Privacy statement

Privacy statement

Revised 16th of July 2018

The Dutch Internet Standards Platform respects your privacy. With this privacy statement, we would like to inform you about what personal data we collect when you use our website and other services on Internet.nl and how we process this data. Your rights are covered by the applicable laws, mainly the European General Data Protection Regulation (GDPR) and the Dutch Telecommunications Act.

What data will be collected?

Website (Internet.nl)

Application

When you are using Internet.nl we collect the following data which is necessary for the functioning of the website.

  • IP address of your client (remote host) which made the request to our web server:

    • When a connection test is performed, only your anonymized IP address and anonymized reverse name are stored in the application database and shown in the connection test report that is available for the user via a permalink.
  • In any other cases your (full or anonymized) IP address is not stored in the application database.

  • Domain names that you provided to perform email or website tests:

    • Domain names are stored in the application database. They will be shown in the test reports available for the user via a permalink and could be shown in the Hall of Fame.
    • Only the domain name is stored, but not the ‘local-part’ (i.e. the part before @example.nl) of a provided email address.

Server logs

For debugging connection issues and for solving (security) incidents we keep the below data in our web server logs.

  • IP address of the client (remote host) which made the request to our web server;
  • The time that the request was received;
  • User-Agent HTTP request header that the client browser reported about itself;
  • Status code that the server sends back to the client;
  • Size of the object returned to the client;
  • Error message with regard to processing the request.

User analytics

We put analytical cookies on your device to analyze the use of our website. We run Matomo (formerly Piwik) on our own web server. Matomo is one of the most privacy-friendly analytical tools currently available. The statistics generated with these cookies are used only to improve our website.

We collect the following data via cookies:

  • IP address (anonymized);
  • Very rough location of the user based on anonymized IP address;
  • Date and time;
  • Title of the page being viewed;
  • URL of the page being viewed;
  • URL of the page that was viewed prior to the current page;
  • Screen resolution;
  • Time in local timezone;
  • Files that were clicked and downloaded;
  • Link clicks to an outside domain;
  • Pages generation time;
  • Main Language of the browser;
  • User Agent of the browser.

Because the impact of these analytical cookies on your privacy is very limited in light of the GDPR and Section 11.7a of the Dutch Telecommunication Act, you do not need to give your consent for this. If you do not want us to place cookies on your device, we recommend that you turn on the Do Not Track function in your browser. Matomo will not follow you and will not place cookies. For more information about Do Not Track and how to turn it on in your browser, see the website All About Do Not Track.

Email (@internet.nl)

When you send email-mails to question@internet.nl we collect the following data:

  • Email address used and other mail header data (like time);
  • Any other personal data that the sender put in the mail.

What measures are in place to secure the collected data?

Access and third parties

Our services are running on our servers, that are maintained by Open Netlabs / NLnet Labs. ECP is in charge of operating the mailbox. Collected data may be shared with other members of the Internet Standards Platform only to answer questions, to solve issues or to improve our services.

No third party services are used (like external analytics tooling or web fonts). We do not in any way pass on personal data collected by us to third parties (i.e. outside the Internet Standards Platform), unless we are legally obliged to do so (for example, if the authorities with a legal basis request data from us).

Technical measures

We have implemented a.o. the following technical measures to secure your personal data:

  • Modern, secure standards are in place. We comply with our own tests. E.g. our web server offers an encrypted connection (HTTPS) and the domain is signed (DNSSEC);
  • Software on our servers is updated regularly;
  • Our engineers use strong authentication to access the servers.

In case you find a vulnerability, despite of our efforts, please act in accordance with our responsible disclosure policy.

Anonymization

  • Application: The anonymization of the IP address of your client means that at least the last 16 bits of each IPv4 address and the last 96 bits of each IPv6 address are discarded and replaced with zero’s before storing in the application database (e.g. visible is only 198.51.0.0 or 2001:db8::). Besides we anonymize the found reverse name by masking the first one or more labels. By anonymizing the IP address and reverse name we make sure that it is not possible to relate these directly to a person anymore, even not with the other associated data colllected. IP addresses belonging to web servers, mail servers or name servers will not be anonymized, because we consider this data to be public data which is published in DNS. The same goes for domain names; we also consider this to be public data.
  • User analytics: At least 16 bits for IPv4 and 80 bits for IPv6 are discarded and replaced with zero’s before storing an IP address in our analytics tooling (e.g. visible is only 198.51.0.0 or 2001:db81:85a3::).

Data retention period

  • Application: Because the anonymized visiting IP address and associated collected data can not be directly related to a person, we do not maintain a specific retention period for the data stored in our aplication database.
  • Server logs: Data collected in our server logs will be deleted after three calendar months.
  • User analytics: Individual visitor data (including the anonymized IP address) in our analytics tooling will be deleted after 90 days.

Inspection, correction and deletion of data

Pursuant to the European General Data Protection Regulation (GDPR), you have the right of access to your personal data upon request and, if necessary, to amend it or have it deleted. Please contact us in case you wish to do so. Because we keep your full IP address only temporarily in our server logs, you might need to supply us with additional information, such as about your device and browser as well as the date and time of your visit, for us to be able to honour your request.

Update privacy statement

We may change our privacy statement. We will announce this change on our website. Older versions of our privacy statement will be stored in our archive. Send us an email if you want to consult it.