The new European General Data Protection Regulation (GDPR) is coming into effect as of May 25, 2018.
The protection of your personal data is very important to us. Our processing of personal data is therefore designed to be fully compliant with applicable data protection laws and regulations.
With this policy we intend to clarify and inform you – our customer – about which personal data we process, the purposes of said processing, how this processing is performed, who has access to your personal data, for how long we process this data and how you can exercise your rights with regard to our data processing.
For the personal data required by us for the performance of the agreed service, "Controller" within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection laws and regulations is:
The data protection officer of RegistryGate can be contacted at dsb(at)partnergate(dot)com.
For all other processing of data where we do not control the processing, particularly for domain registration services, the controller is the registry operator of the relevant TLD as well as – for all registrations in generic top level domains – ICANN is joint controller with the registry operator.
What personal data do we process about you?
Personal data is any information relating to an identified or identifiable natural person. We process data that you provide voluntarily to us, data that we collect in an automated fashion when you visit our premises, events or websites and data processed when you access and/or use our products and services.
We may process the following personal data about our customers as inventory data: your name, your email address, your phone number and (if applicable) fax number, your job title, your full personal address, the organization you work for (if applicable to the transaction), your gender, your language preference, the IP addresses you use to connect to our systems, your account name, the services you order, your financial data including bank account or credit card information, your login details.
We may also request additional personal data if required for the specific service you requested.
Our processing of third party data
Purposes for processing
The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations. The legal basis for such processing is Art. 6 I b) GDPR.
Personal data may be transmitted to service providers acting as data controllers that are involved in our provision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collecting and processing personal data based on their legitimate interests in accordance with Art 6 I f) GDPR. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.
Transmission of your personal data may also, in some cases, be required by data controllers to comply with applicable legal obligations in accordance with Art. 6 I c) GDPR. Please review the applicable registry policies for direct references to such legal obligations.
Your domain name registration data may also be processed and transmitted in the context of a data escrow program in order to safeguard domain registrations in case the registrar and/or registry operator ceases its activity of registering and managing domain names.
We may also transfer your personal data to third parties to safeguard legitimate interests of such third parties in accordance with Art 6 I f), except where such interests are overridden by your fundamental rights and freedoms.
We may also transmit your personal data to service providers and/or publish your data based on your explicit, informed and freely given consent, if applicable, for example if you explicitly request the publication of your data in a registration database despite our ability to redact or hide such data. This consent may be withdrawn at any time.
How do we process personal data?
We process personal information in full compliance with the technical, organizational and legal requirements of the GDPR in our data center(s) in Germany. We publish data you provide to us for web-hosting purposes in one of our shared hosting locations in Germany or on the Isle of Man, or – at your request – in the USA. We apply data minimization principles where possible and we continuously update our security measures to help protect your personal data and other information against unauthorized access, loss, destruction or alteration. Access to your data is possible only through an encrypted connection. Third parties do not have access to your data unless we provide such access in accordance with the terms below. We also request that everyone we transmit your data to in accordance with this policy apply adequate security measures.
To whom do we forward your personal data?
To the extent permitted by law, your personal data may be disclosed to the following parties:
We may provide access to your data to other group companies affiliated with ourselves strictly for purposes of providing you with a better service.
We may forward your personal data to third-party service providers directly involved in the provision of our service to you, such as a registry operator of a top level domain in which you have requested a registration (please review terms of registration applicable to each relevant TLD in order to determine the registry operator and its terms of registration). We are unable to influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and/or servers located outside the European Union.
We may forward your personal data to third-party payment providers directly involved in the provision of payment services for payment facilities chosen by you to pay for our services, such as a banks, credit card service providers, Paypal and others. This may require the transfer of your personal data to organizations and/or servers located outside the European Union.
If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.
To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.
We may disclose your personal information to law enforcement agencies, to other government and/or civil authorities similarly authorized by applicable laws and regulations and to courts of appropriate jurisdiction if so required by law. To ensure data accuracy and to prevent abusive use of our services, we may use third-party verification service providers to check the data you have provided. To assess our business operations, we may also provide access to your data to our auditors.
For support purposes, we may provide access to your personal data to providers of third-party support services.
We will never sell your personal data to anyone.
Further data usage
We will only use the data for the purposes of advertising, customer service or market research if such use is necessary to provide or improve the service and if the customer has provided prior consent. Such consent may be revoked at any time. We will store your personal data that is processed for business purposes for a minimum of one year after the termination of the service it was collected for, or longer if required by legal requirements, such as the tax code. Data processed for other purposes is processed no longer than necessary for the purposes for which your data is processed or until all applicable legal requirements are met.
Your rights with regard to your data
You have the right to access and correct your data through your control interface with us or any intermediary service providers you may employ. You have the right to request information concerning your personal data and to request a copy of all your data in a standard format. You may at any time request to update all incorrect, out-of-date or incomplete data and to help us keep the internet safe we encourage you to regularly review the data you provided to ensure it is accurate, current and complete. You have the right to request the restriction of certain processing activities in certain circumstances and to object against certain processing activities. If and as far as processing is based on consent, that consent can be withdrawn at any time by the consenting party. You have the right to erasure your data in certain circumstances. You have the right to be informed where we obtained your personal data in case it was not directly obtained from you. You can exercise your rights by contacting us. You also have the right to lodge a complaint with a supervisory authority.
Traffic data, e.g. data being collected and used to measure the amount of usage of a telecommunication service, will only be collected as necessary for the purpose of performance of services and invoicing. We also collect traffic data with regard to any login attempts into our systems. Traffic data will not be stored longer than six months above the time required for invoicing and the provision of the service, unless the customer requests a longer storage time within the scope of a statistics function. Traffic data will not be used to create user profiles.
Cookies and other tracking technologies
When you visit our websites, we may request your approval to store certain information on your devices in the form of a cookie in order to better provide our services to you. Denial to accept our cookies may result in a loss of functionalities on our websites and user interfaces for you.
Anonymization of data
We currently have not implemented measures regarding the anonymized processing of personal data in our system. Credit card details are stored in an encrypted format. We do offer anonymization and privacy services for domain name registrations in certain circumstances where the use of such services is permitted by the data controller (the registry operator).
Changes to this policy
Please note that the data protection information may be changed at any time with due regard to the applicable data protection regulations. The version being made available on our website at the time of your order or last visit to our website applies. We will inform you about any changes either directly by newsletter or indirectly through your service provider.