We in A1 Digital Deutschland GmbH (hereinafter referred to as "A1 Digital" or "we") are committed to protection of your personal data. We handle your personal data confidentially and in accordance with applicable data protection laws. We have prepared this privacy statement in order to fulfil our information obligations in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and to explain you what personal data we process about you, to what extent, for what purpose and which data protection rights you are entitled to. Data protection regulations distinguish between the controller and the processor of personal data. A1 Digital may act as controller or processor of your data. We may be the controller of data that you provide to us by interacting with us or data that we collect to provide our services. Whenever we process personal data on your behalf, we will act as processor of data and the General Terms and Conditions of A1 Digital Deutschland GmbH for processing of personal data pursuant to Art. 28 GDPR (GTC DPA) shall apply, unless otherwise agreed.
Who is responsible for data processing?
Responsible for data processing is A1 Digital Deutschland GmbH, St.-Martin-Straße 59, D-81669 Munich. The A1 Digital Data Protection Officer can be reached by letter addressed to "DPO" at the above address, or by e-mail to firstname.lastname@example.org.
What data is processed?
We process personal data that you send us via our website, data that we receive or collect during our interaction with you and data that we need in order to enter into a contract with you and to provide our services.
To the categories of processed data belong in particular:
When using our services the following data is processed:
The following data is processed when you access our website:
On what legal basis and for what purposes are your data processed?
Your personal data will be processed with your consent or based on one of the other legal bases provided by GDPR.
Data processing within the scope of your consent (Art. 6 para. 1 (a), 7 GDPR)
When you give us your consent for processing of your personal data, it will be processed exclusively for the purposes and to the extent agreed in the declaration of consent. We use your personal data to provide you with information about our services and products, or products and services of third parties and for communication with you. In doing so, we use the following communication channels, depending on the information you have provided us with: Phone, e-mail, SMS, post or social media.
Please note: You can also revoke any consent you have given us at any time with effect for the future. To do so, simply use this Website or our contact options (see "Who is responsible for data processing"). If you revoke such consent, this will have no effect on the fulfilment of our contractual obligations, but we will no longer use your data for the purposes indicated in the consent declaration.
Data processing for the fulfilment of contractual obligations (Art. 6 Para. 1 (b) GDPR)
We process company, contact, administrator and other contractual data for the provision, administration and invoicing of products and services purchased by you, the customer, from A1 Digital, as well as for the fulfilment of (pre-)contractual obligations with you, our supplier or business partner. More information on the processing of personal data for the fulfilment of contractual obligations can be found in our
Terms and Conditions.
We process your data to inform by telephone, post, SMS or E-mail (depending on the information you have provided us with) about changes or any important information concerning your contract, for example an adjustment of the monthly fee, changes in the scope of services or temporary restrictions of our services (e.g. due to maintenance work).
Data processing for the fulfilment of legal obligations (Art. 6 para. 1 (c) GDPR)
The processing of personal data may be necessary for the purpose of fulfilling various legal obligations (e.g. data relevant to tax and duty legislation). Please note that we may be obliged to provide courts and administrative authorities with information about your personal data processed by us if there is a legal basis for doing so. In such case, we will inform you immediately about the transfer, unless we are obliged to keep this information confidential by law or by order of a court or administrative authority. We reject requests for information without an appropriate legal basis.
Data processing for purpose of legitimate interests (Art. 6 para. 1 (f) GDPR)
Data processing may be carried beyond the actual fulfilment of the contract for purpose of our legitimate interests or legitimate interest of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data. A data processing for the protection of legitimate interests is carried out, for example:
These checks do not lead to any automated decision making with regard to existing or potential contract and business relationship. However, if information is not compatible with our compliance guidelines or information is missing, we may refrain from concluding a contract with you or demand additional information. If you have any objections, simply use our contact options and indicate your concerns.
We also use automated data processing procedures to improve our services. Such procedures are referred to as "profiling" and include in particular processing:
Who are the recipients of the personal data?
For the purpose of registration, activation of the products or services you have selected, we may need to transfer certain data, such as your company and contact details, to the respective licensor, supplier and partner of these products or services. In case of reselling of products and services, the service or license terms of the respective provider apply to the use of such third party services, and with regard to the processing of personal data, the relevant data protection terms of the respective provider apply.
We will not transfer your data to unauthorized third parties without your consent. However, we may be legally obliged to transfer your data to courts, public prosecutors, police or other authorities. If you do not comply with your contractual obligations, we may commission a debt collection agency. In this case, you will be notified in advance so that you can take any action.
In order to provide service support to the products or services you have selected, we may transfer your personal data to Telekom Austria AG and its subsidiaries. We may also engage third parties to perform certain tasks on our behalf, such as IT and cloud services, invoice printing, administration and troubleshooting tools, logistics, sales, etc. Even if we engage such processors, we remain responsible for the protection of your data. For this reason, all processors are of course contractually obliged to keep your data confidential and to comply with data protection regulations. We only use processors outside the European Union if the European Commission has issued an adequacy finding for such third country or if we have agreed appropriate guarantees or binding internal data protection rules with the processor.
Security of processing
We have implemented effective technical and organisational measures to protect your data, and our employees are also trained on how to safely handle personal data.
How long is personal data stored?
We generally delete your personal data after termination of the contractual relationship, but at the latest after all legal obligations to retain data have expired. A longer storage period exists if this data is still needed to charge or collect fees, to process complaints or to fulfil other legal obligations. In addition, access to the above-mentioned data is restricted.
Your usage data, insofar as this is not required for the purpose of charging fees, will be deleted in accordance with legal requirements, after legal obligations to retain data have expired.
It is also possible that instead of deleting the data, it may be made anonymous. In this case, any personal reference will be irretrievably removed, meaning that the obligations to erasure of data under data protection law will no longer apply.
What rights do you have?
You can exercise the following rights with regard to the processing of your data:
The rights to information and data erasure are subject to the restrictions of §§ 34 and 35 BDSG. If you wish to exercise any of the rights mentioned above, please use our contact details. We may need to request additional information to confirm your identity and protect your rights and your privacy, e.g. a copy of a valid ID with your signature.
If you think that the processing of your personal data violates any applicable legal requirements, you have the right to complain to a competent data protection supervisory authority (Art. 77 GDPR). We kindly ask you to contact us before, so that we can clarify any questions or concern you may have.