Data Retention Rules- Full Details – Schibsted Norge and Schibsted Sverige

Schibsted operates with the general rule that we only retain user personal data for as long as is necessary to execute fully the purpose for which it was collected, purposes which must have been communicated to our users and which must have a legal basis under privacy regulations.

There is considerable detail underlying the specific application of data retention periods by purpose, by data type and by user type. The full details can be found here.

In this table 

  • a “Subscription Customer” is defined as a user who is a current paying subscriber to one of our services or who is within a one year period immediately following the expiry of a subscription contract with Schibsted. 
  • a “Logged-in Customer” is defined as a user with a Schibsted Account who is not a current paying subscriber to any of our services and where the user is not within one year of the most recent expiration of any subscription to our services. As a “logged-in customer” they access all available non-subscriber content via their logged-in identity as defined through Schibsted account and the service they are accessing.
  • “All Other Customers/Users” refers to any other user accessing the available non-subscriber content and features of our services without logging in to that service via Schibsted account. Please note that to the extent data is collected and processed about All Other Customers/Users, the data is never identifiable, but may be considered as personal data for instance because IP address, cookie IDs or other data makes identification theoretically possible.

Data Retention Rules by Personal Data Category and Purpose

Personal Data Category Specific data and purpose description Retention rule
Basic profile data Data: Name, address, email address, date of birth, etc.

The purposes are those related to:
- securing access to our services
- general delivery of services to specific physical addresses
- establishing your trusted identity and verified contact details for interactions with other users of our services
- communicating service-related information to you as a customer
- communicating relevant offers for Schibsted services and for services of other data controllers using Schibsted account
- targeted advertising
Securing access to our services, recording and executing privacy choices, establishing your trust identity as a purpose:
- Subscription Customers: Unlimited - the data is not deleted as long as the customer actively is paying for their account and they remain in a “Subscription Customer” state with us.
- Logged-in Customers: Three years after the latest active action (within an online service as a logged-in user), the Schibsted account of the user is deleted based on inactivity.
-All Other Customers/Users: This data is not recorded.

Communicating relevant offers for Schibsted services as purpose:
- Subscription Customers: data is made unavailable for this purpose one year after the expiration of a users' subscription to a service
- All other customers: data is unavailable for this purpose unless consent or contractual agreement is in place with the user for use of this data for this purpose

Profile Data as sourced from third parties such as Bisnode is used to correct errors in data we control and then deleted within 30 days.
Account data Data: Account activity, service access rights, privacy settings, support queries, account security data (e.g. passwords), etc.

The purposes are those related to:
- securing access to our services
- executing your privacy choices on your personal data
- establishing your trusted identity and verified contact details for interactions with other users of our services
Subscription Customers: Unlimited - the data is not deleted as long as the customer actively is using their account. Three years after the latest active action (within an online service as a logged-in user), the customer profile and account is deleted based on inactivity.

Users with a Schibsted account: 3 years from the date of the last log-in or the last action as a logged-in user in a Schibsted Norge-controlled service.

All other users: this data is not recorded.
Account data Data: Customer service case and interaction data, including textual and audio records of communications with the user, as well as of actions taken related to the resolution.

The purposes are those related to:
- solving specific issues raised by the user
- improving customer service through analysis of cases handled
Customer service interactions are retained in textual records for 3.5 years for all users of customer service. Voice recordings are retained for no longer than 30 days.


Call metadata (telephone numbers calling Schibsted, duration of call) will be retained for 1 year.
Payment and financial data Data: Purchase history and details, payments due and received, payment methods (e.g. payment card details, bank details)

Purposes:
- receiving accurate and timely payment for services rendered- financial audit and legal requirements
- ensuring credit control is in place to ensure security of payment from our customers for Schibsted services
Retained in Schibsted Account payment gateway systems for 3 years from the date of the transaction or from the date at which the credit card was set up in Schibsted Account and saved by the user.

The data is separately retained for as long as accounting and book-keeping legislation and regulations require us to retain it in master records only for us for book-keeping purposes. This requires 5 years storage in Norway and 7 years in Sweden.
User-generated content Data: Comments on news articles, competitions, online games (e.g. fantasy football)


Purposes: To create user engagement within our products by providing interactive features such as comments, games, competitions etc.
Curated comment data will be deleted or anonymised after 18 months.


Public comments are not deleted so long as the user’s Schibsted Account is still in existence.
Behavioural and technical data Data: Device identifiers and descriptors, cookie identifiers, IP address, user browsing and reading history and actions (clicks), email opening and reading data.

Purposes:
- General product delivery via the Internet using IP address and device data.
- Product improvement analysis- Targeted advertising
- Marketing on behalf of Schibsted services
- Security logs and fraud prevention- Malicious behaviour detection and prevention
- Service stability/performance logging
- anti-ad-block features
- personalisation of product/servicence logging
- anti-ad-block features
Product improvement analysis as purpose: 18 months

Targeted advertising as purpose: 30 days

Subscription Customers and for the purpose of marketing activities on behalf of Schibsted: data is retained for as long as the user remains in this user category, plus 15 months.

Logged-in Customers and for the purpose of marketing activities on behalf of Schibsted: data is retained for 15 months from the date of the last active log-in to Schibsted services.

All Other Customers/Users and for the purpose of marketing activities on behalf of Schibsted: data is retained for 15 months after data collection.

Security logging and fraud prevention as purpose: 18 months

Service stability and performance logging as purpose: 90 days

Anti-ad-block features as purpose: Less than 1 hour

Malicious behaviour detection and prevention within user generated content as purpose: 3 years

Personalisation of product/service as purpose: 18 months
Behavioural and technical data Data: GPS data and IP address as associated to location data

Purposes:
- Location-specific news and features within our services
- Targeted advertising
- Training of IP libraries for advertising location
- Marketing on behalf of Schibsted services
- Security logs
Location-specific news and features within our services: immediately after use to deliver content within web sites, or within 14 days within apps (to reflect caching to improve app performance).

Targeted advertising as purpose: 30 days

Training of IP libraries as purpose: 125 days

Marketing on behalf of Schibsted services as purpose: 30 days

Security logs as purpose: 18 months
Inferences about and recommendations for the user Data: Inferred interests, inferred gender, inferred age range, likely visited locations (not realtime GPS/IP based!), likely demographics, etc

Purposes:
- targeted advertising
- targeted marketing of Schibsted services
- personalisation of content
- analytics for product improvement purposes
Subscription Customers and for the purpose of marketing activities on behalf of Schibsted: data is retained for 15 months from the date of the last active log-in to Schibsted Norge services.

Logged-in Customers and for the purpose of marketing activities on behalf of Schibsted: data is retained for 15 months from the date of the last active log-in to Schibsted Norge services.

All Other Customers/Users and for the purpose of marketing activities on behalf of Schibsted: data is retained for 15 months after data collection.

Targeting ads as purpose: 30 days after data collection

Personalised content as purpose: 18 months after data collection

Analytics for product improvement as purpose: 18 months after data collection
Advertising effectiveness data Data: Advertisement viewing events, frequency of view, duration of view and user interactions with the advertisement

Purposes:
- to allow Schibsted and its advertising customers to measure the effectiveness of ads placed within Schibsted services and thereby improve their performance over time in generating the desired end result (e.g. increased sales) for advertisers.
Personal data is not made available for this purpose beyond 18 months from the point of collection.
B2B Client Details Schibsted Sverige

Schibsted Norge
Schibsted Sverige

Schibsted Norge

If you have questions about these data retention policies, contact the Schibsted Privacy team via these contact forms.

Norway contact form.

Sweden contact form.

Schibsted is committed to answering questions within 30 days.

Continue reading...