RTR-NetTest - Privacy Policy Android

1. Privacy Policy

1.1. General

The use of the RTR-NetTest app is only possible after explicit consent to RTR’s Privacy Policy and Terms of Use for the RTR-NetTest. Under 14 years can use the RTR-NetTest with the consent of their legal guardian(s). Note that the IP address is transferred, among others, also to third countries (thus outside of the European Union, EU, and the European Economic Area, EEA) for which neither an adequacy decision nor appropriate safeguards exist. For further details see point 4.

The RTR-NetTest informs users about the current service quality (including upload, download, ping, signal strength) of their Internet connection. For technically interested users RTR-NetTest provides two further options: On the one hand, RTR-NetTest offers a loop-mode, which enables automatically repeated RTR-NetTests; on the other hand, with the signal-only loop-mode signal measurements are also carried out repeatedly - without speed- or quality tests being carried out.

RTR’s legal authorisation to offer RTR-NetTest is enshrined in Art 17 Par 4 and Par 5 Telecommunications Act 2003 as well as Art 4 Par 4 and Art 5 Par 1 Regulation (EU) 2015/2120. To fulfil this duty and ensure users with the greatest possible transparency and information – while respecting their privacy – RTR-NetTest is based on the open source and open data principle.

1.2. Which data are processed?

1.2.1. RTR-NetTest

The following data are processed as part of the RTR-NetTest:

• Speed of data connection in both directions (downlink/uplink)*
• Latency of data connection (ping)*
• Quality parameters (eg signal strength, connectivity on different ports, modifications of content, transfer time for a reference web page, background traffic volume, Domain Name System server queries, Traceroute, VoIP test call)*
• Test parameters (test method, test progress, test server, test configuration [eg test duration])*
• Randomly generated client ID (Client UUID)
• Evidence of acceptance of the Privacy Policy and Terms of Use
• Public client ID*
• Client sync code and client sync group
• Test time*
• Client location (if known) / time zone*
• Meta information for the client location (eg location accuracy, method of location fix, covered distance)*
• Device type/model, operating system/software version of app*
• NAT Yes/No (direct Internet access or private address used)*
• Roaming status (national, international roaming)*
• IP version*
• IP address
• IP network (autonomous system, AS) and anonymised IP address*
• WLAN network ID (SSID) and numerical WLAN ID (BSSID)
• Mobile network (eg home network, network used, type of connection [GSM, UMTS, LTE, etc], name of the mobile network, used frequency, frequency band, base station identification)*

The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.

Note: After consent to the privacy policy is given the authorization "Allow RTR-NetTest to start and manage calls" appears for devices that can have multiple SIM cards. This is specified by the operating system of the device. In the context of RTR-NetTest the identification of the SIM card, which is used for data traffic, is thus enabled. No other possible functions based on this authorization are used by RTR-NetTest.

1.2.2. Loop-mode option

The loop-mode option for technically interested users allows the automatic repetition of RTR-NetTest. The first test starts right after activation of the loop-modus; further tests are carried out when either the waiting time (default 30 minutes) has elapsed or the specified distance (default 250 meters) has been covered. Tests will be performed until the configured number of tests (default 10 tests) has been reached. The signal strength is measured continuously, also between two tests. The loop-modus can be stopped at any time respectively it stops after 48 hours. It needs to be explicitly pointed out that due to the loop modus it cannot be excluded that the tester is identified.

The same data as listed under 1.2.1 are processed. The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.

1.2.3. Signal-only loop-mode option

The signal-only loop-mode option for technically interested users allows the automatic repetition of signal measurements - without any speed- or quality tests being carried out. The signal-only loop-modus can be stopped at any time respectively it stops automatically after 48 hours. It needs to be explicitly pointed out that due to the signal-only loop modus it cannot be excluded that the tester is identified.

The same data as listed under 1.2.1 are processed – with the exception that the latency of the data connection (ping), the connectivity on different ports, modifications of content, the transfer time for a reference web page, the background traffic volume, Domain Name System server queries, the traceroute, the VoIP test call are not tested and thus no data exist that could be processed.

The data marked with * are published on the RTR-NetTest website and in the RTR-NetTest app and are made freely available to the general public as open data (https://www.netztest.at/en/Opendata) for information, use, dissemination and other applications.

1.3. Processing and the purposes for processing of personal data

Processing

the following personal data are processed in the course of the RTR-NetTest, the option loop-modus and the option signal-only loop-mode: (1) the Client UUID, (2) the WLAN network ID (SSID) and numerical WLAN ID (BSSID) as well as (3) the IP address.

Purposes for processing

• in respect to the Client UUID: possibility of compiling a test result history for the user; identifying associated tests to identify improper use or malfunctions; Percipience of the rights of the uses according to item 1.6.
• in respect to the WLAN network ID (SSID) and numerical WLAN ID (BSSID): presentation in the user’s history; identifying associated tests to identify improper use or malfunctions.
• in respect to the IP address: Technical enabling of the RTR-NetTest and ensuring the full functionality, in particular display of the map and quality measurements; in order to be able to assign the tests to individual operators (via routing information [AS] or host names); detection of improper use or malfunctions.

1.4. Transferring

The IP address is transferred, among others, also to third countries:

• within the EU and the EEA: Depending on the website and terminal equipment used, map data from basemap.at (https://basemap.at) and OpenStreetMap (https://www.openstreetmap.org) are retrieved in order to enable the map display as well as the position determination.
• Third countries: In order to conduct DNS tests as part of the quality tests, DNS requests are sent to public DNS servers of Google (https://www.google.com), Cloudflare (https://www.cloudflare.com) and Quad9 (https://www.quad9.net). Depending on the website and terminal equipment used, data from Google (https://www.google.at) and Microsoft (https://www.microsoft.com) are retrieved in order to enable the map display as well as the position determination.

The transfer of data to Google, Cloudflare and Microsoft is based on adequacy decisions of the Commission - according to Art 45 General Data Protection Regulation (GDPR). Regarding Quad9 neither an adequacy decisions nor appropriate safeguards according to Art 46 GDPR exist. A possible risk of such a transfer is that the IP address of the user is transferred to Quad9 and thus conclusions on the executing of RTR-NetTest may be drawn.

1.5. Duration of storage of personal data

The IP address, the WLAN network ID (SSID) and numerical WLAN ID (BSSID) are stored by RTR for a maximum period of six months. In any case the Client UUID will be deleted with the final termination of the RTR-NetTest.

1.6. Rights of users in connection with personal data

By providing the randomly generated client ID (= Client UUID) - which can be found in the app under Info - the user has amongst others the following rights concerning her or his personal data:

• information;
• erasure, thus to withdraw her or his acceptance to the processing of her or his personal data at any time;
• lodging a complaint with the supervision authority (https://www.dsb.gv.at);
• rectification;
• restriction;
• data portability.

1.7. Contact

Questions regarding the processing of personal data and data protection in connection with the RTR-NetTest can be send to:

• E-Mail: netztest@rtr.at
• Data protection officers of the RTR-GmbH: E-Mail: dsba@rtr.at
• Address: Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH), RTR-NetTest, Mariahilfer Straße 77-79, 1060 Vienna, Austria

Version 2020-07-01