You can read here what personal information Punktum dk collects when you use the tool, Sikkerpånettet.dk, and how we process this data. Your rights are covered by applicable law, including the Data Protection Regulation (GDPR) and the Data Protection Act.
What data will be collected?
When you are using sikkerpånettet.dk we collect the following data which is necessary for the functioning of the website.
IP address of your client (remote host) which made the request to our web server:
- When a connection test is performed, only your anonymized IP address and anonymized reverse name are stored in the application database and shown in the connection test report that is available for the user via a permalink.
- In any other cases your (full or anonymized) IP address is not stored in the application database.
Domain names that you provided to perform email or website tests:
- Domain names are stored in the application database. They will be shown in the test reports available for the user via a permalink.
- Only the domain name is stored, but not the 'local-part' (i.e. the part before @example.dk) of a provided email address.
For debugging connection issues and for solving (security) incidents we keep the below data in our web server logs.
- IP address of the client (remote host) which made the request to our web server;
- The time that the request was received;
- User-Agent HTTP request header that the client browser reported about itself;
- Status code that the server sends back to the client;
- Size of the object returned to the client;
- Error message with regard to processing the request.
We use Google analytics on our own web server. The statistics generated with these cookies are only used to improve and analyze the use of Sikkerpånettet.dk.
We collect the following data:
- IP address (anonymized);
- Very rough location of the user based on anonymized IP address;
- Date and time;
- Title of the page being viewed;
- URL of the page being viewed;
- URL of the page that was viewed prior to the current page;
- Operating system used;
- Screen resolution;
- Time in local timezone;
- Files that were clicked and downloaded;
- Link clicks to an outside domain;
- Pages generation time;
- Main Language of the browser;
- User Agent of the browser.
When you send emails to email@example.com we collect the following data:
- Email address used and other mail header data (like time);
- Any other personal data that the sender put in the mail.
What measures are in place to secure the collected data?
Access and third parties
Our services are running on servers, that are maintained by Prolocation B.V. Punktum dk is in charge of operating the mailbox.
No third party services are used (like external analytics tooling or web fonts). We do not in any way pass on personal data collected by us to third parties, unless we are legally obliged to do so (for example, if the authorities with a legal basis request data from us).
We have implemented a.o. the following technical measures to secure your personal data:
- Modern, secure standards are in place. We comply with our own tests. E.g. our web server offers an encrypted connection (HTTPS) and the domain is signed (DNSSEC);
- Software on our servers is updated regularly;
- Our engineers use strong authentication to access the servers.
In case you find a vulnerability, despite of our efforts, please act in accordance with our responsible disclosure policy.
- Application: The anonymization of the IP address of your client means that at least the last 16 bits of each IPv4 address and the last 96 bits of each IPv6 address are discarded and replaced with zero's before storing in the application database (e.g. visible is only 126.96.36.199 or 2001:db8::). Besides we anonymize the found reverse name by masking the first one or more labels. By anonymizing the IP address and reverse name we make sure that it is not possible to relate these directly to a person anymore, even not with the other associated data colllected. IP addresses belonging to web servers, mail servers or name servers will not be anonymized, because we consider this data to be public data which is published in DNS. The same goes for domain names; we also consider this to be public data.
- User analysis: We use Google Analytics and its anonymization policy.
Data retention period
- Application: Because the anonymized visiting IP address and associated collected data can not be directly related to a person, we do not maintain a specific retention period for the data stored in our aplication database.
- Server logs: Data collected in our server logs will be deleted after three calendar months.
- User analytics: Individual visitor data (including the anonymized IP address) in our analytics tooling will be deleted after up to 2 years.
Inspection, correction and deletion of data
Pursuant to the European General Data Protection Regulation (GDPR), you have the right of access to your personal data upon request and, if necessary, to amend it or have it deleted. Please contact us in case you wish to do so. Because we keep your full IP address only temporarily in our server logs, you might need to supply us with additional information, such as about your device and browser as well as the date and time of your visit, for us to be able to honour your request.
Update privacy statement
We may change our privacy statement. We will announce this change on our website. Older versions of our privacy statement will be stored in our archive. Send us an email if you want to consult it.