The GEFEG.Portal (hereinafter referred to as the Portal) features a service for verifying that messages conform to standards as well as other related functions. For the purposes of validation, users can upload test messages to the Portal. The test messages are stored in the Portal but not backed up. Therefore, the user is responsible for managing his/her data locally and creating backup copies in other locations. GEFEG accepts no responsibility for any loss of data.
At the instigation of the user, the test data uploaded by the user shall be stored for the duration of a session or longer. If the data is only stored for the duration of one session, they shall be deleted when the session ends. A session ends when the user logs out or when it times out automatically due to the inactivity of the user. If the user opts to store the uploaded test data for longer than the session, the data shall be deleted automatically after 176 days for security reasons.
GEFEG underlines that the test data uploaded by the user will not be processed, used or passed on to third parties.
Data is encrypted by HTTPS before being transferred to and from the Portal over the Internet. The HTTPS protocol/log is normally used when sensitive data are transmitted and meets the generally accepted security requirements which are considered necessary. In the unlikely event that the encryption in the protocol/log is cracked by a hacker, GEFEG accepts no responsibility for any damage suffered.
The Portal was developed with consideration for the guidelines of the German Federal Office for Information Security (BSI). Therefore, the Portal meets the generally accepted security requirements which are considered necessary. GEFEG affirms that all of the recommendations on preventing conventional attacks that it considers necessary have been implemented with the utmost care.
The Portal is regularly scheduled to go offline for up to two hours at a time for maintenance. Necessary downtime shall be announced at least three days in advance. The Portal shall go offline when the maintenance period begins. Users who visit the Portal during this period shall be informed of the downtime by a specific page, provided that the Portal server is available.
If a problem with the Portal is reported, GEFEG shall examine it and inform the user as soon as a solution is available.
During the Portal registration process, the user will be prompted to enter a username, password and email address. These data are required for the purposes of administrating the Portal.
Furthermore, the user shall be prompted to enter his/her name, company name and phone number. This personal data is required in order to execute the contract on the use of the Portal and in order to respond to queries. Any other personal data of the user shall not be collected unless provided voluntarily. Personal data shall not be disclosed, sold or otherwise transferred to third parties.
Whilst the Portal is in use, the servers of GEFEG shall automatically store usage data associated with the service of the Portal for the purposes of system security and statistics. The following data is collected: the action carried out by the user, the version and variant of the standard, the name of the test file, the size of the file, the number of errors detected and the test status. The usage data shall be stored for up to three years and then deleted automatically.
The offer of GEFEG contains links to third-party websites over whose content GEFEG has no control. Therefore, GEFEG accepts no responsibility for the content of these third-party websites. The provider or operator of each target website is always responsible for its content. The target websites were checked for possible legal violations when the links were created. No illegal content was found when the links were created. However, with no solid indications of a legal violation it would be unreasonable to continuously check the content of all target websites. If a legal violation is detected, GEFEG shall immediately remove the links in question.