Data Protection and Privacy Policy

Term of use

Application guidelines:

  1. The CTR-portal and the provided services there may only be used for the intended purposes. A misuse is not allowed. Especially, it is not allowed to access the CTR-portal by other protocols beside HTTPS or to perform load tests.
  2. The user credentials (user name, password) may not be passed to thirds. This means that only you are allowed to login to CTR-portal.
  3. Every user may login to only one session at the same time.
  4. The safety and protection of the data downloaded from CTR-portal to your computer, is in your area of responsibility.

Data protection declaration

1. Name and address of the responsible

The responsible within the meaning of the General Data Protection Regulation (GDPR) is:

Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

2. Name and address of the data protection officer

The designated data protection officer of the responsible is:

Stefan Frings
Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

3. General information on data processing

3.1 Scope of personal data processing

DATANET GmbH as order processor provides different services that are recorded within an agreement of order data processing according to GDPR article 28. The provision of this website, which can only be used by personal login credentials furthermore, falls into these services. When calling the website, personal data will be processed even without accessing the protected area. In the following, you will find detailed description for this purpose.

3.2 Legal basis for processing of personal data

The legal basis for processing is article 6 (1) GDPR or a contract between client and contractor (DATANET GmbH) according to GDPR article 28. In the following, we will look at the individual points of article 6:

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 par. 1, point (a) EU General Data Protection Regulation (GDPR) serves as legal basis.

If processing of personal data is necessary to perform a contract to which the data subject is a party, art. 6, para. 1, point (b) GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar processing of personal data is required to fulfil a legal obligation to which our company is subjected to, art. 6, par. 1, point (c) GDPR is the legal basis.

In case processing is necessary in order to protect the vital interests of the data subject or another natural person, art. 6, par. 1, point (d) serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6, par. 1, point (f) GDPR acts as legal basis for processing.

3.3 Data erasure and storage periods

Personal data will be erased or locked as soon as the purpose to its storage does not apply anymore respectively by reaching deletion periods within a contract according to article 28 GDPR. Additionally, a storage of personal data can occur if European or national legislators appoint this under union laws or regulations to which the responsible is subjected to.

4. Collection and storing of personal data, type and purpose of its usage

4.1 Provision of the website and creation of logfiles

When calling our website, the systems automatically records data and information of the calling computer system.

Following details will be recorded:

  • IP-address of the user
  • Name and URL of the retrieved file
  • Date and time of the access
  • SSL TLS version / Cypher
  • Unsuccessful logins
  • Referrer-URL

After the authentication to the website, following additional details will be recorded:

  • >User agent of the user
  • >User account logged in
  • >Transaction changes to the database
  • >Login date and time
  • >Logout date and time

The data will be stored within the logfiles of our system. A summarized storing of logfiles and other personal data does not occur.

The named data will be processed for following purposes:

  • >Ensure to smoothly establish a connection to the website
  • >Ensure a comfortable use of our website
  • >Optimizing the website
  • >Ensure the security of our information technology systems
  • >Other administrative purposes
  • >Provide necessary information to prosecution authorities to pursue prosecution in case of cyber attacks

Article 6, par. 1, point (f) GDPR respectively article 28 GDPR acts as legal basis for processing. Our legitimate interest results from above-mentioned purposes to data collection. In no case, the recorded data will be used for marketing purposes.

4.2 Usage of cookies

Our website uses session-cookies. Cookies are small files that are created automatically by your browser and saved on the computer system of the user when calling our website. When calling the website, a cookie can be saved on the operating system of the user.

Session-cookies contain a session-ID by which the communication between the web browser of the user and our servers can occur. When closing the browser, the session-cookie will be erased automatically from the user’s terminal.

5. Transfer of data

A transfer of the data will occur only to provide services according to the contract between client and contractor. We will only pass the data to third parties in case there is a legal obligation (art. 6, par. 1, point (c) GDPR).

6. Rights of the data subject

You have the right to:

  • obtain information about your personal data processed by us according to GDPR article 15. Especially, you can demand information about the purpose of the data processing, the sort of the processed data, the sort of the recipients to which your data will be passed/have been passed, the planned storage periods, if you have a claim to correct, restrict the processing and erasure, contradiction, the exist of a right of appeal, the origin of your data if they were not collected by us, the exist of an automated decision-making including profiling and if necessary meaningful information to details.
  • obtain without undue delay the rectification of inaccurate personal data according to GDPR article 16.
  • obtain the erasure of stored personal data according to GDPR article 17 except the processing is necessary for exercising your right of freedom of expression, for compliance with a legal obligation in the public interest and for the establishment, exercise or defence of legal claims.
  • obtain restriction of processing your personal data according to GDPR article 18 if you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data, the data are required for the establishment, exercise or defence of legal claims or you have objected to processing according to GDPR article 21.
  • obtain the personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller according to GDPR article 20.
  • withdraw your consent at any time according to GDPR article 7, paragraph 2. This means that we are not allowed to continue processing your personal data, according to this consent, anymore.
  • lodge a complaint with a supervisory authority according to GDPR article 77. Usually, you can turn to a supervisory authority on your habitual residence or your place of work.
  • object your consent according to GDPR article 21.

In case that your personal data have been provided to us by a client within the scope of order processing, we will pass your request to the order processor and receive eventual directives by it.

7. Data security

Within the visit of our website, we use the common SSL-procedure (Secure Socket Layer). The highest encryption will be regularly negotiated between the web browser and the server. You can identify an encrypted data transmission to and from our website by an icon showing a key respectively a closed lock within the status bar of your web browser.

To save your data from random or intentional manipulations, partly or completely loss, destruction or unauthorized access, there are adequate technical and organisational measures that are defined and regularly checked. Our security measures will be improved corresponding the technological development.

8. Effectiveness and change of this privacy policy

This privacy policy is effective from May 2018.

Due to further development of our website and services or due to changed official or rather legally requirements, it may be possible to change this privacy policy.

The current privacy policy can be retrieved and printed by you by the website
This website uses SwissSign SSL-certificates for secure e-commerce and the exchange of confidential information.
About SSL-certificates