HLkomm Telekommunikations GmbH data protection information

 

Our company processes personal data relating to various data subjects. These could be contacts and employees of customers, suppliers, authorities and other institutions. We take great care when processing this data and comply with the data protection laws that apply to us. These include, most notably, the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications Telemedia Data Protection Act (TTDSG) and the Telecommunications Act (TKG).

We are obliged to inform data subjects about the particulars at the time their personal data is collected. On this page you will find all the important general information as well as details of different processing situations and groups of data subjects.

1. General information

Who is responsible for data processing?


HL komm Telekommunikations GmbH
Nonnenmühlgasse 1, 04107 Leipzig

Telephone: +49 (0) 341 86970
Fax: +49 (0) 341 8697499
Email: business@pyur.com

How can I get in touch with the Data Protection Officer?

Sabine Pernikas
MORGENSTERN Rechtsanwaltsgesellschaft mbH
Große Himmelsgasse 1, 67346 Speyer
Telephone: +49 (0)6232 1001 190
Email: datenschutz@business.pyur.com

How does data processing work within the Tele Columbus Group?

HL komm Telekommunikations GmbH is part of the Tele Columbus Group. Within the Group, your personal data will be transferred to certain companies if those companies perform data processing tasks centrally for the companies affiliated in the Group (e.g. accounting, legal department, purchasing). As a rule, data processing is carried out in the context of commissioned data processing pursuant to Art. 28 of the German Data Protection Regulation (GDPR). If you have a contractual relationship with one of the Group companies, then that company is responsible for the data processing that takes place.

What data subject rights do I have?

In principle, you have a right to information (Art. 15 GDPR), correction (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data transfer (Art. 20 GDPR). Fulfillment of these rights is dependent on the existence of certain conditions, and there are exceptional situations in which the aforementioned rights do not apply. Data erasure may, for example, be precluded by statutory retention obligations.

If we process personal data to protect our legitimate interests pursuant to Art. 6 (1) f) GDPR, then you have a general right of objection. Insofar as there are special reasons arising from your particular situation and we have no overriding interest in the processing activities, we will stop the processing activities if you file an objection. If you object to direct advertising, your data will no longer be processed for this purpose.

Can I revoke consent that I have given?

If we require your consent to process your personal data, we will explicitly request this from you. Consent can be revoked at any time with effect for the future. The data processing activities that have taken place up to that point (e.g. use of an email address for advertising) are not affected by this.

Who do I address a complaint to?

You have the right to complain to the responsible data protection supervisory authority at any time..

2. Website

What happens when I browse the website?

When you access our website and view the website content, certain data is automatically collected and stored in server log files. In particular, usage data such as browser type/version, operating system used, referrer URL (the page visited previously), IP address of your end device and time of server request are processed.

The permissibility of this processing activity is pursuant to Art. 6 (1) f) GDPR (legitimate interest). We want to showcase our company as well as our services on a website and make it easy for people to get in touch with us. That is imperative in this day and age. The data processing activities described above are necessary in order for you to access the website.

The IP address is stored as far as this is appropriate for data security and clarification or prevention of security or data protection breaches. The storage period is usually no longer than three (3) months. In the event of a criminal complaint or the enforcement of claims against persons who have committed security or data protection violations, the data may be stored and used until final clarification or enforcement of claims.

What data is processed when the contact form is used?

If you have any questions or would like to request a specific quote for our services, you can make use of the contact form. In this contact form, various information is requested so that we can assign and process your inquiry more efficiently. Alternatively, you can contact us by email. We process the data you provide so that we can respond to your inquiry.

The permissibility of these processing activities is governed by Art. 6 (1) b) of the German Data Protection Regulation (GDPR) (pre-contractual measure) and Art. 6 (1) f) GDPR (legitimate interest). We regularly process the personal data of employees and other contacts so that we can communicate with our future customers. We are not able to respond to you if you do not provide us with your data. Therefore, providing this information is necessary if you wish to contact us and initiate contract negotiations.

We store your inquiry for the duration of the contract initiation period, and beyond if a contract is concluded. Otherwise, the message history will be deleted.

How do cookies work on the website?

We use a wide range of cookies on our website. These are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. They have various functions, which you can read about in our Cookie Consent Management Tool.

Depending on the cookie in question, the permissibility of data processing is governed either by Art. 6 (1) f) GDPR (legitimate interest) or Art. 6 (1) a) GDPR (consent). You can also find more information about this in our Cookie Consent Management Tool. Depending on the cookie in question, the data is either processed automatically or you provide your personal data voluntarily.

The cookies used have different purposes and therefore different storage periods. However, we have configured the website in such a way that cookies that are no longer required are deleted immediately. You can also check how long each cookie is stored on your computer in the Cookie Consent Management tool.

Who is my personal data passed on to?

In running the website, we use a range of service providers who may gain access to personal data in the course of their activities. These service providers include, in particular, data centers, software providers and IT service providers (known as “processors”). We have bound these service providers to a special contract and assessed their reliability beforehand.

As we have embedded some external services in the website, data is also transmitted to other companies. These are the providers of the tools we integrate, who primarily receive usage data such as the IP address.

The type of inquiry you send us will determine which of our company’s employees is responsible for processing it. Your information will also be forwarded internally and kept available for review.

Should legal disputes ever arise, there is the possibility that your data will be passed on to lawyers and courts. In the course of audits, we are also required to disclose documents that are relevant for tax purposes, which is why tax advisors and tax authority may also gain knowledge of your data in this case.

Does my data leave Europe?

For some of the services we integrate into the website, data is transmitted to what are known as third countries. These are countries outside the EU or EEA. In such cases, we have contractually agreed with our service provider (e.g. Google Ireland Ltd) to comply with a certain level of data protection by way of the standard data protection clauses approved by the EU Commission.

 

3. Advertising

Why do I receive advertising by post?

We send advertising by post to draw attention to new products and special offers. For this purpose, we use the postal addresses of customers and interested parties that are available to us. We also write to owners and tenants on a regular basis when we have been commissioned to expand the network in an area. In these cases, we receive the data from our cooperation partners (mostly municipalities or individual authorities).

Why is this processing activity permitted?

Using postal addresses for advertising purposes is permitted by law under Art. 6 (1) f) GDPR (legitimate interest). As a company, it is essential for us to attract new customers and offer new services to existing customers. Only by entering into new contracts can our company operate sustainably and compensate for expiring contracts, for example.

Are you obliged to provide your data?

Providing data for promotional purposes is, of course, voluntary. You can object to the data being used at any time.

How long will your data be stored for?

If we are not permitted to use data pertaining to existing customers for advertising purposes, processing activities in our systems will be restricted accordingly. If a contractual relationship does not yet exist, we store the data until the advertising measures have come to an end or until we receive an objection to the advertising activities.

 

4. Customers and employees of customers

Why is my data processed?

We have contact with our customers and their employees in the course of fulfilling contracts. We process your personal data in the course of the contractual relationship we have with you or your employer, which includes, in particular, collecting and forwarding your contact details and using them to communicate with you. As a rule, only the information that you yourself provide to us and that arises from the contractual relationship (e.g. contact with our employees, support requests, contract negotiations) is processed. When business transactions are processed, documents that are relevant under tax law are also created, such as commercial or business letters, invoices and accounting vouchers, which may contain your personal data. These documents are stored by us in order to comply with statutory retention obligations.

Why are the processing activities permitted?

Processing of your personal data is legally permitted for the purpose of managing the contractual relationship in accordance with Art. 6 (1) b), f) GDPR (contract, legitimate interest). This concerns all processes that are specifically related to the contract (e.g. storage of your personal master data, preparation of quotations and invoices). Communication with you and inspection of contractual processes by tax advisors and auditors are also recorded. Storage of certain documents is permitted under Art. 6 (1) c) GDPR (legal obligation).

Are you obliged to provide your data?

Providing the personal data we request is necessary, as it enables us to provide the services we are contractually obligated to provide. Otherwise, we will not be able to fulfill the terms of the contract with you or your employer. That said, we only collect information that is truly necessary and customary.

Is your data passed on to other parties?

Your personal data will be processed and noted by our employees in the course of fulfilling the terms of the contract. There is also the possibility that tax-relevant documents – and therefore also the personal data contained therein – may be viewed by supervisory authorities, auditors, lawyers or tax consultants. We also use some service providers who may gain knowledge of your personal data in the course of providing their services (e.g. when maintaining our IT systems, hosting our database, or destroying paper forms). When collecting outstanding debt, we use collection service providers to whom we provide the documents required to enforce our claims.

Disclosure and/or inspection of your personal data always takes place on the basis of legal authorization or lawful order processing.

How long will your data be stored?

Initially, your personal data will be stored as part of the contract initiation process. Thereafter, your personal data will be stored upon provision of the service. The duration of the storage period is primarily based on the legal storage obligations of 6 and 10 years under the German Commercial Code (HGB) and the German Fiscal Code (AO). General information such as name and contact details are also stored and used beyond the scope of the statutory retention obligation in order to be able to track contractual processes and to remain in contact with you as a contact person. Inventory data is stored for the duration of the contract. Upon termination of the contract, it is deleted after a reasonable period of time. This is usually 6 months, unless there are outstanding claims relating to the contractual relationship on our part.

 

5. Employees of suppliers and service providers

Why is my data processed?

In the course of fulfilling the terms of contracts, we have contact with the employees of our suppliers and service providers and obtain their personal data. We process your personal data in the course of the contractual relationship we have with you or your employer, which includes, in particular, collecting and forwarding your contact details and using them to communicate with you. As a rule, only the information that you yourself provide to us and that arises from the contractual relationship (e.g. contact with our employees) is processed. When business transactions are processed, documents that are relevant under tax law are created, such as commercial or business letters, invoices and accounting vouchers, which may contain your personal data. These documents are stored by us in order to comply with statutory retention obligations.

Why are the processing activities permitted?

Processing of your personal data is legally permitted for the purpose of managing the contractual relationship in accordance with Art. 6 (1) b), f) GDPR (contract, legitimate interest). This concerns all processes that are specifically related to the contract (e.g. storage of your personal master data, communication when negotiating conditions, storage of work results). Communication with you and inspection of contractual processes by tax advisors and auditors are also recorded. Storage of certain documents is permitted under Art. 6 (1) c) GDPR (legal obligation).

Are you obliged to provide your data?

Providing the personal data we request is necessary, as it enables us to fulfill the terms of the contract with your employer. Otherwise, this will not be possible. That said, we only process information that is truly necessary and customary for fulfilling the terms of the contract.

Is your data passed on to other parties?

Your personal data will be processed and noted by our employees in the course of fulfilling the terms of the contract. There is also the possibility that tax-relevant documents – and therefore also the personal data contained therein – may be viewed by supervisory authorities, auditors, lawyers or tax consultants. We also use some service providers who may gain knowledge of your personal data in the course of providing their services (e.g. when maintaining our IT systems, hosting our database, or destroying paper forms).

Disclosure and/or inspection of your personal data always takes place on the basis of legal authorization or lawful order processing.

How long will your data be stored?

Initially, your personal data will be stored as part of the contract initiation process. Thereafter, your personal data will be stored upon provision of the service. The duration of the storage period is primarily based on the legal storage obligations of 6 and 10 years under the German Commercial Code (HGB) and the German Fiscal Code (AO). General information such as name and contact details are also stored and used beyond the scope of the statutory retention obligation in order to be able to track contractual processes and to remain in contact with you as a contact person.

 

6. Telecommunications subscriber

Why is my data processed?

When using our telecommunications services, the personal data of all subscribers is processed. We process a variety of traffic and usage data when providing services, insofar as this is necessary to set up and maintain telecommunications, to bill charges or to set up additional connections. We also process this data to ensure communication between the recipient and the sender and to detect, isolate and eliminate faults or errors in telecommunications equipment.

Traffic data includes, for example, the number or identifier of the connections involved, the IP address/ IP address history, the service used, the duration, date and time of the respective connection, the volume of data transmitted (if the charge to be paid is determined on the basis of volume) or PINs (for digital cable TV). Usage data are characteristics that identify the user, information about the beginning and end as well as the extent of the usage and information about the telemedia used by the user.

As we provide telecommunication services, content processing is not excluded. With the services we provide, we enable exchange between communication subscribers and forward audio content in particular. The content of the communication is subject to telecommunications secrecy and is afforded special protection. Storage only takes place if you have requested it or if it is necessary as part of the service used (e.g. voicemail, email, mailbox).

Why is processing permitted?

The processing activities outlined are permitted on the basis of Art. 6 (1) b) GDPR (contract) and Section 9 (1) TTDSG (processing of traffic data to set up and maintain telecommunications, to bill charges or to set up additional connections). The permissibility of data processing is also governed by Section 10 TTDSG (determination and billing of charges as well as transmission of traffic data to other companies).

Are you obliged to provide your data?

The data accumulates automatically. If traffic and usage data were not processed, you would not be able to use our telecommunications services. You and the other subscribers determine what content is processed.

Is your data passed on to other parties?

As a telecommunications company, we are required by various special regulations to provide information about the inventory and traffic data we process. This obligation arises primarily in connection with the German Telecommunications Telemedia Data Protection Act (TTSDG), the German Telecommunications Act (TKG) and the German Telemedia Act (TMG). The recipients defined in these laws are, for example, the German Federal Network Agency, courts, law enforcement agencies or the German Office for the Protection of the Constitution.

Under the conditions of Section 101 of the German Copyright Act (UrhG), we are also obligated, upon presentation of a court order, to provide owners of copyrights and ancillary copyrights with information about customers who have committed legal infringements using the internet access provided (e.g. by offering copyrighted works on internet file-sharing networks).

Data is transferred to other network operators or telecommunications service providers if this is necessary to provide the selected service. This applies in particular to the provision of connections to other destination networks or the receipt of connections from other source networks for the purpose of your connection. In addition, data is exchanged with connection network operators if you use services provided in what is known as a connection network (e.g. 0800, 0180, 0900, 0137 services).

In some cases, we also use commissioned processors for processing traffic and inventory data or for general management of the contractual relationship. These processors have been carefully selected and are contractually bound to our instructions.

How long is your data stored?

We delete the traffic data required for calculating the charge no later than 6 months after sending the relevant invoice. If you raise objections regarding the amount, the traffic data concerned will not be deleted until these have been conclusively clarified. Traffic data that is not relevant for billing will be deleted in accordance with the requirements of Section 176 TKG. Any further storage only takes place in exceptional cases regulated by law (e.g. fault elimination, clarification and prevention of misuse).

The storage period is determined by the telemedium used in each case. Please read the respective data protection declaration stored there if you would like to learn more about this.

The storage period for content data is determined in the relevant contract that is concluded with you and is usually no longer than 90 days.

 

7. Applicant

Why is my data processed?

You have the opportunity to apply for open positions on our website and the job portals we use. To do so, you need to provide us with various information and documents. We process your personal data in order to work through the application process, to view and evaluate your documents and to assess your credentials in this context. Furthermore, we use your personal data to communicate with you and to agree on a date for an interview.

What makes the processing activity permissible?

Processing of your personal data is expressly permitted by law according to Section 26 (1) BDSG (implementation of the application procedure). This concerns all processes that are specifically related to your application. This includes, in particular, the storage of your personal master data, communication with you and the assessment of your performance and qualifications. In individual cases, permissibility of processing may be based on Section 26 (3) BDSG (consent). This applies, for example, to inclusion in our applicant pool or disclosure of your application to other Group companies.

Do you need to make your data available?

Providing the information we request during an application process is essential if you wish to take part in the application process. Without this data you cannot be considered. If the processing activity is carried out on the basis of your consent, then you can provide your data at your own discretion, of course.

We do not require you to provide special categories of personal data (racial or ethnic origin, religious or ideological beliefs, health) as part of the application process. If such information is nevertheless provided, this is done on a voluntary basis and has no effect on the selection decision.

Is your data passed on to other parties?

Your application documents will be reviewed by our HR department and the relevant department heads (depending on the job you have applied for). We also use some service providers who may gain knowledge of your personal data in the course of providing their services (e.g. when maintaining our IT systems, hosting our database, or destroying paper forms). Disclosure and/or inspection of your personal data always takes place on the basis of legal authorization or lawful order processing. If you have given your consent, your application documents will be passed on to other Group companies.

How long will your data be stored for?

Your personal data will be stored for the first time upon receipt of your application. If your application is rejected, your application documents and data will be kept for 6 months and then deleted. If you have given your consent, your application documents will be kept for a longer period (until you revoke your consent or for a maximum of 2 years).

 

8. Online meetings using Microsoft Teams

Why is my data processed?

We use Microsoft Teams to conduct online meetings in the course of communicating with contractors and other individuals. Using real-time video and audio transmission, and being able to view documents at the same time makes it easier for us to discuss and coordinate matters with you. You do not need to create your own user account to take part in an online meeting. All you need to do is join the meeting by clicking the link we provide. When taking part in an online meeting, various metadata (e.g. IP address, device/hardware information), connection data (e.g. call number, country name, start and end time), and diagnostic and content data (e.g. audio, video) are processed. Diagnostic data processed when using Microsoft Teams contains a unique ID generated by the software provider that allows the data to be uniquely assigned to a user (e.g. client ID, user ID, duration of service use, event ID, program language). This data is processed in order to make Microsoft Teams available, to improve and update it, and to maintain security. The content processed in an online meeting is determined by the specific occasion at hand. Generally speaking, the content is audio and video signals.

What makes the processing activity permissible?

The permissibility of this processing activity is pursuant to Art. 6 (1) f) GDPR (legitimate interest). Holding meetings between multiple stakeholders with the ability to share content and see each other despite being in different locations is essential for contractual collaboration. Nowadays, online meetings are an important tool for effective communication and an indispensable part of everyday business life. We chose Microsoft Teams because this software is used by many companies and is best suited to our needs.

Are you required to use the software?

Meta data and connection data is information that is processed automatically. If you don’t use the software, it won’t be possible to establish a connection to you and the end devices used. The (necessary) diagnostic data is automatically collected during use. The provider needs this data to be able to make the software available without errors. You can determine which content data is processed. You can turn off the camera or microphone at any time and stop any processing carried out in this way. Use of the chat function is also voluntary. However, you might not have the opportunity to actively participate in the online meeting.

Is your data passed on to other parties?

The content data you share via Microsoft Teams can be seen by the other online meeting participants. Please decide what content, if any, you would like to disclose to the relevant group of participants. We use Microsoft Teams as a ‘Software as a Service’, using the Microsoft Corporation (located at One Microsoft Way, Redmond, WA 98052-6399, USA) as processor .

Is data transmitted to third countries?

The application is hosted in a data center in Germany or the European Union. The diagnostic data generated is transmitted to the Microsoft Corporation in the USA, evaluated and then used to ensure that functions can be provided in an error-free manner. By using certain contractual provisions (standard EU contractual regulations), the Microsoft Corporation ensures that a sufficient level of data protection is also ensured in the USA. These regulations were last updated in November 2020.

How long will your data be stored?

Your data will be stored for the first time when you join an online meeting through Microsoft Teams. No recording takes place. Similarly, chat content is not stored beyond the duration of the online meeting. The provider itself stores, in particular, the meta data, connection data and diagnostic data for evaluation as well as maintenance and improvement of the software. You can view Microsoft’s exact storage periods.

 

9. Facebook

What does shared responsibility mean?

We run a Facebook profile which we use to make information publicly available, place advertisements, and communicate with users.

The data processing that takes place when our profile is accessed takes place in the context of shared responsibility between ourselves and the social network.

This is a special case under data protection law pursuant to Art. 26 GDPR. For this reason, we have concluded a contract with the social network that regulates compliance with data subject rights in particular.

.

Facebook is operated by Facebook Ireland Ltd. The provider network is primarily responsible for the processing of the Insights data with regard to the fact that a legal basis exists. You can reach Facebook Ireland Ltd. at the following contact details: Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2.