Privacy Notice of Telekom Deutschland GmbH ("Telekom") for the Use of the Magenta Business API Portal

The protection of your personal data is of high importance to Telekom Deutschland GmbH. It is important to us to inform you about which personal data are collected, how they are used, and which options you have in this regard.

What data are collected, how are they used, and how long are they stored?

When using the Magenta Business API Portal and the Magenta Business APIs, hereinafter referred to as the online service, the following account data are stored for user identification, processed, and deleted after an appropriate period following account deactivation:
Username (email address), address, and the company's VAT ID, first name and last name of the user, password, telephone numbers, and payment methods (bank details, credit cards, PayPal). For the account administrator, the users he/she has invited are stored.
Usage information of the portal and the API (Art. 6 Para. 1b GDPR, §25 Para. 2 No. 2 TTDSG). When you use our online service, our servers temporarily record the domain name or the IP address of your device as well as additional data such as the requested content or the response code. The logged data are used exclusively for data security purposes, especially to ward off attempts to attack our web server (Art. 6 Para. 1f GDPR). They are not used to create individual user profiles, nor are they passed on to third parties, and are deleted after a reasonable period. The statistical analysis of anonymized data sets is reserved.
Information that we automatically collect when you visit our websites. We, our providers, and third parties such as our advertising and analysis providers collect information about your visits to our websites and your interactions with our ads or content, as well as information such as your IP address, your location, cookies, and other tracking technologies (e.g., web beacons, device identifiers, cross-device tracking). Further information can be found in our cookie and tracking notice below, which contains information on how you can control or deactivate these cookies and tracking technologies.
Information collected in connection with your use of services provided through our platform. We and our service providers may collect personal data and other information in connection with your use of communication services provided through our platform, including, but not limited to:
Information on the use of communication. This includes information about your communication transmitted via our platform, such as the timing and duration of use, source and destination identifiers to/from telephone numbers, completion status, location, IP address, and the extent of use.
Communication content. In order to send and receive messages through our platform, we must be able to process the content of the messages, calls, and other communication channels you use. This includes, for example, voicemails, messages, and call recordings recorded via our services.
Information when you contact our support. We collect information from you, including personal data such as contact information, documentations, screenshots, or other information that you or we believe may be helpful in resolving the issue. If you speak with our customer service or sales representative, your calls may be recorded and/or monitored for quality assurance, training, and research purposes.
Linking with other systems: The data on the use of the portal are collected and stored by Vonage B.V., Basisweg 10, 1043AP Amsterdam, Netherlands.
For the provision of services: We use your personal data and other information as necessary to fulfill our obligations in providing our services to our customers. This includes delivering your messages to the intended end user, processing transactions with you (e.g., billing), authenticating you when you log in to our platform, providing customer support, and operating and maintaining our services. We also need your data to communicate with you about the services, including registration confirmations, purchase confirmations, expiry or renewal reminders, responding to your requests, and sending notifications, updates, security alerts, administrative messages, and other communications necessary for the use of the services.
For carrying out core activities related to our services. To effectively offer you our services, we use your personal data and other information to engage in important supporting activities, such as:
Billing and collection, including maintaining records in case of a later billing dispute;
Preventing fraud, violations of our acceptable use policies, and unlawful activities;
Troubleshooting, quality control, and analyses; and
Monitoring the performance of our systems and platforms.

What permissions are required for accesses to data and functions of the end device by the online service?

To use the online service on your end device, it must be able to access various functions and data of your end device. For this, it is necessary that you grant certain permissions (Art. 6 Para. 1a GDPR, §25 Para. 1 TTDSG).

The permissions are programmed differently by the various manufacturers. For example, individual permissions may be grouped into permission categories, and you may only agree to the entire permission category.

Please note that in the event of an objection to one or more permissions, you may not be able to use all functions of our online service.

As far as you have granted permissions, the online service requires access to the internet via WLAN or mobile network to establish a connection from the end device to the server on which the portal is hosted.

Will my usage behavior be evaluated, e.g., for advertising or tracking?

Explanations and Definitions

We want you to enjoy using our online services and to utilize our products and services. We have an economic interest in this. To help you find the products that interest you and to make our online service user-friendly, we analyze your usage behavior anonymously or pseudonymously. Within the legal framework, we or companies commissioned by us create user profiles. A direct inference to you is not possible. Below we inform you generally about the various purposes.

Through the query "Consent to data processing" that appears when you call up our online service, you have the option to consent to the processing or to reject it in parts or entirely. Processes required for the provision of the online service (see explanation above under 1.) cannot be rejected.

Required Tools

Tag Management

Tag management is used to manage the deployment of tools on the various pages of our online service. A tag is defined for each page. Based on the tag, it can then be determined which tools should be used on this page. Thus, tag management can be specifically controlled, so the tools are only used where they make sense and are legally justified.

Analytical Tools

Market Research / Reach Measurement

The aim of reach measurement is to statistically determine the usage intensity and the number of users of an online service, as well as to obtain comparable values for all connected offers. Market research aims to learn more about the target groups who use services or applications and view ads. At no time are individual users identified. Your identity is always protected.

Marketing Tools

Profiles for Demand-Oriented Design of the Online Service

To continuously improve the online service, we would like to create so-called clickstream analyses. The clickstream corresponds to your movement path within the online service. Analyzing the movement paths provides us insights into usage behavior. This allows us to identify possible structural errors and thus improve the user experience.

Profiles for Personalized Recommendations Telekom wants to offer you individually tailored, personalized action and click recommendations for offers, services, or products. To this end, we create a pseudonymous profile of the online services you access on the internet with the help of service providers and assign categories to this profile. You will be shown content or hints that match the profile.

Analytical Tools

These tools help us better understand usage behavior. Analysis tools enable the collection of usage and recognition possibilities by us or third parties in so-called pseudonymous usage profiles. For example, we use analysis tools to determine the number of individual users of an online service or to collect other statistics regarding the operation of our products, as well as to analyze user behavior based on anonymous and pseudonymous information, such as how users interact with online services. A direct inference to a person is not possible. The legal basis for these tools is §25 Para. 1 TTDSG, Art. 6 Para. 1a GDPR or, in the case of third countries, Art. 49 Para. 1a GDPR.

Company: Amazon Web Services Purpose: Demand-Oriented Design Storage Duration: 30 Days Country (Processing / Access): Germany

Google - Maps

On individual pages of the online service, we use Google Maps for displaying maps, locations, and for route planning. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding Google Maps, your IP address is transmitted directly to Google and a cookie is stored as soon as you visit such a page. You can inform yourself about the data processing by Google at any time at https://policies.google.com/privacy?hl=de&gl=de and object to it.

Google - reCAPTCHA

Our website and service platforms use reCAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart"), tools used to distinguish between genuine and automated users, such as bots. CAPTCHAs sometimes pose tasks that are easy for humans but difficult for computers to solve, or they may run virtually invisibly to the user. Some data may be collected and passed on to Google, such as:

Browser cookies
IP
Operating system
Mouse movements and keystrokes
Duration of pauses between actions Device settings (e.g., language or location)

Find more information on reCAPTCHA here.

Communication Providers

As a provider of a communication platform, we pass on the data we collect from you to communication providers (including traditional PSTN telecommunications companies and over-the-top communication service providers), as necessary to provide you with the services. These include the telecommunications companies we need to ensure your calls, messages, and other communications reach the people you want to contact.

Business Process Providers

We collaborate with third parties that assist us in running our business, for example, in providing website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, marketing, and advertising, as well as other services for us, which may require them to access or use your personal data and other information about you. We only work with carefully selected providers and make reasonable efforts to protect your personal data that they process for us.

Third-Party Services

Our services and websites may contain links or other tools (e.g., plugins, "Like" and "Share" buttons, SDKs, etc.) that direct you to other websites or services whose privacy practices may differ from ours. If you submit personal data or other information to any of these third parties, your data is governed by their privacy policies, not ours. We advise you to read the privacy policies of any third parties you interact with carefully.

Sharing with Senders and Recipients of Messages

The name of your account or part of it, and/or your phone number can be shown to people you call and other users of the services so they can contact you. Depending on the service you use, you may be able to control what is shown by adjusting your settings in the mobile app or your customer account, or by contacting customer service at the address you provided when registering for the services.

Where Can I Find the Information That Is Important to Me?

This privacy notice provides an overview of the points that apply to the processing of your data in this online service by Telekom.

For more information, including on general data protection and specific products, visit https://www.telekom.com/de/verantwortung/datenschutz-und-datensicherheit/datenschutz and http://www.telekom.de/datenschutzhinweise.

Who Is Responsible for Data Processing? Who Can I Contact If I Have Questions About Data Protection at Telekom?

The data controller is Telekom Deutschland GmbH. If you have any questions, you can contact our customer service or our data protection officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, datenschutz@telekom.de.

What Rights Do I Have?

You have the right to,

a. To request information about the categories of data processed, purposes of processing, possible recipients of the data, and the planned duration of storage (Art. 15 GDPR);

b. To request the correction or completion of incorrect or incomplete data (Art. 16 GDPR);

c. To revoke a given consent at any time with effect for the future (Art. 7 Para. 3 GDPR);

d. To object to data processing that is supposed to occur based on a legitimate interest, for reasons arising from your particular situation (Art 21 Para. 1 GDPR);

e. To request the deletion of data in certain cases under Art. 17 GDPR - especially insofar as the data are no longer necessary for the intended purpose, are processed unlawfully, or if you have revoked your consent as per above (c) or have objected as per above (d);

f. To request the restriction of data under certain conditions, if deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);

g. On data portability, i.e., you can receive your data, which you have provided to us, in a common machine-readable format, such as CSV, and possibly transmit it to others (Art. 20 GDPR);

h. To lodge a complaint with the competent supervisory authority about the data processing (for telecommunications contracts: Federal Commissioner for Data Protection and Freedom of Information;

otherwise: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia).

To whom does Telekom disclose my data?

To processors, which are companies we commission within the legally provided framework to process data, Art. 28 GDPR (service providers, agents). Telekom remains responsible for the protection of your data in this case as well. We commission companies particularly in the following areas: IT, sales, marketing, finance, consulting, customer service, human resources, logistics, printing.
To cooperation partners who provide services for you or in connection with your Telekom contract under their own responsibility. This is the case if you commission such partner services from us, or if you consent to the integration of the partner, or if we integrate the partner based on legal permission.
Due to legal obligation: In certain cases, we are legally obliged to transmit certain data to the requesting government agency.

Where is my data processed?

Your data are processed in Germany, in other European countries, and in additional countries. If your data are also processed in countries outside the European Union (so-called third countries), this only occurs to the extent that certain measures ensure an adequate level of data protection exists (e.g., adequacy decision of the EU Commission or so-called appropriate safeguards, Art. 44 ff. GDPR).

Date of the privacy notice: December 6, 2023.