With voice telephony, contract and traffic data are stored and processed. The purpose of the contract data is to form a basis for contractual relationships and maintain the customer relationship. These include, e.g., data such as the name, address and information about used products, services and customer rates. Using traffic data, telecommunication connections are established and controlled. They are processed to generate invoices and stored as a performance record. Upon request, an itemized bill can be generated for the customer from this. Details about the collection and processing of customer data by Deutsche Telekom can be found in the relevant data protection regulations for the products that you have selected.
For customer care, Customer Service and technical staff need to access the stored data, when necessary for processing. Customer Services must access customer data in order to process customer enquiries about invoices, for example. Technical staff needs access to the traffic data, to rectify faults, for example. For other access, the customer's explicit consent or specific, legal permission is required.
Each affected party can request information pursuant to Paragraph 34 of the Federal Data Protection Act, regarding which data about him/her are stored by Deutsche Telekom. However, only the affected party personally has this right to request information, not his/her spouse, for example. Affected parties can contact the postal address of Deutsche Telekom AG, Group Privacy, Friedrich-Ebert-Allee 140, D-53113 Bonn or the email address email@example.com.
Since the decision by the Federal Constitutional Court dated March 2, 2010, Deutsche Telekom no longer retains connection data. We immediately deleted all connection data retained until that time and deemed as void on the basis of the legal regulations declared by the Federal Constitutional Court.
Deutsche Telekom has put in place comprehensive internal regulations and measures in order to protect customer data in the best way possible. Detailed concepts are being prepared for the systems that process data, which document the data protection, rights and data security. A requirement for starting up a system is the confirmation of compliance with data protection and data security regulations. Only when the required concepts are available and approved, can customer data be dealt with within the context of the relevant, defined specifications. In general, a strict "need to know" principle applies to dealing with customer data.
Furthermore, the Deutsche Telekom employees are trained on data protection and data security topics and obligated to maintain compliance. With this, the significance of confidentiality in dealing with customer data is particularly pointed out. The commitment and training courses are repeated at regular intervals. On the basis of the company-specific requirements, particularly regarding customer data protection, compliance with data protection and telephone secrecy are observed through individual training course concepts.
At Deutsche Telekom, so-called "regional offices for special government regulations" are available as contacts for the investigating authorities. Employees work here who are specifically qualified and well-trained in data protection matters. Their actions are recorded and documented, and monitored by the Federal Network Agency regarding compliance with legal regulations and fulfillment of the legal requirements.
Clear requirements are defined by the legislator for the use and processing of customer data, through the telecommunication and data protection acts. The Group Privacy Officer of Deutsche Telekom, Dr. Claus Dieter Ulmer, and his team work toward compliance with these laws through internal company specifications, data protection consultations, training courses and audits. The responsible regulatory agencies, i.e. the Federal Commissioner for Data Security and Freedom of Information, the responsible local government agencies and the Federal Network Agency, regularly review compliance with the data protection requirements. Specific systems, such as prevention of misuse, have been presented to the data protection authorities. Furthermore, the IT security precautions are regularly certified with internal audits, as well as by external auditors. In addition to that, Deutsche Telekom carries out a Group-wide uniform data protection audit for its employees each year. It contains questions on the implementation of human resource, technical and organizational data protection.