Data Protection Officer
345 Telenor Pakistan (Private) Limited, 55, River View Avenue, Block B, Gulberg Greens
Islamabad-44000 Tel: +92(51)111-345-700
Web address: www.telenor.com.pk
We will respond to your query as soon as we can and try to resolve it to the best of our capability.
If you lodged a complaint and are unsatisfied with our response, you can refer your complaint to the Pakistan Telecommunications Authority (Consumer Protection Directorate), PTA Head Quarters, F-5/1, Islamabad.
This Privacy Notice was updated on 20th June, 2022