Homepage
Here you will find an overview of all our offers and services

Homepage
Here you will find an overview of all our offers and services
Industries
Whether industry-specific or cross-industry: Our IT security solutions for many areas of application
- Healthcare
- Industry, Utilities & Mobility
- Border control, police & security agencies
- Authorities, administrations & ministries
- Defence & Space
- Cloud Solutions
Industries
Whether industry-specific or cross-industry: Our IT security solutions for many areas of application
- Healthcare
- Industry, Utilities & Mobility
- Border control, police & security agencies
- Authorities, administrations & ministries
- Defence & Space
- Cloud Solutions
Products and consulting
To strengthen your digital infrastructures securely and individually, our portfolio ranges from specific products to general consulting services

Products and consulting
To strengthen your digital infrastructures securely and individually, our portfolio ranges from specific products to general consulting services
Projects
Projects at a glance we have already successfully implemented with our customers

Projects
Projects at a glance we have already successfully implemented with our customers
Career
We are looking for committed experts for software development, consulting, sales, product management and administration in all stages of their career

Career
We are looking for committed experts for software development, consulting, sales, product management and administration in all stages of their career
About us
Germany's leading cybersecurity company for the highest security standards in digitization projects
- The company
- News & Events
- Investors
- Press
About us
Germany's leading cybersecurity company for the highest security standards in digitization projects
- The company
- News & Events
- Investors
- Press
Contact
Feel free to contact us so we can work out efficient safety concepts together

Contact
Feel free to contact us so we can work out efficient safety concepts together

Data protection statement for “Secure Login for Web Services”

Information on the processing of personal data pursuant to Article 13 and Article 14 EU GDPR

The protection of personal data is particularly important for the management of secunet Security Networks AG – hereinafter referred to as “secunet”. For this reason, we would like to explain in this data protection statement how we protect your privacy when processing your personal data.

1. Controller for data processing

The controller within the meaning of the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) is:

     secunet Security Networks AG
     Kurfürstenstraße 58
     45138 Essen, Germany

Management Board: Axel Deininger (CEO), Torsten Henn, Dr. Kai Martius, Thomas Pleines

     Tel.: +49 (0) 201 5454-0
     Fax: +49 (0) 2015454-100
     Email: info(at)secunet.com

You can reach the data protection officer of secunet Security Networks AG at:

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen, Germany

email: datenschutz(at)secunet.com

2. Context and function

Protect4use is a multi-factor authentication solution for online services (hereinafter “services”) with high security and data protection requirements. Specially protected access keys on a device can be used to check whether a user is really the one who originally registered.

The program or app “Secure Login for Web Services” (hereinafter referred to as “app” or “Secure Login”) enables the following for users of the services who implement this solution:

Login without conventional passwords
Verifiable authorisation of any transaction
Attributable submission of digitally signed data (e.g. documents or photos)

All user interactions are controlled by the respective service. For this, the app is started on the web browser, for example, via a push message or by scanning a QR code.

3. Personal data

Data processed during use of the app include personal data. Personal data are any information relating to an identified or identifiable natural person. The terms used in this data protection statement, such as “personal data” or the “processing” thereof, correspond to the definitions of Article 4 of the GDPR. We take the protection of personal data very seriously and comply with all applicable data protection regulations.

4. Required permissions

The following access permissions are required for the app to function on mobile devices:

Memory: For storing and accessing security keys and configuration settings. Access to data selected by the user for transmission to the service.
Network, connections and Internet data: for communication with the respective online service used.
Camera: For scanning QR codes to open the app in a specific context. Also for taking photos that the user wishes to submit to a service.
Biometric hardware: Enables the use of fingerprint or facial recognition as a second factor in user authentication. The processing is carried out by the end device. Only the result of the check is transmitted to the app.
Notifications: When a push message is received from a service that is being used, the app can either open automatically in a specific context or change the context.

5. Purpose, legal basis and data category of processing

5.1 For download & installation

The apps for mobile devices can be downloaded and installed directly from the Google Play Store or the Apple App Store (“third-party providers”). The respective terms of use of the third-party providers apply in these cases. secunet is not a party to such an agreement and has no influence on the data processing by the third-party provider. Sole responsibility thus lies with the operator of the respective app store.

The program for Windows can be downloaded from our secunet website. The Data protection statement for our general online offerings applies here. We do not collect any data during installation.

5.2 For interaction with services

5.2.1 Usage data

The following are transmitted to the authentication server of the individual service used:

Access key: Unique identifier, time of creation and last use, key verification data
Unique identifier of the installed app for receiving push messages
Device model number and/or user-specific device name

The following are saved locally on the device:

Online services used: Host name/domain
Access keys: Time of registration and last access, online services used with it and user ID(s) used

The legal basis for the processing is Article 6 (1) sentence 1 (b) GDPR, as it is necessary for the performance of a contract or in order to take steps prior to entering into a contract. Processing enables the provision and full use of the app.

5.2.2 Content data

The services used may request the entry and transmission of any data. Sole responsibility for this lies with the respective services. Further information can be found in the data protection statements of your service.

5.2.3 For sending in log files

If required, a user can initiate the transmission of log files to secunet technical support in the app. These document all activities while using the app. These data are used exclusively for technical support and are deleted once the purpose has been fulfilled and in compliance with legal retention periods. If required, both secunet and the respective online services used can access them.

The legal basis for the processing is Article 6 (1) sentence 1 (b) GDPR, as it is necessary for the performance of a contract. There is also a legitimate interest in processing pursuant to Article 6 (1) sentence 1 (f) GDPR, for the purpose of optimising system security and stability.

6. Recipients or categories of recipients of the personal data

Your data will not be passed on to third parties.

7. Automated decision-making or profiling

There is no automated decision-making or profiling of data subjects within secunet’s area of responsibility.

8. Duration of storage of personal data

We store personal data only as long as is necessary for fulfilment of the purpose. Log files in the context of support cases are generally deleted after 12 months.

Data that we need for the processing of outstanding tasks or to enforce our rights and claims, as well as data that we are required to retain by law, are exempt from deletion.

9. Security measures

Access to services and all user interactions require two-factor authentication. The transmission path to the authentication server of the respective service used is secured in multiple ways. Any security gaps of which we become aware will be closed promptly.

10. Data transfer to a third country

The data processed by secunet as developer of the app within the scope of technical support are processed within the Federal Republic of Germany. There is no intention of transferring these data to a third country.

We – or, in the case of commissioned processing, our service providers – generally only process personal data in countries within the EU or the European Economic Area that are subject to the scope of the GDPR. In exceptional cases, personal data may be transferred to other countries (so-called “third countries”) if an adequate level of data protection pursuant to Article 44 GDPR is guaranteed, e.g.

if there is a so-called “adequacy decision” of the European Commission,
by using the “EU standard contractual clauses” or
by means of other appropriate safeguards to ensure an adequate level of data protection in accordance with Article 46 GDPR.

Furthermore, a transfer to a third country may be made pursuant to Article 49 (1) sentence 1 (a) GDPR if you have expressly consented to the data transfer after being informed about the potential risks to you of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

11. Rights of data subjects

If your personal data are processed by us as the data controller, you as the data subject have the following rights:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to object
Right to data portability
Right to withdraw consent
Right to lodge complaints with the competent data protection officer or competent supervisory authority

You can assert your rights directly against the respective service used. To do so, contact the data protection officer named by the service.

secunet Security Networks AG

Contact

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen

Phone: +49 (0) 201 5454-0
E-Mail: info(at)secunet.com

LinkedIn | Twitter/X | XING

Terms & conditions Data protection Whistlebl.-Tool Imprint