Notes on data privacy

Telekom Deutschland GmbH attaches great importance to protecting your personal data. We always inform you what personal data we collect, how your data is used, and how you can influence the process.

a) Technical characteristics: When you visit our websites, the web server temporarily records the domain name or your computer’s IP address, the file requested (file name and URL) by the client, the http response code, and the website from which you are visiting us.
The recorded data is used solely for data security purposes, particularly to protect against attempted attacks on our web server (Art. 6 (1) f GDPR). We do not use it to create individual user profiles nor do we share this information with third parties. It is erased after 7 days at the latest. We reserve the right to statistically analyze anonymized data records.

b) User surveys/customer feedback with KE Questionnaire: These websites use the service from KE Questionnaire, to provide customer surveys. Website ratings and your feedback can be surveyed (Art. 6 (1) a GDPR). Our customers’ opinions and improvement suggestions crucially help us improve our websites. Only anonymous information is processed and there is no way of tracing the sender. Personal data or personally identifiable data is not transferred at any time. We store and analyze the data for add storage period. 

There are two different ways of conducting the surveys:

I) The feedback button on the website. You can use this button at any time to provide us with your feedback. No data is transferred unless you use this function.

II) An active feedback survey can also be displayed on the website. You can reject this survey or cancel it at any time. Answers are only sent once you have completed the survey.

Some web pages may contain social media buttons (e.g. Facebook, Google, Instagram, Twitter, Pinterest, Xing or LinkedIn) you can use to recommend the services of Telekom Deutschland GmbH to your friends and family.

To ensure you retain full control of the data, the used buttons provide direct contact between the respective social network and the visitor only once you actively click on the button (one-click solution).

When the social media plug-in is activated (Art. 6 (1) a GDPR), the following data can be forwarded to the social media provider: IP address, browser information, operating system, screen resolution, installed browser plug-ins (such as Adobe Flash Player), previous website if you followed a link (referrer), URL of the current website, etc...

The next time you visit the website, the social media plug-ins are again provided in the default disabled mode, thus ensuring that no data is transferred during a repeat visit to th

e website. Further information on social media plug-ins is available at: www.sicherdigital.de/sicher-surfen (only in German) and

1-Click Solution (only in German).

Explanations and definitions

We want you to enjoy using our websites and take advantage of our products and services. We have an economic interest in ensuring this is the case. We analyze your usage habits on the basis of anonymized or pseudonymized data so you can find the products that interest you and so we can make our websites user-friendly. Deutsche Telekom or its contract data processors create usage profiles that comply with the legal requirements. This information cannot be traced back to you directly. The following information is intended to provide you with general information on the various purposes of processing data. The cookie message displayed when visiting our webpages gives you the opportunity to permit or reject the use of cookies. Cookies that are strictly necessary to provide the web service cannot be rejected (see explanation at 1. above).

Tag management (strictly necessary)
Tag management allows us to manage the use of tools on the different web pages of our web portal. A tag is set for each page to do this. The tag content determines which tools will be used for this page. Tag management is used to assure that the tools are in each individual case only used where appropriate.

Market research / Reach measurement (opt-in)
Reach measurement provides statistics on a website’s usage intensity and the number of users, along with comparable figures for all the connected services. Market research is designed to learn more about the target groups that use services or applications and view advertisements. Individual users are not identified at any time. Your identity is always protected. 

Profiles for a user-geared presentation of the web portal (opt-in)
The compilation of clickstream analyses assists us in continuously improving our web pages. The clickstream corresponds to your movement on the websites. Analyzing the movement provides us with an insight into usage habits on our websites. This allows us to detect any existing structural deficiencies in our web pages and thereby improve them accordingly. 

Profiles for personalized recommendations (opt-in)
Deutsche Telekom would like to offer you individually targeted and personalized take-action and click recommendations for special offers, services or products.  This involves our service providers compiling a pseudonymous profile about the services and websites accessed by you and assigning categories to the profile. The system displays content or information that matches your profile.
 

1. Services by other companies (independent third party providers)

Some of our web pages feature services of third party providers, who bear the sole responsibility for their services. When you visit one of our web pages, cookies or similar technologies may collect data and send it to third parties. Some of the data may be transmitted for Deutsche Telekom’s own purposes. The legal basis for these cookies is Article 6 (1) a GDPR respectively for third Countries Art. 49 (1) a GDPR. The scope, purpose and legal basis on which further processing is carried out for the third party’s own purposes can be found in the third party’s data privacy information. Information about these independent third party providers can be found in the following.

Google

We use the remarketing and Google AdWords function from Google Inc. (“Google”) on our websites. This function is implemented via a cookie and is used to present website users with web advertising tailored to their interests as part of the Google advertising network. Users can then be shown on these pages advertisements which relate to content users have accessed previously on websites that use the Google remarketing function. According to its own statements, Google does not collect any personal data with this process. If you, however, do not want to use Google’s remarketing function, you can disable this permanently by adjusting the relevant settings at http://www.google.com/settings/ads. Alternatively you can disable the use of cookies for targeted advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google remarketing and Google’s privacy policy is available at: https://policies.google.com/technologies/ads?hl=de/.

If you access our websites via a Google ad, Google AdWords stores a cookie on your computer. This cookie becomes invalid after 30 days. No conclusions can be drawn about you as a person. We use the information collected with the aid of this conversion cookie to create statistics about our conversion rate. This means that we find out how many users came to our websites via a Google ad and acquire a product within 30 days. If you do not wish to participate in the tracking process, you can disable cookies for conversion tracking by specifying in your browser settings that cookies from the relevant domain are to be blocked:

Google AdWords: googleadservices.com

Techniques used on these websites and purposes: 

Company	Purpose	Storage period
Google Inc.	Analyse	Session Cookie
Google Inc.	Analyse	Persistent (24 hours)
Google Inc.	Analyse	Persistent (1 year)

Newsletter

1. What data is collected and for what purpose is it processed?

If you register for a newsletter, we will use your e-mail address (optionally, we ask you to enter a name for the purpose of addressing you personally in the newsletter) to send you the respective newsletter, in which we will regularly inform you about interesting products and services of Telekom Deutschland GmbH. The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. In order to ensure your proper registration for the newsletter, i.e. to prevent unauthorised registrations on behalf of third parties, we will send you a confirmation e-mail after your initial newsletter registration using the double opt-in procedure, in which we ask you to confirm your registration.

In connection with your newsletter registration, we also store your registration data (e.g. e-mail address, name, date and time of registration/confirmation of opt-in) so that we can trace and prove the registration at a later date. The legal basis for this storage is a legitimate interest, Art 6 para. 1 lit f, Art 7 para. 1 DSGVO. The legitimate interest is based on the obligation to prove consent.

2. How long do we store your data?

We store your email address in order to send you the newsletter until you unsubscribe or we stop sending you the newsletter. After unsubscribing from the newsletter, your registration data will remain stored for up to 3 ½ years, limited to the purpose of securing evidence.

3. How can I revoke the newsletter mailing?

You can revoke your consent to receive newsletters from Telekom Deutschland GmbH at any time in the future by clicking on the unsubscribe link at the end of a newsletter you receive.

 

Browser Notifications (Web Push)

Browser notifications (web push) If you activate browser notifications for this website through the "Signalize" service, a function of your Internet browser is used to provide the notifications for you. Only anonymous or pseudonymous data is transmitted for sending messages. Depending on the configuration of the website, this can be

Pseudonymous user ID: a randomly generated value (example: 108bf9a85547edb1108bf9a85547edb1), which is stored in a tracking cookie ID.
Pseudonymous digital fingerprints, pseudonymous mobile device identifiers and, where applicable, pseudonymous cross-device identifiers.
This data is only processed to deliver the notifications you have subscribed to and to make notification-related settings. We ask for your consent to store this data. In this case, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO. You can object to receiving notifications at any time via your browser settings. Information about opting out for web push notifications for the respective browsers can be found here: Google Chrome, Mozilla Firefox, Opera and Microsoft Edge.

In order to make the browser notifications meaningful for you in terms of content, we use the preferences collected on the basis of a pseudonymous user profile by means of tracking pixels and merge your notification ID with the user profile of the website solely for the purpose of personalised messaging. Tracking technology is also used to statistically analyse notifications on our behalf. This enables us to determine whether a notification has been delivered and, if so, whether it has been clicked on. The data generated in this way is processed and stored on our behalf by etracker GmbH exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and is entitled to bear the ePrivacyseal data protection seal of approval.

The processing of data for the statistical analysis of notifications as well as to better adapt future notifications to the interests of recipients is based on our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) lit. f DSGVO. Since the privacy of our visitors is very important to us, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymised or pseudonymised as soon as possible. A direct reference to a person is thus excluded. The data will not be used in any other way or passed on to third parties.

You can object to the aforementioned data processing at any time.

This data privacy information provides an overview of the items which apply to Deutsche Telekom processing your data in this web portal.

Further information, including information on data protection in general and in specific products, is available at https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/data-protection and https://www.telekom.com/en/deutsche-telekom/privacy-policy-1744.

 

Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn acts as the data controller. If you have any queries, please contact our Customer Services department or the Group Data Privacy Officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, Germany, datenschutz(at)telekom.de.

You have the right

a) To request information on the categories of personal data concerned, the purpose of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
b) To request incorrect or incomplete data is rectified or supplemented (Art. 16 GDPR);
c) To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
d) To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Art 21 (1) GDPR);
e) To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to (c) above or objected according to (d) above;
f) To demand under certain circumstances the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
g) To data portability, i.e. you can receive your data which you provided to us, in a commonly used and machine-readable format, such as CSV and can, where necessary, transmit the data to others (Art. 20 GDPR);
h) To file a complaint with the competent supervisory authority regarding data processing (for telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit); for any other matters: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen).

To processors, i.e., companies we engage to process data within the legally defined scope, Article 28 GDPR (service providers, agents). In this case, Deutsche Telekom also remains responsible for protecting your data. We engage companies particularly in the following areas: IT, sales, marketing, finance, consulting, customer services, HR, logistics, and printing.

To cooperation partners who, on their own responsibility, provide services for you or in conjunction with your Deutsche Telekom contract. This is the case if you order services of these partners from us, if you consent to the involvement of the partner, or if we involve the partner on the basis of legal permission.

Owing to legal obligations: In certain cases, we are legally obliged to transfer certain data to a state authority that requests it.

Your data will be processed in Germany and other European countries. If, in exceptional cases, your data is processed in countries outside the European Union (in so-called third countries), this will take place 

a) if you have expressly consented to this (Article 49 (1) a GDPR). (In most countries outside the EU, the level of data protection does not meet EU standards. This concerns in particular comprehensive monitoring and control rights of state authorities, e. g. in the USA, which disproportionately interfere with the data protection of European citizens, 
b) or to the extent necessary for our service provision to you (Article 49 (1) b GDPR), 
c) or to the extent required by law (Article 49 (1) c GDPR). 

Furthermore, your data will only be processed in third countries if certain measures ensure a suitable level of data protection (e.g., EU Commission's adequacy decision or suitable guarantees, Art. 44 et seq. GDPR).