Data Protection and Privacy Policy

Term of use

Application guidelines:

1. The CTR-portal and the provided services there may only be used for the intended purposes. A misuse is not allowed.
Especially, it is not allowed to access the CTR-portal by other protocols beside HTTPS or to perform load tests.
2. The user credentials (user name, password) may not be passed to thirds. This means that only you are allowed to login to CTR-portal.
3. The safety and protection of the data downloaded from CTR-portal to your computer, is in your area of responsibility.

Data protection declaration

1. Name and address of the responsible

The provision and technical operation of the portal environment is carried out by DATANET GmbH on behalf of a large number of customers. The provision of services and the associated data processing are provided by DATANET GmbH as the processor for these customers. The respective customer is accordingly the person responsible within the meaning of data protection law, where relevant. The data protection officer of DATANET GmbH will be pleased to provide information on the persons responsible for each customer project on request.

he responsible within the meaning of the General Data Protection Regulation (GDPR) is:

Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

2. Name and address of the data protection officer

The designated data protection officer of the responsible is:

Stefan Frings
Hardtbrücke 7 – 13
53902 Bad Münstereifel

Tel.: +49 2257 9528 0

3. General information on data processing

3.1 Scope of personal data processing

As a contract processor, DATANET GmbH provides various services which are set out in a contract processing agreement in accordance with Article 28 of the Basic Data Protection Regulation (GDPR) These services include, among other things, the provision of the website visited here, which can only be used by personalized user access. By visiting this website, personal data is already processed even without access to the protected area. You will find a detailed description of this in the following points.

3.2 Legal basis for processing of personal data

The legal basis is generally determined by the data controller. The following provision is therefore subject to the proviso that the person responsible has not specified a different legal basis in the respective customer project. The legal basis is generally determined by the GDPR, but may also be defined in special laws, in particular § 26 BDSG for the area of employees.
Processing by this platform is necessary to safeguard a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. The legitimate interest here consists in the provision of a customer portal solution to provide the functionalities (e.g. reporting or contract management) and data (see Section 4.3) agreed with the responsible parties and to secure the portal environment against unauthorized use

3.3 Datenlöschung und Speicherdauer

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies or as soon as the deletion periods stipulated in a contract pursuant to Article 28 GDPR are reached. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject.
Storage periods are generally determined by the person responsible for data processing and implemented by us. The respective periods can be obtained from the data controller (see also Chapter 4). If the person responsible is not known, the data protection officer of DATANET GmbH can be contacted for further information.

4. Collection and storing of personal data, type and purpose of its usage

4.1 Provision of the website and creation of logfiles

When calling our website, the systems automatically records data and information of the calling computer system.
Following details will be recorded:

  • IP-address of the user
  • Name and URL of the retrieved file
  • Date and time of the access
  • SSL TLS version / Cypher
  • Unsuccessful logins
  • Referrer-URL

After the authentication to the website, following additional details will be recorded:

  • User agent of the user
  • User account logged in
  • Transaction changes to the database
  • Login date and time
  • Logout date and time

The data will be stored within the logfiles of our system. A summarized storing of logfiles and other personal data does not occur.
The named data will be processed for following purposes:

  • History of transaction changes
  • Guarantee a smooth connection of the website
  • Guarantee a comfortable use of our website
  • Optimization of the website
  • Ensuring the security of our information technology systems
  • for other administrative purposes
  • to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack

The legal basis for data processing is Art. 6 para. 1 sentence 1 letter f GDPR or Art. 28 GDPR. Our legitimate interest is based on the above-mentioned purposes of data collection, the standard period for deletion of the data is 180 days. In individual customer projects, deviating storage periods may be agreed with the person responsible. The responsible person will provide information on this upon request. The data protection officer of DATANET GmbH will provide you with information on the person responsible for each customer project on request.

4.2 Usage of cookies

Our website uses session cookies. Cookies are text files that are stored on the user's computer system in the Internet browser or by the Internet browser. If a user calls up a website, a cookie can be stored on the user's operating system.

The session cookies contain a session ID with which the user's browser and our servers can communicate uniquely, so that a user does not have to log in again each time a user changes an interface. This type of cookie and the associated data processing is based on the legitimate interest pursuant to Art. 6 (1) lit. f GDPR, whereby the legitimate interest is to offer a technical solution that is customary in the market and as compatible as possible. After closing the browser, the session cookie including the user data is automatically removed from the user's terminal device.

4.3 Provision of customer-specific data according to agreement

The object of the collection, processing and/or use of personal data is the data types/categories agreed upon in the order processing agreement with the respective data controller.
These can be the following data:
  • Organizational data
    (e.g. company code, cost center)
  • Technical data
    (e.g. telephone number, connection identification, contract number, customer number)
  • Usage and billing data
    (e.g. telecommunications data)

Persistent data required for regular processing will be kept for the duration of the project, but not longer than required for processing and as specified by the responsible person. This includes organizational data, personal master data and technical data. The standard deletion periods for usage and invoice data are 24 months for invoice data and 3 months for usage data. In individual customer projects, different retention periods may be agreed with the person responsible. Information on specific deletion periods and data retained can be obtained from the person responsible on request. The data protection officer of DATANET GmbH will provide information on the person responsible for each customer project on request.

5. Transfer of data

A possible passing on of the data is only carried out in the sense of the services to be rendered and on the instruction of the client or where we are legally obliged to pass on the data (art. 6 para. 1 p. 1lit. c GDPR). In the specific case, the person responsible will be informed immediately about the transfer.

6. Rights of the data subject

You have the right to:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details thereof;
  • to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR ;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
  • in accordance with Art. 7 Para. 3 GDPR to revoke your once given consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace for this purpose.
  • according to Art. 21 GDPR right of objection

Insofar as your personal data has been made available to us by the client in the course of order processing, we will forward your request to the client and accept appropriate instructions from him.

7. Data security

We use the widespread SSL (Secure Socket Layer) procedure when visiting our website. The best encryption level is usually negotiated between browser and server. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.
To protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties, suitable technical and organizational security measures are defined, implemented and regularly checked. Our security measures are continuously improved in line with technological developments.

8. Effectiveness and change of this privacy policy

This data protection declaration is the currently valid version (as of September 2020).

Due to the further development of our website and offers above or due to changed legal or official requirements it may become necessary to change this data protection declaration.
You can access and print out the current data protection declaration at any time on the website at
This website uses SwissSign SSL certificates for secure e-commerce and the exchange of confidential information.
About SSL certificates