Data Privacy Statement

Information about recruiting process

1. General

The protection of personal data of customers, employees and other persons takes top priority for all the companies within the Deutsche Telekom Group. On account of the European General Data Protection Regulation (GDPR) and the Binding Corporate Rules on Privacy (BCRP) we have introduced binding data privacy rules throughout the Group. This regulatory framework provides standardized internal rules for handling personal data within the Deutsche Telekom Group. In derogation thereof, the following shall apply to the applicants to the OTE Group in Greece: the companies of the OTE Group have a joint framework for the protection of personal data, the OTE data protection regulation. This regulation applies to all the companies of the OTE Group until it is replaced by the Binding Corporate Rules on Privacy of Deutsche Telekom AG or a comparable binding text. We have taken comprehensive technical and operational precautionary measures to protect personal data stored by us from unauthorized access and misuse. Our security procedures are reviewed regularly and adapted to reflect the state of the art. Your data are only used for jobs to be filled within the Deutsche Telekom Group. In particular, the use of your data for marketing and advertising purposes is excluded.


2. Rights of applicants (data query, administration and deletion, right to objection)

It is your responsibility to ensure that the data provided by you is applicable and correct. You can call up your personal data in your account at any time. In addition to the rights referred to you in the data privacy statement of the HR Suite, you also have the right

a. - to receive an acknowledgement once a year on request and free of charge stating that your personal data have been processed or not by the person responsible.

b. -, to object to the processing of your personal data at any time for justified, legitimate reasons in conjunction with your personal situation unless explicit legal regulations exist to the contrary. In the event of a justified objection, the relevant data can no longer be processed.

c. -, to delete personal data at any time and free of charge without any reasons.

d. -, to appeal to a court of justice if you suffer disadvantages due to the wrongful processing of personal data.

e. -, to demand and obtain the withdrawal/revocation/appeal of a decision with legal consequences for you.

For all members of the EU and the EEA and countries treated as such by Commission Decision:

f. -, the right to lodge a complaint with a supervisory authority, in particular in the member state of the habitual residence  

g.-, the right to receive the personal data in a structured, commonly used and machine-readable format, Art. 20 GDPR

For applicants for jobs in Malaysia:

h. approval pursuant to section 6 (1) Personal Data Protection Act 2010 (hereinafter referred to as "ACT") that data users may keep and process the personal data for purposes of employment.

Exercising one of the above-mentioned rights, with the exception of the right to appeal to a court of justice, must be requested in writing by the person concerned from the person responsible via the following e-mail address The person responsible must report the measures taken / information requested within one month upon receipt of a request. The data contained in your application profiles is stored up to 6 (six) months after completion of an application procedure unless differing country-specific retention periods exist. The latter are listed in section 3 of these guidelines.
If you do not delete data in your candidate profile earlier, this data will be stored for 12 (twelve) months unless other periods are stated in the section for country-specific additions in these guidelines or there is an active application. This period recommences with every login. 


3. Applicable law              

The applicable law for processing your application depends on your selection of candidate pool as well as the legal entity, to whose job vacancy you apply. The GDPR or the relevant country-specific regulations apply within the EU. The following legal regulations apply in the remaining countries.

  • Albania: Law No. 9887 dated 10.03.2008 As amended by the Law No. 48/2012, date 26.04.2012 “ON PROTECTION OF PERSONAL DATA
  • China: for Hong Kong, Personal Data (Privacy) Ordinance (Cap 486); for the People's Republic of China the currently valid laws and regulations for the protection of personal data
  • Croatia: Zakon o zaštiti osobnih podataka (NN 106/12)
  • Malaysia: Personal Data Protection Act, 2010
  • Macedonia: Law on personal data protection
  • Mexico: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Federal Law on the Protection of Personal Data Possessed by Private Persons)
  • Montenegro: Personal Data Protection Law (Official gazette of Montenegro No. 44/12)
  • Poland: Law of August 29, 1997 concerning the protection of personal data
  • Russia: Federal Law of July 27, 2006 N 152-FZ ON PERSONAL DATA
  • Sweden: Data Protection Law: (1998:204)
  • Singapore: Personal Data Protection Act 2012
  • South Africa: Protection of Personal Information Act 3 of 2013
  • United States of America: 201 CMR 17.00: M.G.L. c. 93H

Country-specific additions (only relevant if you apply in the respective country):
In the following countries, data retention periods apply differing from those described in section 2. These periods apply to candidates as well as application profiles.

  • Albania: 12 months
  • Belgium: 12 months
  • Brazil: No deletion
  • China: 12 months (candidate profile), 6 months (application)
  • Denmark: 6 months
  • Finland: 6 months
  • France: 12 months
  • Greece: 84 months (candidate profile), 12 months (application)
  • Great Britain: 12 months
  • Croatia: 12 months
  • Malaysia: No deletion
  • Macedonia: 12 months (candidate profile), 6 months (application)
  • Mexico: 12 months
  • Montenegro: 60 months
  • Norway: 6 months
  • Austria: 12 months
  • Poland: 6 months
  • Romania: 12 months
  • Russia: No deletion
  • Sweden: 6 months
  • Switzerland: 6 months
  • Singapore: 84 months
  • Slovakia: 12 months
  • Spain: 12 months
  • South Africa: 12 months
  • Czech Republic: 24 months
  • Hungary: 12 months
  • United States of America: 24 months


4. Cookies

The application places cookies on your PC. These are session specific, contain no personal data and are deleted at the end of the session.

Terms of use:

5. Your application data

In order to make your application for various jobs as easy as possible, create an applicant profile for your first application which is valid for all your applications. For this purpose, specify general data such as your name and contact data. These will apply for all your applications unless you update them in the meantime. In addition to your general profile, we will ask you specific questions as part of the actual application about the specific job you are applying for. This data is solely used for filling this one job.

To help you find a suitable position within the Deutsche Telekom Group, we will be happy to include you in one of our candidate pools according to your skills. This enables us to draw your attention to advertised positions that match your profile. For us to include you in a candidate pool, the visibility of your candidate profile must be set to "within my country of residence" or "worldwide". Information on which candidate pool you are in can be obtained at any time from our Candidate hotline (

When creating your applicant profile, you can select to what extent your profile data is to be visible. You can find out in detail which companies obtain access to your personal data depending on your selection under You have three options for controlling international access to your candidate profile:

  • Your data is used globally by all the companies of the Deutsche Telekom Group. You can find out in detail which companies obtain access to your personal data depending on your selection under or
  • Your data is used by all the companies of the Deutsche Telekom Group in the country in which you live as well as by Deutsche Telekom Business Services in Bucharest, Romania, which acts as its agent. Your data will only be used for recruitment purposes. You can find out in detail which companies obtain access to your personal data in the respective country under or
  • Your data is only used for positions for which you apply and is only visible to or within the companies announcing the jobs concerned as well as to Deutsche Telekom Business Services in Bucharest, Romania,

Deutsche Telekom Business Services acts as the contractor for the companies of the Deutsche Telekom Group in Albania, Germany, France, Greece, Great Britain, Croatia, Macedonia, Montenegro, the Netherlands, Austria, Poland, Portugal, Russia, Romania, Switzerland, Slovakia, Spain, the Czech Republic and Hungary.
Depending on your selection, the employees involved in the recruitment process will obtain access to the data entered by you during the application procedure. Apart from the employees of the HR Department, this also involves superiors and in some cases line managers. Depending on the country and position for which you have applied, your data may also be evaluated by members of the works council or members of representative bodies of severely disabled employees, exercising their legal right of co-determination. Should a part of the selection and recruitment process be carried out by carefully selected external service providers, this is always to be done on the basis of a contractual non-disclosure agreement or a commissioned data processing contract.

In case you apply for several different jobs within the same company, we ask that you allow the recruiters of the respective company to have an overview of all the jobs for which you have applied, e.g. to enable interviews to be arranged on the same day or for jobs to be offered to you with a similar job profile to the job you have applied for. As part of each individual application, you can consent to this access for the special application or reject it.

In your Candidate Profile, you will find a comment field used by recruiters to store general information that do not relate to a specific application. For example, this could be your preferred location or your preferred field of work. The comment field is filled in after you verbally approved it to the recruiter. If you do not agree with the content within the field, please request the change or deletion via your recruiter or via the respective country contact at:

Apart from DTAG, which is responsible for the overall system, the respective Group companies you apply to are responsible for the application data. In as far as you apply for a position outside Germany or you make your applicant profile visible to other Group companies, your application data will be processed according to the laws of the destination country. For this purpose, your data will be transferred to the respective Group company. Personal data including all the data in attachments sent by you are used exclusively for recruitment purposes. Special categories of personal data are only captured in a targeted fashion if this is legally permissible and required for the job applied for. Information on racial or ethnic origin, political views, religious or ideological beliefs, trade union membership, genetic or biometric data for clear identification, health data or data on one's sexual life or sexual orientation comes under the special categories of personal data.

6. Data storage

Data is stored in encrypted form at a Deutsche Telekom Group data center located in Germany. Your access data and your candidate profile are provided to you for the applicant portals of all the companies listed under


7. Data access

The persons responsible for filling open vacancies at the Deutsche Telekom Group will have access to your data depending on the candidate pool selected by you. Deutsche Telekom Business Services in Bucharest, Romania, as well as all the other companies involved in the recruitment system, will act as a data processing company bound by instructions within the meaning of the data protection laws. All secrecy and safety standards are ensured in data processing contracts. Employees having access to your data must not use it for other purposes and are subject to the obligation of secrecy. Your data is protected by encrypted transmission and storage from unauthorized access. Standardized data protection and safety concepts, including role and authorization concepts, data safety concepts as well as physical safety measures guarantee an appropriate level of data protection.


8. Data transfer

Country-specific additions (only relevant if you apply in the respective country): 
Slovakia (Deutsche Telekom Systems Solutions Slovakia s.r.o / Deutsche Telekom IT & Telecommunications Slovakia s.r.o./ Deutsche Telekom Services Europe Slovakia s.r.o.)

Your personal data to the extent: name, surname and email address are further processed through HireVue platform ensured by our contract partner HireVue Inc., seated in  10876 S. River Front Parkway, Suite 600, South Jordan, UT 84095 USA. Your data are then stored in the data center in Dublin, Ireland. Other personal data of yours are processed only with your consent given within the HireVue platform.