Data protection and data security for customers and users have a high priority for the entire Deutsche Telekom Group. We therefore attach great importance to the protection of personal data in all business processes. More about our privacy policy principles, which apply to the whole DT-Group, can be found in the Binding Corporate Rules Privacy of Deutsche Telekom. This privacy statement explains what kind of information is collected at the Deutsche Telekom Group during a visit to one of our Web sites and how we use this information. However, this does not apply to Web sites of companies which do not belong to the Group, even if they have a link to this or any other Web site of a Deutsche Telekom AG company. Should you wish to receive information on the collection and processing of personal data at specific companies of the Deutsche Telekom Group, please contact these companies directly or use our contact form.
For the purpose of system security, when you visit our Web sites, our Web server temporarily registers the domain name or the IP address of the requesting computer as well as the date of access, the file request of the client (file name and URL), the HTTP response code and the Web site from which you are visiting us, and the number of bytes transferred during the session. We might also, in some cases, store some information in the form of 'cookies' on your PC so that we can optimize our Web site according to your preferences. We will not collect any other personal data such as name, address, telephone number or e-mail address unless you provide this information voluntarily, e.g., when placing an online order for a product or service, a survey, a competition, or a request for information. Personal data collected during a visit to our Web site is processed exclusively in accordance with the legal provisions of the country in which the respective company is headquartered.
We will use your personal data exclusively for the technical administration of the Web site and to meet your wishes and requests. Only in cases in which you have given us prior consent do we also use this data for product-related surveys and marketing purposes, but only to the extent needed in each specific case. We will not disclose any data to government agencies except where required by law. Our employees and business offices are obligated to treat the data as confidential.
Some of our web sites contain buttons from social media networks, with which you can recommend Deutsche Telekom's offers to your friends and acquaintances. To ensure that you have full data control, when you load the page, images of the respective functions (Facebook “Like” button, Google +1, Twitter button) are displayed instead of the actual social media plug-ins. The exchange of data is not activated until you click the checkmark next to the images, which loads the respective social media plug-ins. When you click a plug-in to activate it, the following data may be transmitted to the website operator: Your IP address Browser information and operating system Screen resolution Installed browser plug-ins, such as Adobe Flash player Origin of visitors if you followed a link (referrer) URL of the current page You can revoke your consent for the social plug-ins to be displayed on this page in future by resetting the checkmark. When you call up the next page, an image will again be displayed in the place of active social media plug-ins (the checkmark is removed), and no data is forwarded.
The companies of Deutsche Telekom AG like to contact customers to provide them with information about special offers and news on products and services. If you register on our Web site or place an order for our products and services, you will be asked to indicate whether you would like to receive advertising information directly. Irrespective of your consent, it goes without saying that, as a Deutsche Telekom customer, you will continue to be notified of any important changes relating to existing service agreements (e.g., rate changes).
Upon written request, the respective company of the Deutsche Telekom Group will inform you of the personal data stored on you (e.g., name, address).
We have taken extensive technical and operational precautions to protect the personal data retained by us against unauthorized access and misuse. Our security procedures are revised regularly and adapted to reflect technological progress.
Should you wish any data to be corrected or deleted, or have any other questions or suggestions on data protection, please use our contact form.
In order to strenghten data protection and data security in the Group, Deutsche Telekom regularly implements appropriate internal controls, audits and certifications of corporate departments. For this purpose, the company uses a system of controls, audits and certifications by external and internal experts. It plays a pioneering role here: In the telecommunications industry, certification of individual corporate departments is still the exception. Deutsche Telekom therefore welcomes the fact that the European legislator has recognized the importance of certifications. In Article 42 of the GDPR, it calls for the introduction of data protection-specific certification procedures as well as data protection seals and data protection certification marks.
Every year, the corporate departments Internal Auditing, Group Privacy and Central Security Management conduct numerous checks and audits on data privacy and data security. Risk-based controls are part of the data privacy compliance management system. For example, these checks examine whether only necessary data is stored (principle of data economy) and whether it is also deleted once its purpose has expired. Further audits serve to safeguard the information and network technologies used in the Group. For example, the implementation of authorization, data privacy and security concepts are reviewed throughout the Group to identify any gaps. Such gaps can arise from security deficiencies in software solutions. Once identified, the deficiencies are promptly eliminated together with the industry partners. The results of the various checks and audits ensure a high level of data privacy and security. They either demonstrate the effectiveness of internal systems and processes or help to identify and remedy any weaknesses at an early stage.
Certification is a procedure used by external, independent bodies such as TÜV, DEKRA or auditing companies. It proves whether certain requirements for products and services and their respective manufacturing processes, including trade relations, people and systems, are met. In 2014, auditors from Deloitte & Touche audited the effectiveness of Deutsche Telekom's data protection-related Compliance Management System (CMS). The result: All measures described in the CMS are effectively implemented. On September 30, 2014, the auditors of Deutsche Telekom AG, Telekom Deutschland GmbH, and its majority holdings, along with T-Systems International GmbH and its majority holdings, confirmed the effectiveness of the CMS. In 2020, further development of the existing data protection-specific certification activities in the Deutsche Telekom Group was defined as a strategic goal for data privacy. To this end, the new certification offerings in the data privacy area were analyzed. On the basis of this market analysis, in an exchange of information with the responsible supervisory authorities and the accreditation body, Deutsche Telekom has developed a modular certification concept that aims to provide both comprehensive certifications of the data privacy management system (e.g., ISO 27701) and product-, process- and service-specific certifications in accordance with Art. 42 of the GDPR at Deutsche Telekom. Numerous units in the Deutsche Telekom Group are already certified to ISO/IEC 27701:2019 and the central functions are promoting and supporting the roll-out for other interested units. At the same time, the data protection experts are continuing to monitor and analyze developments in the market for certifications in accordance with Art. 42 of the GDPR. The Group is thus further establishing itself as a pioneer in the telecommunications industry in the context of data protection-specific certifications. The central security management system and parts of Telekom Deutschland GmbH have been awarded certification in accordance with the international standard ISO 27001. This confirms compliance with specifications for security in information management systems, in products, customer interactions and internal processes. For example, the Open Telekom Cloud is also certified in accordance with the Trusted Cloud Data Protection Profile for Cloud Services (TCDP). This test standard complies with the data protection requirements of the German Federal Data Protection Act for cloud computing. Through its participation in the Data Protection Foundation, Deutsche Telekom also actively supports the AUDITOR research project, which is currently developing a standard for the data protection certification of cloud services in accordance with the GDPR as a successor project to the Trusted Cloud project.
To ensure the protection and safety of natural and legal persons, data privacy and security matters are subject to stringent legal guidelines worldwide. In its role as a telecommunications company, Deutsche Telekom is especially committed to compliance with various laws and regulations.
entered into force on 25 May 2016 and is directly applicable in all member states of the European Union without transposition into national law since 25 May 2018.
together with the data protection laws of the federal states and other sector-specific regulations on data protection in the cases in which the GDPR offers so-called "opening clauses”.
came into force on December 01, 2021 and regulates in particular telecommunications secrecy, data protection in telecommunications and telemedia data protection and the requirements for setting cookies.
