TCC Gitlab Data privacy
T-Systems Road User Services GmbH
1. Introduction
The protection of your personal data is a high
priority for T-Systems Road User Services GmbH. It is important to us to
inform you about what personal data is collected, how it is used and
and how you can influence the process.
2. What data is collected, how is it used, and how long is it stored?
Technical characteristics
When you visit our websites, the web server
temporarily records the domain name or your computer’s IP address, the
file requested (file name and URL) by the client, the http response
code, and the website from which you are visiting us.
The recorded data is used solely for data security
purposes, particularly to protect against attempted attacks on our web
server (Article 6 (1f) GDPR). We do not use it to create individual user
profiles nor do we share this information with third parties. It is
erased after seven days at the latest. We reserve the right to
statistically analyze anonymized data records.
Other characteristics
A user ID is required to use the applications. The
user ID is managed in the central user management system with the
required information and access rights:
User ID, last name, first name, work e-mail address, work telephone number. These characteristics are used for...
- Authentication
- Authorization
- Assignment of entries (content and comments), to ensure traceability of content changes
The data is used to control and document our contractually agreed services, as well as to ensure the organization of work and communication of T-Systems Road User Services GmbH internally and with our partners and customers. The processing of the data is necessary for the operation and use of the tools. The legal basis for this processing is Art. 6 Abs. 1 S. 1 f GDPR.
Please note that when using the tools, the above mentioned personal data can be viewed by other users via the user profile. If you upload a photo or provide information in your user profile within the application in addition to the above-mentioned data, this data will also be accessible. By voluntarily providing the data, you consent to the processing (Art. 6 para. 1 p. 1 lit. a DSGVO). If you do not consent with the processing & accessibility of that additional information, you can remove it from your user profile at any time or request its deletion.
In general, we process your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for this purpose, it is regularly deleted, unless the temporary further processing is necessary, for example, to fulfill legal retention obligations.
3. Will my usage habits be evaluated, e.g. for advertising purposes or tracking?
As per default the following cookies are stored in the browser of the user:
Gitlab
| Cookie | Cookie-Type | Use | Storage period | Processing |
|---|---|---|---|---|
| _gitlab_session | Strictly necessary | The API uses this cookie for authentication if it is present | Cookie will be deleted by the end of the session | Germany |
| known_sign_in | Strictly necessary | Tracks whether the user signed in is known to the app | 14 days | Germany |
| event_filter | Strictly necessary | Used to filter events when viewing group or project activity | Cookie will be deleted by the end of the session | Germany |
| sidebar_collapsed | Strictly necessary | Whether the project sidebar is open or closed | 10 years | Germany |
To access and use TCC Gitlab you must create an SSO (single sign-on) access via keycloak. All information on the tool used can be found here: Keycloak
The following categories of personal data can be processed as part of the user registration. First name, last name, e-mail address, address, telephone number, position, professional group, institution This data is used and processed for the purpose of controlling access to applications and for user identification.
These cookies are required to enable you to navigate through the web pages and use key functions. They support basic functions. The legal basis for these cookies is Article 6 (1) b GDPR respectively for third Countries Art. 49 (1) b GDPR.
No personal evaluation of user behavior takes place within the appliations. We reserve the right to statisically evaluate anonymized data records.
4. Who is responsible for data processing? Who
is my contact if I have questions about data protection at T-Systems
Road User Services GmbH?
T-Systems Road User Services GmbH Friedrich-Ebert-Allee 140, 53113 Bonn acts as data controller.
Our Data Privacy Officer is Dr. Claus D. Ulmer, Friedrich-Ebert-Allee 140, 53113 Bonn, datenschutz@telekom.de
If you have any queries, please contact: datenschutz-tsrs@t-systems.com
5. Who has access to the data and to whom is the data passed on by T-Systems Road User Services GmbH?:
Access is granted only to those entities that
require it for the fulfillment of contractual and legal obligations. The
employees of the company , who are entrusted with the collection,
storage, processing and use of personal data, are bound to data secrecy
and the data will be treated confidentially.
Access that is no longer required must be terminated
by the respective responsible parties. The need for access is reviewed
on a regular basis.
A transfer of data takes place in the context of service provision to:
Processors
these are companies we engage to process data within
the legally defined scope, Article 28 GDPR (service providers, agents).
In this case, T-Systems Road User Services also remains responsible for
protecting your data.
Owing to legal obligations:
In certain cases, we are legally obliged to transfer certain data to a state authority that requests it.
6. Where is my data processed?
Your data will be processed in Germany only.
If, in exceptional cases, your data is processed in
countries outside the European Union (in so-called third countries),
this will take place
- If you have expressly consented to this (Article 49 (1) a GDPR). (In most countries outside the EU, the level of data protection does not meet EU standards. This concerns in particular comprehensive monitoring and control rights of state authorities, e. g. in the USA, which disproportionately interfere with the data protection of European citizens,
- or to the extent necessary for our service provision to you (Article 49 (1) b GDPR),
- or to the extent required by law (Article 49 (1) c GDPR).
Furthermore, your data will only be processed in third countries if certain measures ensure a suitable level of data protection (e.g., EU Commission's adequacy decision or suitable guarantees, Art. 44 et seq. GDPR).
7. What rights do I have?
- to request information on the categories of personal data concerned, the purposes of the processing, any recipients of the data, and the envisaged storage period (Art. 15 GDPR);
- to request that incorrect or incomplete data be rectified or supplemented (Article 16 GDPR);
- to withdraw consent at any time with effect for the future (Art. 7 (3) GDPR);
- to object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Article 21 (1) GDPR);
- to request the erasure of data in certain cases under Art. 17 GDPR – especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or you withdraw your consent according to mentioned c) above or object according to d) above;
- to demand, under certain circumstances, the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
- to data portability, e., you can receive the data that you provided to us in a commonly used and machine-readable format such as CSV, and can, where necessary, transfer the data to others (Art. 20 GDPR);
- to file a complaint about the data processing with the responsible supervisory authority (Art. 77 GDPR)
8. Revision Date
22.01.2024