RTR-NetTest - Privacy Policy Android

1. Privacy Policy

The RTR-NetTest app can be used only after explicit consent to RTR’s Privacy Policy and Terms of Use for the RTR-NetTest. Note that the IP address is transferred, among others also to third countries (thus outside of the EU and the EEA) for which neither an adequacy decision nor appropriate safeguards exist. For further details see items 1.2.1.3. and 1.2.2.3.

1.1. General

RTR offers users the opportunity to use the RTR-NetTest. Under 14 years can use the RTR-NetTest with the consent of their legal guardian. RTR’s legal authorisation to offer the RTR-NetTest is enshrined in Art.  17 Par. 4 and Par. 5 Telecommunications Act 2003 as well as Art 5 Par. 1 Regulation (EU) 2015/2120 ("TSM regulation"). To fulfil this duty and ensure users with the greatest possible transparency and information – while respecting their privacy – the RTR-NetTest is based on the open source and open data principle.

The RTR-NetTest comprises two independent test sets: the first is a test developed by RTR (= RTR Multithreaded Broadband Test, hereafter the RMB-Test); the second is an optional, more comprehensive test (= Network Diagnostic Tool test of the M-Lab research platform, NDT-Test).

1.2. Processing of data by the RMB-Test and by the optional NDT-Test

1.2.1. RMB-Test

1.2.1.1. What data are processed?

The following data are processed as part of the RMB-Test:

  • Speed of data connection in both directions (downlink/uplink)*
  • Latency of data connection (ping)*
  • Quality parameters (e.g. signal strength, connectivity on different ports, modifications of content, transfer time for a reference web page, background traffic volume, Domain Name System server queries, Traceroute, VoIP test call)*
  • Test parameters (test method, test progress, test server, test configuration [e.g. test duration])*
  • Randomly generated client ID (Client UUID)
  • Evidence of acceptance of the Privacy Policy and Terms of Use
  • Public client ID*
  • Client sync code and group
  • Test time*
  • Client location (if known) / time zone*
  • Meta information for the client location (e.g. location accuracy, method of location fix, covered distance)*
  • Device type/model, operating system/software version of app*
  • NAT Yes/No (direct Internet access or private address used)*
  • Roaming status (national, international roaming)*
  • IP version*
  • IP address
  • IP network (autonomous system, AS) and anonymised IP address*
  • WLAN network ID (SSID) and numerical WLAN ID (BSSID)
  • Mobile network (home network, network used, type of connection [GSM, UMTS, LTE, etc.], name of the mobile network, used frequency, frequency band, base station identification)*

The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.

1.2.1.2. Processing of personal data and the purposes for processing of personal data

Only with the solely agreement of the user the following personal data are processed in the course of the RMB-Test: (1) the Client UUID, (2) the WLAN network ID (SSID) and numerical WLAN ID (BSSID) as well as (3) the IP address.

Purposes for processing these personal data:

  • in respect to the Client UUID: possibility of compiling a test result history for the user; identifying associated tests to identify improper use or malfunctions; Percipience of the rights of the uses according to item 1.4.
  • in respect to the WLAN network ID (SSID) and numerical WLAN ID (BSSID): presentation in the user’s history; identifying associated tests to identify improper use or malfunctions.
  • in respect to the IP address: Technical enabling of the RTR-NetTest and ensuring the full functionality, in particular display of the map and quality measurements; in order to be able to assign the tests to individual operators (via routing information [AS] or host names); detection of improper use or malfunctions.
1.2.1.3. Transferring of personal data

The IP address is transferred, among others also to third countries:

The transfer of data to Google, Cloudflare and Microsoft is based on adequacy decisions of the Commission - according to Art 45 General Data Protection Regulation (GDPR). Regarding Quad9 neither an adequacy decisions nor appropriate safeguards according to Art 46 GDPR exist. A possible risk of such a transfer is that the IP address of the user is transferred to Quad9 and thus conclusions on the executing of the RTR-NetTest may be drawn.

1.2.2. Optional NDT-Test

The NDT-Test is only run if, after accepting the privacy policy and terms of use of the RTR-NetTest, the checkbox “I wish to run the optional, more comprehensive NDT-Test“ is selected. The user explicitly accepts that for the NDT-Test the IP address is processed and transferred to a third country as well that the IP address is published.

1.2.2.1. What data are processed?

The following data are processed as part of the NDT-Test:

  • speed of data connection in both directions (downlink/uplink);
  • TCP/IP protocol parameters (e.g. TCP receive window);
  • proportion of IP packet losses, connection errors (e.g. half duplex);
  • latency/jitter of data connection (ping);
  • test parameters (test method, test server, test configuration);
  • operating system (name/version) and processor architecture;
  • Java runtime environment (name/version);
  • IP version;
  • IP address (local/public);
  • host name of computer;
  • NAT and firewall status and data connection parameters;
  • test time;
  • test data transmitted.
1.2.2.2. Processing of personal data and the purposes for processing of personal data

The following personal data is processed with explicit consent of the user in the course of the NDT-Test: the IP address.

Purposes for processing this personal data: technical implementation of the NDT-Test and data evaluation for a broad public.

1.2.2.3. Transferring of personal data

For the before mentioned purposes the IP address is transferred to the M-Lab research platform (www.measurementlab.net) in a third country. This means that this data is permanently stored by M-Lab, published as open data and made freely accessible to the general public for information, use, dissemination and other applications under M-Lab-Open Data. The privacy policy of M-Lab can be found under https://www.measurementlab.net/privacy.

Regarding M-Lab neither an adequacy decisions nor appropriate safeguards according to Art 46 GDPR exist. A possible risk of such a transfer is that the IP address of the user is transferred to M-Lab and published. Thus conclusions on the executing of the NDT-Test may be drawn. Eventually test results of the NDT-Test could be interlinked with the respective RMB-Tests and hence more information may be gained.

1.3. Duration of storage of personal data

The IP address, the WLAN network ID (SSID) and numerical WLAN ID (BSSID) are stored by RTR for a maximum period of six months. In any case the Client UUID will be deleted with the final termination of the RTR-NetTest.

1.4. Rights of users in connection with personal data

By providing the randomly generated client ID (= Client UUID)- which can be found in the app under Info - the user has amongst others the following rights concerning her or his personal data:

  • information;
  • erasure, thus to withdraw her or his acceptance to the processing of her or his personal data at any time;
  • lodging a complaint with the supervision authority (https://www.dsb.gv.at);
  • rectification;
  • restriction;
  • data portability.

1.5. Contact

Questions regarding the processing of personal data and data protection in connection with the RTR-NetTest can be send to:

  • E-Mail: netztest@rtr.at
  • Data protection officers of the RTR-GmbH: E-Mail: dsba@rtr.at
  • Address: Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH), RTR-NetTest, Mariahilfer Straße 77-79, 1060 Vienna, Austria

 

 

Version 2018-12-10