Data privacy
T-Systems Road User Services GmbH
1. Introduction
The protection of your personal data is a high priority for T-Systems Road User Services GmbH. It is important to us to inform you about what personal data is collected, how it is used and and how you can influence the process.
2. What data is collected, how is it used, and how long is it stored?
Technical characteristics
When you visit our websites, the web server temporarily records the domain name or your computer’s IP address, the file requested (file name and URL) by the client, the http response code, and the website from which you are visiting us.
The recorded data is used solely for data security purposes, particularly to protect against attempted attacks on our web server (Article 6 (1f) GDPR). We do not use it to create individual user profiles nor do we share this information with third parties. It is erased after seven days at the latest. We reserve the right to statistically analyze anonymized data records.
Other characteristics
A user ID is required to use the applications. The user ID is managed in the central user management system with the required information and access rights:
User ID, last name, first name, work e-mail address, work telephone number. These characteristics are used for...
- Authentication
- Authorization
- Assignment of entries (content and comments), to ensure traceability of content changes
The data is used to control and document our contractually agreed services, as well as to ensure the organization of work and communication of T-Systems Road User Services GmbH internally and with our partners and customers. The processing of the data is necessary for the operation and use of the tools. The legal basis for this processing is Art. 6 Abs. 1 S. 1 f GDPR.
Please note that when using the tools, the above mentioned personal data can be viewed by other users via the user profile. If you upload a photo or provide information in your user profile within the application in addition to the above-mentioned data, this data will also be accessible. By voluntarily providing the data, you consent to the processing (Art. 6 para. 1 p. 1 lit. a DSGVO). If you do not consent with the processing & accessibility of that additional information, you can remove it from your user profile at any time or request its deletion.
In general, we process your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for this purpose, it is regularly deleted, unless the temporary further processing is necessary, for example, to fulfill legal retention obligations.
3. Will my usage habits be evaluated, e.g. for advertising purposes or tracking?
As per default the following cookies are stored in the browser of the user:
Confluence
| Cookie | Cookie-Type | Use | Storage period | Processing |
|---|---|---|---|---|
| JSESSIONID | Operational Cookie | Session Identifier | Cookie will be deleted by the end of the session or when closing the browser | Germany, Belgium |
| mywork.tab.tasks | Operational Cookie | Display of the Tasks tab | Cookie will be deleted after 7 days | Germany, Belgium |
| seraph.confluence | Remember me cookie, Confluence only generates this cookie if the users activates the checkbox "Remember me" | Cookie will be deleted after 2 weeks or with an active log-off by the user | Germany, Belgium |
Jira
| Cookie | Cookie-Type | Use | Storage period | Processing |
|---|---|---|---|---|
| JSESSIONID | Operational Cookie | Session Identifier | Cookie will be deleted by the end of the session or when closing the browser | Germany, Belgium |
| atlassian.xsrf.token | Operational Cookie | Prevent XSRF attacks | cookie will be deleted by the end of the session or when closing the browser | Germany, Belgium |
| seraph.rememberme.cookie | Remember me cookie, Jira only generates this cookie if the users activates the checkbox "Remember me" | Cookie will be deleted after 2 weeks or with an active log-off by the user | Germany, Belgium |
Keycloak
| Cookie | Cookie-Type | Use | Storage period | Processing |
|---|---|---|---|---|
| KEYCLOAK_IDENTITY | Operational Cookie | Internal cookie from Keycloak | User identity token of current authentication session. Cookie will be deleted by the end of the session or when closing the browser. | Germany, Belgium |
| KEYCLOAK_SESSION_LEGACY | Operational Cookie | Internal cookie from Keycloak | ID of current authentication session. Format: realm_name/user_id/session_id | Germany, Belgium |
| KEYCLOAK_SESSION | Operational cookie | Internal cookie from Keycloak | User session tracking of current authentication session. format: realm_name/user_id/session_id | Germany, Belgium |
| KEYCLOAK_IDENTITY_LEGACY | Operational cookie | Internal cookie from Keycloak | User identity token of current authentication session. | Germany, Belgium |
| AUTH_SESSION_ID_LEGACY | Operational cookie | Internal cookie from Keycloak | ID of current authentication session. Format: session_id.keycloak_node_name | Germany, Belgium |
| AUTH_SESSION_ID | Operational cookie | Internal cookie from Keycloak | ID of current authentication session. Format: session_id.keycloak_node_name | Germany, Belgium |
As part of the registration, you will be asked to create an SSO (single sign-on) access via keycloak. All information on the tool used can be found here: Keycloak
The following categories of personal data can be processed as part of the user registration. First name, last name, e-mail address, address, telephone number, position, professional group, institution This data is used and processed for the purpose of controlling access to applications and for user identification.
These cookies are required to enable you to navigate through the web pages and use key functions. They support basic functions. The legal basis for these cookies is Article 6 (1) b GDPR respectively for third Countries Art. 49 (1) b GDPR.
No personal evaluation of user behavior takes place within the appliations. We reserve the right to statisically evaluate anonymized data records.
4. Who is responsible for data processing? Who is my contact if I have questions about data protection at T-Systems Road User Services GmbH?
T-Systems Road User Services GmbH Friedrich-Ebert-Allee 140, 53113 Bonn acts as data controller.
Our Data Privacy Officer is Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, datenschutz@telekom.de
If you have any queries, please contact: datenschutz-tsrs@t-systems.com
5. Who has access to the data and to whom is the data passed on by T-Systems Road User Services GmbH?:
Access is granted only to those entities that require it for the fulfillment of contractual and legal obligations. The employees of the company , who are entrusted with the collection, storage, processing and use of personal data, are bound to data secrecy and the data will be treated confidentially.
Access that is no longer required must be terminated by the respective responsible parties. The need for access is reviewed on a regular basis.
A transfer of data takes place in the context of service provision to:
Processors
these are companies we engage to process data within the legally defined scope, Article 28 GDPR (service providers, agents). In this case, T-Systems Road User Services also remains responsible for protecting your data.
Owing to legal obligations:
In certain cases, we are legally obliged to transfer certain data to a state authority that requests it.
6. Where is my data processed?
Your data will be processed in Germany and other European countries. If, in exceptional cases, your data is processed in countries outside the European Union (in so-called third countries), this will take place
- If you have expressly consented to this (Article 49 (1) a GDPR). (In most countries outside the EU, the level of data protection does not meet EU standards. This concerns in particular comprehensive monitoring and control rights of state authorities, e. g. in the USA, which disproportionately interfere with the data protection of European citizens,
- or to the extent necessary for our service provision to you (Article 49 (1) b GDPR),
- or to the extent required by law (Article 49 (1) c GDPR).
Furthermore, your data will only be processed in third countries if certain measures ensure a suitable level of data protection (e.g., EU Commission's adequacy decision or suitable guarantees, Art. 44 et seq. GDPR).
7. What rights do I have?
- to request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Art. 15 GDPR);
- to request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR);
- to withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
- to object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR);
- to request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to mentioned c) above or object according to d) above;
- to demand, under certain circumstances, the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
- to data portability, e., you can receive the data that you provided to us in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Art. 20 GDPR);
- to file a complaint about the data processing with the responsible supervisory authority (Art. 77 GDPR)
8. Revision Date
09.08.2022