Data Protection and Privacy Policy

Term of use

Application guidelines:

1. The CTR-portal and the provided services there may only be used for the intended purposes. A misuse is not allowed.
Especially, it is not allowed to access the CTR-portal by other protocols beside HTTPS or to perform load tests.
2. The user credentials (user name, password) may not be passed to thirds. This means that only you are allowed to login to CTR-portal.
3. The safety and protection of the data downloaded from CTR-portal to your computer, is in your area of responsibility.

Data protection declaration

1. Name and address of the responsible

The provision and technical administration of the portal environment is managed by DATANET GmbH on instruction of multiple customers. The provision of services and the corresponding data processing is provided by DATANET GmbH as the processor for these customers. The respective customer is the controller for the processing of personal data in the terms of data protection laws, if relevant. DATANET GmbH's data protection officer can provide you information on the controllers for each customer project on request.

The controller in terms of the EU General Data Protection Regulation (GDPR) is:

Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

2. Name and address of the data protection officer

The designated data protection officer of the controller is:

Stefan Frings
Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

3. General about data processing

3.1 Scope of processing personal data

Acting as a processor, DATANET GmbH provides various services defined within the framework of a data processing agreement in accordance with Article 28 of the General Data Protection Regulation (GDPR). These services include the provision of this website, which can be used only via a personalized user account. Visiting this website leads to the processing of personal data even without accessing the password secured area. In the following points you will find a detailed description on this.

3.2 Legal basis for the processing of personal data

The legal basis is generally specified by the controller of the data processing. The following policy therefore is given with the reservation that the controller has not specified a different legal basis in the respective customer project. The legal basis is basically defined by the GDPR. They may also be specified in special laws, in particular Art. 26 BDSG (German Federal Data Protection Act) for the field of labour law.
Processing performed by this platform is necessary to fulfil a valid purpose in the meaning of Art. 6 para. 1 lit. f GDPR. The valid purpose is to supply a customer portal environment to provide the functionalities (e.g. reporting or contract management) and data (see chapter 4.3) agreed with the responsible persons as well as to secure the portal environment against unauthorized use.

3.3 Data erasure and storage periods

Any personal data of the person affected will be erased or blocked as soon as the purpose for storing the data is no longer applicable or as soon as the erasure periods defined in a contract according to Article 28 GDPR are exceeded. Furthermore, data may be stored if the European or national legislation provides for this in EU regulations, laws or other regulations to which the controller is subject. Storage periods are generally determined by the controller for data processing to be implemented through us. The relevant periods can be obtained from the controller (see also Chapter 4). If the controller is not known, the data protection officer of DATANET GmbH can be contacted for further information.

4. Recording and storing personal data, plus the nature and purpose of their use

4.1 Website provision and log file creation

With every visit of this website our system automatically records data and information from the calling computer system.
The following data is recorded:

  • User's IP address
  • Name and URL of the file retrieved
  • Date and time of access
  • SSL TLS Version / Cypher
  • Unsuccessful logins
  • Website from which access is taken (referrer URL)

After authenticating the user on the website, following additional data are collected:

  • User agent of the user
  • The user’s User Agent
  • Logged in user account
  • Date and time of login
  • Date and time of logout

The data are also stored in the system log files. These data are not stored in combination with other personal data. The data mentioned above are processed for the following purposes:

  • Historisation of transaction changes
  • Ensuring the connection to the website works correctly
  • Ensuring a convenient use of our website
  • Website optimisation
  • Ensuring the security of our IT systems
  • For further administrative purposes
  • To provide law enforcement authorities with the necessary information for law enforcement in the event of a cyber attack

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR and Art. 28 GDPR. Our legitimate interest follows from the purposes for data recording listed above. The default storage period for the listed data is 180 days. Different storage periods may be agreed in individual customer projects with the controller. The controller can provide information on this upon request. The data protection officer of DATANET GmbH will provide you with information on the controller for each customer project on request.

4.2 Usage of cookies

This website uses session cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user's computer. If a user loads a website, a cookie may be stored on the user's computer.

The session cookies include a unique session ID that allows the user's browser and our servers to communicate explicitly. Thus, a user does not need to log in each time he or she navigates to a new page.

This type of cookie and the related data processing is based on the legitimate objective according to Art. 6 para. 1 lit. f GDPR, whereby the legitimate objective is to offer a technical solution that is common on the market and as compatible as possible. After closing the web browser, the session cookie including the user data is deleted automatically from the user's computer.

4.3 Provision of customer-specific data by agreement

The object of the recording, processing and / or the use of personal data are the data types / categories agreed on with the respective controller in the data processing agreement. The following data can be included:
  • Organizational data
    (e.g. company code, cost center)
  • Technical data
    (e.g. telephone number, connection identification, contract number, customer number)
  • Usage and billing data
    (e.g. telecommunications data)

Persistent data required for regular processing will be stored for the duration of the project, but for no longer than the time required for processing and specified by the controller. This includes organisational data, personal master data and technical data. The default storage periods are 24 months for invoice and usage data and 3 months for usage data. Different storage periods may be agreed in individual customer projects with the controller. The controller can provide information on this upon request. The data protection officer of DATANET GmbH will provide you with information on the controller for each customer project on request.

5. Disclosure of data

Data will only be disclosed to third parties within the scope of the services required and upon instructions by the client or in cases for which we are legally obliged to disclose the data. (Art. 6 para. 1 1 lit. c GDPR). The controller will be informed immediately about the disclosure in the specific case.

6. Rights of the data subject

You have the right to:

  • access to the personal data processed by us pursuant to Art. 15 GDPR. In particular you have the right to obtain access information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to rectification, erasure, restriction of processing or object to such processing, the existence of right to lodge a complaint, information to their source as if the personal data are not collected by us, the existence of automated decision-making, including profiling, and in those cases, meaningful information about the logic involved;
  • Obtain without undue delay the rectification of inaccurate personal data or the right to have incomplete personal data completed pursuant to Art. 16 GDPR;
  • pursuant Art. 17 GDPR to obtain the erasure of personal data unless that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for purposes in the public interest or for the establishment, exercise or defence of legal claims;
  • pursuant Art. 18 GDPR to obtain the controller restriction of processing, insofar as the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data; we no longer need the personal data for processing, but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Article 21 GDPR;
  • pursuant Art. 20 GDPR to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
  • pursuant Art. 7 para. 3 GDPR to withdraw your once given consent to us at any time. As a consequence, we may no longer continue the data processing which was based on this consent for the future;
  • pursuant Art. 77 GDPR to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your habitual residence or your place of work;
  • pursuant Art. 21 GDPR to object.

Insofar as your personal data has been made available to us by the processor in the course of a data processing agreement, we will forward your request to the processor and accept corresponding instructions from him.

7. Data security

We use the common TLS (Transport Layer Security) method for our website. Usually the best encryption level is agreed between browser and server. The locked key or lock icon in the address bar of your browser indicates whether an individual page of our website is being transmitted in encrypted form.
In order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by thirds, we define, implement and regularly check appropriate technical and organisational security measures. Our security measures are continuously improved following technological developments.

8. Actuality and modification of this privacy policy

This data protection declaration represents the currently valid version (as of July 2024). As a result of the ongoing development of our website and services provided through it or due to any changes in legal or official requirements, it may become necessary to update this data protection declaration.

You can access and print out the current data protection declaration at any time on the website
This website uses SwissSign SSL certificates for secure e-commerce and the exchange of confidential information.
About SSL certificates