The protection of your personal data has a high priority for the T-Systems International GmbH. It is important to us to inform you about what personal data are collected, how they are used and what options you have in this regard.
a) Necessary processing for the provision of the digital service (Art. 6 para. 1b GDPR, §25 para. 2 no. 2 TDDDG)
When using T-Systems eShop hereinafter referred to as digital service (Art. 6 para. 1b GDPR, §25 para. 2 No. 2 TTDSG (Telecommunications Telemedia Data Protection Act)): We use your personal data exclusively for the technical administration of our digital service and to meet your wishes and requests. Other personal details, such as your name, address, telephone number or e-mail address, are not recorded unless you provide this information voluntarily or in the course of registering in the eShop. The data you supply when contacting us, the extent of which can be seen in the contact form, are used exclusively by Telekom Deutschland GmbH and T-Systems International GmbH to respond to inquiries and provide services. Only if you have given us your prior consent do we also use this data for product-related surveys and marketing purposes—but only to the extent required in each specific case and only in accordance with your prior consent. Personal data will only be disclosed to third parties if express consent has been given by the individual concerned. Our partners are contractually obligated to treat your data confidentially and in accordance with legal provisions. You decide when registering whether we may use your data for our own marketing purposes. You will only receive advertising from us if you agree to your data being used in this way. You may opt out of such use and withdraw any prior consent at any time.
Contract data: When you register, we process and use the data collected upon conclusion of the contract and during the term of the contract that are required for both sides to properly perform the contract, as well as any data provided voluntarily (contract data). Contract data include the form of address, last name, first name, address, date of birth, telephone numbers and/or e-mail addresses, data for settlement of payments, sales data - broken down according to the service you use, products and information about the products you are already using. If you set up additional users, their data will also be stored. Your contract data will only be retained beyond the end of the contract in accordance with contractual regulations, and such storage is limited to the required minimum. We will store the text of the contract and send you your order data by e-mail. Your contract data will be deleted 90 days after the contract is terminated, by deleting your user account.
Usage and billing data: For proper rendering of our services and for billing purposes we store and use your billing data in accordance with legal regulations. Billing data includes information on the start and end of each usage and the services used.
Customer data processing with Salesforce: To process customer service requests and enable customer communication by e-mail or telephone in accordance with the permissions you have given us, your personal customer data is stored and processed in our CRM system (Salesforce Service Cloud and Salesforce Marketing Cloud). The CRM system is operated by Salesforce Inc. Your data (company, contact, address, telephone number, e-mail, application user (name/e-mail address) and marketing permissions) is hosted in Europe, Canada and the USA by Salesforce and encrypted in unaltered form (i.e. neither anonymized nor pseudonymized) using a standardized process, and is thus inaccessible to Salesforce itself. If you have given us permission to do so, we will collect e-mail usage information (weather e-mail has been opened, clicks) via this system in order to improve our service for you and provide you with suitable information. If you no longer agree to this, you can opt out at any time under "Your account".
Payment with credit card: When paying by credit card, we use the 3D Secure 2.0 method. Through the individual, data-based risk assessment, transactions can be approved directly and without further buyer interaction (input of a 3D Secure Code). For the purpose of risk assessment, the shop system sends the following data via the payment service provider to the card-issuing bank (issuer): Company name, billing address (city, street, postal code, country), email address, telephone number, mobile number.
b) Processing in the provision of the digital service that is carried out on the basis of legitimate interest (Art. 6 para. 1 f GDPR, §25 para. 2 no. 2 TDDDG)
When you use our digital service, our servers temporarily record the domain name or IP address of your terminal device as well as other data, such as the requested content or the response code.
The logged data is used exclusively for data security purposes, in particular to defend against attempted attacks on our server. They are neither used for the creation of individual user profiles nor passed on to third parties and will be deleted after 10 days at the latest. We reserve the right to statistically evaluate anonymized data sets.
We want you to enjoy using our digital services and using our products and services. In order for you to find the products that interest you and for us to be able to design our digital service in a user-friendly way, we analyse your usage behaviour in pseudonymised form. Within the framework of the legal regulations, user profiles are created. In the following, we provide you with general information about the various purposes of the processing. By clicking on the "Consent to data processing" query, which appears when you access our digital service, you have the option of agreeing to the processing or rejecting it in part or in full. Processing necessary for the provision of the digital service (see explanation above under 1.) cannot be refused.
a) Basic digital service functionality
These processing’s are always active and necessary for our digital service to function properly.
| Processing company with company address/data recipient | T-Systems Internation GmbH Hahnstraße 43d, 60528 Frankfurt am Main |
| Processing purpose according to consent category | Functional, required |
| Products used/short description of the service used | Cart function |
| Description of specific processing purpose | Saving products and services placed in the shopping cart, order processing |
| Responsibilities | T-Systems Internation GmbH |
| Processed data | Products and services, personal data entered as part of the order |
| Storage duration | Session, 30 days |
| Legal basis (data processing) | Art. 6 Abs. 1 b DSGVO, § 25 Abs. 2 Nr. 2 TDDDG |
| Third-country processing | none |
| Legal basis (third-country processing) | none |
| Processing company with company address/data recipient | Telekom Deutschland GmbH Landgrabenweg 149, 53227 Bonn |
| Processing purpose according to consent category | Functional, required |
| Products used/short description of the service used | Single Sign On (Login), User Self Service, Usermanagement |
| Description of specific processing purpose | Your browser remembers your username when you log in with your Telekom login. This allows you to switch between Telekom applications without logging in again. |
| Responsibilities | Telekom Deutschland GmbH |
| Processed data | Username, Password |
| Storage duration | Session, 12 month |
| Legal basis (data processing) | Art. 6 Abs. 1 a DSGVO, § 25 Abs. 2 Nr. 2 TDDDG |
| Third-country processing | none |
| Legal basis (third-country processing) | none |
| Processing company with company address/data recipient | Tealium Inc. 11095 Torreyana Road San Diego CA 92121 United States of America |
| Processing purpose according to consent category | Required |
| Products used/short description of the service used | iQ |
| Description of specific processing purpose | The Tealium iQ service ensures that you can configure settings for data protection and that your specifications are implemented when you use our website. For this purpose, Tealium iQ stores a file in the browser on your end device. This controls which technologies from which providers may be loaded and how recorded data is transmitted. The file is stored on the client side, i.e., in your browser, for subsequent page views. |
| Responsibilities | T-Systems Internation GmbH |
| Processed data | Tealium session ID |
| Storage duration | utag_main cookie 12 months CONSENTMGR cookie 3 months |
| Legal basis (data processing) | Art. 6 para. 1 lit. f GDPR |
| Third-country processing | Your online usage data is processed in the United States of America. An adequacy decision from the EU Commission is available for this state. |
| Legal basis (third-country processing) | EU adequacy decision Art. 45 GDPR as well as consent pursuant to Art. 49 GDPR |
| Processing company with company address/data recipient | Tealium Inc. 11095 Torreyana Road San Diego CA 92121 United States of America |
| Processing purpose according to consent category | Required |
| Products used/short description of the service used | EventStream |
| Description of specific processing purpose | The Tealium EventStream service has a control function in consent management: it converts data collected about the use of our website and passes it on to other services in accordance with the privacy settings you have implemented. The data is not stored permanently on the servers of Tealium. |
| Responsibilities | T-Systems Internation GmbH |
| Processed data | Anonymized user interactions of users with the website |
| Storage duration | utag_main cookie 12 months CONSENTMGR cookie 3 months |
| Legal basis (data processing) | Art. 6 para. 1 sentence 1 lit. f GDPR |
| Third-country processing | Your online usage data is processed in the United States of America. Anadequacy decision from the EU Commission is available for this state. |
| Legal basis (third-country processing) | EU adequacy decision Art. 45 GDPRas well as consent pursuant to Art. 49 GDPR |
b) Analysis by T-Systems International GmbH
We use cookies and analytics technologies to develop a better understanding of how our digital service is used. They help us to optimize our digital services. For example, we can determine how many people visit our service generally or a particular service. They are also useful for statistical evaluations that show us how our digital services are used. The analysis is based on pseudonymous information. The legal basis for this processing is §25 para. 1 TDDDG, Art. 6 para. 1 a GDPR, or in the case of third countries, Art. 49 para. 1 a GDPR.
| Processing company with company address/data recipient | Mapp Digital Germany GmbH Mapp Digital c/o Webtrekk GmbH Schönhauser Allee 148 10435 Berlin |
| Processing purpose according to consent category | Analysis by T-Systems (or processor) and, if applicable, third-country processing via Art. 49 GDPR |
| Products used/short description of the service used | Customized design, marketing, personalization, newsletter |
| Description of specific processing purpose | We use this service to analyze and optimize the interaction with our clients on our digital service as well as marketing campaigns. Segmentation and targeting help us to provide relevant content at the right time. The data helps us to better understand user behavior and to continuously improve our digital service. |
| Responsibilities | T-Systems Internation GmbH is responsible under data protection law. Mapp Digital Germany GmbH acts on behalf of T-Systems International GmbH. |
| Processed data | IP address, information about user behavior, clicks, website visits and engagement with content, purchase histories, and information about orders to create personalized offers, cookie ID |
| Storage duration | 6 months |
| Legal basis (data processing) | This web service is used on the basis of § 25 para. 1 sentence 1 Telecommunications Telemedia Data Protection Act (TTDSG). The subsequent processing of your data or data categories takes place on the basis of Art. 6 para. 1 a) GDPR. |
| Third-country processing | None |
| Legal basis (third-country processing) | None |
| Processing company with company address/data recipient | Mapp Digital Germany GmbH Mapp Digital c/o Webtrekk GmbH Schönhauser Allee 148 10435 Berlin |
| Processing purpose according to consent category | Marketing by T-Systems (or processor) and, if applicable, third-country processing via Art. 49 GDPR |
| Products used/short description of the service used | We use the Deep Media Advertiser Tag on our digital service. |
| Description of specific processing purpose | The Deep Media Advertiser Tag is a tag management pixel for managing technologies for marketing and optimization purposes. It is used in particular to place ads that are relevant and interesting for you and to improve campaign performance reports. When the advertiser tag is used, information, for example in the form of cookies or click IDs, is processed. The processing of the data and, if applicable, the forwarding of this online identifier by Deep Media Technologies GmbH takes place only to providers for which the user has given consent in the context of the data protection settings. |
| Responsibilities | T-Systems Internation GmbH is responsible under data protection law. Mapp Digital Germany GmbH acts on behalf of T-Systems International GmbH. |
| Processed data | IP address, device identifier |
| Storage duration | 12 months |
| Legal basis (data processing) | This service is used on the basis of § 25 para. 1 sentence 1 Telecommunications Telemedia Data Protection Act (TTDSG); the subsequent processing of your personal data is carried out on the basis of Art. 6 para. 1 a) GDPR. |
| Third-country processing | This service may forward the collected data to another country. This may also be a country in which the level of data protection does not correspond to the legal standard in Germany. If your data is transferred to the United States, it may be used by U.S. authorities for the purposes of monitoring and surveillance without you being able to take legal action against this. Below you can see all countries to which the service transfers data. Further information on the security of your data can be found in the data processor's privacy policy. You can also contact the data protection officer directly. |
| Legal basis (third-country processing) | Adequacy decision of the EU Art. 45 GDPR as well as consent according to Art. 49 GDPR |
This privacy policy provides an overview of the points that apply to Telekom’s processing of your data in this online service. Additional information on data protection when using our products, in particular on the purposes of use, deletion periods, etc., can be found in the data protection information for the respective product under www.telekom.com/data-privacy-information.
You have the right,
a) To request information on the categories of data processed, the purposes of processing, any recipients of the data, or the planned storage period (Art. 15 GDPR);
b) to demand the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
c) to revoke given consent at any time with effect for the future (Art. 7 para. 3 GDPR);
d) to object to data processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 (1) GDPR);
e) in certain cases, within the framework of Art. 17 GDPR, to demand the deletion of data in particular, insofar as the data are no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
f) under certain conditions, to demand the restriction of data, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);
g) to data portability, i.e. you can receive your data that you have provided to us in a conventional machine-readable format, such as CSV, and transmit it to others if necessary (Art. 20 GDPR);
h) to issue a complaint to the competent supervisory authority about the data processing (for telecommunication contracts: Federal Commissioner for Data Protection and Freedom of Information; otherwise: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia).
To order processors, i.e. companies that we commission with the processing of data within the scope provided by law, Art. 28 GDPR (service providers, vicarious agents). In this case, Deutsche Telekom remains responsible for the protection of your data. In particular, we commission companies in the following areas: IT, sales, marketing, finance, consulting, customer service, human resources, logistics, printing.
To cooperation partners who provide services for you on their own responsibility or in connection with your telecom contract. This is the case if you commission services from such partners with us or if you consent to the involvement of the partner or if we involve the partner on the basis of legal permission.
Due to legal obligation: In certain cases, we are required by law to transmit certain data to the requesting government entity.
Your data will be processed in Germany and other European countries.
In all other respects, the following applies: If data processing takes place in third countries, this will take place insofar as you have expressly consented to this or if it is necessary for our provision of services to you or if it is provided for by law (Art. 49 GDPR).
Your data will only be processed in third countries if certain measures are taken to ensure that an adequate level of data protection is in place (e.g. adequacy decision of the EU Commission or so-called suitable safeguards, Art. 44 et seq. GDPR, (see here).
The data controller is the T-Systems International GmbH. If you have any questions, you can contact our customer service or our data protection officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, datenschutz@telekom.de.
Status of privacy policy 04/15/2025
