Data Privacy Statement

Information about Recruiting process


The protection of personal data of customers, employees and other persons takes top priority for all the companies within the Deutsche Telekom Group. We always inform you what personal data we collect, how your data is used, and how you can influence the process.

On account of the European General Data Protection Regulation (GDPR) and the Binding Corporate Rules on Privacy (BCRP) we have introduced binding data privacy rules throughout the Group. This regulatory framework provides standardized internal rules for handling personal data within the Deutsche Telekom Group.

In derogation thereof, the following shall apply to the applicants to the OTE Group in Greece: the companies of the OTE Group have a joint framework for the protection of personal data, the OTE data protection regulation. This regulation applies to all the companies of the OTE Group until it is replaced by the Binding Corporate Rules on Privacy of Deutsche Telekom AG or a comparable binding text. We have taken comprehensive technical and operational precautionary measures to protect personal data stored by us from unauthorized access and misuse. Our security procedures are reviewed regularly and adapted to reflect the state of the art.


1. What data is recorded, how is it used, and how long is it stored?

a) Technical characteristics: When you visit our websites, the web server temporarily records the domain name or your computer’s IP address, the file requested (file name and URL) by the client, the http response code, and the website from which you are visiting us.
The recorded data is used solely for data security purposes, particularly to protect against attempted attacks on our web server (Article 6 (1f) GDPR). We do not use it to create individual user profiles nor do we share this information with third parties. It is erased after seven days at the latest. We reserve the right to statistically analyze anonymized data records.

b) Candidate Profile: In order to make your application for various jobs as easy as possible, create an applicant profile for your first application which is valid for all your applications. For this purpose, specify general data such as your name and contact data. These will apply for all your applications unless you update them in the meantime. In addition to your general profile, we will ask you specific questions as part of the actual application about the specific job you are applying for. This data is solely used for filling this one job.

When creating your applicant profile, you can select to what extent your profile data is to be visible. You can find out in detail which companies obtain access to your personal data depending on your selection under You have three options for controlling international access to your Candidate Profile under the setting “Please consider my candidate profile for open positions":

  • “Worldwide” - Your data is used globally by all the companies of the Deutsche Telekom Group. You can find out in detail which companies obtain access to your personal data depending on your selection under or
  • “Within my country of residence” - Your data is used by all the companies of the Deutsche Telekom Group in the country in which you live as well as by Deutsche Telekom Services Europe Romania S.R.L., which acts as its agent. Your data will only be used for recruitment purposes. You can find out in detail which companies obtain access to your personal data in the respective country under or
  • “That I actively apply to only” - Your data is only used for positions for which you apply and is only visible to or within the companies announcing the jobs concerned as well as to Deutsche Telekom Services Europe Romania S.R.L.

Deutsche Telekom Services Europe Romania S.R.L. acts as the contractor for the companies of the Deutsche Telekom Group in Albania, Germany, France, Greece, Great Britain, Croatia, Macedonia, Montenegro, the Netherlands, Austria, Poland, Portugal, Russia, Romania, Switzerland, Slovakia, Spain, the Czech Republic and Hungary. Depending on your selection, the employees involved in the recruitment process will obtain access to the data entered by you during the application procedure. Apart from the employees of the HR Department, this also involves superiors and in some cases line managers. Depending on the country and position for which you have applied, your data may also be evaluated by members of the works council or members of representative bodies of severely disabled employees, exercising their legal right of co-determination. Should a part of the selection and recruitment process be carried out by carefully selected external service providers, this is always to be done based on a commissioned data processing contract.

This also applies to the creation of reports for statistical evaluations by Deutsche Telekom companies within the EU. In these cases, surname and first name as well as general data on your application can be viewed by the assigned reporting department.

In your Candidate Profile, you will find a comment field used by recruiters to store general information that do not relate to a specific application. For example, this could be your preferred location or your preferred field of work. The comment field is filled in after you verbally approved it to the recruiter. If you do not agree with the content within the field, please request the change or deletion via your recruiter or via the respective country contact at:

c) Candidate pool: To help you find a suitable position within the Deutsche Telekom Group, we will be happy to include you in one of our candidate pools according to your skills. This enables us to draw your attention to advertised positions that match your profile. For us to include you in a candidate pool, the visibility of your Candidate Profile must be set to "within my country of residence" or "worldwide". Information on which candidate pool you are in can be obtained at any time from our Candidate hotline (

d) Special categories of personal data: Personal data - including all the data in attachments sent by you are used exclusively for recruitment purposes. Special categories of personal data are only captured in a targeted fashion if this is legally permissible and required for the job applied for.

e) General data retention periods: The data contained in your application is stored up to 6 (six) months after completion of an application procedure unless differing country-specific retention periods exist. The latter are listed in section 1, point f) of these guidelines. If you do not delete data in your Candidate Profile earlier, this data will be stored for 12 (twelve) months unless other periods are stated in the section for country-specific additions in these guidelines or there is an active application. This period recommences with every login.

Country-specific additions (only relevant if you apply in the respective country): In the following countries, data retention periods apply differing from those described in section 1, point e). These periods apply to candidates as well as application profiles.

  • Albania: 12 months
  • Belgium: 12 months
  • Brazil: No deletion
  • China: 12 months (Candidate Profile), 6 months (Application)
  • Denmark: 6 months
  • Finland: 6 months
  • France: 12 months
  • Greece: 84 months (Candidate Profile), 12 months (Application)
  • Great Britain: 12 months
  • Croatia: 12 months
  • Malaysia: No deletion
  • Macedonia: 12 months (Candidate Profile), 6 months (Application)
  • Mexico: 12 months
  • Montenegro: 60 months
  • Norway: 6 months
  • Austria: 12 months
  • Poland: 6 months
  • Romania: 12 months
  • Russia: No deletion
  • Sweden: 6 months
  • Switzerland: 6 months
  • Singapore: 84 months
  • Slovakia: 12 months
  • Spain: 12 months
  • South Africa: 12 months
  • Czech Republic: 24 months
  • Hungary: 12 months
  • United States of America: 24 months


2. Will my usage habits be evaluated, e.g. for advertising purposes or tracking?

a) Marketing and advertising purposes

Your data are only used for jobs to be filled within the Deutsche Telekom Group. In particular, the use of your data for marketing and advertising purposes is excluded.

b) Cookies

Our website only uses the technically necessary cookies in order to guarantee you the best possible service. These cookies are required to enable you to navigate through the web pages and use key functions. They support basic functions, such as order processing in the online shop and access to secured areas of the web page. They also serve the purpose of performing an anonymous analysis of user patterns, which we use to continuously develop and improve our web pages for you. The legal basis for these cookies is Article 6 (1) b GDPR respectively for third Countries Art. 49 (1) b GDPR.

Company: Telekom, SAP as Service Provider
Purpose: Login and Application, Website functionality
Storage duration: Session Cookie, Permanent
Country of processing: Germany                          

c) Services by other companies (independent third-party providers)


For the registration on our website we use the Google Recaptcha, in addition we use a connection to Google Drive to offer you the possibility to obtain and upload data from here. These applications are operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By embedding these services, your IP address is transmitted directly to Google and a cookie is stored. You can inform yourself about the data processing by Google at at any time and object to it.


We use a connection to the service Dropbox to offer you the possibility to obtain and upload data from it during the application process. This application is operated by Dropbox International Unlimited Company, One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland. By embedding this service, your IP address is directly transmitted to Dropbox and a cookie is stored. You can inform yourself about the data processing by Dropbox at any time at and object to it.


3. Where can I find the information that is important to me?

This data privacy information provides an overview of the items which apply to Deutsche Telekom processing your data in this web portal.

Further information, including information on data protection in general and in specific products, is available at:


4. Who is responsible for data processing? Who should I contact if I have any queries regarding data privacy at Deutsche Telekom?

Deutsche Telekom AG acts as the data controller. If you have any queries, please contact our Customer Services department or the Global Data Privacy Officer, Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, Germany,


5. What rights do I have?

It is your responsibility to ensure that the data provided by you is applicable and correct. You can call up your personal data in your account at any time. In addition to the rights referred to you in the data privacy statement of the HR Suite, you also have the right:

a) To request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Art. 15 GDPR);

b) To request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR);

c) To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);

d) To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR);

e) To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to (c) above or object according to (d) above;

f) To demand, under certain circumstances, the restriction of data where erasure is not possible, or the erasure obligation is disputed (Art. 18 GDPR);

g) To data portability, i.e., you can receive the data that you provided to us in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Art. 20 GDPR);

h) to file a complaint about the data processing with the responsible supervisory authority (for telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit); for any other matters: State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen).

For applicants for jobs in Malaysia:

i) Approval pursuant to section 6 (1) Personal Data Protection Act 2010 (hereinafter referred to as "ACT") that data users may keep and process the personal data for purposes of employment.

Exercising one of the above-mentioned rights, with the exception of the right to appeal to a court of justice, must be requested in writing by the person concerned from the person responsible via the following e-mail address The person responsible must report the measures taken / information requested within one month upon receipt of a request.


6. Applicable law

The applicable law for processing your application depends on your selection of candidate pool as well as the legal entity, to whose job vacancy you apply. The GDPR or the relevant country-specific regulations apply within the EU. The following legal regulations apply in the remaining countries.

  • Albania: Law No. 9887 dated 10.03.2008 As amended by the Law No. 48/2012, date 26.04.2012 “ON PROTECTION OF PERSONAL DATA
  • China: for Hong Kong, Personal Data (Privacy) Ordinance (Cap 486); for the People's Republic of China the currently valid laws and regulations for the protection of personal data
  • Croatia: Zakon o zaštiti osobnih podataka (NN 106/12)
  • Malaysia: Personal Data Protection Act, 2010
  • Macedonia: Law on personal data protection
  • Mexico: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Federal Law on the Protection of Personal Data Possessed by Private Persons)
  • Montenegro: Personal Data Protection Law (Official gazette of Montenegro No. 44/12)
  • Poland: Law of August 29, 1997 concerning the protection of personal data
  • Russia: Federal Law of July 27, 2006 N 152-FZ ON PERSONAL DATA
  • Sweden: Data Protection Law: (1998:204)
  • Singapore: Personal Data Protection Act 2012
  • South Africa: Protection of Personal Information Act 3 of 2013
  • United States of America: 201 CMR 17.00: M.G.L. c. 93H


7. Who does Deutsche Telekom AG pass my data on to?

To processors, i.e., companies we engage to process data within the legally defined scope, Article 28 GDPR (service providers, agents). In this case, Deutsche Telekom also remains responsible for protecting your data.

Owing to legal obligations: In certain cases, we are legally obliged to transfer certain data to a state authority that requests it.

Country-specific additions (only relevant if you apply in the respective country):

Slovakia (Deutsche Telekom Systems Solutions Slovakia s.r.o / Deutsche Telekom IT & Telecommunications Slovakia s.r.o./ Deutsche Telekom Services Europe Slovakia s.r.o.)
Your personal data to the extent: name, surname and email address are further processed through HireVue platform ensured by our contract partner HireVue Inc., seated in  10876 S. River Front Parkway, Suite 600, South Jordan, UT 84095 USA. Your data are then stored in the data center in Dublin, Ireland. Other personal data of yours are processed only with your consent given within the HireVue platform.

As part of the application process, in order to evaluate your university degree, your university name, university degree, science field/major subject, final grade and year of graduation might be processed by our contractor Candidate Select GmbH, Raderberger Str. 173-175, 50968 Cologne, Germany (your first name and last name will not be forwarded to our contractor). Your data will be stored in a data center in the EU.

In the recruiting process, we also use the service provider Eightfold AI Inc, 2625 Augustine Drive, Suite 601, Santa Clara, CA 95054, USA. Your application data may be further processed by Eightfold AI Inc. If you do not have an active application, but have set the visibility of your data to "worldwide" or "within my country of residence" in your candidate profile (see description 1b), the data of your candidate profile (e.g., your contact details and CV) will be processed by our contractual partner Eightfold AI Inc. If you provide the link to your business network profile (e.g. LinkedIn) in your CV, data from this profile can also be further processed in Eightfold. Your data will only be stored in data centres within the European Union.


8. Where is my data processed?

Your data will be processed in Germany and other European countries. If, in exceptional cases, your data is processed in countries outside the European Union (in so-called third countries), this will take place

a) if you have expressly consented to this (Article 49 (1) a GDPR). (In most countries outside the EU, the level of data protection does not meet EU standards. This concerns in particular comprehensive monitoring and control rights of state authorities, e. g. in the USA, which disproportionately interfere with the data protection of European citizens,

b) or to the extent necessary for our service provision to you (Article 49 (1) b GDPR),

c) or to the extent required by law (Article 49 (1) c GDPR).

Furthermore, your data will only be processed in third countries if certain measures ensure a suitable level of data protection (e.g., EU Commission's adequacy decision or suitable guarantees, Art. 44 et seq. GDPR).


9. Data storage

The data is stored in encrypted form in an SAP AG data center in Germany on behalf of Deutsche Telekom AG.


10. Data access

The persons responsible for filling open vacancies at the Deutsche Telekom Group will have access to your data depending on the candidate pool selected by you. Deutsche Telekom Services Europe Romania S.R.L., as well as all the other companies involved in the recruitment system, will act as a data processing company bound by instructions within the meaning of the data protection laws. All secrecy and safety standards are ensured in data processing contracts. Employees having access to your data must not use it for other purposes and are subject to the obligation of secrecy. Your data is protected by encrypted transmission and storage from unauthorized access. Standardized data protection and safety concepts, including role and authorization concepts, data safety concepts as well as physical safety measures guarantee an appropriate level of data protection.

© Deutsche Telekom AG - March 2024