Who is responsible for data processing? Who should I contact if I have any queries regarding data
privacy at Deutsche Telekom?
Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, acts as the data controller. If you
have any queries, please contact our Customer Services department or the Group Data Privacy Officer, Dr.
Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, Germany, email@example.com.
What rights do I have?
You have the right
To request information on the categories of personal data concerned, the purpose of the
processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
To request incorrect or incomplete data is rectified or supplemented (Art. 16 GDPR);
To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
To object to the processing of data on the grounds of legitimate interests, for reasons relating
to your particular situation (Art 21 (1) GDPR);
To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no
longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or
you withdraw your consent according to (c) above or objected according to (d) above;
To demand under certain circumstances the restriction of data where erasure is not possible or
the erasure obligation is disputed (Art. 18 GDPR);
To data portability, i.e. you can receive your data which you provided to us, in a commonly used
and machine-readable format, such as CSV and can, where necessary, transmit the data to others (Art. 20
To file a complaint with the competent supervisory authority regarding data processing (for
telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of
Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit); for any other matters:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
(Landesbeauftragter für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen).
Who does Deutsche Telekom pass my data on to?
To processors, i.e. companies we engage to process data within the legally defined scope, Art. 28
GDPR (service providers, agents). In this case, Deutsche Telekom also remains responsible for protecting
your data. We engage companies particularly in the following areas: IT, sales, marketing, finance,
consulting, customer services, HR, logistics, printing.
Owing to legal obligations: In certain cases, we are legally obliged to transfer certain data to
the requesting state authority.
Where is my data processed?
In general, your data is processed in Germany and in other European countries.
If your data is also processed in countries outside the European Union (i.e. in third countries) by way
of exception, this is done only if you have explicitly given your consent or it is required so we can
provide you with services or it is prescribed by law (Art. 49 GDPR). Furthermore, your data is only
processed in third countries if certain measures ensure a suitable level of data protection (e.g. EU
Commission’s adequacy decision or suitable guarantees, Art. 44 ff. GDPR).
What data is recorded, how is it used and how long is it stored?
When you visit our websites, the web server temporarily records the domain name or your computer’s IP
address, the file requested (file name and URL) by the client, the http response code, and the website
from which you are visiting us.
The recorded data is used solely for data security purposes, particularly to protect against attempted
attacks on our web server (Art. 6 (1) f GDPR). We do not use it to create individual user profiles nor
do we share this information with third parties. It is erased after 7 days at the latest. We reserve the
right to statistically analyze anonymized data records.
If you contact us (for example by contact form or e-mail), we will save your details for the purpose of
processing your enquiry and in the event that follow-up questions arise. This is also in our legitimate
interest according to Article 6(1)(1)(f) GDPR. We only store and use other personal data if you consent
to this or if this is legally permissible without special consent.
We send newsletters, e-mails and other electronic notifications (“newsletters”) only with the consent of
the recipients or a legal permission. If the contents of the newsletter are specifically described in
the context of a registration for the newsletter, they are decisive for the user’s consent. In addition,
our newsletter contains information about our services and us. To subscribe to our newsletters, it is
generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the
purpose of personal contact in the newsletter, or other information if this is necessary for the
purposes of the newsletter.
The registration to our newsletter is always done in a so-called double opt-in procedure. This means
that after registration you will receive an e-mail asking you to confirm your registration. This
confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter
registrations are logged in order to be able to prove the registration process according to the legal
requirements. This includes the storage of the registration and confirmation time as well as the IP
address. Changes to your data stored by the shipping service provider are also logged.
We may store the unsubscribed e-mail addresses for up to three years based on our legitimate interests
before we delete them to be able to prove a formerly given consent. The processing of this data is
always limited to the purpose of knowledge transfer in connection with “DIGITAL X” events and related
Newsletters are sent out on the basis of the consent of the recipients (legal basis is Article
6(1)(1)(a) GDPR or, if consent is not required, on the basis of our legitimate interests in direct
marketing (legal basis is Article 6(1)(1)(f) GDPR), if and to the extent that this is permitted by law,
for example in the case of advertising to existing customers. Newsletter dispatch is organized by
Telekom Deutschland GmbH. Possible contents of newsletters are information about you, your services,
actions and offers.
The registration process for using our websites is recorded on the basis of our legitimate interests in
order to prove that it has been carried out in compliance with the law (legal basis is Article
You can object to this form of usage at any time. Consequently, you can cancel the receipt of our
newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to
cancel the newsletter either at the end of every newsletter, alternatively you can revoke your consent
by sending an e-mail to firstname.lastname@example.org. You will then no longer receive the cancelled newsletters.
The lawfulness of the already carried out communication is not affected by the cancellation.
Data control for the social media plug-ins used
Some of the services websites include buttons for social media networks (Facebook Like button, Google
+1, Twitter button) that you can use to recommend the services Deutsche Telekom AG Corporate
Communications to your friends and family.
To ensure you retain full control of the data, the used buttons provide direct contact between the
respective social network and the visitor only once you actively click on the button (one-click
When the social media plug-in is activated (Art. 6 (1) a GDPR), the following data can be forwarded to
the social media provider: IP address, browser information, operating system, screen resolution,
installed browser plug-ins (such as Adobe Flash Player), previous website if you followed a link
(referrer), URL of the current website, etc...
The next time you visit the website, the social media plug-ins are again provided in the default
disabled mode, thus ensuring that no data is transferred during a repeat visit to the website.
Further information on social media plug-ins is available at: https://www.sicherdigital.de/sicher-surfen#aufpassen-beim-like-button.
Visitors to our website can use a button to share offers via the respective email provider. This button
is also used as a pictogram on our website. If you use the button as a mere HTLM link, your personal
data will not be saved, used or processed by us. For information on the scope and purposes of the
respective data processing by your e-mail provider as well as other information relevant to data
protection, please refer to the data protection declarations of your e-mail provider.
Our website uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry
Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube plug-in-enabled sites, you will be
connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited. If
you're logged into your YouTube account, YouTube will allow you to associate your browsing behavior
directly with your personal profile. You can prevent this by logging out of your YouTube account. The
use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a
legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information about how to
Integration of third party content
We include content from third parties on our website. These are videos, live streams, map services,
images, articles, contributions or podcasts. In order to make this content accessible to you, it is
technically necessary to inform the third party provider of your IP address. Your IP address will not be
saved as part of the integration of third-party content. By integrating third-party content, we create
an optimization of the website and an improved offer for the user. This represents a legitimate interest
within the meaning of Article 6(1)(1)(f) GDPR.
Data privacy information last revised: December 16, 2020