Skip to content

Eco Rating Privacy and Cookie Policy

The Consortium partners (“We”) consist of (Deutsche Telekom, Orange, Telefonica, Telia Company and Vodafone). We are joint controllers of personal data processed when you visit our website. We recognize that privacy is important to our customers and other stakeholders and we are committed to respect and safeguard your privacy.

We have developed this Privacy Notice for the Eco Rating website to:

  • Demonstrate our commitment and accountability to protect and respect your fundamental rights to data protection and privacy,
  • Explain how we collect, use and safeguard your personal data, and
  • Help you to understand how your personal data is collected and used and what rights you have.

When processing your personal data, we comply with applicable legislation such as the Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and other mandatory regulations and binding instructions issued by the competent authorities.

This Privacy Notice contains overall information regarding what personal data we process about you, for which purposes, with whom we share it, why we can process it, how long we store it and what rights you have. This Privacy Notice is applicable to all the visitors to our website and all persons that fill in the contact form.

1. Who we are?

We are the different companies that participate and collaborate in the Eco Rating initiative through the Consortium. Currently, the Consortium is formed by the following companies:

  • Deutsche Telekom AG, a Germany registered company with company number HRB 6794 having its registered office at Friedrich-Ebert-Allee 140, 53113 Bonn, Germany. Deutsche Telekom AG has appointed a Data Protection Officer who may be contacted at
  • Vodafone Sales & Services Limited, a UK registered company with company number 06844137 having its registered office at Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN. Vodafone Sales & Services Limited has appointed a Data Protection Officer who may be contacted at
  • Telefónica, S.A., a Spanish registered company with company number A28015865 having its registered office at 28013 Madrid, C/ Gran Vía, 28, Spain. Telefónica, S.A. has appointed a Data Protection Officer who may be contacted at
  • Orange, SA a French registered company with company number 380 129 866, having its registered office at 111, quai du Président Roosevelt 92130 Issy-les-Moulineaux, France. Orange has appointed a Data Protection Officer who may be contacted at
  • Telia Company AB, a Swedish registered company with registration number 556103-4249, having its registered office at Stjärntorget 1, 169 94 Solna, Sweden, has appointed a Data Protectino Officer who may be contacted at DPO   

In accordance with the GDPR, we act as joint controllers for the collection and processing of your personal data as explained in this privacy notice.

For the purposes of this privacy notice, you can contact us at

2. How do we collect your personal data?

We collect personal data that is provided by you when filling in the contact form, when you contact us by e-mail or when visiting our website.

3. What personal data do we process about you?

We process personal data such as your name and email address and the text you write in the contact form when filling it in. We also process personal data such as your IP address when you visit our website to the extent required in connection with the necessary cookies. For more details on our use of cookies and how to manage these, please see section 10 below.

4. For what purposes we process your personal data and what is the legal basis for it?

The overall purposes of the processing are to enable us to contact you and answer your questions regarding the Eco Rating initiative. The results will be used to answer visitors enquires in the best way possible.

We base our processing of your personal data on the GDPR article 6.1 (a) this is the consent to the processing you give us when you voluntarily contact us through the contact form.

Your personal data will be used by us only in a manner consistent with the purpose for which we obtained it. We do not process personal data in a manner that is inappropriate in view of the defined purpose.

If you are unsure how this Privacy Notice applies to you or if you have other questions related to this Privacy Notice, please contact us at

5. How do we safeguard your personal data?

Safeguarding your personal data is of the utmost importance to us.

We continuously work to protect our visitors’ interests. Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats to comply with applicable laws, regulations as well as with contractual demands.

Information security and ensuring appropriate protection of information about visitors is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to unauthorized parties. In addition, if we use personal data processors in the processing of your personal data, we require that these processors comply with applicable data protection requirements as required under applicable laws.

6. With whom do we share your personal data?

We share your personal data among the companies participating in the Eco rating consortium.

We also share your personal data:

  • To the Consortium’s service providers (IT service providers necessary for the maintenance of the Eco Rating website, Consortium technical secretariat service providers, courier service providers used to answer queries, etc. where So Design Ltd is our main partner at the moment) who will process your personal data according to our instructions as data processors for the purposes stated in this Privacy Notice.

We may also share your personal data:

  • In response to legal process or authority request to comply with applicable law or court order or relating to judicial proceedings or other legal process.

We also disclose personal data to competent authorities (e.g. to the police or emergency services) when required by law and always in accordance with strict predefined processes.

  • As required or otherwise authorized by law.
  • Regarding business transfers such as part of any merger, acquisition, sale of any of the companies in the consortium assets or transition of service to another company.

Your personal data may also be transferred outside the European Economic Area (“EEA”) in so far as such recipients are located outside the EEA. In case your personal data is transferred outside the EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the European Commission or competent data protection authority in accordance with the GDPR, with sufficient additional safeguards in place.

7.  How long do we retain your personal data?

We will retain your personal data for the period necessary to fulfil the purposes outlined above and aim not only to remove outdated or unnecessary information but to make sure that your personal data and other information are up-to-date and correct. If you withdraw your consent, we will no longer retain your personal data.

In any case, your personal data will be retained for a period not exceeding 3 months from the time it was collected.

8. What are your choices and rights?

You have different rights according to the GDPR. Depending on the situation and the processing purposes, you may have the right to:

  1. To request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Art. 15 GDPR)
  2. To request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR)
  3. To withdraw consent at any time with effect for the future (Art. 7 (3) GDPR)
  4. To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR)
  5. To request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to (c) above or object according to (d) above  
  6. To demand, under certain circumstances, the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR)
  7. To data portability, i.e., you can receive the data that you provided to us in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Art. 20 GDPR)
  8. to file a complaint about the data processing with the responsible supervisory authority (for telecommunications contracts: the German Federal Commissioner for Data Protection and Freedom of Information 
  9. withdraw your consent at any time (Right to withdraw consent)

You may exercise these rights by contacting us at

You also have the right to lodge a complaint with a supervisory authority of the member state of your habitual residence, place of work or the place of the alleged infringement.

9. How to find out about changes to this Privacy Notice?

We may need to update this Privacy Notice as our operations and services develop, when we do, we will post this in our website. If we make material changes to this policy, we will notify you means of a notice on our home page. In the event of changes or updates to this privacy notice, we will sufficiently inform the data subjects of the changes made by the means deemed appropriate according to the relevance of the changes made.

10. How we use cookies

We use strictly necessary cookies to help make our website work efficiently.

11. Controlling your cookies

You can control the use of necessary cookies through your browser settings.


Please find below a list of the cookies and similar technologies that we use at These cookies are set by us.

Cookie name: wires
Cookie domain:
Category: Session cookie
Purpose: To provide security features like csrf protection on the contact form
Duration: Session

Cookie name: theme
Cookie domain:
Category: Functional Cookie
Purpose: To remember your theme preference if you have selected light or dark mode
Duration: 1 year

Last updated: 14 May 2021