Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as "data") we process, for which purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us in the context of providing this service — the r-tec Threat Intelligence web application (hereinafter the "online offering").

The terms used are not gender-specific.

Last updated: 1 June 2026

Controller

Data Protection Officer: DSO@r-tec.net.

Authorized representatives: Dr. Stefan Rummenhöller, Mr. Marek Stiefenhofer

Overview of Processing Operations

The personal data we process in connection with this service is limited to the following. We process the email addresses required for authentication and for delivering our newsletter, together with the content data you enter in the service (e.g., search terms). In addition, we use strictly necessary first-party cookies for the operation of the service — for example, to maintain your login session and to remember your display preferences. We do not use cookies or any other technologies for analytics, tracking, advertising, or profiling.

Types of data processed

Categories of data subjects

Purposes of processing

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations of your or our country of residence or domicile may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, among other things, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, data protection laws of the individual federal states may apply.

Security Measures

In accordance with the legal requirements and taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probability of occurrence and severity of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of the availability of, and separation of the data concerning it. Furthermore, we have established procedures that ensure the exercise of data subject rights, the erasure of data, and responses to threats to the data. In addition, we already take the protection of personal data into account during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and through data-protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units, or persons, or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks (such as hosting and database services) or providers of services that are integrated into the operation of the service. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing takes place in the context of using third-party services or the disclosure or transmission of data to other persons, bodies, or companies, this is only carried out in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection rules (Art. 44 to 49 GDPR). Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de

Provision of the Online Offering, Web Hosting, and Data Storage

In order to be able to provide our online offering securely and efficiently, we use hosting and infrastructure providers, on whose servers (or servers managed by them) the online offering is operated and the application data is stored. For these purposes, we use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed in this context may include all information relating to the users of our online offering that arises in the course of use and communication. This regularly includes the IP address, which is necessary in order to deliver the content of the online offering to browsers, as well as the entries made within our online offering (in particular the email address used for the account and the content data described above).

Services and service providers used:

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offering — for example, the login status or display preferences.

We use only strictly necessary, first-party cookies that are required for the operation of the service:

We do not use cookies or comparable technologies for analytics, reach measurement, tracking, advertising, or profiling, and we do not embed third-party cookies. Accordingly, we do not operate a cookie-consent banner, as no consent-requiring cookies are set.

Notes on legal bases: Because these cookies are strictly necessary to provide the service you have requested and to operate it securely, the processing is based on the performance of a contract (Art. 6(1)(1)(b) GDPR) and our legitimate interest in the secure and functional operation of the online offering (Art. 6(1)(1)(f) GDPR).

Storage period: the login session cookie expires with the validity of the session token; the refresh cookie and the theme preference cookie are persistent and remain stored until they expire (the theme cookie for up to one year) or until you delete them.

Withdrawal and objection (opt-out): you can delete cookies that have already been stored and prevent the setting of cookies at any time via your browser settings. Please note that disabling the strictly necessary cookies will prevent you from signing in to and using the service.

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletter") — including threat alerts — only with the consent of the recipients or on the basis of a legal permission. Insofar as the contents of a newsletter are specifically described in the context of registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about the threat intelligence relevant to your selections and about the service.

To subscribe to our newsletter, it is sufficient for you to provide your email address.

Double opt-in procedure: registration generally takes place in a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.

Dispatch: the newsletter is dispatched via our own email infrastructure; we do not use a third-party email marketing provider, and our newsletters do not contain tracking pixels or open/click measurement.

Erasure and restriction of processing: we may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them, in order to be able to prove a consent formerly given. The processing of this data is restricted to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Erasure of Data

The data processed by us is deleted in accordance with the legal requirements as soon as the consents permitted for processing are withdrawn or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply or it is not required for the purpose).

Insofar as the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person.

Amendment and Update of the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or another individual notification.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Supervisory authority responsible for us:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-999
Email: poststelle@ldi.nrw.de

Definitions of Terms

In this section, you will receive an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all to aid understanding. The terms are sorted alphabetically.

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.