top of page

This Privacy Statement of Deutsche Telekom Cloud Services on Protection of Personal Data for Clients, Suppliers and Other Third Parties (“Privacy Statement”) applies for processing of your personal data, when you engage with Deutsche Telekom Cloud Services (“DTCS” or “we” or “our” or “us”) in various occasions as our client, customer, collaborator, representatives of our supplier, attendee of our events, etc.

 

Please note that the entity responsible for the protection of your personal data and for ensuring a compliance with this Privacy Statement as a data controller may be one of the DTCS entities listed below, depending on which entity you have relationship with (e.g. contractual relationship) or which entity is responsible for a particular event or activity (e.g. event organizer, internship organizer). If you are not sure about who your data controller is, feel free to reach out to us by contacting us on the email address mentioned below.

 

DTCS entities belonging to Deutsche Telekom AG Group (“DTAG Group”) are the following:

 

  • Deutsche Telekom Cloud Services s.r.o., with its registered seat at Ružová dolina 6, 821 08 Bratislava, Slovak Republic

  • Deutsche Telekom Cloud Services Kft., with its registered seat at Könyves Kálmán krt. 36, 1097 Budapest, Hungary

  • Deutsche Telekom Cloud Services EPE, with its registered seat at 9 Fragkoklisias Str., 15125 Marousi of Attica, Greece

  • Deutsche Telekom Cloud Services S.R.L., with its registered seat at B-dul, Dimitrie Pompei nr. 9-9A, Iride Business Park Cladirea 20, etaj 3, Sector 2, Bucharest, Romania

  • Deutsche Telekom Cloud Services d.o.o., Radnička cesta 21, 10000 Zagreb, Croatia

  • Deutsche Telekom Cloud Services GmbH, Rennweg 97-99, A-1030 Vienna, Austria

  • Deutsche Telekom Cloud Services Sp. z o.o.  w likwidacji, ul. Marynarska 12, 02-674 Warsaw, Poland

  • Deutsche Telekom Cloud Services D.O.O., ul. Moskovska 29, 81000 Podgorica, Montenegro

  • Deutsche Telekom Cloud Services Makedonija Dooel Skopje, Kej 13 Novembri 6, 1000 Skopje, Republic of North Macedonia.

 

The Privacy Statement describes types of personal data we collect, how we use it, with whom we share it, your rights, how you can contact us, as well as other details regarding data processing. We provide you with this Privacy Statement in the format easy for navigation and orientation. You may click on the questions below to jump to the specific section.

 

 

This Privacy Statement can be updated from time to time. This version of the Privacy Statement is effective as of 15 September 2024.

Whose data do we process?

 

We process mainly personal data of you:

  1. our customer,

  2. representative of our customers,

  3. representative of our suppliers and other business partners,

  4. personnel of our suppliers and business partners,

  5. our collaborator,

  6. participant in an event that we organize, or we are part of,

  7. visitor of our premises,

  8. a person with whom we are in contact because of other activities.

(“you”, or “your”).

 

Kindly note that if you are a job applicant for the position in our organization, the Privacy Statement for Job Applicants in Deutsche Telekom Cloud Services applies on you.

 

We obtain your data directly from you, from the company you represent and occasionally also from third parties (e.g., from other members of DTAG Group).

What data do we process, why and on which legal basis?

 

Your personal data is processed mostly to enable our cooperation, to provide you with our services, to allow you to participate on our activities, to develop and promote our organization and our activities and to fulfil our legal obligations.

 

We process your personal data to exercise our rights and perform the obligations under contract concluded with you. We also have certain legal obligations, which require us to process some of your data (e.g., tax obligations, whistleblowing-related and AML obligation, etc.). In addition, we may process your personal data, if we have a legitimate interest to do so. Our legitimate interests are grounded by the necessity, by the need to ensure safety of our assets and your belongings, and by our aim to promote our organization while communicating with you.

 

We may achieve these purposes by processing your data through CCTV system when visiting our premises, by using various applications (e.g., Microsoft 365) and online communication tools (e.g. Slack or Webex), by recording our sessions, by taking pictures from social events and activities, etc. Last but not least, we may process your data due to legal claims and proceedings and if we are requested to do so by the law and by the public authorities.

 

If you are interested in to find out more, please see below detailed overview of processing purposes, scope of processed data and applicable legal basis.

Setting up our contractual relationship, its management and administration, including keeping information in our databases

Processing purpose

  • When we decide we want to cooperate with you, or when you request us to provide you with our services and products, we need to process your personal data. Throughout our relationship, we may need to update agreed contractual terms and administer your contract. To keep a track on our relationship, we maintain databases of our clients and customers.

Processed personal data

  • We process mainly your identification details (name, surname), your contact details (address, email, phone number), information about your organization and your role (company name, you job position) and other details necessary for contract conclusion.

Applicable legal basis

  • We process your data based on art. 6 sec. (1) (b) of GDPR to perform steps necessary for contract conclusion and contract fulfilment and based on our legitimate interest to maintain databases of our clients and customers under art. 6 (1) (f) of GDPR.

 

Payment processing

Processing purpose

  • We may be required to pay you for your products and services, or we may ask you to pay us for products and services we provide to you. We need to process payments, record them, verify them and possibly resolve related claims.

Processed personal data

  • We process mainly your identification and contact details, content of our contract, relevant payment and bank account details (e.g., bank account number, bank details), information about price for services and other details related to provision of services by/to us.

Applicable legal basis

  • We process your data based on art. 6 sec. (1) (b) of GDPR to perform steps necessary for contract fulfilment and based on art. 6 (1) (c) of GDPR to fulfil legal requirements.

 

Provision of products and services and performance of related activities, including customer support

Processing purpose

  • When we provide you with our products and services, we act either as data controller or as a data processor. When we act as a data controller, we process various of your data to deliver the services you ordered from us and to take care of you as part of our customer and technical support.

  • Whenever we act as a data processor, we are not responsible for protection of your data. You should reach out to the respective data controller, who takes care and who is responsible for your data protection.

Processed personal data

  • We process your identification and contact details, information about a company you represent, your position in such company, information about services we provide to you, content of our communication related to service provisioning and technical data and other details necessary for service provisioning.

Applicable legal basis

  • We process your data based on art. 6 sec. (1) (b) of GDPR to perform steps necessary for contract fulfilment.

Supplier and collaborator selection process

Processing purpose

  • We run thorough selection process for our suppliers, so we choose right business partner, who meets our criteria. We may need to assess several aspects of our potential cooperation, including quality of provided products and services as well as personnel, who will deliver them.

Processed personal data

  • We process information about your engaged personnel, who will potentially deliver us products and services, including information about their previous working experience, their current working position, key qualifications, their date of birth and other details relevant for selection of right supplier or collaborator.

Applicable legal basis

  • We process your data based on art. 6 sec. (1) (b) of GDPR to perform steps necessary prior a contract conclusion and based on our legitimate interest to select business partner meeting our requirements under art. 6 (1) (f) of GDPR.

Maintaining security of our tools and of our premises to protect assets and health

Processing purpose

  • When you visit us in our premises, we may process your personal data for security purposes to protect our employees, visitors and third parties. We will ask you for your identification at the reception and we may use CCTV.

  • When we collaborate through various applications and tools, we may need to process data to maintain the security of the application and its other users.

Processed personal data

  • We process mainly your identification data from your identity documents, your contact details, information about a company you represent, information about your visit (date, time), your vehicle registration number, and information about your activities in our premises recorded on CCTV.

  • We also process certain technical details (e.g. your domain name, your IP address, your login data to our applications, logs of your activities etc.)

Applicable legal basis

  • We process your data based on our legitimate interest to protect our employees, visitor and users of our applications, their health and assets under art. 6 (1) (f) of GDPR.

Development of our business and promotion of activities of DT Group

Processing purpose

  • We want to promote our business and activities through various means, including professional social networks (e.g. LinkedIn), electronic communication and through obtaining the references.

Processed personal data

  • We process mainly your identification data, your contact details, information about a company you represent, your picture and content of your references.

Applicable legal basis

  • We process your data based on our legitimate interest to perform direct marketing under art. 6 (1) (f) of GDPR. If we decide to use other form of marketing, we will rely on your consent granted under art. 6 (1) (a) of GDPR.

Event organization and related activities

Processing purpose

  • From time to time, we may organize events, where we can invite you, or we may participate on the events organized by others, where we will perform some activities to promote our organization (e.g., competitions).

Processed personal data

  • We process mainly your identification data, your contact details, information about a company you represent, your pictures taken on the event and other information you decide to share with us.

Applicable legal basis

  • We process your data based on our legitimate interest to promote our organization under art. 6 (1) (f) of GDPR and based on art. 6 (1) (b) of GDPR to perform steps necessary for contract fulfilment.

 

Getting feedback

Processing purpose

  • We are interested in your opinion on our business, our organization, our initiatives, products and services. Thus, we may ask you to let us know ideas for improvement or feedback on our activities.

Processed personal data

  • Usually, the feedback is requested on anonymous basis. If data processing is necessary, then we will process your identification and contact details, and content of your feedback.

Applicable legal basis

  • We process your data based on our legitimate interest to promote and develop our business under art. 6 (1) (f) of GDPR.

Mutual collaboration and use of cooperation and communication tools

Processing purpose

  • Various topics may be discussed during our relationship. We would like to keep our relationship informal and open, thus we may enable you to use some of our tools (e.g. as a guest account in Microsoft 365) and our communication applications. We may need to record our calls to keep evidence on our discussion.

Processed personal data

  • We process mainly your identification details, your contact details, information about company you represent, your position and content of our communication (e.g. from emails, chats), audio and video from our online meetings. In addition, if we cooperate through various tools and applications, including Microsoft 365, we also process some technical details (e.g. your IP address, your domain name), your account details (name, surname, displayed name, account settings), email address

Applicable legal basis

  • We process your data based on art. 6 (1) (b) of GDPR to perform steps necessary for contract fulfilment. If we need to record our communication, we will do so based on your previous consent granted under art. 6 (1) (a) of GDPR or based on our legitimate interest to keep the evidence on content of our discussion under art. 6(1) (f) of GDPR.

Fulfilment of other legal obligations and compliance with law

Processing purpose

  • We may have to process your personal data to comply with applicable legal obligations (e.g., for whistleblowing purposes, to meet AML requirements, tax-related obligation, fraud prevention, etc.) or with a decision of respective public authority or a judicial order.

Processed personal data

  • We need to process information which is required by the applicable law (e.g., content of complaints and claims, any support and investigation materials, details about your cooperation with our organization). Concrete scope of data, which we process derives from the applicable laws. For this particular case, we may also process the data, which was originally collected for other purposes.

Applicable legal basis

  • We process your data based on art. 6 (1) (c) of GDPR to fulfil our legal obligations.

Dispute resolutions

Processing purpose

  • We may process personal data to resolve and settle complaints, claims, legal disputes, and procedures related to our cooperation. We may need to investigate the situation and collect necessary inputs.

Processed personal data

  • We may process data and information required to defend ourselves against claims or to dispute or to settle a claim, even if the data was originally processed for other purposes. We process information related to your actions, information which we find out during the investigation of such cases and all information necessary to correctly assess the respective cases (e.g., content of your communication, your activities, etc.).

Applicable legal basis

  • We process your data based on our legitimate interest to defend ourselves against the claims under art. 6 (1) (f) of GDPR or if required so by the law, i.e., under art. 6 (1) (c) of GDPR

When we process your data based on our legitimate interest, i.e., under art. 6 (1) (f) of GDPR, you have right to object such processing, unless our compelling legitimate interests override your rights and freedoms. You can object data processing by sending us an email on the address mentioned below.

 

If the processing of your personal data is a contractual requirement according to art. 6 (1) (b) of GDPR and you decide not to provide us with this personal data, such action may result in the impossibility of concluding a contractual relationship with you, or other complications related to the fulfilment of our contractual obligations.

 

Whenever we process your personal data based on your consent, you are free to withdraw it at any time. Withdrawal of your consent does not affect processing of your personal data based on previously granted consent. You can withdraw your consent with data processing by sending us an email on the address mentioned below.

 

If processing of your data is a contractual obligation and you do not provide us with the data, it may have some negative impacts on you, including the impossibility to enter into the respective agreement with us. More information about your rights, including right to object and right to withdraw the consent is available below in section “What kind of rights do you have in relation to the data processing?”.

Do we share your data with other parties?

 

We share your personal data among DT Cloud Services companies and with other entities belonging to DTAG Group, especially if we collaborate by using Microsoft 365. You can find the information about entities belonging to DTAG Group on the following link.

 

We may further share your personal data with our suppliers and lessors, who support us in our business or provide us with partial services, e.g., postal services, physical security services (including CCTV systems), legal and audit services, tax and accounting services, banking and financial services, technical support services, insurance services, etc. Some of these suppliers and providers act as independent controllers, thus they are responsible for processing of your personal data, and you should consult their privacy notices for more information about processing of your personal data.

 

We do not allow our suppliers or partners to sell any personal data we share with them, or to use such data for their own purposes. Before engaging any supplier, we perform due diligence, including security, privacy and legal analysis. We do not engage a supplier unless our quality standards are met. Our suppliers are all subject to contract terms that enforce compliance with applicable data protection laws.

 

Some of our employees have access to your personal data. Such access is granted only if it is necessary for the purposes described in this Privacy Statement, for the performance of their work duties and only if the respective employee is bound by the duty of confidentiality. We may also share your personal data with other suppliers and clients working on the same assignment as you to enable smooth cooperation.

 

We may share your personal data if required to do so by the law or by the decision of respective public authority or court order, for example with law enforcement agencies, governmental agencies or other public authorities.

Do we transfer your data to third countries?

 

We process your personal data mostly in EU/EEA member states. However, since we are part of DTAG Group, it may happen that your data will be transferred to the DTAG Group entities located in the third countries (e.g., USA, India). We also use several third-party providers located outside of the EU/EEA. In this case, we endeavour to ensure that your personal data is only transferred to the countries, which are considered having an adequate level of data protection in accordance with the relevant decision of the European Commission, or which provide adequate safeguards to protect your personal data. We generally rely on EU standard contractual clauses for data transfers to third countries or require applicability of other reasonable safeguards and appropriate measures. Regardless of the country in which your personal data is processed, we adopt and maintain appropriate technical, legal, and organizational measures to ensure that the level of protection is the same as or comparable to the level in the EU/EEA. If you would like to learn more about the international data transfers and applicable safeguards, you can contact us via email sent to the email address mentioned below.

How long do we process your personal data?

 

We process your personal data as long as is necessary to fulfil the purpose mentioned in this Privacy Statement, for which the data was collected (e.g., duration of our relationship), to pursue our legitimate interests and to comply with applicable laws. Generally, your data is processed for the duration of our cooperation and three years afterwards. If possible, we will erase your data even before, once the data is not needed for the original purpose. However, the applicable law may require even longer processing period (e.g. under tax law we are obliged to store some of your data for 10 years after the last transaction containing payment has been performed). Your data processed for the purpose of physical security of our premises will normally be kept for one year, except for CCTV images, which will be kept for 72 hours. We will process the data based on your consent for the duration of such consent or until you withdraw your consent. We may store your data for longer period due to ongoing legal proceeding, if any, to protect our legal claims and interests. Last but not least, the above stated period may be prolonged in case of the request of the relevant public authority or of the court.

Are you subject to automated decision making?

 

Your personal data is not used for automated decision making or for profiling.

Which measures do we use to protect your data?

 

We make reasonable efforts to ensure level of security appropriate to the risk associated with the processing of your personal data. We maintain technical and organizational measures designed to protect your personal data within our organization against relevant security threats, including against unauthorized access, destruction, loss, alteration, or misuse. As mentioned above, your data is accessible only to a limited number of our personnel who need access to perform their duties. In case you wish to learn more about our technical and organizational measures, please contact us on via email mentioned below.

What kind of rights do you have in relation to the data processing?

 

It is important for us that you understand your rights related to processing of your personal data. As a data subject, you have the following rights in relation to the processing of your personal data under the GDPR:

 

Right of access

You have the right to obtain information about whether your personal data is being processed and, if so, to request a copy of your personal data that we are processing, for which we may charge you a fee.

If we are processing your personal data, you can ask for the following information: why we are processing your personal data, what personal data we are processing, with whom we are sharing your personal data, how long we are keeping your personal data and how we determine that period, information about your rights, where we obtained your personal data, whether you are subject to automated decision making or profiling, whether we are transferring your personal data to third countries. All of the above information is included in this Privacy Statement.

 

Right to rectification

It is important that we have the correct information about you. We therefore ask you to tell us if any of your personal data is incorrect or if any of your personal data has changed. We will correct your personal data without undue delay after your notification.

 

Right to erasure ('right to be forgotten')

You can ask us to delete your personal data if (1) the processing of your personal data is no longer necessary, (2) your data has been processed unlawfully, (3) you withdraw your consent, (4) you object to the processing of your personal data.

 

Right to restrict processing

From the moment you have (1) requested the rectification of your personal data or (2) objected to the processing until we have considered your request, you have the right to ask us to restrict the processing of your personal data. You may also request restriction of processing if the processing of your data was unlawful but you do not want us to delete your personal data or if we no longer need your data for the original purposes of processing but it is important for the defence of your legal claims.

 

Right to data portability

You may request us to provide you with your personal data processed based on your consent or for contract fulfilment. We will provide you with your data in structured, commonly used, and machine-readable format. You have right to ask us to transfer this data directly to another data controller, if it is technically feasible.

 

Right to object processing

If we process your personal data based on our legitimate interest, or if you believe that we have no right to process your personal data, you may object such processing.

 

Right to withdraw the consent

If some processing activities are based on the consent, you have the right to withdraw such consent at any time. Please note that the withdrawal of your consent does not affect legality of the processing previously performed based on originally granted valid consent.

 

Rights related to automated decision-making and profiling

You have the right not to be subjected to automated decision-making, or profiling, which has legal, or similarly significant effect on you. If you have been subject to such processing and you do not agree with the outcome, you can contact us and ask us to review the decision in a non-automated manner.

 

Right to complain

If you would like to file a complaint about how we process your personal data, you can contact our Data Protection Officer via email below, and your suggestions and requests will be reviewed.

 

Depending on which DT Cloud Services entity is your data controller, the supervisory authority is:

  • for Deutsche Telekom Cloud Services s.r.o.: Office for Personal Data Protection of the Slovak Republic, www.dataprotection.gov.sk.;

  • for Deutsche Telekom Cloud Services Kft.: National Authority for Data Protection and Freedom of Information, www.naih.hu;

  • for Deutsche Telekom Cloud Services EPE: Hellenic Data Protection Authority, www.dpa.gr;

  • for Deutsche Telekom Cloud Services S.R.L.: National Supervisory Authority for Data Processing, www.dataprotection.ro;

  • for Deutsche Telekom Cloud Services d.o.o.: Agency for Protection of Personal Data, www.azop.hr.

  • for Deutsche Telekom Cloud Services GmbH: Austrian Data Protection Authority, www.data-protection-authority.gv.at

  • for Deutsche Telekom Cloud Services Sp. z o.o. w likwidacji: Personal Data Protection Office, www.uodo.gov.pl

  • for Deutsche Telekom Cloud Services D.O.O.: The Agency for Protection of Personal Data and Free Access to Information, www.azlp.me

  • for Deutsche Telekom Cloud Services Makedonija Dooel Skopje: Personal Data Protection Agency, www.azlp.mk

How can you contact our DPO?

 

If you have any questions or complaints about processing of your personal data, please contact us via following email: dtcs.privacy@eu.telekom.com

bottom of page