Data protection notice
1. General notes regarding data protection
These notes regarding data protection apply to the use of websites at https://www.dtms.de, https://www.dtms-conference.de/ for service customers establishing and using a telecommunications contract with us (e.g. for 0800, 0180, 0900, 0137 and 118 services), including the use of our online customer portal both for users of services implemented in our telecommunications network (in particular those calling the 0800, 0180, 0900, 0137 and 118 services implemented in our network) as well as of our webchat and our AI tool. The notes also apply to a contact or supplier relationship that you enter into with us, or when ordering newsletters or advertising. The notes also apply if we expressly refer to them elsewhere.
The responsible body for data processing is:
Company headquarters: dtms GmbH
Local court: Mainz
Commercial register no.: HRB 45187
VAT no.: DE295520161
Karsten Rudloff, Bernd Schneider, Dirk Moysich
Phone: +49 (0)6131 4646 000
Fax: +49 (0)6131 4646 414
You can contact our data protection officer at:
Informationssicherheit - Datenschutz - Coaching
Phone: +49 (0)4822 36 63 000
Fax: +49 (0)04822 36 63 333
We (the respective "Controller") are committed to protecting your personal data. That is why we are informing you here about how we handle your data and our data protection principles.
We process personal data that is collected in the scope of this data protection statement in accordance with the respective applicable statutory provisions of the Federal Republic of Germany regarding data protection and data security. For us as a telecommunications company, this is the Telecommunications Law (TKG). From 25 May 2018, data protection will also conform with the EU General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG) newly enacted for this.
1.1. Data collection and origin of data
We collect the data that you provide when using our website, our webchat and our AI tool.
In addition, we collect data as part of a customer relationship with you as a service customer, which allows telephone numbers (e.g. 0800, 0180, 0900, 0137, 118, etc.) or services to be performed in our network. This also includes logging in to our “online customer portal”.
In addition, we collect the connection identifiers used and other traffic data in accordance with the TKG whenever you use our telecommunications network to select a number or a service that is performed in our network (e.g. 0800, 0180, 0900, 0137, 118, etc.). In this situation, we collect data to establish and maintain a connection, or to provide the service, and for billing purposes. To do this, in certain situations your local exchange carrier that provides your line informs us of your name and address and invoices the connection. The specific details depend on the service you use and whether you are calling from a landline or a mobile phone.
If you enter into a so-called “contact relationship” with us (enquiries about or offers for services, newsletter registration), enter into supplier agreements with us or apply for a job with us, we collect and process this data to the extent this is required or appropriate pursuant to article 6(f) GDPR.
In addition, we also collect data from publicly available sources (e.g. commercial register, your websites, press articles, etc.) and obtain data from credit agencies to the extent permitted by article 6(f) GDPR.
Personal data that we collect and store in this way may include:
- IP address and usage data when accessing website content;
- name and address, and other contact details (telephone numbers, e-mail address, fax number, etc.), register numbers, name and address of authorised representatives, bank account information, as well as the corresponding data of the responsible contact person of the service customer;
- additional inventory data or product data, as well as traffic and billing data within a customer relationship with service customers, such as selected products and tariffs, payment details;
- traffic data and billing data, and name and address and other contact data (telephone numbers, e-mail address, fax number, etc.), register numbers, name and address of authorised representatives, bank account information, as well as the corresponding data of the responsible contact person of users of our telecommunications network;
- name and contact details as part of establishing and processing a contact relationship or a supplier relationship;
- name and e-mail address when registering for the newsletter, as well as dispatch information for the respective newsletters;
- information we received from credit agencies on the basis of article 6(1)(f) GDPR.
All personal data is only collected under a statutory permission or if you have provided us with your consent.
1.2. Use and sharing of personal data in general
We use your personal data to facilitate your use of our website. Furthermore, processing and transfer of data takes place when using our websites to the extent they use social network services, as well as for anonymised analysis purposes (e.g. Google Analytics) – see Item 6 for further details.
We use your personal data in general in order to establish and perform a contract with you as a service provider, as well as for billing.
If you use our telecommunications network as a result of a call or a connection, we use your data to facilitate and invoice this usage. In this regard, it may be necessary to also share your data with the respective service provider, for example in the case of interrupted payments. In addition, data is shared with the local exchange carrier that provides your line, to the extent this is necessary for providing and invoicing the service, as well as collecting payment. Data may be shared with other network operators or providers of telecommunications services to the extent this is necessary for the service chosen by you as the user.
If you enter into a contact, supplier or job applicant relationship with us, we will use your data to establish and fulfil/process this relationship and – where applicable – for billing purposes.
In addition, we use data lawfully obtained by us for the purpose of advertising by post and additionally by e-mail or telephone, provided that you have specifically and validly consented to this.
Overall it may also be necessary for us to disclose your data to external service providers as part of order processing. Additionally, the permission under article 6(1)(f) GDPR allows us to share data with credit agencies if this is necessary or appropriate for establishing a contract or for enforcing claims. We will not sell your personal data to third parties or otherwise market the same.
The transfer of data to third countries arises within the context of the administration, development and operation of IT systems and only to the extent that a) the transfer is generally permitted and b) the particular requirements for a transfer to third countries are satisfied, in particular the data importer shall guarantee an appropriate level of data protection according to the EU standard contractual clauses for the transfer for personal data to processors established in third countries. The basis for this are the provisions of the GDPR, the Federal Data Protection Act and the Telemedia Act. A transfer may also be undertaken when using our websites – see Item 8 for further details.
2. Purposes of data processing
We process the aforementioned personal data in keeping with the provisions of the GDPR, the Federal Data Protection Act (BDSG) and – if applicable – the Telecommunications Law (TKG):
2.1. To fulfil contractual or pre-contractual obligations (article 6(1)(b) GDPR)
The processing of personal data is undertaken for your use of our website, to fulfil a contract with you as a service provider, for the use of our network and in the event of a contact or job application relationship. The purposes of data processing and the necessity are primarily directed at the specific purposes resulting from the aforementioned legal relationships.
Within the context of a contract with a service provider, this includes in particular the establishment, structuring, fulfilment, advice and invoicing of such a customer relationship, as well as the sharing of personal data with essential involved business partners (e.g. source or target network operator in the event of a change of provider, sharing data with interconnection partners). When using our network, we also share data correspondingly with other network operators, provided that this is necessary to establish and maintain the connection, or to provide the desired service, as well as for invoicing and billing together with debt collection. This also includes saving data relating to payment behaviour. We require this data in order to be able to send payment reminders or implement a possible blocking.
Processing is also undertaken to process your enquiries and to initiate customer relationships or a comparable contact relationship, as well as for job applications.
For the aforementioned purposes it may also be necessary to disclose your data to group companies or external service providers as part of the order processing.
2.2. Processing as part of a balancing of interests (article 6(1)(f) GDPR)
To the extent necessary for our purposes, we process your data beyond the actual fulfilment of the pre-contract or the contract to safeguard the legitimate interests of us or third parties, provided that your interests do not outweigh stopping the data processing:
- anonymisation of IP addresses when using our website for statistical purposes, data security and the optimisation of our website.
- Use of our website with social network plug-ins, with data sharing with Google and the social networks, provided that the user does not object to this sharing of data by blocking the java script or installing a plug-in that prevents data sharing. In such case, use of the website’s functionality may be restricted – for more information see Item 8.
- Potential measures for the data security of our website, in particular such as the saving of IP addresses, provided that the specific threat situation makes this appropriate.
Establishment and fulfilment of contact relationships to the extent expedient.
- Processing of applications to the extent expedient.
- Recovery of unpaid receivables; in this regard we work together with reliable partners, see Item 7.
- Postal advertising, to the extent you do not object to this
- Email marketing, insofar as you have consented to such marketing beforehand.
2.3. Processing within the scope of your consent (article 6(1)(a) GDPR)
If you provide us with your consent to the processing of personal data for a specific purpose in accordance with existing legislation, we will process this data based on this consent.
2.4. Processing as required by legislation (article 6(1)(c) GDPR)
We will process your personal data insofar as we are subject to a statutory obligation, such as statutory retention requirements, or disclosure or supervisory obligations vis-à-vis public institutions within the legal framework.
3. Sharing data with third parties
Within our company, your data can be accessed by people who are involved in processing it, to the extent this is necessary or proper and appropriate. Service providers and vicarious agents used by us can also receive access to the personal data for these purposes, if they observe our written data protection law-related instructions as well as general data secrecy as part of order processing and – to the extent applicable – the secrecy of telecommunications.
Furthermore, when services are provided in our network, data is shared with the network operators involved and other service providers in accordance with the TKG, in particular where there is a change of provider and for establishing and maintaining connections across network frontiers, as well as for billing and collecting unpaid amounts. This transfer of data is undertaken only to the extent necessary as prescribed by sections 95 et seq. TKG. The specific details of the data exchange and data processing are determined by the nature of the service used and whether you are dialling the service from a landline or mobile phone network. You can find out further details about this from your user connection provider that allows you to dial the services undertaken in our network. Information will also be provided by the respective service provider whose services you select as a user in our network. Since neither your specific user connection provider nor your selected future service providers are known to us in advance, we cannot at this time give you any specific details regarding the address at which your respective contracting partner, user connection provider or service provider can be contacted. We work together with credit agencies (third parties) to obtain credit reports and credit information, see Item 6. We work together with third parties to recover unpaid amounts, see Item 7.
In particular, we will not share personal data with third parties for advertising purposes or for address trading.
When using our website, data is transferred to Google and other providers of social networks, see Item 8.
4. Data transfer to a third country or to international organisations
Data is only transferred to countries outside the EU or EEA (“third country”) to the extent this is necessary for the performance of the contractual relationship (contract with the service provider or for the use of the services performed in our network). For other contractual relationships, such as a contact relationship or a job application, such data transfer is undertaken only to fulfil this contractual relationship or insofar as this is exceptionally appropriate due to a legitimate interest. The same applies when using our websites from locations outside the EU or EEA. When using our websites, data is transferred to Google and providers of social networks, see Item 8.
5. Duration of data storage
When using the website, we store the IP address and usage data for the duration of the use event. Furthermore, the IP address is stored to the extent appropriate for data security and information, or preventing security or data protection breaches, whereby the appropriateness is determined by the specific threat situation. In this situation, the IP addresses are only stored for as long as is appropriate for the aforementioned purposes, and generally speaking for not longer than three months. In the event of a criminal charge or prosecution, or the enforcement of claims against individuals who have committed security or data protection breaches, the data can be stored and used until the matter is finally resolved or the claims are enforced. When using our website, data is additionally transferred to analytics services and the providers of social networks, see Item 6.
To establish, structure and fulfil a contract with you as a service provider, we store the data until the end of the contract and additionally until the end of the calendar year following the year in which the contract terminates. Once this time period expires, the data is not deleted but instead blocked, as we are required by commercial law and tax law to store the data for up to 10 years. This storage also applies to the invoice amounts. A special rule applies to individual connections that arise and the resulting billing data: we will store these for a period of 3 calendar months to the extent this is necessary for billing purposes with you or other network operators or service providers. If the payer (e.g. you or the user/end customer or network operator that is obliged to make the payment) raises objections within the time limit, the data will be stored until the objections or collection of unpaid amounts have been resolved. Further storage only takes place in exceptional circumstances if permitted by the TKG (e.g. fault rectification, information about misuse and preventing misuse).
If you as an end user use a service that is performed in our network, we will process and store your data as part of this usage event for as long as it persists and this is necessary for use. After the usage event ends, we will store the data for a period of 3 calendar months to the extent this is necessary for billing purposes with you or other network operators or service providers. If the payer (e.g. the user/end customer) raises objections within the time limit, the data will be stored until the objections or collection of unpaid amounts have been resolved. Further storage only takes place in exceptional circumstances if permitted by the TKG (e.g. fault rectification, information about misuse and preventing misuse).
As part of a contact relationship, contact details and communications data are stored and used to the extent this is necessary for the respective communication purpose or is appropriately expedient.
As part of a job application relationship, contact details and application data are stored and used to the extent this is necessary for the respective job application purpose or is appropriately expedient. If the application is unsuccessful, the data will be deleted within two months of notifying the rejection, provided that no other legitimate interests of the person responsible for processing oppose such deletion. “Other legitimate interest” in this context means, for example, an obligation to provide evidence in proceedings in accordance with the General Equal Treatment Act (AGG).
If you register with us for the newsletter or a prize competition, your data will be stored and used until you unsubscribe from the newsletter or we terminate the newsletter. Your consent and the dispatch history will continue to be stored until any potential injunctive claims on your side become time-barred. However, we will no longer use the data to continue sending newsletters. Further details regarding data processing can be found in the respective prize competition.
6. Transfer of data to credit agencies
We transfer your data (name, address and – where necessary – date of birth) to the following credit agencies in order to perform a credit check:
- Bisnode Deutschland GmbH, Robert Bosch Strasse11, 64293 Darmstadt
- Creditreform Mainz, Albert & Naujoks KG, Bonifaziusplatz 1A, 55118 Mainz
The legal basis for these transfers is article 6(1)(b) and article 6(1)(f) of the GDPR. Transfers on the basis of these provisions can only be undertaken to the extent necessary to safeguard the legitimate interests of our company or third parties, and to the extent they do not outweigh the interests of basic rights and basic freedoms of the data subject that require the protection of personal data. Detailed information for the purpose of article 14 GDPR, i.e. information about the business purpose, the purposes of data storage, the data recipients, the right to obtain information held about oneself, the right to have data deleted or corrected, etc. can be found on the following links:
7. Collection of unpaid amounts
To the extent it becomes necessary, in connection with the contractual relationship or otherwise, to collect unpaid amounts as part of the safeguarding of our legitimate interests – and to the extent that doing so would not outweigh the interests of basic rights and basic freedoms of the data subject that require the protection of personal data – we will appoint one of the following legal entities to carry out the collection:
REAL Solution Inkasso GmbH & Co. KG
The data necessary to undertake the collection will be transferred to the respective legal entity appointed. The legal basis for this is article 6(1)(b) and article 6(1)(f) of the GDPR. For further information about data processing by the stated legal entities, please contact them at the respective stated address.
8. Special processing when using the website
8.1. Information collected automatically for web analysis
For technical reasons, your internet browser automatically transfers data to the web server when you access it. This data is collected for marketing and optimisation purposes, as well as for providing the service – see following.
You can configure your browser so that you are notified about cookies being set and only permit cookies on a case-by-case basis, so that you exclude acceptance of cookies in certain situations or generally, and so that you can activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be restricted.
8.2.1. Service cookies
Most of the cookies used by us are what are known as “service cookies” that we place on your computer whilst you access our website in order to securely provide the service accessed by you. These service cookies are automatically deleted at the end of your visit.
8.2.2. Facebook (Social Media)
Data protection statement for the use of Facebook plug-ins (“Like” button). Our site incorporates plug-ins from the social network Facebook, provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise the Facebook plug-ins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plug-ins here: http://developers.facebook.com/docs/plugins/. When you visit our site, the plug-in creates a direct connection between your browser and the Facebook server. Through this, Facebook receives information that you have visited our site using your IP address. If you click on the Facebook “Like” button whilst logged in to your Facebook account, you can link the content of our site to your Facebook profile. Facebook can therefore allocate your visit to our site to your user account. Please note that we as provider of the site have no knowledge of the content of the data transferred or its use by Facebook. You can find further information about this in Facebook’s data protection statement at http://de-de.facebook.com/policy.php
If you do not wish Facebook to be able to allocate your visit to our site to your Facebook user account, please log out of your Facebook user account.
Alternative: “Double-click process”:
We currently user the social media plug-in from Facebook. In doing so, we use the so-called “double-click process”. This means that when you visit our site, no personal data is initially provided to the providers of these plug-ins. You can recognise the provider of the plug-in from the embedded image file in the form of the social media provider’s logo with the remark “Share”. Personal data is only transferred when you click on one of the plug-ins: by activating the plug-in, data is automatically sent to the respective plug-in provider and stored there (with American providers, this takes place in the USA). We have no control over the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purpose for which it is collected or the retention periods. Because the plug-in provider collects data in particular using cookies, we recommend deleting all cookies via the security settings of your browser before clicking on the image with the social media logo.
When you activate a plug-in, the plug-in provider receives information that you have accessed the corresponding sub-page of our site. In addition, you could transfer data unknown to us to the plug-in provider, whereby for example – according to statements made by Facebook – only an anonymised IP address is collected from users in Germany. Corresponding processes may take place irrespective of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data could be directly allocated to your account. If you confirm the activated button and e.g. link to the page, there is a possibility that the plug-in provider will also store this information in your user account and publicly share this with your contacts. If you do not want this to be associated with your profile with the plug-in provider, as a precaution you should log out before activating the button. Please refer to the data protection notices of the respective providers for further information.
The plug-in provider usually saves personal data as a usage profile and uses this for the purposes of advertising, market research, and/or tailoring the design of its website to needs. Such an evaluation takes place in particular (even for users not logged in) to show needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider.
Further information about the purpose and scope of data collection and processing of data by the plug-in provider can be obtained from the data protection statements of these providers set out below. There you will also find further information about your rights in this regard and settings to protect your privacy.
8.2.3. AI tool
On the dtms website you have the opportunity to test the AI tool from dtms. Please note that the information you enter here is used by our system for learning purposes. Data processing takes place in our computer centre in Frankfurt. Questions are not allocated to a person (IP address).
When you use our live chat service, we shall process your data exclusively for the purpose of communication in the context of initiating a contract and conducting communication in order to enable us to answer your questions relating to our products and clear up any issues arising during usage. The legal basis is Art. 6 (1) b) GDPR. The data processing will take place in the EU. The chat record as well as your connection data will be automatically deleted after three months.
Our website uses functions from the LinkedIn network. You can recognise access to LinkedIn, LinkedIn, 2029 Stierlin Court, Mountain View, CA 94043 USA, by the “in” sign on a blue background. If you click on our “in” button as part of the 2-click solution, a connection to the LinkedIn server will be established and the LinkedIn plug-in will be downloaded on the relevant website. The content of the “in” button is transferred from LinkedIn direct to your browser which in turn incorporates it into the website. It is possible that your IP address could be transferred to LinkedIn in the USA as a result of this. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website or link it to your member data stored by LinkedIn when the “in” button is activated, you must log out of LinkedIn before visiting our website.
Our site incorporates functions from the Twitter service. These services are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the “re-tweet” function, the websites visited by you are associated with your Twitter account and notified to other users. In this process, data is also transferred to Twitter. We point out that we, as the provider of the site, have no knowledge about the content of the data transferred or their use by Twitter. You can find further information about this in Twitter’s data protection statement at https://twitter.com/privacy. You can change your data protection settings on Twitter in account settings at https://twitter.com/account/settings.
We would like to inform you here about how personal data is handled in connection with the XING share button.
9. Your rights as a data subject
Each data subject has the right to receive information pursuant to article 15 GDPR, the right to notification pursuant to article 16 GDPR, the right to deletion pursuant to article 17 GDPR, the right to the limitation on processing pursuant to article 18 GDPR, the right to object under article 21 GDPR, as well as the right to data portability under article 20 GDPR. The restrictions pursuant to sections 34 (1) (no. 2) and 35 (1) (s. 1) BDSG apply to the right to receive information and the right to deletion. Furthermore, there is a right to complain to a data protection supervisory authority (article 77 GDPR in conjunction with section 19 BDSG).
You can revoke your consent to our processing of your personal data at any time. This also applies to the revocation of consents provided to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation only applies for the future. Any processing undertaken before revocation is not affected by this.
10. Right to data portability
You have the right to have data that we process by automated means on the basis of your consent or for the performance of a contract delivered to yourself or a third party in a commonly used, machine-readable format. Where you request that your data be transferred directly to another controller, this will take place only insofar as this is technically feasible.
11. Right to lodge a complaint with the relevant supervisory authority
In the event of breaches of data protection law, the data subject will have the right to lodge a complaint with the relevant supervisory authority.
12. Changes to our data protection provisions
We reserve the right to occasionally adapt this data protection statement so that it continually meets the current legal requirements or in order to incorporate changes to our services into the data protection statement, e.g. following the launch of new services. The new data protection statement then applies to your further visit.
13. Data protection notices in the application procedure
Candidates' files generally include the data required for the assessment and selection process, which may be contained in the job description or communicated separately. The documents are only stored for as long as necessary in the recruitment process.
14. Web hosting
Our website is hosted in-house by dtms GmbH.
Deviating from this, our web tools are hosted by the following provider:
Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
HRA: 6640, Bad Oeynhausen Corporation
Sales tax ID no.: DE814773217
General partner: Robert Meyer Verwaltungs GmbH, AG Bad Oeynhausen HRB 13260
represented by the managing directors: Robert Meyer, Maik Behring
Telephone & e-mail availability:
The customer service is available Mo-Fr from 09.00 to 18.00 hours by telephone on 0800/440-3000.
The data protection regulations of our webtool host can be found on the following website: www.mittwald.de/datenschutz.