Privacy Policy 
(developed according to Articles 13 and 14 of the GDPR)

1. Who is the Controller and the Data Protection Officer?

If you are in a contractual, similar relationship or in other proceedings with the company Deutsche Telekom Systems Solutions Slovakia s.r.o., Moldavská cesta 8B, 040 1 1 Košice, IČO: 35976721, registered in the Commercial Register i of the District Court Košice I, Section: Sro, File No. 18094/V (hereinafter referred to as also "DT SYSO"), company DT SYSO is the controller of your personal data processing (further referred to as also „Controller DT SYSO“) except from specific cases mentioned under section 2 where joint controllers DT SYSO and DT ITTEL are in the role of controller of your personal data processing.

If you are in a contractual, similar relationship or in other proceedings Deutsche Telekom IT & Telecommunications Slovakia s.r.o., 040 1 1 Košice, IČO: 52934039, registered in  the Commercial Register  and of the District Court Košice I, oddiel: Sro, File No. 48210/V ( hereinafter referred to as also „DT ITTEL“), company DT ITTEL is the controller of your personal data processing (further referred to as also „Controller DT ITTEL“) except from  specific cases mentioned under section 2 where joint controllers DT SYSO and DT ITTEL are in the role of controller of your personal data processing.

Further on in the text, the above-mentioned business companies may also appear under the joint brand name "Deutsche Telekom IT Solutions Slovakia" or "We". That is the reason why we provide you with information related to both companies also under the brand name.

2. In which cases do we process personal data as joint controllers?

It follows from the agreement of the joint controllers concluded in accordance with Article 26 of the GDPR that within Deutsche Telekom IT Solutions Slovakia we also process personal data for joint purposes in the section concerning the selection of suitable human resources and keeping records of job seekers and for marketing and PR purposes. It follows from this agreement that all relevant obligations under the GDPR in relation to data subjects, including informing and handling requests for exercising the rights of the data subject, will be ensured by Deutsche Telekom Systems Solutions Slovakia s.r.o. . However, as the data subject, you can  claim your rights with any of the companies of Deutsche Telekom IT Solutions Slovakia by phone / e-mail at the contact details provided above or in writing at the address of the companies. The agreement also specifies the organizational and technical measures that are taken to ensure an adequate level of security of the processing of your personal data. The agreement also contains a mechanism for resolving liability relations between the two companies, Deutsche Telekom IT Solutions Slovakia.

In addition to the joint controller agreement concluded by DT SYSO and DT ITTEL explained above, we have also concluded a joint controller agreement with LinkedIn and Meta, Inc. to manage our profiles set up on Facebook and LinkedIn for statistical purposes as a result of the use of the page insights service.  The joint controller agreement concluded pursuant to Art. 26 GDPR with LinkedIn  is available here: https://legal.linkedin.com/pages-joint-controller-addendum and joint controller agreement concluded with Meta, Inc. is available here: https://www.facebook.com/legal/controller_addendum

3. What are the purposes and legal bases of personal data processing?

Information on purposes and legal bases for personal data processing conducted by the Controller Deutsche Telekom Systems Solutions Slovakia s.r.o.  can be found after clicking the link HERE.

Information on purposes and legal bases for personal data processing conducted by the Controller Deutsche Telekom IT & Telecommunications Slovakia s.r.o.  can be found after clicking the link HERE.

The purposes and legal bases of personal data processing are provided in more details in respective data privacy information that is provided to data subjects when obtaining personal data from them.

4. What legitimate interests do we pursue ?

Personal data processing activities conducted by the Controller DT SYSO and by the Controller DT ITTEL for the abovementioned purposes of personal data processing are based also on the following legitimate interests:

  • internal administrative purposes within DTAG group of undertakings
  • performance of market research and realization of public business competition
  • performance of customer, certification and internal audits
  • optimal functioning of websites
  • identification of a natural person when entering the premises of the Controller for the purpose of protecting property, persons and other rights of the Controller
  • safeguarding the security of information and IT systems of the Controller
  • development, improvement and testing of software and its management
  • informing application users about new functions and software add-ons

Information regarding specific legitimate interests is in the framework of purposes of personal data processing provided in more details in respective data privacy information that is provided to data subjects when obtaining personal data from them.

5. When are you obliged to provide us with your personal data and what may be the consequences of not providing them ?

The data subject is obliged to  provide  personal data to Deutsche Telekom IT Solutions Slovakia, if provided for by a special legal regulation. For example:

  • verifying your identity before processing certain data subject requests made under the GDPR;
  • obtaining a valid security clearance for acquaintance with classified information from the NSA pursuant to the Act on the Protection of Classified Information[1];
  • when submitting accounting and tax documents related to supplied goods and services under the Accounting Act, the Income Tax Act and the VAT Act
  • in fulfilling the employer's legal obligations under the Labour Code and several special regulations in the field of social security law, occupational health and safety
  • in fulfilling the legal obligations of a limited liability company in connection with securing corporate agenda
  • applying appropriate security measures taken to ensure the security of personal data processing pursuant to Art. 32 GDPR and other measures related to compliance with the protection of personal data

There are a number of legal regulations that oblige Deutsche Telekom IT Solutions Slovakia to  detect or process certain personal data about different groups of data subjects, but these regulations do not have to explicitly stipulate the obligation of clients to comply with such requests or to tolerate such processing. If there is a  legal obligation of the data subject  to provide data to   Deutsche Telekom IT Solutions Slovakia or an  obligation to process it to Deutsche Telekom IT Solutions Slovakia  without fulfilling this legal obligation,   Deutsche Telekom IT Solutions Slovakia cannot proceed in a specific situation or legal relationship  furthermore, which may have a specific impact and consequences on the data subject according to the nature of the specific situation (e.g. will not be able to be registered as our employee in the Social Insurance Register, we will not be able to post accounting documents and provide the data subject with performance for the goods and services supplied, we will not be able to handle the request of the data subject to exercise certain rights under the GDPR, we will not be able to allow the employee to work on projects,  where our clients also have classified information, we will not be able to register essential legal facts related  to corporate  agenda in the Commercial Register or create important corporate documents  and documents, which will motivate us to use all available legal means to prevent such complications from occurring in the future, including the removal of the data subject from office in the bodies of companies, Controllers, etc.).

If the legal basis for the processing of your personal data is a legitimate interest in accordance with Article 6(1)(f) of the GDPR, the data subject  is obliged to  tolerate this processing, but has the right to effectively object to it, which may result in the restriction, termination of processing or even the continuation of its processing, depending on  the individual circumstances of the  specific objection of the data subject. You can learn more about this right in the separate section  "Rights of data subjects with regard to the processing of personal data" below.

If the legal basis is consent to the processing of personal data pursuant to Article 6(1)(a) of the GDPR, the data subject is   never obliged to provide Deutsche Telekom IT Solutions Slovakia with  personal data and the provision is always voluntary.  Any failure to provide personal data in these cases cannot have any negative consequences on the data subject.

If we conclude a contract  with you or your company or employer, the provision of your personal data may be a contractual requirement, in  particular in connection with sufficient identification of the contracting parties or communication between the contracting parties  when concluding and fulfilling a contractual relationship or asserting, defending and proving our legal claims. The decision to enter into a contract or to enter into a contract negotiation is voluntary,  but is usually only feasible if your personal data is provided. Failure  to provide them will  probably result in the non-conclusion of a contract or failure to provide the requested service, or may adversely affect the performance of the concluded contractual relationship with your employer or the company with which you cooperate, which may cause certain consequences against you, which, however, will not be applied by us, but rather by your employer or our business partner or a supplier with whom you have your own separate legal relationship and legal liability arising from it.

If the data subject refuses to  provide personal data to Deutsche Telekom IT Solutions Slovakia:

  • necessary for the conclusion of the contract or its performance, it will not be possible to conclude, amend, perform or terminate the contract,
  • necessary for processing based on consent, the processing will not be able to take place.

[1] Act No. 215/2004 Coll. on the Protection of Classified Information as amended

6. If we process categories of personal data that we have not obtained directly from you as the data subject ?

Deutsche Telekom IT Solutions Slovakia, as the controller, usually  collects data directly from you.  As processor, respectively sub-processors of Deutsche Telekom  IT Solutions Slovakia we may also collect various personal data originating from various clients of companies from the Deutsche Telekom Group  – however, we are not obliged to inform about such categories of personal data.   

In practice, it is also not excluded that we also obtain your personal data as controllers indirectly from various sources, which may be various natural and legal persons (eg. employee as legal representative of  a minor child, authorized person, other authorized person exercising his/her rights, public authorities, courts, bailiffs, public authorities, business partners, suppliers, providers of specialized marketing database enrichment services, etc.) or publicly available  sources and  registers (e.g. commercial register, trade register, register of financial statements, websites published on the Internet, or from  providers of services based on public data and public data sources, or from other persons,  if you  have a legal basis for such collection of personal data  by Deutsche Telekom IT Solutions Slovakia), especially in cases where we need this data when concluding and fulfilling contractual relations or exercising our legitimate interests.

The sources of personal data are specified in the specific information  that is provided to the data subject when obtaining personal data.

In some cases, we receive new categories of personal data as a result of our own actions and analyses carried outby various applications based on personal data that is either  provided to    us directly by  you and that comes from external sources explained above.  These are so-called observed or derived personal data. Within such data groups, we process only common, usually pseudonymised categories of personal data that are necessary mainly for the purposes  of developing, improving  and testing software.  Within these categories of observed and derived personal data, we never process special categories of sensitive personal data or any data related to criminal convictions or misdemeanors.

The above information regarding the categories of personal data obtained from external sources is of a general nature and may be refined and supplemented at any time in our first direct communication with you.

7. For how long do we keep your personal data ?

Deutsche Telekom IT Solutions Slovakia stores personal data of various categories of data subjects in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed.

The duration of  the storage of personal data are specified in the specific information  that is provided to the data subject when collecting personal data.

8. To whom do we provide personal data, or what are the categories of recipients of personal data ?

The list of recipients of personal data is provided directly in the consent if personal data are processed with the consent of the data subject. If personal data is provided on the basis of a contract between  Deutsche Telekom IT Solutions Slovakia  and a client or on the client's instruction, the recipients are specified in this contract or instruction.

Processors, i.e. companies that we undertake to process data within the scope defined by law, Article 28 GDPR (service providers, agents). In this case, responsibility for the protection of your data remains with Deutsche Telekom IT Solutions Slovakia. We use companies mainly in the following areas: IT, sales, marketing, finance, consulting, customer service, HR.

Business partners who on their own responsibility provide services for you or in connection with your contract with  Deutsche Telekom IT Solutions Slovakia. This is the case if you order the services of these partners from us, if you agree to involve the partner, or if we involve the partner on the basis of legal permission.

In context with legal requirements: In certain cases, we are legally obliged to transfer certain data to a government authority that requests it.

We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized employees of Deutsche Telekom IT Solutions Slovakia or with a verified third party. Our employees may have access to your personal data on the basis of strictly necessary information, which is usually limited by the function, role and department of a particular employee. We ensure that the selection  of our processors and the processing of personal data by our processors comply with the GDPR. The categories of recipients of your personal data are as follows:

  • Providers of personnel tools and systems;
  • The parent company Deutsche Telekom AG and, where appropriate, other companies in the Deutsche Telekom Group;
  • Provider of support for payroll accounting processing system;
  • Providers of Social network;
  • Benefit providers;
  • Providers of online learning platforms;
  • Providers of online platforms to share data on job skills, qualifications and available staff capacity;
  • Cloud service providers;
  • Educational service providers;
  • Video conference and call service providers;
  • Recruitment and headhunting agencies;
  • BOZP and fire protection service providers;
  • chambers of commerce;
  • Pension management companies;
  • Pension supplementary savings companies;
  • Health insurance companies, insurance companies and banks;
  • Social Insurance Agency;
  • Occupational health service;
  • Secondary schools involved in dual education;
  • Postal businesses and courier services;
  • Partners assisting in obtaining travel visas and the Consular Office and the Police in arranging visas for foreign travel of employees;
  • Authorized recipients from among the employees of the Controllers bound by the obligation of confidentiality and instructions pursuant to Art. 29 and Art. 32 para. 4 GDPR.
  • Law firms and attorneys;
  • Notaries or Notarial Offices and the Chamber of Notaries of the Slovak Republic when maintaining notarial central registers and auxiliary registers;
  • Bailiffs and the Chamber of Bailiffs of the Slovak Republic in keeping the Register of Executions of the Slovak Republic;
  • Public authorities and courts under applicable law as third parties;
  • Register of Public Sector Partners, respectively. Ministry of Justice of the Slovak Republic;
  • Insolvency practitioners and restructuring practitioners;
  • Advisory firms and financial auditors;
  • Assignees in case of sale of receivables;
  • Counterparty or party to proceedings other than the Controllers and their legal representatives;
  • Experts, expert institutes;
  • Parent company Deutsche Telekom AG and companies from the Deutsche Telekom Group;
  • Intermediary service providers enabling the Controller to procure services and products in their own name;
  • Intermediaries to support procurement / purchasing processes, record contractual relations, support administrative systems;
  • Persons registered as partners in the companies of the Controllers in the Commercial Register;
  • Auditors conducting financial audits;
  • Auditors conducting certification audits;
  • Auditors conducting security audits;
  • Customers of Deutsche Telekom AG or auditors commissioned by them;
  • Central government institution participating in the provision of State aid or resources from EU funds as third parties;
  • Postal undertakings;
  • National Agency for Network and Electronic Services (NASES);
  • Attorneys and/or law firms;
  • Companies from the Deutsche Telekom Group;
  • Tax advisors;
  • Financial auditors;
  • Third parties: Financial Administration of the Slovak Republic - Tax Office, Office for Protection of Whistleblowers of Anti-Social Activities of the Slovak Republic, Office for Personal Data Protection of the Slovak Republic, National Security Authority;
  • Marketing agencies;
  • PR agencies;
  • Event agencies;
  • Web hosting and cookie management providers on the website;
  • Database providers of start-up companies;
  • Data analytics service providers;
  • Social network Providers (Facebook, Instagram, LinkedIn) and YouTube;
  • Providers of video-conferencing and digital event platforms;
  • Podcast distribution and subscription platform providers;
  • Technical support providers for IT systems and internal user support;
  • Providers of security advice and service;
  • Private security services;
  • ISO/IEC 27001 certification audit providers;
  • Providers of specific IT security systems and services;
  • Internet service providers;
  • Partners participating in the development of applications for end users;
  • Providers of specialized software tools in checking licenses of users of the Controllers;
  • Providers of end-user app store platforms;
  • Companies from the Deutsche Telekom AG group (primarily anonymous statistics are provided);
  • Social network Controllers;
  • Registry management service providers;
  • Ministry of Interior of the Slovak Republic as a third party;
  • State Archives in Košice as a third party;

Specific recipients are specified in the detailed information  that is provided to the data subject when collecting personal data.

If we use processors for the processing of personal data, we verify before authorizing them whether they meet the requirements of an organizational and technical nature in terms of ensuring the security of processing of your personal data under the GDPR. If we are asked by a public authority to make your personal data available, we examine the conditions set by legislation for their disclosure and we  do not provide your personal data without verifying whether the legal conditions are met. We will be happy to provide you with more information about our current processors upon request

9. Where is your data processed ?

Your data will be processed in Slovakia, Germany and other European countries. If, in exceptional cases, your data is processed in countries outside the European Union (so-called third countries), processing will take place

  1. if you have expressly consented to this (Art. 49 (1) GDPR). (In most non-EU countries, the level of data protection does not correspond to EU standards. This concerns in particular complex monitoring and control rights of state authorities, e.g. in the USA, which disproportionately interfere with the protection of European citizens' data, or
  2. to the extent necessary to provide you with our services (Art. 49 (1) (b) GDPR), or
  3. to the extent required by law (Article 49 (1) (c) GDPR). 

In addition, your data will only be processed in third countries if certain measures ensure an adequate level of data protection (e.g. EU Commission adequacy decision or appropriate safeguards, Art. 44 et seq. GDPR). Cross-border transfer of personal data to third countries (i.e. countries outside the EU, Norway, Iceland and Liechtenstein) to Deutsche Telekom IT Solutions Slovakia is carried  out only if necessary, always in accordance with the requirements of the GDPR.  Deutsche Telekom IT Solutions Slovakia uses or may use the  services of some leading suppliers such as Google, LLC.,  LinkedIn  Corporation, Meta, Inc. and Microsoft Corporation,  Inc.,  in particular for marketing and statistical purposes, or when using cloud services for other purposes, or to other importers. These suppliers and their facilities are located in the United States. After  the Court of Justice of the EU annulled the  EU-US Privacy Shield,  the  United States and the US were considered as a third country not providing an adequate level of protection. On 10 July 2023, the European Commission adopted an adequacy decision on the EU-US framework for the protection of personal data. The adequacy decision concluded that the United States ensures an adequate level of protection, compared to the EU, of personal data transferred from the EU to US companies participating in the EU and US data protection framework. The adequacy decision follows the signing by the US of the executive order "Improving safeguards for signals activities of the US intelligence community", which introduced new binding safeguards to address the points raised by the Court of Justice of the European Union in its Schrems II ruling of July 2020. In particular, the new obligations aimed at ensuring that US intelligence agencies have access to data only to the extent necessary and proportionate, and at establishing an independent and impartial redress mechanism to handle and resolve complaints by Europeans about the collection of their data for national security purposes.[2] If we transfer personal data to third countries, in specific cases also to the USA, we require the fulfilment of additional data protection safeguards (e.g. the conclusion of so-called contractual clauses or the existence of binding corporate rules). The standard contractual clauses are a model contract for transfers approved by the European Commission. EU data exporters cannot deviate substantially from this wording. The contractual clauses have been identified by the Court of Justice of the EU as a still valid and usable legal instrument. However, we seek to take additional safeguards where we believe it is necessary in light of the conclusions of the Court of Justice of the EU. Information on specific data importers from third countries and the guarantees applied is provided in this overview table: 

Data importer

Privacy Policy

Adopted legal safeguards for cross-border transfers under GDPR

Additional safeguards as recommended by the EDPB[3]

Amazon Web Services, Inc. (USA) / cloud service provider

https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into the DPA contract available here: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available here:

https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf

https://d1.awsstatic.com/whitepapers/Security/navigating-compliance-with-eu-data-transfer-requirements.pdf

https://aws.amazon.com/ec2/nitro/nitro-enclaves/

https://aws.amazon.com/compliance/gdpr-center/

https://aws.amazon.com/about-aws/global-infrastructure/regions_az/?p=ngi&loc=2

https://aws.amazon.com/blogs/security/aws-cloud-services-adhere-to-cispe-data-protection-code-of-conduct/

https://aws.amazon.com/compliance/privacy-features/

Cisco Systems, Inc. (USA) / Video-conference call and digital event hosting service provider

https://www.cisco.com/c/en/us/about/legal/privacy-full.html

https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into the DPA contract available here: https://trustportal.cisco.com/c/dam/r/ctp/docs/dataprotection/cisco-master-data-protection-agreement.pdf

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available here:

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-faq-intl-transfer-personal-data-post-schrems-II.pdf

https://www.cisco.com/c/en/us/about/trust-center.html

https://www.cisco.com/c/en/us/solutions/collateral/collaboration/white-paper-c11-744553.html

https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-principled-approach-to-government-requests-for-data.pdf

https://trustportal.cisco.com/c/r/ctp/trust-portal.html?doctype=Transparency%20Report#/customer_transparency/pdfViewer/c%2Fdam%2Fr%2Fctp%2Fdocs%2Ftransparency%2Flawful-enforcement-requests-july-december-2019.pdf?docClassification=public

Google LLC (USA) / provider of cloud services, Google Analytics services and YouTube platform

https://policies.google.com/privacy?hl=en-US

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into contracts available here:

https://privacy.google.com/businesses/controllerterms/mccs/

https://business.safety.google/controllerterms/

https://cloud.google.com/terms/data-processing-terms

https://business.safety.google/adsprocessorterms/

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available mainly here: https://services.google.com/fh/files/misc/workspace_and_workspace_edu_safeguards_for_international_data_transfers.pdf

https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers_with_google_cloud.pdf

https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers.pdf

https://support.google.com/analytics/answer/11609059?hl=en

https://cloud.google.com/privacy/gdpr

https://cloud.google.com/terms/eu-model-contract-clause

Microsoft Corporation (USA) / Cloud Service Provider

https://privacy.microsoft.com/en-us/privacystatement

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into contracts available here:

https://www.workplace.com/legal/WorkplaceEuropeanDataTransferAddendum

EU-US Data Privacy Framework

On the basis of a special analysis, they are sufficient. More information is available in particular here:

https://www.microsoft.com/licensing/docs/view/Microsoft-supplemental-terms-and-conditions

https://microsoft365compliance.de/microsoft-with-new-strong-commitment-to-privacy-in-europe-and-new-measures-and-addendum

https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

https://docs.microsoft.com/en-us/legal/gdpr

Meta Platforms, Inc. (USA) / social network Controller

https://www.facebook.com/policy.php

https://help.instagram.com/519522125107875?helpref=page_content

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR.

https://www.workplace.com/legal/Workplace_GDPR_Addendum

https://www.facebook.com/legal/EU_data_transfer_addendum/update

https://m.facebook.com/legal/terms/Privacy

EU-US Data Privacy Framework

Based on internal analysis, they are sufficient. More information is available , e.g. here: https://about.fb.com/news/2021/03/steps-we-take-to-transfer-data-securely/

https://www.facebook.com/help/566994660333381

https://www.facebook.com/business/help/336550838147603

https://transparency.fb.com/data/government-data-requests/further-asked-questions

LinkedIn (USA) / social network Controller

https://www.linkedin.com/legal/privacy-policy

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR.

https://www.linkedin.com/legal/l/dpa

https://www.linkedin.com/help/linkedin/answer/62533/eu-eea-and-swiss-data-transfers?lang=en

On the basis of a special analysis, they are sufficient. More information is available here: https://www.linkedin.com/legal/l/dpa

https://legal.linkedin.com/pages-joint-controller-addendum

 

 

Udemy, Inc. (USA, Vietnam) – training platform provider

https://www.udemy.com/terms/privacy/

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR incorporated into a CDPA contract.

Based on internal analysis, they are sufficient.

Pluralsight, LLC (USA)

https://www.pluralsight.com/privacy

Standard contractual clauses approved by the European Commission pursuant to Art. 46(2)(c) GDPR incorporated into a CDPA contract.

EU-US Data Privacy Framework

Based on internal analysis, they are sufficient.

 

If it is necessary to transfer your personal data within the Deutsche Telekom Group to a third country outside the EU/EEA, we rely on standard contractual clauses established by a relevant decision of the European Commission incorporated into internal contracts. As part of these intra-corporate cross-border transfers, transfers of personal data of our employees to a third country outside the EU/EEA may occur to a very limited extent within the Deutsche Telekom Group.

In the case of sporadic publishing and checks on compliance with the conditions for publishing smart applications to foreign application stores, it is also necessary to transfer to a limited extent in ad hoc cases the basic contact, identification and login data of our employees or developers to the USA to the Controllers of application stores,  while there may also be individual cross-border transfers of personal data to the USA based on derogations for specific situations pursuant to Art. 49(1)(b) and (c) GDPR.

 

[2] https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_3752

[3] Recommendation No 1/2020 of the European Data Protection Board on measures complementing transfer tools to ensure compliance with the level of protection of personal data in the EU

10. Do we make automated individual decision-making, including profiling ?

No, we do not carry out such processing.

11. Rights of the data subject when processing personal data

The data subject has the right to object to the processing of personal data processed by Deutsche Telekom IT Solutions Slovakia on the legal basis of legitimate/public interests or to the processing of data for direct marketing purposes, including profiling, pursuant to Article 21 of the GDPR. 

We care about the protection of personal data and therefore strive to secure it through measures as well as through the possibility to claim the rights of the data subject under the GDPR at any time through electronic, written or personal request. Requests concerning the rights of data subjects can be sent electronically or in writing to the above contact details of the Data Protection Officer. For each request, we recommend to explain as much detail as possible what right under the GDPR the data subject exercises, what are the identification data of the data subject (to verify identity), or what purposes and data the request relates to. For overly general requests, we must ask for clarification, which extends the basic one-month processing period.

The GDPR lays down general conditions for the exercise of individual rights of data subjects. However, their existence does not automatically mean that  Deutsche Telekom IT Solutions Slovakia  will always comply with them when exercising individual rights, as exceptions may also apply in a particular case or some rights are linked to the fulfilment of specific conditions that may not be met in every case. Deutsche  Telekom IT Solutions Slovakia  always deals with  each application and examines it in the light of the legislation in question.

The Client or Data Subject has the right to request from  Deutsche Telekom IT Solutions Slovakia:

  • withdraw consent to the processing of personal data at any time, which does not affect the lawfulness of the processing of personal data based on consent before its withdrawal pursuant to Article 7 (3) of the GDPR,
  • access to personal data pursuant to Article 15 of the GDPR,
  • rectification of incorrect and completion of incomplete personal data pursuant to Article 16 of the GDPR,
  • deletion of personal data processed by Deutsche Telekom IT Solutions Slovakia pursuant to Article 17 of the GDPR, in particular if the data are no longer necessary in relation to the purposes for which they were collected or are unlawfully processed, or you withdraw your consent and object,
  • restriction of the processing of personal data if erasure is not possible or if the obligation to delete is disputed under Article 18 of the GDPR,
  • notification of rectification, erasure or restriction of data also to other recipients pursuant to Art. 19 GDPR,
  • transfer/portability of data provided to Deutsche Telekom IT Solutions Slovakia pursuant to Article 20 of the GDPR in a structured machine-readable format, which are processed automatically and which are also processed on the legal basis of a contract or consent,  
  • the right to object to data processing based on legitimate interests on grounds relating to your particular situation pursuant to Art. 21 GDPR, and
  • the right not to be subject to automated individual decision-making under the conditions of Article 22 of the GDPR. More detailed information is available in the section on automated individual decision-making and profiling.

Each data subject also has the right to lodge a complaint with the supervisory authority, which is primarily the Office for Personal Data Protection of the Slovak Republic, or a proposal to initiate proceedings pursuant to § 100 of Act no. 18/2018 Coll. on the protection of personal data. The Office for Personal Data Protection of the Slovak Republic provides further information on the rights of data subjects as well as templates of requests. As a data subject, you also have the  right to lodge a complaint with any other supervisory authority in the EU Member State where you have your habitual residence, place of work or where the alleged breach of the GDPR is located.

Contact details of the supervisory authority in the Slovak Republic:

Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12

820 07 Bratislava 27

Slovak Republic

statny.dozor@pdp.gov.sk

+421 2 32 31 32 14

12. Where can you find more information that is important to you ?

This data protection information provides an overview of how Deutsche Telekom IT Solutions Slovakia processes your data. Information on the processing of cookies can be found  on the web portal of   Deutsche Telekom IT Solutions Slovakia https://www.deutschetelekomitsolutions.sk/  , or other web portals operated by them in the Personal Data Protection section.

Companies of Deutsche Telekom IT Solutions Slovakia are subject to the following Binding Corporate Rules pursuant to Article 47 of GDPR:

Deutsche Telekom Systems Solutions Slovakia s.r.o. :

Deutsche Telekom IT & Telecommunications Slovakia s.r.o. :

 

This Information on the processing of personal data was updated on 1.2.2024

Deutsche Telekom Systems Solutions Slovakia s.r.o.
Deutsche Telekom IT & Telecommunications Slovakia s.r.o.