Privacy Policy 
(developed according to Articles 13 and 14 of the GDPR)

1. Who is the Controller and the Data Protection Officer?

If you are in a contractual, similar relationship or other proceedings with Deutsche Telekom Systems Solutions Slovakia s.r.o., Moldavská cesta 8B, 040 11 Košice, IČO: 35976721, registered in the Commercial Register of the District Court Košice I, Section: Sro, Insert No. 18094/V (hereinafter referred to as "DT SYSO"), DT SYSO is the controller of your personal data (hereinafter referred to as the "DT SYSO Controller"), except in specific cases specified in point 2, where the controller of your personal data is the joint controllers DT SYSO and DT ITTEL.

If you are in a contractual, similar relationship or other proceedings with Deutsche Telekom IT & Telecommunications Slovakia s.r.o., Moldavská cesta 8B, 040 11 Košice, IČO: 52934039, registered in the Commercial Register of the District Court Košice I, Section: Sro, Insert No. 48210/V (hereinafter referred to as "DT ITTEL"), DT ITTEL is the controller of your personal data (hereinafter referred to as the "DT ITTEL Controller"), except in the specific cases specified in point 2, where your personal data are jointly controllers DT SYSO and DT ITTEL.

Below, the above-mentioned companies may also act under the common brand name "Deutsche Telekom IT Solutions Slovakia".

We also provide you with information and obligations that relate equally to the DT SYSO Controller, the DT ITTEL Controller, as well as to the joint controllers DT SYSO and DT ITTEL under the term "We/us/us and in other relevant grammatical forms".

Web site: https://www.deutschetelekomitsolutions.sk/

Contact details of the Data Protection Officer

E-mail address: FMB_dataprivacy@t-systems.com

Phone: +421 901 903 258

This document fulfills our general information obligation under the GDPR on how we process personal data (hereinafter referred to as "personal data"). You can find more information about the processing of cookies in the section Cookies Processing Information.

 

2. In which cases do we process personal data as joint controllers?

It follows from the agreement of the joint controllers concluded pursuant to Article 26 of the GDPR that, as the joint controllers DT SYSO and DT ITTEL, we also process personal data for jointly defined purposes related to the selection of suitable human resources, keeping records of job seekers and marketing, analytical and PR purposes, which also include the optimal functioning of the website and its management. Information on the processing of cookies can be found HERE.

It follows from this agreement that all relevant obligations under the GDPR in relation to data subjects, including informing and handling requests for exercising the rights of the data subject, will be ensured by the DT SYSO Controller.

However, you, such as the data subject, may exercise your rights with any of the controllers listed in the section 1 of this document by e-mail or in writing at the above-mentioned correspondence addresses of the controllers.

The agreement between the joint controllers for jointly defined purposes pursuant to this point also contains a specification of the organizational and technical measures that are taken to ensure an adequate level of security of the processing of your personal data. The agreement also includes a mechanism to resolve liability relations between joint controllers.

In addition to the joint controller agreement concluded between DT SYSO and DT ITTEL explained above, we have also concluded a joint controller agreement with LinkedIn and Meta, Inc. to manage our profiles set up on Facebook and LinkedIn for statistical purposes because of the use of the page insights service. The joint controllers' agreement concluded pursuant to Art. 26 GDPR with LinkedIn is available here: https://legal.linkedin.com/pages-joint-controller-addendum and the joint controller agreement concluded with Meta, Inc. is available here: https://www.facebook.com/legal/controller_addendum. We are also joint controllers with Google Ireland Limited – you can find more information about the functionalities used in the document Cookies Processing Information

3. What categories of personal data from you as a data subject do we process, for what purposes and on what legal basis?

In most cases, we process a category of so called ordinary personal data and do not process a special category of personal data (so-called sensitive data) or personal data that legal theory classifies as data relating to criminal convictions and offences. If we deviate from this statement, the data subject is explicitly informed before the processing of sensitive personal data takes place.

Information on the categories of data subjects, processed personal data and on the legal bases of respective personal data processing purposes of the Controller DT SYSO can be found by clicking on the link HERE.

Information on the categories of data subjects, processed personal data and on the legal bases of respective personal data processing purposes of the Controller DT ITTEL can be found by clicking on the link HERE.

The purposes, legal bases of personal data processing and their categories or scope of personal data are also specified in more detail in the specific information that is provided to the data subject when obtaining personal data.

4. What legitimate interests do we pursue ?

Personal data processing activities conducted by the Controller DT SYSO and by the Controller DT ITTEL for the abovementioned purposes of personal data processing are based also on the following legitimate interests:

  1. internal administrative purposes within the DTAG group
  2. conducting market research and conducting competitive tenders
  3. performance of customer, certification and internal audits
  4. optimal functioning of the website and its management
  5. identification of a natural person when entering the premises of the Controller in order to protect property, persons and other rights of the Controller
  6. ensuring the security of information and IT systems of the Controller
  7. Software development, improvement, testing, and management
  8. informing users of the application about new functions and additions to the software.

Information on a specific legitimate interest within the individual purposes of processing is provided in the specific information that is provided to the data subject when obtaining personal data.

 

5. When are you obliged to provide us with your personal data and what may be the consequences of not providing them ?

You are obliged to provide us with personal data as the data subject, in case this is stipulated by a special legal regulation. For example, in particular:

  1. to verify your identity before processing certain requests of the data subject applied under the GDPR;
  2. when obtaining a valid security clearance for acquaintance with classified information from the NSA pursuant to the Act on Protection of Classified Information[1];
  3. when submitting accounting and tax documents related to supplied goods and services under the Accounting Act, the Income Tax Act and the VAT Act;
  4. in the course of the employer's legal obligations fulfillment under the Labour Code and several special regulations in the field of social security law, occupational health and safety;
  5. in the course of fulfillment of the legal obligations of a limited liability company in connection with securing corporate agenda;
  6. applying appropriate security measures taken to ensure the security of personal data processing pursuant to Art. 32 GDPR and other measures related to compliance with the protection of personal data.

There are numerous legal regulations that oblige us to acquire or process certain personal data about different categories of data subjects. If there is a legal obligation of the data subject to provide us with their personal data or there is a legal obligation to process the personal data of the data subject, without fulfilling this legal obligation, we cannot proceed further in a specific situation or legal relationship, which may have a specific impact and consequences on the data subject according to the nature of the specific situation (e.g. the data subject will not be able to be registered as our employee in the Social Insurance Register, we will not be able to file accounting documents and provide the data subject with performance for the goods and services supplied, we will not be able to handle the request of the data subject to exercise certain rights under the GDPR, we will not be able to allow the employee to work on projects where our customers also have classified information, we will not be able to register essential legal facts related to corporate agenda in the Commercial Register or create important corporate documents and documents, which will motivate us to use all available legal means leading to such complications not arising in the future, including the removal of the data subject from office in the bodies of the Controllers' companies, etc.).

If the legal basis for the processing of your personal data is a legitimate interest pursuant to Article 6(1)(f) of the GDPR, the data subject is obliged to tolerate this processing, but has the right to object to it, which may result in the restriction, termination of processing or even the continuation of its processing, depending on the individual circumstances of the specific objection of the data subject. You can learn more about this right in the separate section "Rights of data subjects with regard to the processing of personal data" below.

If the legal basis is consent to the processing of personal data pursuant to Article 6(1)(a) of the GDPR, the data subject is never obliged to give us consent and the provision is always voluntary. Any failure to provide personal data in these cases cannot have any negative consequences on the data subject.

If we conclude a contract with you or your company or your employer, the provision of your personal data may be a contractual requirement, in particular in connection with sufficient identification of the parties to the contract or with the communication between the parties when concluding and fulfilling the contractual relationship or in connection with the assertion, defense and proof of our legal claims.

The decision to conclude a contract or enter into a contract negotiation is voluntary, but is usually only feasible under when your personal data is provided. Failure to provide them will probably result in non-conclusion of the contract or non-provision of the requested service, or may adversely affect the performance of the concluded contractual relationship, which may cause certain consequences towards you, which, however, will not be applied by us, but rather by your employer or our business partner or supplier, with whom you have your own direct separate legal relationship and legal liability arising from it.

If the data subject refuses to provide us with personal data:

  1. necessary for the conclusion of the contract or for the contractual performance, it will not be possible to conclude, amend, perform or terminate the contract,
  2. necessary for processing based on consent, the personal data processing in question will not be possible.

[1] Legal Act No. 215/2004 Coll. on the Protection of Classified Information, as amended.

6. If we process categories of personal data that we have not obtained directly from you as the data subject ?

In practice, it is not excluded that we also obtain your personal data indirectly from various sources, which may be various natural and legal persons (e.g. employee as legal representative of a minor child, authorized person, other authorized person exercising their rights, public authorities, courts, bailiffs, business partners, suppliers, providers of specialized services, etc.) or publicly available sources and registers (e.g. business register, Trade Register, Register of Financial Statements, websites published on the Internet, or from service providers based on public data and public data sources, or from other persons, if we have a legal basis for such collection of personal data), especially in cases where we need this data when concluding and fulfilling contractual relations or exercising our legitimate interests.

In most cases, we obtain a category of so-called ordinary personal data and do not obtain a special category of personal data (so-called sensitive data) or personal data, which legal theory classifies as data relating to criminal convictions and offences.

In some cases, it is almost impossible or disproportionately burdensome for us to inform you individually about the specific sources from which we obtain personal data. Therefore, information on the sources from which we obtain personal data most often is presented below:

Source of personal data

Categories of personal data collected

Purpose of subsequent personal data processing

Public available registers (e.g. business register, trade register, official websites of technology companies and start-ups), business partners, suppliers of services and goods

  • Common categories of personal data, as a rule, to the extent of name, surname, residence, function, contact details

Business relations and associated documentation

Legal and corporate agenda

Counterparties to a dispute, courts and other public authorities, notaries public, bailiffs, lawyers

  1. Common categories of personal data relating to a specific legal matter in which the data subject is included.

  1. Data relating to criminal convictions and offences relating to a specific legal matter in which the person concerned is involved.

  1. Special categories of personal data relating to a specific legal matter in which the data subject is included, if this is necessary for the establishment, exercise and defense of the legal claims of the Controllers.

Legal and corporate agenda

Legal representatives of minor dependent children from the ranks of our employees

  • Common categories of personal data included in birth certificate, school attendance certificate

Personnel and wage agenda

Benefits

Vocational training

Dual Education

Recruitment agencies that cooperate with us, but do not act as our authorized processors if you have given them consent to provide your personal data.

  • Common categories of personal data included in a job applicant's CV.

Personnel and wage agenda

Partners we cooperate with in the field of apps development

  • Common data categories included in pseudonymised data regarding a user's use of the app under development as part of its testing, further development and improvement

Development of IT/NT systems and software including their improvement, testing and administration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In some cases, we receive new categories of personal data as a result of our own actions and analyses carried out by various applications based on personal data that is either provided to us directly by you or that comes from external sources explained above. Within such data groups, we process only common, usually pseudonymised categories of personal data, which are mainly necessary for the purpose of developing, improving and testing IT/NT software.

The above-mentioned information regarding the categories of personal data obtained from external sources is of a general nature and may be clarified and supplemented in our first direct communication with you as the data subject in cases where this results from the provisions of Art. 14 GDPR.

7. For how long do we keep your personal data ?

We store personal data of various categories of data subjects in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed.

The retention period of personal data is specified in more detail in the special information on the processing of personal data, which is provided to the data subject when his or her personal data are processed.

8. To whom do we provide personal data, or what are the categories of recipients of personal data ?

In general, your personal data may be provided to:

Processors, i.e., companies that we undertake to process data within the scope defined by law, Article 28 GDPR (e. g. service providers). In this case, responsibility for the protection of your personal data remains within our competence.

We use companies mainly in the following areas: IT, sales, marketing, finance, consulting, customer service, HR.

Business partners who provide services for you or in connection with your contract at their sole responsibility, in cases when you order the services of these partners through us, when you agree to the involvement of the partner, or in case when we engage the partner based on the legal permission.

In connection with legal requirements: In certain cases, we are legally obliged to transfer certain data to a public authority that requests it.

We take the confidentiality of your personal information very seriously and have policies in place to ensure that your personal data is only shared with authorized employees or a verified third party. Our employees may have access to your personal data on the basis of strictly necessary information, which is usually limited by the function, role and department of a particular employee. We ensure that the selection of our processors and the processing of personal data by our processors comply with the GDPR.

The categories of recipients of your personal data are as follows:

Purpose of personal data processing

Recipients of personal data or categories of recipients

Selection procedures

HR providers of online platforms and systems;

Parent company Deutsche Telekom AG and related undertakings

Cloud service providers;

Video conference call service providers;

Postal businesses and courier services

Keeping records of job applicants

HR providers of online platforms and systems;

Parent company Deutsche Telekom AG and related undertakings

Personnel and wage agenda

HR providers of online platforms and systems;

Parent company Deutsche Telekom AG and related undertakings

Cloud service providers;

Video conference call service providers;

Providers of personnel tools and systems

Technical support providers for IT systems and internal user support

Health insurance companies

Social insurance agencies

Pension management companies;

Pension supplementary savings companies;

Insurance and savings banks

Meal allowance providers

Financial Administration

Provider of support for payroll accounting processing system;

Occupational health service

OSH and fire protection service providers;

Holiday vouchers providers;

Providers of online learning platforms,

Education service providers.

Partners assisting in obtaining travel visas and the Consular Office and the Foreign Police in arranging visas for foreign travel of employees;

      Vocational training

Chambers of Commerce

Dual education

Secondary schools involved in dual education

Benefits

Benefit providers

Legal and corporate agenda

Law firms and attorneys;

Notaries or Notarial Offices and the Chamber of Notaries of the Slovak Republic in maintaining notarial central registers and auxiliary registers;

Bailiffs and the Chamber of Bailiffs of the Slovak Republic in keeping the Register of Executions of the Slovak Republic;

Public authorities and courts under applicable law as third parties;

Register of Public Sector Partners, respectively. Ministry of Justice of the Slovak Republic;

Bankruptcy trustees, incolvency and restructuring trustees;

Consulting companies;

Assignees in case of sale of receivables;

Counterparty or party to proceedings other than the Controllers and their legal representatives;

Experts, expert institutes;

National Agency for Network and Electronic Services (NASES);

Central government participating in the provision of State aid or resources from EU funds as third parties;

Business relations and associated documentation

Parent company Deutsche Telekom AG and related undertakings;

Intermediary service providers enabling the Controller to procure services and products in their own name;

Intermediaries to support procurement / purchasing processes, record contractual relations, support administrative systems;

Persons registered as partners in the companies of the Controllers in the Commercial Register;

Audit and control

Auditors conducting the audit;

Customers of Deutsche Telekom AG or auditors commissioned by them;

Parent company Deutsche Telekom AG and related undertakings;

Economic-accounting and tax agenda

Attorneys and/or law firms;

Parent company Deutsche Telekom AG and related undertakings;

Tax advisors;

Financial Audítori;

Third parties: Financial Administration of the Slovak Republic - Tax Office, Office for Protection of Whistleblowers of Anti-Social Activities of the Slovak Republic, Personal Data Protection Office of the Slovak Republic, National Security Authority;

Social Insurance Agency, Health Insurance Companies

National Agency for Network and Electronic Services (NASES);

Marketing, analytical and PR purposes

Marketing agencies;

PR agencies;

Event agencies;

Web hosting and cookie management providers on the website;

Database providers of start-up companies;

Data analytics service providers;

Social network operators;

Providers of video-conferencing and digital event platforms;

Podcast distribution and subscription platform providers;

Protection of property, persons and of other rights of the Controller

Providers of security advice and service;

Private security services;

IT infrastructure and IT security

Technical support providers for IT systems and internal user support

Providers of specific IT security systems and services

Internet service providers;

Parent company Deutsche Telekom AG and related undertakings;

Development of IT/NT systems and softwares including their improvement, testing and administration

Partners participating in the development of applications for end users;

Providers of specialized software tools in checking licenses of users of the Controller;

Providers of end-user app store platforms;

Personal data protection

       Personal Data Protection Office of the Slovak Republic as the third  

       Party;

Whistleblowing and Compliance

Parent company Deutsche Telekom AG;

Statistical Purposes

Parent company Deutsche Telekom AG and related companies (primarily anonymous statistics are provided);

Social network operators

Data analytics service providers

Archiving Purposes

Registry management service providers;

Ministry of Interior of the Slovak Republic as the third party;

State Archives in Košice as the third party;

* In the above mentioned cases, the recipients of the personal data are also:

  • Authorized recipients from among the employees of the Controllers bound by the obligation of confidentiality and instructions pursuant to Art. 29 and Art. 32 para. 4 GDPR.
  • Postal businesses and courier services

Specific recipients are specified in the detailed information that is provided to the data subject when collecting personal data.

If we use processors for the processing of personal data, we verify before authorizing them whether they meet the requirements of an organizational and technical nature in terms of ensuring the security of processing of your personal data under the GDPR. If we are asked by a public authority to make your personal data available, we examine the conditions set by legislation for their disclosure and we do not provide your personal data without verifying whether the legal conditions are met.

We will be happy to provide you with more information about our current processors upon request.

9. Where is your data processed ?

Your personal data will be processed in Slovakia, Germany and other European countries. If, in exceptional cases, your data is processed in countries outside the European Union (so-called third countries), processing will take place

  1. if you have expressly consented to this (Art. 49 (1) GDPR). (In most non-EU countries, the level of data protection does not correspond to the EU standards. This concerns in particular complex monitoring and control rights of state authorities, e.g. in the USA, which disproportionately interfere with the protection of European citizens' data, or
  2. to the extent necessary to provide you with our services (Art. 49 (1) (b) GDPR), or
  3. to the extent required by law (Article 49 (1) (c) GDPR).

In addition, your personal data will only be processed in the third countries if certain measures ensure an adequate level of data protection (e.g. EU Commission adequacy decision or appropriate safeguards, Art. 44 et seq. GDPR). Cross-border transfer of personal data to the third countries (i.e. countries outside the EU, Norway, Iceland and Liechtenstein) is carried out only if necessary, always in accordance with the requirements of the GDPR.  We use or may use services of some leading suppliers such as Google, LLC., Google Ireland Ltd., LinkedIn  Corporation, Meta, Inc. and Microsoft Corporation,  Inc.,  in particular for marketing, analytical and PR purposes and also for statistics or when using cloud services for other purposes, or to other importers. These suppliers and their facilities are located in the United States. After  the Court of Justice of the EU annulled the  EU-US Privacy Shield,  the  United States and the US were considered as the third country not providing an adequate level of protection. On 10 July 2023, the European Commission adopted an adequacy decision on the EU-US framework for the protection of personal data. The adequacy decision concluded that the United States ensures an adequate level of protection, compared to the EU, of personal data transferred from the EU to US companies participating in the EU and US data protection framework. The adequacy decision follows the signing by the US of the executive order "Improving safeguards for signals activities of the US intelligence community", which introduced new binding safeguards to address the points raised by the Court of Justice of the European Union in its Schrems II ruling of July 2020. In particular, the new obligations aimed at ensuring that US intelligence agencies have access to data only to the extent necessary and proportionate, and at establishing an independent and impartial redress mechanism to handle and resolve complaints by Europeans about the collection of their data for national security purposes.[2] If we transfer personal data to the third countries, in specific cases also to the USA, we require the fulfilment of additional data protection safeguards (e.g. the conclusion of so-called contractual clauses or the existence of binding corporate rules). The standard contractual clauses are a model contract for transfers approved by the European Commission. EU data exporters cannot deviate substantially from this wording. The contractual clauses have been identified by the Court of Justice of the EU as a still valid and usable legal instrument. However, we seek to take additional safeguards where we believe it is necessary in light of the conclusions of the Court of Justice of the EU. Information on specific data importers from the third countries and the guarantees applied is provided in this overview table: 

Data importer

Privacy Policy

Adopted legal safeguards for cross-border transfers under GDPR

Additional safeguards as recommended by the EDPB[3]

Amazon Web Services, Inc. (USA) / cloud service provider

https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into the DPA contract available here: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available here:

https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf

https://d1.awsstatic.com/whitepapers/Security/navigating-compliance-with-eu-data-transfer-requirements.pdf

https://aws.amazon.com/ec2/nitro/nitro-enclaves/

https://aws.amazon.com/compliance/gdpr-center/

https://aws.amazon.com/about-aws/global-infrastructure/regions_az/?p=ngi&loc=2

https://aws.amazon.com/blogs/security/aws-cloud-services-adhere-to-cispe-data-protection-code-of-conduct/

https://aws.amazon.com/compliance/privacy-features/

Cisco Systems, Inc. (USA) / Video-conference call and digital event hosting service provider

https://www.cisco.com/c/en/us/about/legal/privacy-full.html

https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into the DPA contract available here: https://trustportal.cisco.com/c/dam/r/ctp/docs/dataprotection/cisco-master-data-protection-agreement.pdf

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available here:

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-faq-intl-transfer-personal-data-post-schrems-II.pdf

https://www.cisco.com/c/en/us/about/trust-center.html

https://www.cisco.com/c/en/us/solutions/collateral/collaboration/white-paper-c11-744553.html

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-principled-approach-to-government-requests-for-data.pdf

https://trustportal.cisco.com/c/r/ctp/trust-portal.html?doctype=Transparency%20Report#/customer_transparency/pdfViewer/c%2Fdam%2Fr%2Fctp%2Fdocs%2Ftransparency%2Flawful-enforcement-requests-july-december-2019.pdf?docClassification=public

Google LLC (USA), Google Ireland, Ltd./ provider of cloud services, Google Analytics services and YouTube platform

https://policies.google.com/privacy?hl=en-US

https://policies.google.com/privacy#infocollect

https://cloud.google.com/terms/data-processing-addendum

https://policies.google.com/privacy/frameworks?hl=en-US

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into contracts available here:

https://privacy.google.com/businesses/controllerterms/mccs/

https://business.safety.google/controllerterms/

https://cloud.google.com/terms/data-processing-terms

https://business.safety.google/adsprocessorterms/

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available mainly here: https://services.google.com/fh/files/misc/workspace_and_workspace_edu_safeguards_for_international_data_transfers.pdf

https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers_with_google_cloud.pdf

https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers.pdf

https://support.google.com/analytics/answer/11609059?hl=en

https://cloud.google.com/privacy/gdpr

https://cloud.google.com/terms/eu-model-contract-clause

Microsoft Corporation (USA) / Cloud Service Provider

https://privacy.microsoft.com/en-us/privacystatement

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into contracts available here:

https://www.workplace.com/legal/WorkplaceEuropeanDataTransferAddendum

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available in particular here:

https://www.microsoft.com/licensing/docs/view/Microsoft-supplemental-terms-and-conditions

https://microsoft365compliance.de/microsoft-with-new-strong-commitment-to-privacy-in-europe-and-new-measures-and-addendum

https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

https://docs.microsoft.com/en-us/legal/gdpr

Meta Platforms, Inc. (USA) / social network Controller

https://www.facebook.com/policy.php

https://help.instagram.com/519522125107875?helpref=page_content

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR.

https://www.workplace.com/legal/Workplace_GDPR_Addendum

https://www.facebook.com/legal/EU_data_transfer_addendum/update

https://m.facebook.com/legal/terms/Privacy

EU-US Data Privacy Framework

Based on internal analysis, they are sufficient. More information is available , e.g. here: https://about.fb.com/news/2021/03/steps-we-take-to-transfer-data-securely/

https://www.facebook.com/help/566994660333381

https://www.facebook.com/business/help/336550838147603

https://transparency.fb.com/data/government-data-requests/further-asked-questions

LinkedIn (USA) / social network Controller

https://www.linkedin.com/legal/privacy-policy

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR.

https://www.linkedin.com/legal/l/dpa

https://www.linkedin.com/help/linkedin/answer/62533/eu-eea-and-swiss-data-transfers?lang=en

On the basis of a special analysis, they are sufficient. More information is available here: https://www.linkedin.com/legal/l/dpa

https://legal.linkedin.com/pages-joint-controller-addendum

 

 

Udemy, Inc. (USA, Vietnam) – training platform provider

https://www.udemy.com/terms/privacy/

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR incorporated into a CDPA contract.

Based on internal analysis, they are sufficient.

Pluralsight, LLC (USA)

https://www.pluralsight.com/privacy

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR incorporated into a CDPA contract.

EU-US Data Privacy Framework

Based on internal analysis, they are sufficient.

 

If it is necessary to transfer your personal data within the Deutsche Telekom Group to the third country outside the EU/EEA, we rely on standard contractual clauses established by an adequacy decision of the European Commission incorporated into internal contracts. As part of these intra-corporate cross-border transfers, transfers of personal data of our employees to the third countries outside the EU/EEA may occur to a very limited extent within the Deutsche Telekom Group.

In the case of sporadic publishing and checks on compliance with the conditions for publishing smart applications to foreign application stores, it is also necessary to transfer to a limited extent, in ad hoc cases, the basic contact, identification and login data of our employees or developers to the USA to the operators of application stores, while individual cross-border transfer of personal data to the USA may also take place on the basis of exceptions for special situations pursuant to Art. 49 par. 1 letter b)  and letter c) GDPR.

[2] https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_3752

[3] Recommendation No 1/2020 of the European Data Protection Board on measures complementing transfer tools to ensure compliance with the level of protection of personal data in the EU

10. Do we make automated individual decision-making, including profiling ?

No, we do not carry out such processing.

11. Rights of the data subject when processing personal data

 The data subject has the right to object to the processing of personal data carried out by the DT SYSO Controller, the DT ITTEL Controller or both, as joint controllers, on the legal basis of legitimate interests or to the processing of data for direct marketing purposes, including profiling, pursuant to Article 21 of the GDPR. If you file an objection or upon request, we will be happy to prove the conclusions from our balance test demonstrating the predominance of the legitimate interest pursued. 

We care about the protection of personal data and therefore strive to secure it through measures as well as through the possibility to exercise the rights of the data subject under the GDPR at any time through electronic, written or personal request. Requests concerning the rights of data subjects can be sent electronically or in writing to the above-mentioned contact details of the Data Protection Officer. For each request, we recommend explaining in as much detail as possible what right under the GDPR the data subject exercises, what are the identification data of the data subject (to verify identity), or what purposes and data the request relates to. For overly general requests, we must ask for clarification, which extends the basic one-month processing period.

The GDPR lays down general conditions for the exercise of individual rights of data subjects. However, their existence does not automatically mean that when exercising individual rights, they will be satisfied by the DT SYSO Controller, the DT ITTEL Controller or both as joint controllers, as exceptions may also apply in a particular case or some rights are linked to the fulfilment of specific conditions that may not be met in every case. Each request is always dealt with by the DT SYSO Controller, the DT ITTEL Controller or both as joint controllers and examined in the light of valid and effective legislation.

The data subject has the right to:

  • withdraw consent to the processing of personal data at any time, which does not affect the lawfulness of the processing of personal data based on consent before its withdrawal pursuant to Article 7(3) of the GDPR,
  • access to personal data pursuant to Article 15 of the GDPR,
  • correct incorrect and complete incomplete personal data pursuant to Art. 16 GDPR,
  • request the erasure of personal data processed by the DT SYSO Controller, the DT ITTEL Controller or both as joint controllers pursuant to Art. 17 GDPR, in particular if the data are no longer necessary in relation to the purposes for which they were collected or are unlawfully processed, or you withdraw your consent or object,
  • restrict the processing of personal data if erasure is not possible or if the obligation to delete is disputed under Article 18 of the GDPR,
  • notify other recipients of the rectification, erasure or restriction of data pursuant to Art. 19 GDPR,
  • request the transfer/portability of data provided to the DT SYSO Controller, the DT ITTEL Controller or both as joint controllers pursuant to Article 20 of the GDPR in a structured machine-readable format, which are processed automatically and which are also processed on the legal basis of contract or consent,
  • object to data processing based on legitimate interests on grounds relating to their particular situation pursuant to Art. 21 GDPR, and
  • not to be subject to automated individual decision-making under the conditions of Article 22 of the GDPR. More detailed information is available in the section on automated individual decision-making and profiling.

As a data subject you can exercise your rights in the following ways:

  • by e-mail sent to: FMB_dataprivacy@t-systems.com
    • or
  • by sending a written request to the address of the registered office of the respective Operator, stating the text "GDPR" on the envelope, as follows:
  1. If, according to the section 1 of this document, the Controller is DT SYSO, the correspondence address is as follows:  Deutsche Telekom Systems Solutions Slovakia s.r.o., Moldavská cesta 8B, 040 11 Košice,
  2. If, according to the section 1 of this document, the Controller is DT ITTEL, the correspondence address is as follows: Deutsche Telekom IT & Telecommunications Slovakia s.r.o., Moldavská cesta 8B, 040 11 Košice,

  1. In cases where DT SYSO and DT ITTEL are in the position of joint controllers according to the section 2 of this document, you can exercise your rights with any of the above-mentioned Controllers, by e-mail/in writing at the above mentioned contact details.

As a data subject, you also have the right to lodge a complaint with the supervisory authority, which is primarily the Office for Personal Data Protection of the Slovak Republic, or a proposal to initiate proceedings pursuant to § 100 of Act no. 18/2018 Coll. on the protection of personal data. You also have the right to lodge a complaint with any other supervisory authority in the EU Member State where you have your habitual residence, place of work or place of the alleged breach of the GDPR.

Contact details of the supervisory authority in the Slovak Republic:

Office for Personal Data Protection of the Slovak Republic

Hranicna 12

820 07 Bratislava 27

Slovak Republic

statny.dozor@pdp.gov.sk
+421 2 32 31 32 14

12. Where can you find more information that is important to you ?

This document represents the fulfillment of our general information obligation under the GDPR on how we process your personal data. Information on the processing of cookies can be found on this web portal in the section Cookies processing information.

The following Binding Corporate Rules according to Art. 47 GDPR also apply to us:

Deutsche Telekom Systems Solutions Slovakia s.r.o. :

Deutsche Telekom IT & Telecommunications Slovakia s.r.o. :

 This Information on the processing of personal data was updated on 15.3.2024

Deutsche Telekom Systems Solutions Slovakia s.r.o.
Deutsche Telekom IT & Telecommunications Slovakia s.r.o.