• Home
  • Privacy Notice S/4Hana

Privacy Notice: IT System SAP S/4HANA

Protecting your personal data is of great importance to DFMG Deutsche Funkturm GmbH (DFMG). It is important to us to inform you about which personal data are collected and how they are processed.

1. Who is responsible for the data processing?

The controller is DFMG Deutsche Funkturm GmbH, Werkstättenstraße 37, 51379 Leverkusen. If you have any questions, please contact your Data Protection Officer at datenschutz@dfmg.de.

2. We use the following data:

  • User data for persons who log into the system: email address, name (first and last name), division/department, password (encrypted), phone number
  • Timestamps: system login, system logout

3. Purpose and legal basis:

We require the data for user authentication/authorization and to ensure proper system operation.

The legal basis for DFMG employees is Article 6(1)(b) GDPR and, additionally, Article 6(1)(f) GDPR. Data relating to employees of commissioned service providers or business partners are processed on the basis of Article 6(1)(f) GDPR. The legitimate interest here is the effective and secure handling of business processes, including by external business partners.

4. We delete the data

We process your personal data for as long as this is necessary to fulfil our contractual and legal obligations. If the data are no longer required for these purposes, they are regularly deleted, unless temporary further processing is necessary for other reasons, such as statutory retention obligations or for the assertion or defence of legal claims.

5. To whom does DFMG disclose my data?

To processors: These are companies that we commission to process data within the legally prescribed framework, Art. 28 GDPR (service providers, vicarious agents). DFMG remains responsible for the protection of your data even in this case. Our current processors are: T-Systems (application operations & troubleshooting); o.s. (IT operations and IT support); DTSE (financial accounting); Sumerius (financial accounting in contract management). Within DFMG, DFMG Corporate Functions GmbH acts as a processor in the areas of IT support and financial accounting.

To third parties: In certain cases we may disclose your data to third parties who process your data under their own responsibility, e.g., legal advisers or auditors. We may also be legally obliged, or there may be a legitimate interest, to transfer data to public authorities.

6. Where are my data processed?

Your data are generally processed in Germany and in other European countries. If we nevertheless have to process your data in a third country outside the European Union, the data transfer is safeguarded by an adequacy decision, EU Standard Contractual Clauses, or comparable protection mechanisms.

7. To what extent is there automated decision-making?

As part of S/4HANA, we generally do not use fully automated decision-making in accordance with Art. 22 GDPR. Should this procedure be used in individual cases, you will be informed separately in accordance with legal requirements.

8. What data protection rights do I have?

You may: request information; request the rectification and/or completion of inaccurate or incomplete data; withdraw any consent given at any time with effect for the future; request the deletion of data if the data are no longer necessary for the intended purpose or are unlawfully processed, or if you withdraw consent (unless there is another legal basis for processing), or if data were unlawfully processed, or if deletion is necessary to comply with a legal obligation; under certain conditions, request the restriction of the processing of data if deletion is not possible or if the obligation to delete is disputed; request data portability under the conditions of Art. 20 GDPR; lodge a complaint with a data protection supervisory authority about the data processing.

Right to object::

If the responsible company processes your data to safeguard legitimate interests, you may object to this processing if reasons arising from your particular situation speak against such processing. The responsible company will then end this processing unless it serves compelling legitimate interests on its part that prevail.

9. Data security
We and our processors use technical and organisational measures to ensure the security of your personal data. In particular, the measures aim to ensure the confidentiality, integrity and availability of your data and the long-term resilience of our systems. This also includes encrypting the systems.


Status of the privacy notice: 30/04/2026