Telekom Cloud Marketplace: Contracts, data protection & compliance

The Microsoft Customer Agreement (MCA) is the standardised customer agreement that you must agree to in order to purchase and use Microsoft cloud services through a Cloud Solution Provider (CSP) such as Deutsche Telekom. The current MCA can be found on this page with Microsoft contract documents.

The MCA is directly linked to your Microsoft tenant. You must confirm the agreement before making a new booking if:

• You do not yet have a Microsoft tenant (e.g. as a new customer)
• You have not yet accepted the current version of the MCA.

There are two ways to accept MCA as a customer, depending on which option you choose when booking:

• Customers who make their own bookings in the Telekom Cloud Marketplace will see the MCA and the consent form directly in the booking process.
• Customers who have their booking made by the Telekom team will receive a link (valid for 7 days) from their contact person, which they can use to view and accept the MCA.

Information about the GDPR, AV contracts and the current versions of all AVCs can be found at https://geschaeftskunden.telekom.de/business/hilfe-und-service/dsgvo

AVV (or AV) stands for order processing agreement. This is the agreement concluded between Telekom Germany and you as a customer for a specific product (e.g. Microsoft Online Services) and regulates the handling of personal data in detail. With the AV agreement, Telekom Germany undertakes to comply fully with the provisions of the GDPR regarding the collection, processing and use of personal data. If you wish to process personal data when using an application, you must conclude a contract with Telekom Germany for the processing of personal data in accordance with Articles 27/28 GDPR. You must check yourself whether the data you wish to process is personal data. Many applications do not allow personal data to be processed. In this case, an AVV is generally not necessary.

In the Telekom Cloud Marketplace, we process some personal data such as your login and company details. The collection and processing of this data is subject to Article 6 GDPR (legitimate interest/contract performance) – therefore, no separate data processing agreement is required in this case.

Purchase process: Before completing the purchase process, you will be taken to a page where you must confirm the terms and conditions and the AVV via a checkbox. There is a download link there.

You will be actively informed by us via email of all relevant changes to the AVV (for example, if a sub-processor changes). Please therefore ensure that the email address you provided when registering on the TelekomCLOUD portal is up to date and accessible.

Such changes do not entitle you to a special right of termination – however, you may terminate existing contracts at any time with due notice to the end of the current booking period.

You can discuss general questions about order processing and the GDPR with your IT lawyer. If you have specific questions or requests regarding the AVV provided by Telekom Germany, please contact customer service by telephone at +49 800 33 04444 or via the contact page.

In principle, it is the customer's responsibility to check the suitability of Microsoft online services for customer-specific purposes. Telekom does not perform this check. However, we are happy to provide you with the documents to support your own check (see next question).

Two documents containing information for persons bound by professional secrecy are particularly relevant for persons bound by professional secrecy.

1. Microsoft information for persons bound by professional secrecy Microsoft provides a special supplementary 
   agreement to the MCA (Microsoft Customer Agreement) for persons bound by professional secrecy. This can also be found as a note in the document "Additional Terms and Conditions for Microsoft Online Services (Office 365/Microsoft 365/Dynamics 365/Azure)", which you can view on this page.We will be happy to
   provide you with the supplementary agreement on request. Please contact our customer service team by telephone on +49 800 33 04444 or via the contact page.
2. Telekom information for persons bound by professional secrecy
   Telecom regulations for persons bound by professional secrecy relating to the use of Microsoft online services can be found in our AV for Microsoft online services. You can access these at the following link: https://geschaeftskunden.telekom.de/business/hilfe-und-service/dsgvo

The EU Digital Operational Resilience Act (DORA) is an EU regulation that requires financial companies and their IT service providers to implement robust measures against cyber risks, system failures and IT disruptions.

All financial companies in the EU and their critical ICT service providers are subject to regulation. Microsoft is considered affected if it provides cloud, communications or security services to banks, insurance companies or other regulated financial companies.

DORA strengthens confidence in Microsoft's cloud and IT services, enables it to act as a strategic partner in the European financial sector, and supports compliance with high compliance and security standards.

For customers subject to the additional regulatory requirements of the DORA Regulation, Microsoft has additional terms and conditions to the Microsoft Customer Agreement (MCA). The rights and obligations set out in the Financial Services DORA Addendum (also known as the DORA Addendum) apply to both parties.

We will be happy to provide you with the supplementary agreement for financial services and for DORA upon request. Please contact us for further information. 

To customer service – by telephone on +49 800 33 04444 or via the contact page.

Microsoft has published an mapping document that maps the relevant contractual documents to the key provisions in DORA Article 30 and other regulatory requirements, including RTS 53 on subcontracting. Supplementary comments explain how each requirement is met.

These contracts are included in the allocation document:

• Existing contracts
• New DORA addendum for eligible financial companies, which:
  • Describes cooperation with key suppliers
  • Ensures the protection of customer data in accordance with the provisions of the regulation
  • Offers additional termination rights in the event of significant changes
  • Contains provisions on monitoring and reporting

Further documents:

• Product conditions
• Data Protection Amendment (DPA)
• Security and data protection regulations
• Service Level Agreement (SLA) for Microsoft Online Services
• Enterprise Agreement (for corporate customers)
• DORA addendum
• Financial Services Agreement (FSA) (for eligible financial services customers)

The assignment document is available on the Microsoft Trust Centre website Authorised financial services customers can view and download the document there. It also contains further links to the contract and compliance resources referenced in the document.