Data privacy information Telekom Deutschland GmbH („Telekom“) for TelekomCLOUD
Telekom Deutschland GmbH attaches great importance to protecting your personal data. We always inform you what personal data we collect during your visit to our websites and when you register an account with us, how your data is used, and how you can influence the process.
1. Where can I find the information that is important to me?
This data privacy information provides an overview of the items which apply to Deutsche Telekom processing your data in this web portal.
Further information, including information on data protection for specific products, is available at http://www.telekom.de/datenschutzhinweise.
2. Who is responsible for data processing? Who should I contact if I have any queries regarding data privacy at Deutsche Telekom?
Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany acts as the data controller. If you have any queries, please contact our Customer Services department or the Group Data Privacy Officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, Germany firstname.lastname@example.org.
3. What rights do I have?
You have the right
a) To request information on the categories of personal data concerned, the purpose of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
b) To request incorrect or incomplete data is rectified or supplemented (Art. 16 GDPR);
c) To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
d) To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Art 21 (1) GDPR);
e) To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to (c) above or objected according to (d) above;
f) To demand under certain circumstances the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
g) To data portability, i.e. you can receive your data which you provided to us, in a commonly used and machine-readable format, such as CSV and can, where necessary, transmit the data to others (Art. 20 GDPR);
h) To file a complaint with the competent supervisory authority regarding data processing (for telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit); for any other matters: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen).
4. Who does Deutsche Telekom pass my data on to?
To processors, i.e. companies we engage to process data within the legally defined scope, Art. 28 GDPR (service providers, agents). In this case, Deutsche Telekom also remains responsible for protecting your data. We engage companies particularly in the following areas: IT, sales, marketing, finance, consulting, customer services, HR, logistics, printing.
To cooperation partners who, on their own responsibility, provide services for you or in conjunction with your Deutsche Telekom contract. This is the case if you contract with us services from these partners or if you consent to the incorporation of the partner or if we incorporate the partner on the basis of legal permission.
Owing to legal obligations: In certain cases, we are legally obliged to transfer certain data to the requesting state authority.
5. Where is my data processed?
In general, your data is processed in Germany and in other European countries.
If your data is also processed in countries outside the European Union (i.e. in third countries) by way of exception, this is done only if you have explicitly given your consent or it is required so we can provide you with services or it is prescribed by law (Art. 49 GDPR). Furthermore, your data is only processed in third countries if certain measures ensure a suitable level of data protection (e.g. EU Commission’s adequacy decision or suitable guarantees, Art. 44 ff. GDPR).
6. What data is recorded, how is it used and how long is it stored?
a) Technical characteristics: When you visit our websites, the web server temporarily records the domain name or your computer’s IP address, the file requested (file name and URL) by the client, the http response code, and the website from which you are visiting us.
The recorded data is used solely for data security purposes, particularly to protect against attempted attacks on our web server (Art. 6 (1) f GDPR). We do not use it to create individual user profiles nor do we share this information with third parties. It is erased after 7 days at the latest. We reserve the right to statistically analyze anonymized data records.
b) User surveys/ customer feedback with Usabilla:
These websites use the service from Usabilla B. V., Amsterdam, Netherlands, to provide customer surveys. Website ratings and your feedback can be surveyed (Art. 6 (1) a GDPR). Our customers’ opinions and improvement suggestions crucially help us improve our websites. Only anonymous information is processed and there is no way of tracing the sender. Personal data or personally identifiable data is not transferred at any time. We store and analyze the data for a period of 24 months. There are two different ways of conducting the surveys:
I) The feedback button on the website. You can use this button at any time to provide us with your feedback. No data is transferred unless you use this function.
II) An active feedback survey can also be displayed on the website. You can reject this survey or cancel it at any time. Answers are only sent once you have completed the survey.
c) Text chat: If you use the text chat on the website to contact the Customer Services department, different types of information are sent to the chat system (Art. 6 (1) b, f GDPR) and are erased after seven days. This includes your IP address, browser version, operating system version; this data cannot be viewed by our customer adviser. The data created during the service chat are transferred to our CRM system (Salesforce Service Cloud). The CRM system is operated by Salesforce Inc. and is hosted in Europe. The system erases the chat content within 24 hours. Additional chat data (starting time, chat duration, internal remarks, customer data requested during the chat) is anonymized after 28 days.
The chat platform also regularly transfers information regarding the accessibility of the chat service function to the TelekomCLOUD website. Using this information, the button on the website to start the text chat is enabled or disabled.
d) For proper rendering of our services:
We use your personal data exclusively for the technical administration of our websites and to meet your wishes and requests. Other personal details, such as your name, address, telephone number or e-mail address, are not recorded unless you provide this information voluntarily or in the course of registering in the TelekomCLOUD marketplace. The data you supply when contacting us, the extent of which can be seen in the contact form, are used exclusively by Telekom Deutschland GmbH to respond to inquiries and provide services. Only if you have given us your prior consent do we also use this data for product-related surveys and marketing purposes—but only to the extent required in each specific case and only in accordance with your prior consent. Personal data will only be disclosed to third parties if express consent has been given by the individual concerned. Our partners are contractually obligated to treat your data confidentially and in accordance with legal provisions. You decide when registering whether we may use your data for our own marketing purposes. You will only receive advertising from us if you agree to your data being used in this way. You may opt out of such use and withdraw any prior consent at any time.
Contract data: When you register, we process and use the data collected upon conclusion of the contract and during the term of the contract that are required for both sides to properly perform the contract, as well as any data provided voluntarily (contract data). Contract data include the form of address, last name, first name, address, date of birth, telephone numbers and/or e-mail addresses, data for settlement of payments, sales data – broken down according to the service you use, products and information about the products you are already using. If you set up additional users, their data will also be stored. Your contract data will only be retained beyond the end of the contract in accordance with contractual regulations, and such storage is limited to the required minimum. We will store the text of the contract and send you your order data by e-mail. Your contract data will be deleted 90 days after the contract is terminated, by deleting your user account.
Usage and billing data: For proper rendering of our services and for billing purposes we store and use your billing data in accordance with legal regulations. Billing data includes information on the start and end of each usage and the services used.
Customer data processing with Salesforce:
To process customer service requests and enable customer communication by e-mail or telephone in accordance with the permissions you have given us, your personal customer data is stored and processed in our CRM system (Salesforce Service Cloud and Salesforce Marketing Cloud). The CRM system is operated by Salesforce Inc. Your data (company, contact, address, telephone number, e-mail, application user (name/e-mail address) and marketing permissions) is hosted in Europe by Salesforce and encrypted in unaltered form (i.e. neither anonymized nor pseudonymized) using a standardized process, and is thus inaccessible to Salesforce itself.
If you have given us permission to do so, we will collect e-mail usage information (weather e-mail has been opened, clicks) via this system in order to improve our service for you and provide you with suitable information. If you no longer agree to this, you can opt out at any time under “My Settings”.
7. Will my usage habits be evaluated, e.g. for advertising purposes, tracking or fraud prevention?
To prevent fraud in our webshop we contracted Risk.Ident GmbH to provide the service (Art. 6 (1) f GDPR). Risk.Ident collects and processes data on our webshop’s websites using cookies and tracking technology to ascertain the user’s device. Wherever Risk.Ident collects IP addresses, these are anonymized immediately.
The data processed by Risk.Ident is stored in a fraud prevention database. We access this data as part of the ordering process for risk assessment purposes. We also transfer to Risk.Ident. data on devices which have already been used to commit (attempted) fraud. The data is not assigned to any one individual at any time.
Explanations and definitions
We want you to enjoy using our websites and take advantage of our products and services. We have an economic interest in ensuring this is the case. We analyze your usage habits on the basis of anonymized or pseudonymized data so you can find the products that interest you and so we can make our websites user-friendly. We or companies commissioned by us to process data create usage profiles to the extent permitted by law. This information cannot be traced back to you directly. Subsequently we inform you generally about the various purposes and techniques. Afterwards you have the right to revoke your consent. However, please remember that in this case you may not have access to the full range of functions offered by our websites.
a) Purposes (Art. 6 (1) f GDPR / §15 (3) German Telemedia Act (Telemediengesetz – TMG)
Tag management is used to manage tracking tools in websites. A tag is set for each page to do this. Based on the tag, the system can determine which tracking tools should be used for this page. Tag management can be used to specifically control tracking so that the tools are only used where appropriate.
Market research / Reach measurement
Reach measurement provides statistics on a website’s usage intensity and the number of users, along with comparable figures for all the connected services. Individual users are not identified at any time. Your identity is always protected.
Profiles for designing the web portal based on needs
We use clickstream analysis to improve our websites constantly. The clickstream corresponds to your movement path on the websites. Analyzing the movement paths provides us with an insight into usage habits on our websites. This lets us identify possible structural errors in the websites and thus improve the websites so they are optimally tailored to your needs. Individual users are not identified at any time.
Profiles for personalized recommendations
Deutsche Telekom provides you with personalized action and click recommendations for offerings, services or products. To do so, the service provider creates a pseudonymized profile about the services and websites you access on the Internet and assigns categories to this profile. The system displays content or information that matches your profile. At no time are individual users identified or personal data used for the profile.
Cross-device and cross-partner profiles for playing out advertising and web content tailored to your interest
On our websites we record, among other things, information on your usage habits so we can play out web content and online advertising that is better tailored to your interests. We collaborate with partners so we can do this on a cross-device and cross-service provider basis. We and our partner companies issue an ID for each of the devices you use by accessing your hashed login data. This lets us assign the various issued IDs to each other in those cases where you have logged onto our websites using various devices. All partners transfer to a trusted third party the ID and the information regarding which user (login) this ID is assigned to. The trusted third party encrypts all information transferred to it. It is therefore no longer possible to assign the information to an individual. The encrypted information is transferred to emetriq GmbH for analysis. emetriq GmbH provides the analysis results to the individual partners via the trusted third party, which then decrypts these results. This makes it possible in individual cases to assign a device to a user on a cross-partner basis, even though this user has not logged on to our websites with his or her device. We can also assign to each other your usage of our services from various devices. The advantage of this process is that the offering can be tailored to the individual’s interests even without a login. Furthermore, emetriq GmbH can use the analysis results for third parties so that these third parties can also play out on their websites advertising and services tailored to the user’s interests on a cross-device basis.
Service and support
To process customer service requests and enable customer communication by email or telephone in accordance with the permissions you have given us, your personal customer data is stored and processed in our CRM system (Salesforce Service Cloud and Salesforce Marketing Cloud). The CRM system is operated by Salesforce Inc. Your data is encrypted and is thus inaccessible to Salesforce itself.
b) Further purposes according to your permission
If you have given TelekomCLOUD accordingly permission, we will use your personal data, to create user profiles, and display customized advertising, according to you granted permission.
For documentation purposes we will store the following data: IP address and time of granting or withdrawal of your consent.
Session cookies are cookies which are only stored on your computer for the duration of your Internet session and are required for transactions (e.g. to log in or to complete a purchase). They simply contain a transaction ID.
For certain services, we use persistent cookies, which are stored on your computer for future sessions. In this case, we notify you about the cookie’s storage period.
You can set your browser to prevent these cookies being stored or to delete the cookies at the end of your Internet session. However, please remember that in this case you may not have access to the full range of functions offered by our websites. For information about browser settings go to: https://www.sicherdigital.de/sicher-surfen#sicher-surfen-browsereinstellungen.
Other measurement techniques including redirect methods are being used. By clicking on a link, the user will not be lead straight to the chosen URL, but will be redirected to a tracking server, that leads him automatically to the appropriate destination.
Techniques used on these websites and purposes:
|Company||Purpose||Technique and, where applicable, storage period||Involved as||Opt-Out|
Cookie (24 months)
Browser setting: Block cookies from the domain „tealium.hs.llnwd.net“
IP adress, device characteristics
Online chat service
Cookie (24 months)
Online chat service
Support and service, process or
Redirect, measurement pixel
ORACLE Deutschland B.V. & Co. KG
Customized design and Advertising
Cookie (24 months)
Redirect, cookie (30 days)
Browser setting: Block cookies from the domains “tracking.mlsat02.de” and “tracking.metalyzer.com”
Redirect, cookie (730 days)
Web Arts AG
Cookie (365 days)
Browser setting: Block cookies from the domain *.iridion.de
Service, customized advertising
Measurement pixel, redirect
Support and service, e-mail advertising
emetriq / xplosion
Advertising and Profiling
Cookie (12 months)
You can consult further information on cookies and the individual providers on the websites www.meine-cookies.org or www.youronlinechoices.com.
Here you can also choose not to receive usage-based online advertising from a single or from all of these companies at http://www.youronlinechoices.com/de/praferenzmanagement/.
We are voluntary subscribers to self-regulation as specified by the German Data Protection Council for Online Advertising (Deutsche Datenschutzrat Online-Werbung – DDOW).
8. Services from other companies that assume responsibility for providing their services
We use Google Maps for maps, locations and route planning on individual websites, e.g. in the Store Locator, which you can access via the tab “Make an appointment in the store” on the right-hand edge of the Deutsche Telekom product pages. Google Maps is run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding Google Maps your IP address is transferred directly to Google and a cookie stored as soon as you visit this kind of website. You can obtain information and opt out at any time from data processing by Google at http://www.google.de/intl/de/policies/privacy.
If you access our websites via a Google ad, Google AdWords stores a cookie on your computer. This cookie becomes invalid after 30 days. No conclusions can be drawn about you as a person. We use the information collected with the aid of this conversion cookie to create statistics about our conversion rate. This means that we find out how many users came to our websites via a Google ad and acquire a product within 30 days. If you do not wish to participate in the tracking process, you can disable cookies for conversion tracking by specifying in your browser settings that cookies from the relevant domain are to be blocked:
Google AdWords: googleadservices.com
We use the Facebook service Customer Audience and Facebook pixel on our websites to optimize our advertising offering, provided you have given the relevant consent to Facebook. Further information on these Facebook services and privacy information from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) can be accessed under the link https://www.facebook.com/privacy/explanation.
If you use a Facebook User Account, the set Facebook cookie makes the Facebook pixel aware of this on our websites. The same cookie is used to transfer the collected usage data to Facebook for analysis and marketing purposes. You can check and/or disable directly via Facebook the way in which Facebook collects, further processes and uses this data.
- HTTP header information (including IP address, web browser information, page storage location, document, website URL and web browser user agent, as well as date and time of use)
- Pixel-specific data; this includes the pixel ID and Facebook cookie data, including your Facebook ID (this data is used to link events to a certain Facebook advertising account and to assign them to a Facebook user)
- Additional information on visiting our websites, as well as on standard- and user-defined data events.
- Orders placed (sales transactions)
- Registrations and trial subscriptions completed
- Products searched, product information accessed
The aforementioned data processing only affects users that have a Facebook account or have accessed a Facebook partner page (whereby a cookie was set). The playing out of advertising on Facebook (partner) pages on the basis of the Customer Audience service does not affect any users that are not Facebook members.
If the Facebook ID included in the Facebook cookie can be assigned to a Facebook user, Facebook assigns this user to a target group (Custom Audience) on the basis of the rules stipulated by us, provided the rules are relevant. We use the information obtained in this way to present Deutsche Telekom advertising on Facebook (partner) pages.
The re-targeting and conversion tracking of LinkedIn (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland) via the LinkedIn Insight Tag enables the compilation of statistical, pseudonymous data (referrer URL, IP address (shortened), device and browser properties) concerning the website visit, the use of our website, and, on this basis, the provision of corresponding aggregated statistics. These details also serve to display customized and relevant offers and recommendations on the basis of the interest you have shown in certain products, information, and offers on our website. These details will be stored in a cookie for a period of six months. You can obtain information and opt out from data processing by LinkedIn at any time at https://www.linkedin.com/legal/privacy-policy?trk=registration_footer-privacy-policy.
Data privacy information last revised: 18.05.2020