Privacy Transparency Notice
Before using any of our services, you are required to read, understand, and agree to these terms. You can also download this document below.
View as PDFNetwork as Code (NaC) API
Privacy Transparency Notice
Definition of Personal Data
Personal Data means any data that, either alone or when combined with other datasets, can directly or indirectly identify an individual.
This includes, but is not limited to:
- IMSI
- IMEI
- MSISDN
- ICCID
- Call Detail Records (CDR)
- Location data (latitude / longitude)
- Billing information
- Service usage data
- IP addresses
- Device information
About this Notice
This Notice describes how the designated Product processes Personal Data when Nokia acts as a data processor.
It provides information relevant to assessing and documenting privacy-related aspects of the Product when integrated into your application.
This Notice, together with the relevant terms of the Nokia NaC Privacy Policy, constitutes the authoritative statement regarding:
- Personal Data processing activities
- Privacy regulatory compliance aspects related to the Product
Products Covered by This Notice
- Device Location APIs
- Location retrieval
- Location verification
- Geofencing
- Quality of Service on Demand APIs
- Specialized Networks APIs (Network slicing)
- Network Insights APIs
- SIM Swap API
- Number Verify API
- Device Status APIs
- Roaming
- Connectivity
Prior versions of this Notice applicable to earlier releases may be available upon request.
Where this Notice references other Products marked with an asterisk (*), please refer to their separate Notices.
About the Product
The APIs are offered as a SaaS product on Nokia’s Network as Code aggregator platform.
The platform:
- Aggregates network APIs from global Communication Service Providers (CSPs)
- Abstracts complexity for enterprise developers
- Provides a seamless integration experience
Data Processing Roles
-
When Personal Data is provided by the enterprise (e.g., mobile number in an API request):
- Enterprise → Data Controller
- NaC Platform → Data Processor
- CSP → Sub-processor
-
When Personal Data is returned by CSPs:
- CSP → Data Controller
- NaC Platform → Data Processor
- Enterprise → Sub-processor
NaC processes Personal Data only according to instructions from the respective data controllers.
Product Information
- Product Type: API
- Delivery Model: SaaS
Documentation:
- https://developer.networkascode.nokia.io/docs
- https://developer.networkascode.nokia.io/legal/supplemental-privacy-notice
Processing Operations
| Aspect | Status |
|---|---|
| Processing of Personal Data | Required |
| Processing of Sensitive Personal Data | Required |
| Processing of Non-Sensitive Personal Data | Not Applicable |
| Profiling of Individuals | Not Performed |
| Automated Decision-Making | Not Performed |
| High-Risk Processing Activities | Not Applicable |
Privacy & Security Measures
The Product is designed using a privacy-by-design approach and follows data minimization principles.
Security Controls Include:
- Data-at-rest encryption
- Data-in-transit encryption
- Role-based access control
- Integrity protection
- Intrusion detection
- Incident response plans
The Product:
- Does not store data beyond its intended use
- Retains data only as required by law
- May use anonymized data for analytics
The Product considers compliance with major privacy regulations, including EU GDPR.
Customers should seek qualified legal advice tailored to their specific deployment.
Personal Data Processing Overview
All APIs
- Data: Device identifiers (phone number, IP address, network identifiers)
- Purpose: Route requests to the correct CSP
- Recipients: Enterprise application
- Required for Core Features: Yes
- Nokia Role: Data Processor
Location APIs
- Data: Latitude, longitude, civic address
- Purpose: Retrieve or verify device location
- Recipients: Enterprise application
- Required for Core Features: Yes
- Nokia Role: Data Processor
Device Status APIs
- Data: Roaming status, connectivity status
- Purpose: Identify device connectivity or roaming state
- Recipients: Enterprise application
- Required for Core Features: Yes
- Nokia Role: Data Processor
Deployment Locations
The Product is currently deployed in:
- AWS: US & Germany
- GCP: US & Germany
Deployment may occur in other regions if required by:
- Data sovereignty laws
- Regulatory requirements
Consent Management
Certain APIs may require explicit user consent or opt-in depending on:
- Local laws
- API scope
- Application use case
As Nokia acts as a data processor, the data controller determines the method for obtaining consent.
Managing Personal Data
Privacy Enhancing Technologies
| Privacy Objective | Measures Implemented |
|---|---|
| Confidentiality | Encryption, Access Control |
| Integrity | Change logging |
| Availability | Disaster recovery, Business continuity |
| Incident Response | Detection and response mechanisms |
Certification: SOC 2 Type II compliant
Data Subject Rights
- Customers manage Personal Data on their premises
- Requests to amend, rectify, or delete data can be submitted
- Nokia assists data controllers with DSARs as required by law
Data Retention
Personal Data transmitted to the hosted Product is purged upon tenant deletion following service termination.
Regulatory Compliance
Data Processing Addendum
Where Nokia acts as a data processor, obligations regarding:
- Cross-border transfers
- Sub-processing
- Disclosure
are defined in the Data Processing Addendum:
https://developer.networkascode.nokia.io/legal/data-processing-addendum
Sub-processors
Current sub-processors include:
- AWS (US, Germany)
- GCP (US, Germany)
This list may change according to statutory and contractual requirements.
Last updated April 14, 2025