1. What data is collected, how is it used, and how long is it stored?
a) Necessary processing for the provision of the digital service (Art. 6 para. 1b GDPR, §25 para. 2 no. 2 TTDSG)
When using the DIGITAL X-Website (www.digital-x.eu) and DIGITAL X-App hereinafter referred to as the digital service: Personal data (first name, surname, company, location, e-mail address, telephone number) is collected and processed for the purpose of serving information interests and for marketing purposes. The storage period is 30 days to 24 months (see below for details).
Processing customer data with Salesforce:
In order to process customer service inquiries and for customer communication by e-mail or telephone in accordance with your consent, your personal customer data will be stored and processed in our CRM system. We use the services Salesforce Service Cloud & Salesforce Marketing Cloud of the processor Salesforce (Salesforce.com Germany GmbH, Erika-Mann-Str. 31-37, 80636 Munich, Germany).
If you have given us your consent, we will collect email usage information (sending, openings, clicks) via this system in order to improve our service to you and provide you with more relevant information. If you no longer agree to this, you can object to this at any time under "My Settings".
b) Processing in the provision of the digital service that is carried out on the basis of legitimate interest (Art. 6 para. 1 f GDPR, §25 para. 2 no. 2 TTDSG)
When you use our digital service, our servers temporarily record the domain name or IP address of your device as well as other data, such as the requested content or the response code.
The logged data is used exclusively for data security purposes, in particular to defend against attacks on our server. They are neither used for the creation of individual user profiles nor passed on to third parties and will be deleted after 7 days at the latest. We reserve the right to statistically evaluate anonymized data sets.
c) Push notifications are messages that are sent to your device and displayed there in a prioritized manner. This digital service uses push notifications if you have given your consent during installation or first use (Art. 6 para. 1a GDPR).
• You can disable the receipt of push notifications at any time in your device's settings.
• To send push notifications, we use the processors Airship Inc.Authorisations for access to data and functions of the end device by the digital service
In order to be able to use the digital service on your device, it must be able to access various functions and data on your device. To do this, it is necessary for you to grant certain permissions (Art. 6 para. 1a GDPR, §25 para. 1 TTDSG).
The permissions are programmed differently by the different manufacturers. For example, individual permissions can be grouped into permission categories, or you can agree to only the permission category as a whole.
Please note that in the event of a conflict between one or more authorizations, you may not be able to use all the features of our digital service.
If you have granted permissions, we will only use them to the extent described below:
2. Data control of the social media plug-ins used or links to social media platforms
Some pages contain buttons from social media networks (such as Facebook, Google, Instagram, X [Twitter], Pinterest, Xing, TikTok or LinkedIn) with which you can recommend the offers of the Deutsche Telekom Geschäftskunden GmbH to your friends and acquaintances.
To ensure that you have full control over your data, the buttons used only establish direct contact between the respective social network and the visitor when you actively click on the button (one-click solution).
By activating the social media plug-in or link via the pictogram, also for sharing content (Art. 6 para. 1 a GDPR), the following data can be transmitted to the social media providers: IP address, browser information, operating system, screen resolution, installed browser plug-ins, previous page if you followed a link (referrer), the URL of the current page, etc.
On the next call, the social media plug-ins are again provided in the default inactive mode, so that no data is transmitted on a subsequent visit.
Further information on social media plug-ins, the scope and purposes of the respective data processing as well as further data protection-relevant information can be found in the privacy policy of the respective controller as well as for the explanation of the 1-Click solution on Heise.de
3. Is my usage behavior evaluated, e.g. for advertising or tracking?
We want you to enjoy using our digital services and using our products and services. In order for you to find the products that interest you and for us to be able to design our digital service in a user-friendly way, we analyse your usage behaviour in pseudonymised form. Within the framework of the legal regulations, user profiles are created. In the following, we provide you with general information about the various purposes of the processing. By clicking on the "Consent to data processing" query, which appears when you access our digital service, you have the option of agreeing to the processing or rejecting it in part or in full. Processing necessary for the provision of the digital service (see explanation above under 1.) cannot be refused.
4. Required processing
4.1 Required Functional
This processing is necessary for you to be able to navigate through the Digital Service and use essential functions. They enable basic functions, such as order processing in the online shop and access to secure areas of the digital service. In addition, they are used for the anonymous evaluation of user behavior, which we use to continuously develop our digital service for you. The legal basis for this processing is §25 (2) No. 2 TTDSG, Art. 6 (1b) GDPR or, in the case of third countries, Art. 44 et seq. GDPR.
Company | Purpose | Storage period | Country |
---|---|---|---|
CCM19 | Cookie consent | 12 months | Germany |
4.2 Optional Processing
This processing is used when you use additional features, such as chat. The possible functions are explained in section 1 of this Privacy Notice. The legal basis for this processing is §25 (1) TTDSG, Art. 6 (1) (a) GDPR or, in the case of third countries, Art. 49 (1) (a) GDPR.
Company | Purpose | Storage period | Country |
---|---|---|---|
Google YouTube | Video | 12 months | USA |
4.3 Analytical Processing
This processing helps us to better understand user behaviour. Analytical processing enables the collection of usage and recognition options by first-party or third-party providers, in pseudonymous user profiles. For example, we use analytical processing to determine the number of unique users of the Digital Service or to collect technical information in the event of a Digital Service crash, as well as to analyze user behavior based on pseudonymous information about how users interact with the Digital Service. The legal basis for this processing is Art. 6 (1) (a) GDPR or, in the case of third countries, Art. 49 (1) (a) GDPR.
Company | Purpose | Storage period | Country |
---|---|---|---|
Matomo | tracking of user behavior | 12 months | Germany |
Airship Inc | App Security and performance | 12 months | USA |
4.4 Marketing / Retargeting Processing
This processing is used in order to be able to show you personalised and therefore relevant advertising content.
Marketing processing is used to display interesting advertising content and to measure the effectiveness of our campaigns. This happens not only in Deutsche Telekom's digital services, but also in other digital services (third-party providers). This is also known as retargeting. It is used to create pseudonymous content or ad profiles, to serve relevant advertisements on other digital services, and to derive insights about audiences who viewed the ads and content. Marketing and retargeting processing helps us to display possible relevant advertising content to you. By opting out of marketing processing, you will continue to see the same number of advertisements, but they may be less relevant to you. The legal basis for this processing is §25 (1) TTDSG, Art. 6 (1a) GDPR or, in the case of third countries, Art. 49 (1a) GDPR.
Company | Purpose | Storage period | Country |
---|---|---|---|
Telekom | needs-based design, advertising | 24 months | Germany |
Ad4Mat | advertising | 24 months | Germany |
Adform | Advertisting | 60 days | Europe |
Iridion | Advertising | 12 months | Germany |
AWIN | Advertising | 24 months | Germany |
Mapp (vorm. Webtrack) | Marketing (personalization) | 6 months | Germany |
Emetriq (vorm. Xplosion) | Profiling, Advertising | 12 months | Germany |
Linkster | Advertising | 30 days | Germany |
Trbo | Personalization | 24 months | Germany |
Telekom | Peresonalization | 4 months | Germany |
360Dialog | Advertising | 24 months | Germany |
Salesforce Marketing Cloud | Newsletter / Affiliate | 24 months | Germany |
5. Services from other companies (self-responsible third-party providers)
We have integrated services from third-party providers who provide their services independently or under joint responsibility with Deutsche Telekom. When using our digital service, data is collected by means of cookies or similar technologies and transmitted to the respective third party, in some cases for Deutsche Telekom's own purposes. The legal basis for this data processing is Art. 6 (1) (a) and Art. 49 (1a) GDPR. For information on further processing for the third-party provider's own purposes, please refer to the third-party provider's privacy policy (purposes, storage period and legal basis). Insofar as data processing is also carried out under joint responsibility of Deutsche Telekom, we inform you about the possible risks as follows.
Third country | Recipient | Data types | potential risk |
---|---|---|---|
United States of America (data exporter: Google Ireland) | Google LLC | Usage | EU-US Data Privacy Framework ensures an adequate level of data protection for data processing in the USA |
United States of America (Data exporter: LinkedIn Ireland) | LinkedIn Inc. | Usage | EU-US Data Privacy Framework ensures an adequate level of data protection for data processing in the USA |
United States of America (data exporter: Facebook Ireland) | Meta Platforms Inc. | Usage | EU-US Data Privacy Framework ensures an adequate level of data protection for data processing in the USA |
United States of America (data exporter: Twitter International Unlimited Company) | X Corp. | Usage | EU-US Data Privacy Framework ensures an adequate level of data protection for data processing in the USA |
5.1 Google
Google Ads: We use the Google Ads and Floodlight function of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in our digital service. This function is used to present interest-based advertisements to visitors within the Google advertising network. In the digital service, the visitor can then be presented with advertisements that refer to content that the visitor has previously accessed in other digital services that use Google's remarketing function. If you still do not want Google's remarketing function, you can deactivate it by making the appropriate settings under https://www.google.com/settings/ads. Alternatively, you can opt out of the use of interest-based advertising through the Network Initiative by following the instructions in https://www.networkadvertising.org/managing/opt_out.asp . You can find more information about Google Ads and Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de/.
If you have accessed our digital service via a Google ad, Google AdWords will store a cookie on your device. This cookie expires after 90 days. The information collected with the help of this so-called conversion cookie is used to compile statistics about our conversion rate. This means that we learn how many users have come to our websites through a Google ad and purchase a product within 90 days. If you do not wish to participate in the tracking process, you can disable cookies for conversion tracking by setting your browser settings to block cookies from the corresponding domain: Google Ads: googleadservices.com
5.1.2 Google YouTube Videos: YouTube collects data to provide better services to users, from determining basic information, such as your language, to more complex questions, such as advertising. What data YouTube collects and how it is used depends on how you use the Services and how you manage your privacy settings. If you're not signed in to a Google Account, the data collected is stored with unique identifiers associated with the browser, app, or device. This can ensure, for example, that the language settings are maintained for all sessions. If you're signed in to a Google Account, we'll also collect information that's stored in your Google Account and is considered personal information. For more information, please visit: https://policies.google.com/privacy?hl=de&gl=de
5.2 Meta/Facebook
We use the Meta pixel and the Customer Audience service in our digital service to optimize our advertising offering, provided that you have given Facebook your consent to this. Further information about these Facebook services and the privacy policy of Meta Ireland Ltd., Merrion Road Dublin 4, Ireland ("Meta") can be found at the link https://www.facebook.com/privacy/explanation .
If you use a Facebook user account, this can be recognized by the Meta pixel on our digital service by the Facebook cookie set, via which the collected usage data is transmitted to Meta for analysis and marketing purposes. You can check and/or deactivate this data collection and the further processing and use of the data by Meta directly on Facebook. The Meta pixel is a JavaScript code that transmits the following data to Facebook:
The aforementioned data processing only applies to users who have an account with Facebook or have accessed a Facebook partner page (which has set a cookie). The display of advertising on Facebook (partner) pages using the "Customer Audience" service does not affect users who are not members of Facebook. If it is possible to assign the Facebook ID contained in the Facebook cookie to a Facebook user, Facebook will assign this user to a target group ("Custom Audience") based on the rules we have defined, provided that the rules are relevant. We use the information obtained in this way for the presentation of Telekom advertising on Facebook (partner) pages. If you would like to object to the use of the Facebook pixel, you can set an opt-out cookie on Facebook or deactivate JavaScript in your browser. For further information as well as the setting options for protecting your privacy for advertising purposes, please refer to Facebook's privacy policy, which can be found on https://www.facebook.com/ads/website_custom_audiences/, among others.
5.3 LinkedIn
The re-targeting and conversion tracking of LinkedIn (LinkedIn Ireland Ltd., Wilton Plaza, Wilton Place, Dublin 2, Ireland) by means of the LinkedIn Insight Tag enables the collection of statistical, pseudonymous data (referrer URL, IP address (abbreviated), device and browser characteristics) via the LinkedIn Insight Tag. In addition, this information is used to display interest-specific and relevant offers and recommendations after you have shown interest in certain products, information and offers on our digital service. This information is stored in a cookie for 6 months. You can find out about data processing by LinkedIn at any time under https://www.linkedin.com/legal/privacy-policy?trk=registration_footer-privacy-policy and object to it or revoke your consent via the cookie settings. Telekom Deutschland GmbH and LinkedIn are joint controllers for this processing in accordance with Art. 26 GDPR. If you have any questions, you can contact datenschutz@telekom.de or LinkedIn.
5.4 emetriq GmbH
emetriq is a provider of targeting services in the field of online marketing of advertising space. Targeting stands for a precise target group approach in online marketing and a personalization of content. To this end, emetriq operates a data pool whose goal is to significantly increase the quality of targeting so that advertisers can display relevant advertisements according to your interests. In order to enable user-specific advertising and content to be displayed, emetriq GmbH, Vorsetzen 35, 20459 Hamburg, Germany, collects information about surfing behaviour and app use. Cookies, measurement pixels, APIs or SDKs are used that can collect or process the following information:
The data collected is pseudonymised at the earliest possible time, either in the app or in the user's browser or in the first processing system, and only then is it further processed. All information collected about a user is stored exclusively with the help of pseudonymous IDs. emetriq will delete this data after 6 months at the latest.
In order to enable cross-device personalization of advertising, emetriq assigns an identifier (ID) for each of the devices you use, using your hashed email address. This makes it possible to assign the different IDs assigned to each other in cases where you have logged in to digital services using different devices.
The integration of a neutral entity, the so-called trusted third party, ensures that emetriq does not gain access to the e-mail address. In individual cases, this makes it possible to assign a device to a user across providers, even if the user has not logged in to Deutsche Telekom's digital services with his or her device. This makes it possible to adapt the offer to suit your interests even without a login.
Telekom Deutschland GmbH and emetriq GmbH are joint controllers for this processing in accordance with Art. 26 GDPR. If you have any questions, please contact datenschutz@telekom.de .
Limited to the above-mentioned purposes, this data will also be processed independently by emetriq and its technology partners. For more information, please contact emetriq: https://www.emetriq.com/datenschutz.
In addition, emetriq works with the provider The Trade Desk Ltd. UK (short "TTD", in 1 Bartholomew Cl, London EC1A 7BL, United Kingdom). The Trade Desk processes the IP address and usage data (such as pages and products viewed). For this purpose, users are assigned a randomly generated ID by means of a cookie, which can be used to recognize the user on our digital services as well as the digital services of third parties in TTD's advertising network and to optimize advertising campaigns. Information on data protection at The Trade Desk can be found at https://www.thetradedesk.com/us/privacy
5.5 Adform
In our digital service, we use the service of Adform A/S ( Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark) to obtain evaluations of the performance of our campaigns, targeting data and advertisements, comparing the following:
Adform analyzes the data collected through cookies and IDs in order to serve interest-based advertisements. This information is stored for a maximum of 13 months, cookie-based information for 60 days. You can find out about the data processing by Adform at any time under https://site.adform.com/de/privacy-center/platform/datenschutzrichtlinie-fuer-produkte-und-services/#WiewirCookiesverwenden and object to it or revoke your consent via the cookie settings.
Telekom Deutschland GmbH and Adform A/S are joint controllers for this processing in accordance with Art. 26 GDPR. If you have any questions, please contact datenschutz@telekom.de .
Privacy Settings: You can revisit your settings at any time to manage your preferences.
5.6 Cooperation partner
We include links to cooperation partners on our website. You can use the services of the cooperation partners via the links. For this purpose, we transmit personal data (first name, surname, company, city, e-mail address, telephone number). Personal data is not passed on by the cooperation partners without the specific consent of the user. For further information on the type, purpose and scope of data processing, please refer to the respective data protection declarations of the cooperation partners.
6. Collection of personal data for email contact
If you contact us (e.g. via contact form or email), we will store your details in order to process your inquiry and in the event that follow-up questions arise. This is also our legitimate interest in accordance with Article 6(1)(f) GDPR. We only store and use other personal data if you consent to this or if this is permitted by law without special consent.
7. Plug-ins und Widgets
7.1 FlypSite
We use the “FlypSite” service from 4=1 GmbH in Hamburg for our liveblog offering. 4=1 operates the infrastructure required for “FlypSite” using other service providers with whom GDPR-compliant contracts for order processing exist. Content from social media providers (Facebook, Twitter, Instagram) is made available via the “Flypsite” social wall integrated on our website. When you access a page with a live blog, your browser establishes a connection with the servers of the service providers. Your IP address and the time of access are transmitted and stored in log files. This is necessary for the technically error-free provision and optimization of the services. Further information can be found in the privacy policy of https://www.flypsite.com/datenschutz/flyp-tv-datenschutz/
7.2 Friendly Captcha
We use Friendly Captcha (hereinafter “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is used to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor based on various characteristics. For the analysis, Friendly Captcha evaluates various information (e.g. anonymized IP address, referrer, visit time, etc.). Further information on this can be found at: https://friendlycaptcha.com/legal/privacy-end-users/.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Order processing in accordance with Article 28 GDPR
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
8. Where can I find the information that is important to me?
Additional information on data protection when using our products, in particular on the purposes of use, deletion periods, etc., can be found in the data protection information for the respective product under www.telekom.de/datenschutzhinweise, in the Telekom Shop or under www.telekom.com/datenschutz.
9. What rights do I have?
You have the right to:
a. to request information on categories of data processed, processing purposes, possible recipients of the data, the planned storage period (Art. 15 GDPR);
b. request the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
c. to revoke a given consent at any time with effect for the future (Art. 7 para. 3 GDPR);
d. to object at any time for the future to data processing that is to be carried out on the basis of a legitimate interest, for reasons arising from your particular situation (Art. 21 para. 1 GDPR), stating these reasons. You can object to data processing for direct marketing purposes at any time without stating these reasons (Art. 21 para. 2, 3 GDPR);
e. in certain cases, request the deletion of data within the framework of Art. 17 GDPR - in particular if the data is no longer required for the intended purpose or is processed unlawfully, or if you have withdrawn your consent in accordance with (c) above or have declared an objection in accordance with (d) above;
f. under certain conditions, to demand the restriction of data if deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);
g. data portability, i.e. You can receive your data that you have provided to us in a commonly used machine-readable format, such as z.B. CSV, and, if necessary, transmit it to others (Art. 20 GDPR;)
h. to complain to the competent supervisory authority about the data processing (for telecommunications contracts: Federal Commissioner for Data Protection and Freedom of Information; otherwise: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia).
10. To whom does Deutsche Telekom share my data?
To processors, i.e. companies that we commission to process data within the scope provided for by law, Art. 28 GDPR (service providers, vicarious agents). In this case, Deutsche Telekom remains responsible for the protection of your data. In particular, we commission companies in the following areas: IT, sales, marketing, finance, consulting, customer service, human resources, logistics, printing.
To cooperation partners who provide services for you on their own responsibility or in connection with your telecom contract. This is the case if you commission services from such partners with us or if you consent to the involvement of the partner or if we involve the partner on the basis of a legal permission.
In addition, Deutsche Telekom is striving to cooperate with other service providers (e.g. smart home services). If you are also a user of these services, you can link your respective account to them. This linking must be done by you separately for each service. Once you have made a link, the personal data listed in this Privacy Notice may be used from your respective account for the relevant service. The respective service provider will inform you about the processing of your personal data.
Due to legal obligation: In certain cases, we are required by law to transmit certain data to the requesting government entity.
11. Where will my data be processed?
Your data will be processed in Germany and other European countries.
In some cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), currently for example:
Storage/hosting of customer data (excluding traffic data) by Amazon Web Services EMEA SARL, Amazon Web Services Inc. in the USA, Microsoft Ireland Operations Ltd., Google Cloud EMEA Limited, Ireland and Salesforce.com Germany GmbH in Europe. Only administrators with technical support access from the USA are possible.
Push notification services by Airship Group Inc in the USA
Security and performance monitoring by Datadog Inc. in the USA.
In all other respects, the following applies: If data processing takes place in third countries, this will take place insofar as you have expressly consented to this or if it is necessary for our provision of services to you or if it is provided for by law (Art. 49 GDPR).
Your data will only be processed in third countries if certain measures are taken to ensure that an adequate level of data protection is in place (e.g. adequacy decision of the EU Commission or so-called suitable safeguards, Art. 44 et seq. GDPR, (see here).
12. Who is responsible for data processing? Who is my contact person if I have questions about data protection at Deutsche Telekom?
The data controller is the Deutsche Telekom Geschäftskunden GmbH. If you have any questions, you can contact our customer service or our data protection officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, datenschutz@telekom.de.
13. photo, film and sound recordings at this event
Please note: Photographs, films and sound recordings (recordings) will be made during the event. The recordings may be used by Deutsche Telekom Geschäftskunden GmbH ("Telekom") as well as by its affiliated companies and companies affiliated with Deutsche Telekom AG in accordance with §§ 15ff AktG (hereinafter collectively referred to as the "DTAG Group") for the purpose of corporate communications, information and public relations work and advertising for future events for an unlimited period of time and in all media, e.g. at trade fairs/exhibitions/PoS, in print media, in the media of the Deutsche Telekom Group. e.g. at trade fairs / exhibitions / PoS, in print and offline media on the intranet / internet (including live, if applicable), on television and radio (including live, if applicable) or in social media (including via employees' personal social media channels) and apps. For this purpose, the recordings may be reproduced by the DTAG Group, edited in compliance with your personal rights and stored permanently. The DTAG Group is authorised to sub-license the recordings to the press, media and event partners and customers of the DTAG Group for appropriate use.
The recordings are processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR). With regard to data protection aspects, you have the right to object to the production of the recordings and their use by Telekom for exceptional reasons arising from your particular situation at digitalX@telekom.de.
Status of the data protection notice: August 2024