Navigation

Privacy notice / statement

We take privacy seriously. We want to inform you about the means by which we process personal data in LINK. LINK is a global CPaaS company, with customers and over 30 offices all around the world. Our approach to compliance is a global one. Read more about how and why we collect data and how we handle our data.

For the purpose of this statement Link Mobility (“LINK”) means all companies that are a part of LINK Mobility Group (separately and/or altogether). The up-to-date list of all LINK entities can be found here.

Each subsidiary is responsible for processing Personal Data in accordance with this Privacy Statement. Data Controller for this site is: LINK Mobility Group AS.

EU/EEA headquarters of LINK is the legal seat and registered office of Link Mobility Group Holding ASA (reg. no. 920 901 336), located in Norway.

LINK is responsible for the processing of a wide range of Personal Data as described below in the Data Controller and Data Processor sections. LINK processes Personal Data within applicable laws and regulations. LINK Mobility Group consists of many  entities and personal data may be shared and transferred between LINK entities listed in the above-mentioned list.

Terminology

We will be using some terms that will be common within this privacy statement that should be understood as in Article 4 of GDPR:

  • A Data Subject is an identifiable natural person;

  • A Data Controller is the legal person which, alone or jointly with others, that determines the purposes and means of the processing of personal data;

  • A Data Processor is the legal person which processes personal data on behalf of the Data Controller;

  • Personal Data is any data that directly or indirectly is linked to a natural person (Data Subject).

  • Data Processing of Personal Data is any use of Personal Data, including collecting, storing, modifying, transferring, or deleting.

  • Traffic Data is data generated through the use of a network. As an example, when an individual is using the mobile network, information about who is sending and receiving a message or a phone call, the start and end time, and the location of the mobile phone is generated. If traffic data directly or indirectly can be linked to you as an individual, these are classified as Personal Data. Traffic Data can, for example, be used for billing purposes.

  • Anonymous Data is data where all identifying items have been removed making it impossible to associate the data with an individual.

When you (respectively your company / employer) use LINK products and services we process these general types of personal data:

  • If you (respectively your company / employer) have already signed an agreement with us to use one or more of our services we will use your Personal Data information as a Customer or Supplier (respectively as contact person / representative / employee of a Customer or Supplier).

  • If you respectively your company / employer) do not have already signed an agreement with us and you contact us using one of the channels – like visiting this website – we will use your data as a Potential Customer or Potential Supplier (respectively as contact person / representative / employee of a Potential Customer or Potential Supplier).

  • Personal data of the end-users that LINK Customers share with LINK when processing is carried out using LINK services are called End User Data.

The nature of processing depends on the type of data you (respectively your company/employer) have given us.

LINK offers many products and solutions to its customers. This document presents a general description of Personal Data Processing within LINK Mobility which may be broader or narrower depending on which specific solution LINK Customer may be using. Please consult product-specific Privacy Notices on the given products webpage or Data Processing Agreement.

Data Retention

LINK will retain Personal Data for as long as it is necessary to fulfill the purposes for processing and will as a main rule retain Personal Data until termination of the agreement or until end-users request deletion. Please note that legal obligations, e.g., statutory rules related to storage for accounting purposes or anti-terrorism/national security laws may make it necessary to store Personal Data after the termination of the agreement. Continued storage may also occur where such storage is necessary for the purposes of legitimate interests pursued by LINK, including, but not limited to, the establishment, exercise, or defense of legal claims.

How LINK processes Personal Data as Data Controller is defined and described in this privacy notice and explained in the sections below.

If applicable the data processing of your personal data is based on one or more of the following legal basis:

  • your consent (ref. GDPR Art 6.1.a), in relation to the marketing of LINK services

  • your (or your company of employment) agreement between LINK and you as the Customer or Supplier of LINK or as an employee, other hired personnel, consultants, or management of the Customer or Supplier (ref GDPR Art 6 1. b or GDPR Art 6.1.f); To fulfill the agreement for use of a service provided by LINK to the end-user, e.g., in relation to the management of the user profile or memberships, and to notify end-users of changes to, or respond to inquiries related to services, terms, and conditions or this privacy notice.

  • legal obligation/s to which LINK is subject, e.g. continued storage due to statutory rules of storage for accounting purposes, Traffic Data retention for national security purposes (ref GDPR Art 6 1. c, f);

  • LINK’s other legitimate interests (ref GDPR Art 6.1.f). To pursue LINK legitimate interests (provided always that the interests of the data subjects do not override such interests), e.g., in relation to improving the services or the user experience, to establish, exercise, or defend a legal claim, to prevent loss or damages to LINK or any third parties or to prevent any actions that may compromise LINK's or a third party’s property or the personal data of the other users of the services.

Business contacts, hereunder Supplier, Customer or Investor representatives, and their Employees:

LINK may obtain your data as a business contact when, for example, you contact our sales team or our investor relations team, when you register on our website or sign up for our web or email services. We may ask you to provide personal information. This may include your name, address/zip code/city/country, telephone number, and/or e-mail address.

We may also collect and process further Personal Data or information you will provide us if you are contacting us with specific requests and/or to apply to vacancies, questions on job postings, or spontaneous applications.

Processing activityLegal basisData retentionDescription
Develop and manage sales proposals, bids, and quotes, Manage customers’ accountsBased on GDPR Art. 6.1. a,b,c or fData retention during the time of validity of the agreement and after the agreement lapses by the term of reasonable inquiries (up to 6 years, depending on applicable law)LINK processes for the purpose of signing and handling the agreement with employees, other hired personnel, consultants or management of LINK Customers Notifying Customers/Suppliers and their representatives and employees of: Changes in the terms and conditions, payments, other regulations or privacy policy; Changes directly related to the provision of services within the LINK services, inter alia, such as service updates, updates to technical conditions and documentation; The state of payment for the services realized (the invoicing and the status of payments), including the discount codes for services; Other operational matters
Manage Customer service, Investor or Supplier issues, requests, and inquiriesBased on Art. 6. 1. b, c or fData retention during the time of validity of the agreement and after the agreement lapses by the term of reasonable inquiries (up to 12 months, depending on applicable law)LINK contacts the customer in relation to the customer inquiries Responding to inquiries: or questions related to services, investments, applicable terms and conditions, or this privacy notice; related to the operation of the LINK service; related to the quality of service.
Measure customer satisfaction with customer problems, requests, and inquiries handling (NPS)Based on Art. 6. 1. f GDPRData retention to up to 1 month after the NPS round is doneCustomer Satisfaction Surveys

Website visitors

LINK may also collect information about your visit to this or other corporate website through the use and placement of cookies. This includes, among other things, the Internet protocol address (IP address), browser type, browser version, which pages you visit within the website, the duration of the visit and the page views of your computer. We use cookies for this purpose. You can read more about cookies in the Cookie section below.

By visiting our page you accept our Privacy Statement. Should you not agree to our Privacy Policy, we encourage you not to engage or interact with us in any way.

Processing activityLegal basisData retentionDescription
Website management / website analyticsBased on Art. 6. 1. a or f GDPR.Up to 12 months of last visitFor the purpose of website management and analytics Improve and evaluate our website and services; Obtain an insight into the use of our website, as described below in the cookie section;
Manage leads/opportunities via contact from on the websiteArt. 6. 1. a or f GDPRUp to 12 months from last contactFor the purpose of replying to inquiries from potential customers and customers · Contact, or to keep visitors of our website informed of information that LINK think may be of interest to the visitor (marketing) after a visitor has submitted a web form on our website or via other means (opt-in);

LINK uses cookies and similar technologies on our websites. Cookies help us to determine the most popular parts of our websites, which pages are visited and for how long. The data is used for the development and analysis of services and targeting website advertisements in services provided by partners.

Cookies are small text files containing a string of characters that can be placed on your computer or mobile device to identify your unique browser or device. Cookies cannot damage your computer or files on your computer. Cookies just allow a site or services to know if your computer or device has visited that site or service before. Cookies can be used to help understand how a site or service is used. Also, they help you navigate between pages more efficiently, remember your preferences, and generally improve your browsing experience.

We use cookies to:

  • Enable the use of services available through the service, e.g. authenticating cookies used to log on to the site and maintain login sessions within the site.

  • Adjust the content of the website to individual preferences of the user by “remembering” the user’s chosen settings and personalizing the user interface, e.g. for the selected language or region.

  • Create statistics that help you understand how website users use websites, which allows better customization of the website to the users‘ needs.

  • Deliver advertising content to website users more tailored to their interests

You can read more about the cookies we use based on the cookie management tool cookie declaration (different for different users):



Mobile phone owners [End-Users]:

As a provider of electronic communications services under the European Electronic Communications Code (EECC), LINK routes messages like SMS, various forms of OTT, email or others from our Customer  to the end-user (Data Subject) via the chosen channel by the LINK Customer.

Processing activityLegal basisData retentionDescription
Messaging (GSM/OTT) – conveyance of the messageArt. 6 . 1. f GDPRUp to 72 hoursTo send and route messages in various messaging channels like SMS, OTT, others from our Customer to the end-user (Data Subject).
Messaging (GSM/OTT) - retention of telecommunications metadataGDPR Art. 6 . 1 c GDPRUp to 12 monthsTo comply with laws and regulations related sending and routing messages in various messaging channels like SMS, OTT, others from our customer ( to the end user (Data Subject).

Employees at all levels in LINK Mobility are familiar with the purpose of GDPR and how to comply with the applicable rules. LINK Employees should consult internal documentation on data processing.

LINK Candidates and Applicants:

LINK Mobility stores LINK Candidates and applicants (potential employees) personal data for recruitment processes. The personal data of recruitees/job candidates that take part of any open recruitment or which consent to LINK processing for their personal data for future recruitments are stored in open recruitment.

The Personal Data of the recruitees/job candidates are contained in: CV and attachments to it - certificates, certificates of legal capacity, diplomas, photo (for identification of the person during an interview), motivation letter, references, previous experience; answers, solutions and related results from tests, case studies, assignments, exams, surveys/questionnaires, notes and/or interviews, others.

Please note that the personal data we process about you may differ based on local legal requirements and the specific processing we conduct. We only process your personal data where we have a legitimate business reason or legal requirement to do so. The table below outlines the main reasons for processing and the types of data involved.

Processing activityLegal basisData retentionDescription
Recruitment - recruitment processArt. 6. 1. a, c GDPRFor the duration of the recruitment process.LINK is processing personal data from potential new employees (applicants, candidates) in alignment with local legislation. Information about potential new employees will be stored in Emply.
Recruitment - further recruitmentArt. 6 . 1 a GDPRUp to 36 months, depending on applicable lawLINK is processing personal data from potential new employees (applicants, candidates) in alignment with local legislation if consent is given for further recruitment processes or as provided under applicable law.

Rights of the data subjects

Data Subjects can at any time:

  • Withdraw consent to processing activities based on consent.

  • Access or Amend Personal Data.

  • Request export or deletion of Personal Data.

  • Request restriction of, or object to, processing.

  • Terminate the agreement.

Right to lodge a complaint with a supervisory authority:

If you believe that LINK processing of personal data infringes relevant data protection regulations, you are entitled to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement, or other relevant supervisory authority.

How do LINK process Personal Data as a Data Processor is defined and described in the agreement between LINK and our Customer, the Data Controller, and in the description of the respective services. The data about an individual (Data Subject) that we process as a Data Processor depends on which of our services are used by Customer.

LINK’s processing of Personal Data on behalf of the Customer is governed by a Data Processing Agreement (DPA), and LINK will only process Personal Data to provide our services to the customer, and in accordance with the DPA and the customer’s instructions. Upon termination of the agreement or instructions from the customer, we will delete the Personal Data processed under the agreement, unless otherwise required by mandatory law.

Examples of processing activities

  • Sharing tools to help you send or route messages SMS and OTT (such as Number Database and receiving numbers).

  • Produce message logs, statistics, and reports.

  • Monitor traffic to ensure message delivery and system stability.

  • Managing/collecting on behalf of Customer Data Subject consents.

  • Store and manage Data Subjects information on Data Controllers behalf.

  • Provide catalogue services.

  • Manage End User profile and End User consents.

  • Manage memberships

  • Mediate information and membership offers.

  • Execute individual rights;

Depending on the service and the customer’s use of the service in question, we may as Data Processor process Personal Data within the following categories:

  • Basic Personal Data (such as name), contact details (such as email, phone number, etc.).

  • Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or health data.

  • Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).

  • Traffic Data: Personal Data processed in relation to the conveyance of a communication on an electronic communications network or billing thereof.

  • Data related to the use of our customers’ services, such as transaction history or messaging events.

  • Data related to the content of the communication, such as e-mails, voice mails, SMS/MMS, OTT, browsing data, etc.

Legal basis for processing:

  • Data Processing Agreement with Customer;

Categories of Personal Data

Depending on the service and the Customers use of the service in question, we may as Data Controller or Data Processor process Personal Data within the following categories

  • Basic Personal Data (such as name), contact details (such as email, phone number, etc).

  • Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).

  • Traffic Data: Personal Data processed in relation to the conveyance of a communication on an electronic communications network or billing thereof.

  • Data related to the content of the communication, such as e-mails, voice mails, SMS/MMS, browsing data, etc.

  • Information about visits to this and other corporate website/s through the use and placement of cookies.

In some cases, LINK will be able to link Personal Data collected by several different services, as long as the data is collected for the same purpose.

Your data will not be used in an automated decision-making system, including profiling.

How do we protect Personal Data?

Safeguarding Personal Data is of the utmost importance to LINK. We therefore continuously work to protect Personal Data. Our information security policy and personal data protection policy embraces protection for personnel, data, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Specific Technical and Organizational Measures can be found in our Data Processing Agreement. Special attention is given to information such as Personal Data.

Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands.

LINK strives to implement security measures by setting appropriate levels of protection for Personal Data and by so preventing disclosure of Personal Data to unauthorized parties, externally and internally.

Our Technical and Organisational Measures are described here: Download PDF

With whom do we share data?

LINK may disclose personal data to third party vendors and hosting partners who perform services for LINK, in order to be able to deliver the services. The list of our sub processors can be found here. These third party vendors will only use the Personal Data for the purposes they were collected and in order to perform their services towards LINK. The relationship to such third party vendors will be governed by a Data Processing Agreement.

LINK may disclose the personal data of Business contacts and Website visitors between all of the entities listed as subsidiaries in LINK. LINK also have subsidiaries that are located outside EU/EEA area. The access to the personal data from the subsidiaries is protected with EU Standard Contractual Clauses signed between LINK Mobility Group and all subsidiaries.

The disclosure of Personal Data to public bodies may occur if and to the extent required by law and current regulations.

Following the judgement of the Court of Justice of the European Union (“CJEU”) of 16 July 2020 Data Protection Commissioner v. Facebook Ireland LTD, Maximillian Schrems, C-311/18 (“Schrems II”), and in the Recommendations 01/2020 from the European Data Protection Board (“EDPB”) adopted on 10 November 2020, the measures required in order for transfer of personal data outside the European Economic Area (“EEA”) require a higher level of specification and care on the side of the entities responsible for such transfers to comply with the GDPR.

LINK mobility implements the specified requirements in accordance with the steps below:

  • Step 1: In LINK Mobility we know our transfers

LINK Mobility ensures through its contracts with third parties and its internal processes that transfers to countries outside the EEA do not take place without LINK Mobility’s knowledge and documentation of such transfer.

  • Step 2: In LINK Mobility we verify the safeguard our transfer relies on

LINK Mobility does not rely on legacy safeguards for transfer (Privacy Shield and Safe Harbor). If any transfer is required, only European Commission adequacy decisions, and the current safeguards as listed under GDPR Article 46 are chosen.

  • Step 3: Transfer under the law of the country in question

Transfer is performed only if the laws of the country in question, including any supplementary measures in place, do not prevent processing in compliance with the requirements for the applicable transfer.”

Contact information

If you are a direct customer of LINK, please contact our Customer Support. Our Customer Support can also assist you in getting in touch with LINK Data Protection Officer (DPO) – Jan Wieczorkiewicz at dpo@linkmobility.com.

If you are an end-user of a LINK customer, please contact the relevant LINK customer directly.

If you are not a direct customer of LINK, and you have received a message via LINK systems, we would kindly inform you that this could only happen on behalf of one of our Customers. In this case, you must contact the sender of the message directly. Each LINK client declares that it has the right to process the personal data of the end-users/recipients to whom the message is sent.

All external security researches should send their findings to: infosec@linkmobility.com

Modification of this Privacy Statement

LINK reserves the right to modify this privacy statement. The most recent revision shall supersede any earlier versions. The current version of the privacy notice will be available at LINK website or at request at all times. We advise that you check the privacy notice from time to time, to keep up to date with the current notice. We will notify you of any changes to the privacy notice that you are entitled to receive information about or which requires your consent.

Last update to the privacy policy: 16.12.2024.