We welcome you to our Internet pages. And since we’re keen about privacy and data protection, we’d like to keep you informed of how we’re handling your sensitive information. Navigating trough our pages inevitably generates such data, and you may at other times be sharing additional data with us, and we make sure it stays safe and is handled according to EU’s “General Data Protection Regulation” (GDPR) and any local applicable law.
Who’s “we”, who’s in charge of data processing?
In charge of data processing, in the terms of the GDPR and local law, is
NDE Netzdesign und -entwicklung AG
Contact: Angelika Torlée-Mozdzen
Internet in general
When using the Internet, digital traces are left by the user both on their own computer systems, as well as on servers and network components. By following these traces, the user’s actions can be followed, leading to a potential loss of privacy.
Important pieces of information are the Internet (IP) address of the computer system utilized to access our services, IP adresses (and/or DNS names, respectively) of intermediate systems (“proxies”), the addresses (“URLs”) of contents requested by the user’s software (including URLs of Internet pages visited immediately before ours (“referrer”)) and pieces of information stored on the user’s computer system by web sites (“cookies”).
Internet adresses and DNS names
Every computer system connected directly to the Internet utilizes a world-wide unique address (“IP address”), at least for the duration of the established session. That address is typically administered by the Internet provider (i.e. Sprint).
The IP address is communicated to the server with each information exchange and is required to return the responses to the requesting system.
Typically symbolic names (“DNS names”, i. e. “www.nde.ag”) are used instead of IP addresses (i.e. 188.8.131.52), not only for servers, but more often than not for end-user systems as well. Both the IP addresses and the symbolic names allow to detect the Internet provider the end user connected to. Sometimes the area where the end user is located can be deducted from those addresses as well.
Giving a specific IP address and a time stamp, the Internet provider can determine the actual customer information. This is typically done when requested by law enforcement agencies.
When more than a single end-user system is located behind a common Internet access point, these systems each have their own, probably not world-wide unique IP address. Although this address is not transmitted to the final server, it can sometimes be retrieved by looking at the information sent by intermediate “proxy” systems.
“Unified resource locators” (URLs) are addresses of server-based Internet resources like web pages, images, services and alike. As URLs are more often than not human-readable names, they allow to draw conclusions on the nature of the resource’s content. URLs are transmitted from the end user system to the server, traversing intermediate “proxy” systems and / or Internet provider systems.
Typically, the URL that “linked” to the requested URL (“referrer”) is part of the transmitted request.
Internet servers can store small amounts of information (“cookies”) on the end user’s system. Depending on the configuration of the end user’s system, this may happen without individual explicit consent of the user. The cookie’s information (which may contain details of the IP address of a former request, the type of browser used, the end user’s computer’s operating system and information related to former visits to this or other sites) will be transmitted as part of further requests, to the originating or to other servers as well (this is defined within the “cookie”). No user consent is required when transmitting the cookie information with subsequent requests.
Cookies by themselves cannot be used to i. e. start programs on the end-user’s system, nor “infect” a computer. They’re more important for navigating web sites and creating a more positive user experience. They can be used to track an end user (which is the original technical reason for cookies) across multiple visits to a site, but can be used to track cross-site visits, too.
Your visit at NDE
When you visit our servers, your requests are recorded to allow detection and prosecution of server misuse and as a base for accounting (if applicable). Typically, we retain that information for two weeks and store the IP address and/or DNS name of the requesting machine, the request’s time stamp, the URL requested and, if transmitted by your software, its identification. If you had to log in to the server to access the information, the user identification you used to log in is recorded as well.
The recorded information is aggregated for statistical purposes on an hourly schedule. The resulting set does no longer allow to create a link between the IP address and/or user id and the resources requested from our servers.
Where required, NDE‘s servers utilize the “cookies” mechanism to create a “session”, permitting to relate the individual requests and thus circumventing the requirement to log in for every single request. We’re anxious to utilize only cookies with a session-only validity. We’re not using cookies that are available to other sites, nor do we link sensitive information to these cookies without your prior consent.
Our use of the information collected on our servers is limited to statistical analysis and improvements of our services and for accounting purposes. In the case of assumed or detected misuse of our systems, we retain a copy of the stored information for a (potentially) unlimited amount of time and will forward it to third parties, ie. layers involved in the prosecution and law enforcement agencies.
When storing the information on our servers, we strive to comply to the principle of minimal storage and make every effort to secure the information against unauthorized access. Even within the NDE, the stored information is accessible only for a limited number of people.
To protect your data, it is typically SSL-encrypted while in transfer between your browser and our web server. The encryption methods on our servers are conforming to the current state of technology, and we’re using security certificates issued by our own “certification authority” (CA).In case your browser reports these as “insecure” does not indicate a missing encryption of the in-transit data, but rather that you have not (yet) configured your browser to accept our CS’s certificates.
We’d like to point out that, despite all security measures taken, security flaws and exposures may happen at any time, so we’re not guaranteeing that your data is absolutely and 100% safe now and in the future.
Getting in touch with us via our Internet pages
In addition to the contacts that we name on our pages (as required by law and including an email address), we may offer a feedback / get-in-touch form for you to use to send messages directly to us. Any data entered there (which is at users’ discretion) is automatically stored, to enable us to process the according query and to be able to reply, if a means of contact is given by the user. We will not forward that data outside of our company.
Blogs provided on our servers let you comment on individual blog articles, and these comments will be stored and published after approved by NDE. In addition to the actual comment’s content, we will store and publish information about when the comment was submitted by you and the name you chose to go with that comment (which may be a pseudonym), this information will be publicly available. The IP address of the machine used to submit the comment will be recorded, but not published. Storing that information is required to be able to react to content of illegal nature, as we are generally liable for any content published via our pages. We will not make that data available outside of our company, unless required by law or in the process of prosecuting illegal submissions.
Subscribing to blog articles
Our blogs offer an “RSS feed”, allowing you to subscribe to articles. Since requesting new articles via RSS is at your discretion with every poll, we do not offer a double-opt-in process for RSS subscriptions.
Routinely deletion of sensitive information
We honor the principles of minimizing data use and will only store your sensitive information for as long it is required to support the purposed described on this page, or as required by law. Once the original purpose is no longer valid, we typically have the data deleted automatically.
Please get in touch to act on your rights. We’ll gladly support you to exercise your rights under the GDPR:
- We’ll inform you about what data we have stored about you, and how it’s processed.
- We’ll make sure that incorrect sensitive data is corrected upon notice.
- We’ll delete your sensitive data upon your request.
- We’ll restrict processing of your data, if we may not deleted it per according law.
- We respect your objection to our processing of your data.
- We’ll try to make your data available to third parties upon your request, if you agreed to our data processing or we have an according contractual agreement.
You may object to us processing your data at any time.
If you wish to receive a detailed report on the information stored about you, please send your request per written correspondence or per email. Please understand that we can only comply to your request after the verification of your identity.