Home / Legal / Privacy policy

Privacy policy

Last updated: 2023-03-29

Arelion values the privacy of its customers and end-users, and complies with all applicable data protection laws and regulations, including the EU General Data Protection Regulation (GDPR). The GDPR gives individuals within the European Union more insight into how their personal data is processed – and it also gives individuals rights to their data. You can learn more about GDPR by visiting the European Commission’s information site at www.europa.eu/dataprotection.

Arelion is an international provider of telecommunication services and as a part of our business we collect and store information about the services we provide. As we are in the wholesale part of the telecoms industry, our customers are always other companies rather than people.

Like other providers in the wholesale industry we assist local operators to reach other local operators around the world so that their customers, end-users with subscriptions, can communicate with each other.

What personal data does Arelion process, and why?

In the table below, we explain what personal data we have, where we receive it from and why we process it.

Type of data

Information about international phone calls and use of mobile data when sent through our wholesale network. For example: caller-ID, called phone number, point in time and/or amount of data used.


From our carrier counterparties with whom the end user’s local operator contracts, or directly from their telecommunications operator


We need the information to be able to deliver our services and to bill our customers for them.

Legal ground

To fulfill our legal obligations as a service provider, and to fulfill the contracts that we have with the telecommunications operator.


Type of data

Basic information of representatives of our customers and suppliers. E.g. Name and contact details.


From the employees of our suppliers or customers.


We need to contact our customers and their representatives, and to communicate with them when they are using our services. We may also contact our customers, suppliers, and representatives to tell about our new offerings, and to communicate other commercial information. You can opt-out from these non-service related commercial communications at any time.

Legal ground

On our legitimate interest to communicate with our customers and suppliers via their employees in relation to the provision of services.On our legitimate interest to communicate with our customers and suppliers via their employees in relation to other commercially relevant purposes.


Type of data

Basic personal information for marketing information. E.g. Name and contact details.


From members of the public when they sign up for our news letter.


The purpose for marketing is to make sure that people who are interested can find out about developments in our service offering.

Legal ground

On the consent that given when signing up for the newsletter. Consent can be withdrawn and recipients can unsubscribe from our newsletter at any time and their personal data deleted from our marketing system.


Type of data

Basic personal information for marketing information. E.g. Name and contact details.


Third party sources, including publicly available sources


To market our services

Legal ground

Legitimate interest


Type of data

Basic personal information provided in online communications


From members of the public when they contact us via online form available at arelion.com


Our customers and third parties can contact Arelion using an online form in our website. We use the data to respond to these queries.

Legal ground

On the consent given when sending information over online form.


Type of data

Cookies that collect information about users browsing in our website

See our cookie policy at Cookie policy page


From a visitor’s browser when they visit our website, unless they have prohibited us from doing so


We want to make sure that user’s experience on our website is the best possible.

If you don’t want to share your cookies with us, let us know, for example, by changing your browser settings.

Legal ground

On the consent given to accept cookies on our website, which can be withdrawn at anytime.


How long does Arelion keep personal data? 

The exact amount of time varies from what type of data we’re processing but in line with GDPR’s rules and principles, we only keep the personal data for as long as it is needed and then we delete it. For example, for international calls, we process the personal data to carry those calls and also to accurately bill them afterwards and we store this information (in case of future disputes) for three years.

When we have your personal data because you are contact person for one of our customers or business partners, we keep the data until we hear that it should be changed, or we no longer conduct business with the company you are representing. Also, for personal data that we process for marketing purposes, we send information to those who have indicated to be interested in the information and do so until you say stop, and then we delete your personal data from our marketing database.


Does Arelion share personal data with third parties?

We may share your information where we need to with:

  • Other carriers and operators when routing international calls.
  • Arelion group companies where necessary and within the limits of applicable law. Our group companies may only use your information for the purposes described above in this document.
  • Our subcontractors, who process your personal data on behalf of us. When using subcontractors, we take appropriate care to ensure that also our subcontractors operate in accordance with this Notice. Our main subcontractors include:
    • IT service, infrastructure, and support providers, who assist us in offering our carrier and other services.
    • o Different business tool providers, who help us to manage our customer database, conduct marketing, and offer customer service.

We may also share your information in response to legal process or authority request in order to comply with applicable law or court order or in connection with judicial proceedings or other legal process. We also disclose data to competent authorities (e.g. to the police or emergency services) when required by law and always in accordance with strict predefined processes.

We process and store data both within the EU, and in third countries. If we transfer your personal data, we will take the appropriate steps in line with applicable laws to ensure that your rights to privacy and data protection are ensured.

Depending on the situation, Arelion may rely on an adequacy decision of the European Commission (providing that the country of location of the relevant service provider offers an adequate level of data protection) or if no such decision exists, may use safeguards such as e.g. European Commission’s standard data protection clauses.

How does Arelion safeguard your data? 

Safeguarding your personal data is of the utmost importance to us.

Arelion continuously works to protect our customers’ interests. Our security work embraces protection for customers, personnel, information, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Special attention is given to information such as your personal data.

Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands.

Information security and ensuring appropriate protection of information about customers is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to unauthorized parties.

How do I exercise my rights under GDPR as a data subject?

Under GDPR you have various rights including the right to access your personal data. If you are interested in finding out which information concerning international calls is stored about you and how it is used, we recommend that you to get in touch with your own local operator. They will have the same information, (probably more), as we do about your international phone calls that cross our network. More importantly, your chosen telecom operator can more easily identify you as the legitimate data subject to whom the personal data relates and therefore assist you much faster.

When you make international phone calls that cross our network, we will only get your phone number. Since we only contract with carriers and operators, and not individual data subjects directly, we don’t know who is using that number. We care very much about the security of individuals and will never hand out any personal data concerning a phone number unless we are absolutely (100%) sure that it is to the correct individual.

You are, of course, still welcome to ask what type of information we at Arelion store about you and how and why we store this data. However, we need you to show us that you are the person relating to the personal data (the email address or telephone number) we have. Therefore, we must receive the following official documentation from you in order to start processing your request. To protect against fraud, all of this documentation must be authenticated (notarized) in your country of residence:

  1. A high quality copy of your valid passport or national ID card.
  2. An official high quality copy of a document relating to the personal data that you wish to enquire about (e.g. a contract confirming your ownership of the subscription of a specific phone number or your employment within a customer or supplier of ours).


Who am I supposed to contact to start the process?

The address to contact us on is dpo@arelion.com and/or Arelion AB, Evenemangsgatan 2C, 169 94 Solna, Sweden. Please remember that, in order to avoid giving personal data to the wrong people, we can not process your request until we have the required proof of your identity and ownership as mentioned above.

To start the process, we’ll also have to know which of the following rights you would like to invoke:

  • Right to access (To know which information we store about you.) 
  • Right to erasure (To be erased from our information storages.) 
  • Right to object (To object to our processing of your personal data.) 
  • Right to revoke consent (To deny us the right to use data collected from you.)
  • Right to portability (To have your data transferred to another service provider of your choice.)
  • Right to rectification (To change or correct any inaccurate, outdated, or faulty data we have of you.)


Please note, if you no longer would like to receive marketing e-mails from us, the easiest way to do this is to opt out at the footer of any marketing email you receive.

You can find more information about your rights at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

If you are not happy with how Arelion processes your personal data, we will do our best to help, but you also have right to lodge a complaint to your local (EU) supervisory authority. You can find a list of EU data protection authorities online at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Who can I contact if I have more questions?

If you have any questions about this Privacy Policy or your personal data, you can contact Arelion using the following information:

Arelion GDPR requests:

Arelion Data Protection Officer 

Arelion Sweden AB
Gustav III:s Boulevard 134
169 70 Solna