RTR-NetTest - Privacy Policy Web

1. Privacy Policy

The web version of the RTR-NetTest can be used only after explicit consent to RTR’s Privacy Policy and Terms of Use for the RTR-NetTest. Note that the IP address is transferred, among others also to third countries (thus outside of the EU and the EEA) for which neither an adequacy decision nor appropriate safeguards exist. For further details see item 1.2.1.3.

1.1. General

RTR offers users the opportunity to use the RTR-NetTest. Under 14 years can use the RTR-NetTest with the consent of their legal guardian. RTR’s legal authorisation to offer the RTR-NetTest is enshrined in Art.  17 Par. 4 and Par. 5 Telecommunications Act 2003 as well as Art 5 Par. 1 Regulation (EU) 2015/2120 ("TSM regulation"). To fulfil this duty and ensure users with the greatest possible transparency and information – while respecting their privacy – the RTR-NetTest is based on the open source and open data principle.

The RTR-NetTest comprises a test developed by RTR (= RTR Multithreaded Broadband Test, hereafter the RMB-Test).

1.2. Processing of data by the RMB-Test

1.2.1. RMB-Test

1.2.1.1. What data are processed?

The following data are processed as part of the RMB-Test:

  • Speed of data connection in both directions (downlink/uplink)*
  • Latency of data connection (ping)*
  • Quality parameters (e.g. signal strength, connectivity on different ports, modifications of content, transfer time for a reference web page, background traffic volume, Domain Name System server queries, Traceroute, VoIP test call)*
  • Test parameters (test method, test progress, test server, test configuration [e.g. test duration])*
  • Randomly generated client ID (Client UUID)
  • Evidence of acceptance of the Privacy Policy and Terms of Use
  • Public client ID*
  • Client sync code and group
  • Test time*
  • Automatically determined client location (if known) / time zone*
  • Exact client location (determined out of the optional manually entered address of the measurement)‡
  • Anonymised (dissected) location (determined out of the optional manually entered address of the measurement)*
  • Meta information for the client location (e.g. location accuracy, method of location fix, covered distance)*
  • Device type/model, operating system/software version of browser*
  • NAT Yes/No (direct Internet access or private address used)*
  • IP version*
  • IP address
  • IP network (autonomous system, AS) and anonymised IP address*

The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.

1.2.1.2. Processing of personal data and the purposes for processing of personal data

Only with the solely agreement of the user the following personal data are processed in the course of the RMB-Test: (1) the Client UUID, (2) the optional manually entered address of the measurement as well as (3) the IP address.

Purposes for processing these personal data:

  • in respect to the Client UUID: possibility of compiling a test result history for the user; identifying associated tests to identify improper use or malfunctions; Percipience of the rights of the uses according to item 1.4.
  • in respect to the optional manually entered address of the measurement: If the location cannot be determined automatically to better than 2km, the user has the option to enter the address of the measurement manually. This with ‡ marked data (= exact location determined out of the optional manually entered address of the measurement) is converted into coordinates (processed) and is - only for the user who conducted the respective test - visible as a measurement point on the RTR-NetTest map. The entered address of the measurement is not stored. Third parties merely see a measurement point on the map, which is based on anonymised (dissected) coordinates. The same applies for the published open data under https://www.netztest.at/en/Opendata.
  • in respect to the IP address: Technical enabling of the RTR-NetTest and ensuring the full functionality, in particular display of the map and quality measurements; in order to be able to assign the tests to individual operators (via routing information [AS] or host names); detection of improper use or malfunctions.

1.2.1.3. Transferring of personal data

The IP address and the optional manually entered address of the measurement are transferred, among others also to third countries:

The transfer of data to Google, Cloudflare and Microsoft is based on adequacy decisions of the Commission - according to Art 45 General Data Protection Regulation (GDPR). Regarding Quad9 neither an adequacy decisions nor appropriate safeguards according to Art 46 GDPR exist. A possible risk of such a transfer is that the IP address of the user is transferred to Quad9 and thus conclusions on the executing of the RTR-NetTest may be drawn.

1.3. Duration of storage of personal data

The IP address is stored by RTR for a maximum period of six months. In any case the Client UUID will be deleted with the final termination of the RTR-NetTest.

1.4. Rights of users in connection with personal data

By providing the randomly generated client ID (= Client UUID) - which can be found in the app under Info - the user has amongst others the following rights concerning her or his personal data:

  • information;
  • erasure, thus to withdraw her or his acceptance to the processing of her or his personal data at any time;
  • lodging a complaint with the supervision authority (https://www.dsb.gv.at);
  • rectification;
  • restriction;
  • data portability.

1.5. Contact

Questions regarding the processing of personal data and data protection in connection with the RTR-NetTest can be send to:

  • E-Mail: netztest@rtr.at
  • Data protection officers of the RTR-GmbH: E-Mail: dsba@rtr.at  
  • Address: Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH), RTR-NetTest, Mariahilfer Straße 77-79, 1060 Vienna, Austria

 

Version 2018-12-10