Data privacy

General

The protection of your personal data is a high priority for T-Systems International GmbH. It is important to us to inform you about which personal data is collected, how it is used and what configuration options you have.

1. Where can I find the information that is important for me?

This data protection notice provides an overview of the points that apply to the processing of your data in this web portal by T-Systems. For further information, including information on data protection in special products, please visit www.telekom.com/en/corporate-responsibility/data-protection-data-security/data-protection.

2. Who is responsible for data processing? Who can I contact if I have questions about data protection at T-Systems?

The data controller is PT T Systems Indonesia, 27th Fl, Revenue Tower, Jalan Jendral Sudirman Kav 52-53, Jakarta - Indonesia. If you have any questions, please contact our customer service or our data protection officer, Anggita Ludmila, 27th Fl, Revenue Tower, Jalan Jendral Sudirman Kav 52-53, Jakarta - Indonesia, contacts@t-systems.com.

3. What rights do I have?

You have the right

a.    to request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 GDPR);
b.    to request the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
c.    to revoke any consent given at any time with effect for the future (Art. 7 (3) GDPR);
d. to object to data processing which is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 (1) GDPR);
e. to demand the deletion of data in certain cases within the framework of Art. 17 GDPR – in particular if the data is no longer required for the intended purpose or is being processed unlawfully, or if you have withdrawn your consent in accordance with (c) above or have declared an objection in accordance with (d) above;
f. to demand the restriction of access to data under certain conditions if deletion is not possible or the deletion obligation is disputed (Art. 18 GDPR);
g. to demand data transferability, i.e. you can receive the data which you have provided to us in a standard machine-readable format such as CSV and, if necessary, transfer it to others (Art. 20 GDPR;)
h. to complain to the responsible supervisory authority about data processing.

4. Who does T-Systems share my data with?

Data processors, i.e. companies that we commission to process data within the framework provided by law, Art. 28 GDPR (service providers, vicarious agents). T-Systems also remains responsible for the protection of your data in this case. We commission companies in the following areas in particular: IT, sales, marketing, finance, consulting, customer service, human resources, logistics, printing.

Cooperation partners who provide services for you or in connection with your T-Systems contract on their own responsibility. This is the case if you commission services of these partners from us or if you consent to the inclusion of the partner or if we include the partner on the basis of a legal permit.

Due to legal obligation: in certain cases, we are legally obliged to transmit certain data to the government agency requesting it.

5. Where is my data processed?

Your data will be processed in Singapore and other European countries. If, in exceptional cases, your data is also to be processed in countries outside the European Union (i.e. in what are known as 'third countries'), this will take place on the condition that you have expressly consented to this or if it is necessary for us to be able to provide you with our services or if it is required by law (Art. 49 GDPR). In addition, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission or appropriate safeguards, Art. 44 et seq. GDPR).

6. What data is collected, how is it used, and how long is it stored?

a.    Technical characteristics: When you visit our web pages, the web server temporarily records the domain name or IP address of your computer, the file request of the client (file name and URL), the http response code, and the website from which you are visiting us. The logged data is used exclusively for the purposes of data security, in particular to defend against attempts to attack our web server [Art. 6 (1)(f) GDPR]. They are neither used for the creation of individual user profiles, nor passed on to third parties, and are deleted after 7 days at the latest. We reserve the right to statistically evaluate anonymous data sets.

b.    User surveys / customer feedback with Usabilla: These websites use the service of the data processor Usabilla B. V., Amsterdam, Netherlands, for customer surveys. Website evaluations and your feedback can be requested after prior consent has been obtained [Art. 6 (1)(a) GDPR]. The opinions and improvement suggestions of our customers are important components for the improvements of our web pages. Only anonymous information is processed and there is no possibility of identifying the sender. At no time will personal or personalizable data be transmitted. We evaluate the data and store it for 24 months. The surveys can be conducted in two different ways:
I.    The feedback button on the website. With this button you can give us your feedback at any time. If you do not use this function, no data will be transmitted.
II.    An active feedback request can also be displayed on the website. You can decline this request or cancel at any time. The answers will not be sent until you have completed the survey.

c.    User surveys / customer feedback with eparo: These websites use the service of the company eparo GmbH, Hamburg, Germany, for customer surveys. Website evaluations and your feedback can be requested after prior consent has been obtained [Art. 6 (1)(a) GDPR]. The opinions and improvement suggestions of our customers are important components for the improvements of our web pages. Only anonymous information is processed and there is no possibility of identifying the sender. At no time will personal or personalizable data be transmitted. We evaluate the data and store it for three months.
The survey is conducted via this channel:
I.    An active feedback request can be displayed on the website. You can decline this request or cancel at any time. The answers will not be sent until you have completed the survey.

d.    Text chat: If you use the text chat on the website to contact customer service, various information is transmitted to the customer advisor when the chat is initiated [Art. 6 (1)(a) GDPR]. This includes, for example, the help topic you have selected on the website, your browser version, operating system version, and other similar information. In addition, the chat platform regularly transmits information on the availability of the chat service. This information is used to enable or disable the button to start a text chat on the web page. We only store the information about the beginning and the end of the communication for 7 days. Chat content is not stored.

e.    Other: Additional personal data, such as your name, address, telephone number, or email address, is not collected unless you provide this information voluntarily. Here you will find further information about the newsletter.

7. Data control for the social media plug-ins used

Some of the offer pages contain buttons from social media networks (Facebook like button, Google +1, Twitter button), which you can use to recommend T-Systems offers to your friends and acquaintances.
To ensure that you have full data control, the buttons used only establish direct contact between the respective social network and the visitor when you actively click on the button (one-click solution).
By activating the Social Media Plug-in [Art. 6 (1)(a) GDPR], the following data can be transmitted to the social media providers: IP address, browser information, operating system, screen resolution, installed browser plug-ins, such as Adobe Flash Player, previous website if you followed a link (referrer), the URL of the current website, etc. The next time you visit the website, the social media plug-ins are again provided in the preset inactive mode, to ensure that the next time you visit the website no data is transmitted. You can find more information about social media plug-ins here: www.telekom.com/en/corporate-responsibility/data-protection-data-security/digitally-secure.

8. Is my usage behavior evaluated, e.g. for advertising, tracking?

Explanations and definitions: We would like you to enjoy using our web pages and take advantage of our products and services. We have an economic interest in this. In order for you to find the products that interest you and to enable us to design our web pages in a user-friendly manner, we analyze your usage behavior in an anonymized or pseudonymized form. Within the framework of the legal regulations, we, or companies commissioned by us within the framework of commissioned data processing, create usage profiles. It is not possible to derive a direct connection to you from these profiles. In the following, we provide general information about the various purposes and technologies. Afterwards you have the opportunity to object. Please note, however, that in this case you may not be able to use all functions of our web pages. 

a.    Intended uses [Art. 6 (1)(a) GDPR / § 15 (3) TMG (German Teleservices Act)]

Tag management
Tag management is used to manage tracking tools in web pages. A tag is defined for each page for this purpose. The tag can then be used to determine which tracking tools should be used for this page. Tag management can thus be used to control tracking in a targeted manner so that the tools are only used where it is prudent to apply them.

Market research / reach measurement
The aim of reach measurement is to statistically determine the intensity of use and the number of users of a website, as well as to obtain comparable values for all connected offers. At no time are individual users identified. Your identity always remains protected.

Profiles for the demand-oriented design of the web portal
To ensure that we can continuously improve our web pages, we create what are known as clickstream analyses. The clickstream corresponds to your path of movement on the web pages. The analysis of the movement paths provides us with information about the usage behavior on our web pages. This allows us to detect possible structural errors in the web pages and thus improve the web pages, so that the web pages can be optimized to your needs. At no time are individual users identified.

Profiles for personalized recommendations
T-Systems provides you with individually tailored, personalized recommendations for offers, services, and products. For this purpose, the service provider creates a pseudonymous profile of the services and websites you have accessed on the internet and assigns them to categories. You will be shown content or suggestions which match the profile. At no time are individual users identified or personal data used for the profile.

b.    Technologies

Cookies
We use cookies for certain offers. These are small text files that are stored on your computer. This allows us to detect when you revisit web pages from the same computer. 

Session cookies are cookies that are only stored on your computer for the duration of an internet session and are required for transactions (e.g. to log in or process a purchase). They contain only a transaction ID.

For certain offers we use persistent cookies, which are stored on your computer for future sessions. In this case, we will inform you of the storage period of the cookie. 

Stay signed in – If you sign in with your email address or mobile number and password, the browser can remember this information. Once you have activated the checkbox, you will not have to log in again each time you want to use your Telekom account. Nevertheless, you will be asked to re-enter your password if special, personalized services request it.

Remember username – If you log in with your email address or mobile phone number and password, the browser can remember this information in a cookie. As soon as you activate the checkbox “Remember username”, you only have to enter the password in order to log in.

You have the option of configuring your browser in such a way that these cookies are not stored at all, or that the cookies are deleted at the end of your internet session. Please note, however, that in this case you may not be able to use all functions of our web pages. For information on browser settings, see: www.telekom.com/en/corporate-responsibility/data-protection-data-security/digitally-secure

Tracking pixels
Tracking pixels are usually only 1×1 pixel-sized images and are transparent or created in the color of the background so that they are not visible. When a web page containing a tracking pixel is opened, this small image is downloaded from the provider's server on the internet, where the download is registered. Thus, the provider of the method can see when and how many users requested this tracking pixel or visited a website. Furthermore, the provider can determine whether JavaScript is activated in the browser or not. If JavaScript is activated, further information such as browser information, operating system, or screen resolution can be recorded. This function is usually implemented by a JavaScript call, but the term tracking pixel is still used. 

JavaScript
JavaScripts are used to call up the application and transfer the collected parameters to the respective service provider / tracking pixel provider.

Cookie settings: You can return to your cookie settings at any time to manage your preferences.

Technologies used on these web pages and their purposes:

a.    Required cookies: These cookies are necessary for enabling you to navigate through the pages and use essential functions. They enable basic functions, such as access to secure areas of the website. They also help us in our anonymous evaluation of user behavior, providing us with information that we then use to continuously develop our website for you. The legal basis for these cookies is Art. 6 (1)(b) GDPR.

CompanyPurposeTechnology and, if relevant, storage durationEmbedded as

T-Systems

website operation

Session cookie

Data controller

T-Systems 

website operation

Persistent (24 hours)

Data controller

T-Systems

website operation

Persistent (6 month)

Data controller

Webtrekk GmbH

Needs-based design, website operation

Session cookie

Data controller, service provision

Webtrekk GmbH

Needs-based design, website operation

Persistent (12 months)

Data controller, service provision

Cookie settings: You can return to your cookie settings at any time to manage your preferences.

b.    Analytical cookies: These cookies help us to better understand user behavior. Analysis cookies enable the collection of usage and recognition data by first- or third-party providers in what are known as pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual visitors to a particular website or service, collect other statistics regarding the operation of our products, and analyze user behavior based on anonymous and pseudonymous information about how visitors interact with the website. This in no way enables the direct identification of any particular person. The legal basis for these cookies is Art. 6 (1)(a) GDPR.

CompanyPurposeTechnology and, if relevant, storage durationEmbedded as
Tealium Inc.

Analysis (tag management)

Persistent (1 year)

Data processor

Webtrekk GmbH

Analysis

Session cookie

Data processor

Webtrekk GmbH

Analysis

Persistent (12 months)

Data processor

Cookie settings: You can return to your cookie settings at any time to manage your preferences.

c.    Marketing cookies/ retargeting: These cookies and similar technologies are used to display personalized and therefore relevant advertising content. Marketing cookies are used to ensure we display interesting advertising content, and to measure the effectiveness of our campaigns. This takes place not only on T-Systems International GmbH web pages, but also on the websites of our advertising partners (third-party providers). This is also referred to as retargeting, and it serves to create a pseudonymous interest profile and ensure relevant advertising is displayed on other websites. It is not possible to directly identify any particular person from these profiles. Marketing and retargeting cookies help us to display advertising content that is possibly relevant to you. By suppressing marketing cookies, you will continue to see the same number of ads, but these may be of less relevance to you. The legal basis for these cookies is Art. 6 (1)(a) GDPR.

CompanyPurposeTechnology and, if relevant, storage durationEmbedded as

Adform GmbH

Marketing

Persistent (24 hours)

Data processor

Adform GmbH

Marketing

Persistent (1 month)

Data processor

Adform GmbH

Marketing, analysis

Persistent (2 months)

Data processor

Cookie settings: You can return to your cookie settings at any time to manage your preferences.

d.    Services from other companies (independent third parties): On our web pages we have integrated third-party service providers, which provide their services independently. When you visit our website, data is collected using cookies or similar technologies and transmitted to the respective third party. Partly for T-Systems' own purposes. The legal basis for these cookies is Art. 6 (1)(a) GDPR. To find out to what extent, for what purposes, and on which legal basis data is further processed for the third-party provider's own purposes, please refer to the data privacy information of the respective provider. The information on independent third-party providers is given below.

CompanyPurposeTechnology and, if relevant, storage durationEmbedded as

Google Inc.

Analysis

Session cookie

Data processor

Google Inc.

Analysis

Persistent (24 hours)

Data processor

Google Inc.

Analysis

Persistent (1 year)

Data processor

Cookie settings: You can return to your cookie settings at any time to manage your preferences.

On the website www.youronlinechoices.com you can read more information about cookies and the individual providers. There you also have the possibility to object to usage-based online advertising from individual or all companies at www.youronlinechoices.com (choose a country). We have voluntarily submitted to self-regulation from the German Data Protection Council for Online Advertising (DDOW).

9. Services provided by other companies that provide their services as data controllers

Google
On individual web pages, we use Google Maps to display maps, locations, and for route planning. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding Google Maps, your IP address is transmitted directly to Google and a cookie is stored as soon as you visit such a website. You can inform yourself about and object to data processing by Google at any time at www.google.com/policies/privacy.

We use the remarketing function and Google AdWords from Google Inc. (“Google”) on our web pages. This function is implemented via a cookie and serves to present website visitors with interest-related advertisements within the Google advertising network. These pages may then present the visitor with advertisements related to content that the visitor has previously viewed on sites that use Google's remarketing feature. According to its own information, Google does not collect any personal data during this process. If you still do not wish to use Google’s remarketing function, you can deactivate it by choosing the appropriate settings at www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the ad network initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp. Further information about Google Remarketing and the Google privacy policy can be found at www.google.com/privacy/ads/.

If you have reached our website via a Google ad, Google AdWords will store a cookie on your computer. This cookie loses its validity after 30 days. It is not possible to derive a direct connection to you from this. The information collected with the help of this conversion cookie is used to generate statistics about our conversion rate. This means that we find out how many users come to our web pages through a Google ad and purchase a product within 30 days. If you do not wish to participate in the tracking process, you can disable cookies for conversion tracking by configuring your browser preferences to block cookies from the domain in question: Google AdWords: googleadservices.com

LinkedIn

The LinkedIn Insight Tag enables the collection of data regarding members’ visits to your website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.

LinkedIn does not share the personal data with the website owner, it only provides reports (which do not identify you) about the website audience and ad performance. LinkedIn also provides retargeting for website visitors (up to 90 days after the visit), enabling the website owner to show personalized ads off its website by using this data, but without identifying the member. We also use data that does not identify you to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings. The LinkedIn privacy policy can be found her https://www.linkedin.com/legal/privacy-policy?_l=en_DE

© T-Systems International GmbH – March 2020

Do you visit t-systems.com outside of Indonesia? Visit the local website for more information and offers for your country.