RTR offers users the opportunity to use the RTR-NetTest. Under 14 years can use the RTR-NetTest with the consent of their legal guardian. RTR’s legal authorisation to offer the RTR-NetTest is enshrined in Art. 17 Par. 4 and Par. 5 Telecommunications Act 2003 as well as Art 5 Par. 1 Regulation (EU) 2015/2120 ("TSM regulation"). To fulfil this duty and ensure users with the greatest possible transparency and information – while respecting their privacy – the RTR-NetTest is based on the open source and open data principle.
The RTR-NetTest comprises a test developed by RTR (= RTR Multithreaded Broadband Test, hereafter the RMB-Test).
1.2. Processing of data by the RMB-Test
18.104.22.168. What data are processed?
The following data are processed as part of the RMB-Test:
- Speed of data connection in both directions (downlink/uplink)*
- Latency of data connection (ping)*
- Quality parameters (e.g. signal strength, connectivity on different ports, modifications of content, transfer time for a reference web page, background traffic volume, Domain Name System server queries, Traceroute, VoIP test call)*
- Test parameters (test method, test progress, test server, test configuration [e.g. test duration])*
- Randomly generated client ID (Client UUID)
- Public client ID*
- Client sync code and group
- Test time*
- Client location (if known) / time zone*
- Meta information for the client location (e.g. location accuracy, method of location fix, covered distance)*
- Device type/model, operating system/software version of app*
- NAT Yes/No (direct Internet access or private address used)*
- Roaming status (national, international roaming)*
- IP version*
- IP address
- IP network (autonomous system, AS) and anonymised IP address*
- WLAN network ID (SSID) and numerical WLAN ID (BSSID)
- Mobile network (home network, network used, type of connection [GSM, UMTS, LTE, etc.], name of the mobile network, used frequency, frequency band, base station identification)*
The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.
22.214.171.124. Processing of personal data and the purposes for processing of personal data
Only with the solely agreement of the user the following personal data are processed in the course of the RMB-Test: (1) the Client UUID, (2) the WLAN network ID (SSID) and numerical WLAN ID (BSSID) as well as (3) the IP address.
Purposes for processing these personal data:
- in respect to the Client UUID: possibility of compiling a test result history for the user; identifying associated tests to identify improper use or malfunctions; Percipience of the rights of the uses according to item 1.4.
- in respect to the WLAN network ID (SSID) and numerical WLAN ID (BSSID): presentation in the user’s history; identifying associated tests to identify improper use or malfunctions.
- in respect to the IP address: Technical enabling of the RTR-NetTest and ensuring the full functionality, in particular display of the map and quality measurements; in order to be able to assign the tests to individual operators (via routing information [AS] or host names); detection of improper use or malfunctions.
126.96.36.199. Transferring of personal data
The IP address is transferred, among others also to third countries:
- within the EU and the EEA: Depending on the used website and terminal, for the representation of the maps and for position determination, map data from basemap.at (https://basemap.at) and OpenStreetMap (https://www.openstreetmap.org) are retrieved.
- Third countries: In order to conduct DNS tests as part of the quality tests, DNS requests are sent to public DNS servers of Google (https://www.google.com), Cloudflare (https://www.cloudflare.com) and Quad9 (https://www.quad9.net). Depending on the used website and terminal, for the representation of the maps and for position determination, map data from Google (https://www.google.at) und Microsoft (https://www.microsoft.com) are retrieved.
The transfer of data to Google, Cloudflare and Microsoft is based on adequacy decisions of the Commission - according to Art 45 General Data Protection Regulation (GDPR). Regarding Quad9 neither an adequacy decisions nor appropriate safeguards according to Art 46 GDPR exist. A possible risk of such a transfer is that the IP address of the user is transferred to Quad9 and thus conclusions on the executing of the RTR-NetTest may be drawn.
1.3. Duration of storage of personal data
The IP address, the WLAN network ID (SSID) and numerical WLAN ID (BSSID) are stored by RTR for a maximum period of six months. In any case the Client UUID will be deleted with the final termination of the RTR-NetTest.
1.4. Rights of users in connection with personal data
By providing the randomly generated client ID (= Client UUID)- which can be found in the app under Info - the user has amongst others the following rights concerning her or his personal data:
- erasure, thus to withdraw her or his acceptance to the processing of her or his personal data at any time;
- lodging a complaint with the supervision authority (https://www.dsb.gv.at);
- data portability.
Questions regarding the processing of personal data and data protection in connection with the RTR-NetTest can be send to:
- E-Mail: firstname.lastname@example.org
- Data protection officers of the RTR-GmbH: E-Mail: email@example.com
- Address: Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH), RTR-NetTest, Mariahilfer Straße 77-79, 1060 Vienna, Austria