Privacy notice / statement
We take privacy seriously. We want to inform you about the means by which we process personal data in LINK. LINK is a global CPaaS company, with customers and over 30 offices all around the world. Our approach to compliance is a global one. Read more about how and why we collect data and how we handle our data.
LINK MOBILITY PRIVACY STATEMENT
For the purpose of this statement the Link Mobility (“LINK”) means all companies that are a part of the LINK Mobility Group. The up-to-date list of all LINK subsidiaries can be found here.
Each subsidiary is responsible for processing Personal Data in accordance with this Privacy Statement. Data Controller for this site is: LINK Mobility Group AS.
EU/EEA headquarters of LINK is Link Mobility Group Holding ASA (reg. no. 920 901 336), located in Norway.
LINK is responsible for the processing of a wide range of Personal Data as described below in the Data Controller and Data Processor sections. LINK processes Personal Data within applicable laws and regulations. LINK Mobility Group consists of many subsidiaries and personal data may be shared and transferred between LINK Mobility Group and subsidiaries listed in the above-mentioned list
Terminology
We will be using some terms that will be common within this privacy statement that should be understood as in Article 4 of GDPR:
A Data Subject is an identifiable natural person;
A Data Controller is the legal person which, alone or jointly with others, that determines the purposes and means of the processing of personal data;
A Data Processor is the legal person which processes personal data on behalf of the Data Controller;
Personal Data is any data that directly or indirectly is linked to a natural person (Data Subject).
Data Processing of Personal Data is any use of Personal Data, including collecting, storing, modifying, transferring, or deleting.
Traffic Data is data generated through the use of a network. As an example, when an individual is using the mobile network, information about who is sending and receiving a message or a phone call, the start and end time, and the location of the mobile phone is generated. If traffic data directly or indirectly can be linked to you as an individual, these are classified as Personal Data. Traffic Data can, for example, be used for billing purposes.
Anonymous Data is data where all identifying items have been removed making it impossible to associate the data with an individual.
Privacy Notice and processing of Personal Data at LINK Mobility
When you use LINK products and services we process those general types of personal data:
If you have already signed an agreement with us to use one or more of our services we will use your Personal Data information as a Customer or Supplier.
If you do not have already signed an agreement with us and you contact us using one of the channels – like visiting this website – we will use your data as a Potential Customer or Potential Supplier.
Personal data of the end-users that LINK Customers share with LINK when processing is carried out using LINK services are called End User Data.
The nature of processing depends on the type of data you have given us.
LINK offers many products and solutions to its customers. This document presents a general description of Personal Data Processing within LINK Mobility which may be broader or narrower depending on which specific solution LINK Customer may be using. Please consult product-specific Privacy Notices on the given products webpage or Data Processing Agreement.
Data Retention
LINK will retain Personal Data for as long as it is necessary to fulfill the purposes for processing and will as a main rule retain Personal Data until termination of the agreement or until end-users request deletion. Please note that legal obligations, e.g., statutory rules related to storage for accounting purposes or anti-terrorism/national security laws may make it necessary to store Personal Data after the termination of the agreement. Continued storage may also occur where such storage is necessary for the purposes of legitimate interests pursued by LINK, including, but not limited to, the establishment, exercise, or defense of legal claims.
LINK as a Data Controller
How LINK processes Personal Data as Data Controller is defined and described in this privacy notice and explained in the sections below.
If applicable the data processing of your personal data is based on one or more of the following legal basis:
your consent (ref. GDPR Art 6.1.a), in relation to the marketing of LINK services
your (or your company of employment) agreement between LINK and you as the Customer or Supplier of LINK or as an employee, other hired personnel, consultants, or management of the Customer or Supplier (ref GDPR Art 6 1. b or GDPR Art 6.1.f); To fulfill the agreement for use of a service provided by LINK to the end-user, e.g., in relation to the management of the user profile or memberships, and to notify end-users of changes to, or respond to inquiries related to services, terms, and conditions or this privacy notice.
legal obligation/s to which LINK is subject e.g. continued storage due to statutory rules of storage for accounting purposes, Traffic Data retention for national security purposes (ref GDPR Art 6 1. c, f);
LINK’s other legitimate interests (ref GDPR Art 6.1.f). To pursue LINK legitimate interests (provided always that the interests of the data subjects do not override such interests), e.g., in relation to improving the services or the user experience, to establish, exercise, or defend a legal claim, to prevent loss or damages to LINK or any third parties or to prevent any actions that may compromise LINK or a third party’s property or the personal data of the other users of the services.
Business contacts, hereunder Supplier, Customer or Investor representatives, and their Employees:
LINK may obtain your data as a business contact when, for example, you contact our sales team or our investor relations team, when you register on our website or sign up for our web or email services. We may ask you to provide personal information. This may include your name, address/zip code/city/country, telephone number, and/or e-mail address.
We may also collect and process further Personal Data or information you will provide us if you are contacting us with specific requests and/or to apply to vacancies, questions on job postings, or spontaneous applications.
Processing activity | Legal basis | Data retention | Description |
---|---|---|---|
Develop and manage sales proposals, bids, and quotes, Manage customers’ accounts | Based on GDPR Art. 6.1. a,b,c and f | Data retention during the time of validity of the agreement and after the agreement lapses by the term of reasonable inquiries (up to 6 years) | LINK processes for the purpose of signing and handling the agreement with employees, other hired personnel, consultants or management of LINK Customers Notifying Customers/Suppliers and their representatives and employees of: Changes in the terms and conditions, payments, other regulations or privacy policy; Changes directly related to the provision of services within the LINK services, inter alia, such as service updates, updates to technical conditions and documentation; The state of payment for the services realized (the invoicing and the status of payments), including the discount codes for services; Other operational matters |
Manage Customer service, Investor or Supplier issues, requests, and inquiries | Based on Art. 6. 1. b, c and f | Data retention during the time of validity of the agreement and after the agreement lapses by the term of reasonable inquiries (up to 12 months) | LINK contacts the customer in relation to the customer inquiries Responding to inquiries: or questions related to services, investments, applicable terms and conditions, or this privacy notice; related to the operation of the LINK service; related to the quality of service. |
Measure customer satisfaction with customer problems, requests, and inquiries handling (NPS) | Based on Art. 6. 1. f GDPR | Data retention to up to 1 month after the NPS round is done | Customer Satisfaction Surveys |
Website visitors
LINK may also collect information about your visit to this or other corporate website through the use and placement of cookies. This includes, among other things, the Internet protocol address (IP address), browser type, browser version, which pages you visit within the website, the duration of the visit and the page views of your computer. We use cookies for this purpose. You can read more about cookies in the Cookie section below.
By visiting our page you accept our Privacy Statement. Should you not agree to our Privacy Policy, we encourage you not to engage or interact with us in any way.
Processing activity | Legal basis | Data retention | Description |
---|---|---|---|
Website management / website analytics | Based on GDPR Art. 6. 1. a and f GDPR. | Up to 12 months of last visit | For the purpose of website management and analytics Improve and evaluate our website and services; Obtain an insight into the use of our website, as described below in the cookie section; |
Manage leads/opportunities via contact from on the website | GDPR Art. 6. 1. a and f GDPR | Up to 12 months from last contact | For the purpose of replying to inquiries from potential customers and customers · Contact, or to keep visitors of our website informed of information that LINK think may be of interest to the visitor (marketing) after a visitor has submitted a web form on our website or via other means (opt-in); |
Mobile phone owners [End-Users]:
LINK routes messages like SMS, various forms of OTT or email from our customer (acting a Data Controller) to the end-user (Data Subject) via the chosen channel by the LINK customer.
Processing activity | Legal basis | Data retention | Description |
---|---|---|---|
Messaging (GSM/OTT) – conveyance of the message | GDPR Art. 6 . 1 f GDPR | Up to 72 hours | To send and route messages in various messaging channels like SMS, OTT from our customer (acting a Data Controller) to the end user (Data Subject) and to comply with laws and regulations. |
Messaging (GSM/OTT) - retention of telecommunications metadata | GDPR Art. 6 . 1 c GDPR | Up to 12 months | To send and route messages in various messaging channles like SMS, OTT from our customer (acting a Data Controller) to the end user (Data Subject) and to comply with laws and regulations. |
LINK Employees:
Employees at all levels in LINK Mobility are familiar with the purpose of GDPR and how to comply with the applicable rules. LINK Employees should consult internal documentation on data processing.
Rights of the data subjects
Data Subjects can at any time:
Withdraw consent to processing activities based on consent.
Access or Amend Personal Data.
Request export or deletion of Personal Data.
Request restriction of, or object to, processing.
Terminate the agreement.
Right to lodge a complaint with a supervisory authority:
If you believe that LINK processing of personal data infringes relevant data protection regulations, you are entitled to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement, or other relevant supervisory authority.
LINK as a Data Processor
How do LINK process Personal Data as a Data Processor is defined and described in the agreement between LINK and our Customer, the Data Controller, and in the description of the respective services. The data about an individual (Data Subject) that we process as a Data Processor depends on which of our services are used by Customer.
LINK’s processing of Personal Data on behalf of the Customer is governed by a Data Processing Agreement (DPA), and LINK will only process Personal Data to provide our services to the customer, and in accordance with the DPA and the customer’s instructions. Upon termination of the agreement or instructions from the customer, we will delete the Personal Data processed under the agreement, unless otherwise required by mandatory law.
Examples of processing activities
Sharing tools to help you send or route messages SMS and OTT (such as Number Database and receiving numbers).
Produce message logs, statistics, and reports.
Monitor traffic to ensure message delivery and system stability.
Managing/collecting on behalf of Customer Data Subject consents.
Store and manage Data Subjects information on Data Controllers behalf.
Provide catalogue services.
Manage End User profile and End User consents.
Manage memberships
Mediate information and membership offers.
Execute individual rights;
Depending on the service and the customer’s use of the service in question, we may as Data Processor process Personal Data within the following categories:
Basic Personal Data (such as name), contact details (such as email, phone number, etc.).
Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or health data.
Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).
Traffic Data: Personal Data processed in relation to the conveyance of a communication on an electronic communications network or billing thereof.
Data related to the use of our customers’ services, such as transaction history or messaging events.
Data related to the content of the communication, such as e-mails, voice mails, SMS/MMS, OTT, browsing data, etc.
Legal basis for processing:
Data Processing Agreement with Customer;
Categories of Personal Data
Depending on the service and the Customers use of the service in question, we may as Data Controller or Data Processor process Personal Data within the following categories
Basic Personal Data (such as name), contact details (such as email, phone number, etc).
Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).
Traffic Data: Personal Data processed in relation to the conveyance of a communication on an electronic communications network or billing thereof.
Data related to the content of the communication, such as e-mails, voice mails, SMS/MMS, browsing data, etc.
Information about visits to this and other corporate website/s through the use and placement of cookies.
In some cases, LINK will be able to link Personal Data collected by several different services, as long as the data is collected for the same purpose.
Your data will not be used in an automated decision-making system, including profiling.
How do we protect Personal Data?
Safeguarding Personal Data is of the utmost importance to LINK. We therefore continuously work to protect Personal Data. Our information security policy and personal data protection policy embraces protection for personnel, data, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Specific Technical and Organizational Measures can be found in our Data Processing Agreement. Special attention is given to information such as Personal Data.
Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands.
LINK strives to implement security measures by setting appropriate levels of protection for Personal Data and by so preventing disclosure of Personal Data to unauthorized parties, externally and internally.
Our Technical and Organisational Measures are described here: Download PDF
With whom do we share data?
LINK may disclose personal data to third party vendors and hosting partners who perform services for LINK, in order to be able to deliver the services. The list of our sub processors can be found here. These third party vendors will only use the Personal Data for the purposes they were collected and in order to perform their services towards LINK. The relationship to such third party vendors will be governed by a Data Processing Agreement.
LINK may disclose the personal data of Business contacts and Website visitors between all of the entities listed as subsidiaries in LINK. LINK also have subsidiaries that are located outside EU/EEA area. The access to the personal data from the subsidiaries is protected with EU Standard Contractual Clauses signed between LINK Mobility Group and all subsidiaries.
The disclosure of Personal Data to public bodies may occur if and to the extent required by law and current regulations.
How does LINK ensure transfer to third countries in accordance with requirements coming from 01/2020 Recommendations by the EDBP?
Following the judgement of the Court of Justice of the European Union (“CJEU”) of 16 July 2020 Data Protection Commissioner v. Facebook Ireland LTD, Maximillian Schrems, C-311/18 (“Schrems II”), and in the Recommendations 01/2020 from the European Data Protection Board (“EDPB”) adopted on 10 November 2020, the measures required in order for transfer of personal data outside the European Economic Area (“EEA”) require a higher level of specification and care on the side of the entities responsible for such transfers to comply with the GDPR.
LINK mobility implements the specified requirements in accordance with the steps below:
Step 1: In LINK Mobility we know our transfers
LINK Mobility ensures through its contracts with third parties and its internal processes that transfers to countries outside the EEA do not take place without LINK Mobility’s knowledge and documentation of such transfer.
Step 2: In LINK Mobility we verify the safeguard our transfer relies on
LINK Mobility does not rely on legacy safeguards for transfer (Privacy Shield and Safe Harbor). If any transfer is required, only European Commission adequacy decisions, and the current safeguards as listed under GDPR Article 46 are chosen.
Step 3: Transfer under the law of the country in question
Transfer is performed only if the laws of the country in question, including any supplementary measures in place, do not prevent processing in compliance with the requirements for the applicable transfer.”
Contact information
If you are a direct customer of LINK, please contact our Customer Support. Our Customer Support can also assist you in getting in touch with LINK Data Protection Officer (DPO) – Jan Wieczorkiewicz at dpo@linkmobility.com.
If you are an end-user of a LINK customer, please contact the relevant LINK customer directly.
If you are not a direct customer of LINK, and you have received a message via LINK systems, we would kindly inform you that this could only happen on behalf of one of our Customers. In this case, you must contact the sender of the message directly. Each LINK client declares that it has the right to process the personal data of the end-users/recipients to whom the message is sent.
All external security researches should send their findings to: infosec@linkmobility.com
Modification of this Privacy Statement
LINK reserves the right to modify this privacy statement. The most recent revision shall supersede any earlier versions. The current version of the privacy notice will be available at LINK website or at request at all times. We advise that you check the privacy notice from time to time, to keep up to date with the current notice. We will notify you of any changes to the privacy notice that you are entitled to receive information about or which requires your consent.
Last update to the privacy policy: 23.04.2024.