Content

Privacy policy. 2

  1. General. 2
  2. Responsible person 2
  3. Data Protection Officer 2
  4. Your rights. 3
  5. Legal basis. 3
  6. Storage duration 4
  7. Children 4
  8. Recipients, third country transfers, linked third party websites 4
  9. Data security 5
  10. Automated decision making including profiling. 5
  11. Collection and processing of your personal data when using our website. 5
  12. Technical provision of the website, hosting. 5
  13. Newsletter 6
  14. Commercial and business services. 7
  15. Direct marketing. 7
  16. Domain queries (Whois) 7
  17. Contact. 7

Privacy policy

The protection of your personal data (also “data”) is an important concern for us. In the following, we would therefore like to inform you which categories of data we process for which purposes when you visit our website.

Please note that our privacy policy may change over time due to the implementation of new technologies or changes in legislation.

Please also see our separate Domain Name Registration Privacy Policy regarding the processing of personal data for domain name registration. This privacy policy is intended to inform you about how personal data is processed when registering a domain.

A. General

1. person responsible

Jointly responsible parties pursuant to Art. 4 No. 7, Art. 26 EU General Data Protection Regulation (“DS-GVO”) are RegistryGate GmbH, Wilhelm-Wagenfeld-Str. 16, 80807 Munich, Germany, and CentralNic Group PLC, registered in England & Wales (Registration Number 08576358), address: 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. E-Mail: info@centralnic.com.

Within the CentralNic Group, certain tasks and departments are divided between the Group companies. The aforementioned controllers jointly determine the purposes and means of processing your personal data on this website as described below and in the Domain Name Registration Privacy Policy. When we use the name “CentralNic” in the following, it refers to the jointly responsible parties, unless one or more entities are specifically mentioned. If you have any questions about data protection or wish to assert claims under data protection law, you can contact any of the group companies mentioned in this data protection declaration and on our website.

2. data protection officer

RegistryGate GmbH

Thomas Rickert

c/o Rickert Rechtsanwaltsgesellschaft

Colmantstraße 15, 53115 Bonn

Germany

For the attention of the Data Protection Officer

E-Mail: DSB-UNTERNEHMENSNAME@rikckert.law

If you have any questions or comments about this privacy statement or data protection in general, please contact us by e-mail at dsb@partnergate.com or by post at the above address.

The Data Privacy Officer of CentralNic Group PLC can be contacted by post at: Data Privacy Officer, CentralNic Group PLC, 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. He can be reached by e-mail at internal.compliance@centralnic.com.

3. Your rights

You may exercise the following free rights against the data controller in accordance with the law:

– Revocation of your consent (Art. 7 para. 3 DS-GVO);

– Right of access (Art. 15 DS-GVO);

– Right to rectification or erasure (Art. 16 and Art. 17 DS-GVO);

– Right to restriction of processing (Art. 18 DS-GVO);

– Right to data portability (Art. 20 DS-GVO);

– Right to object to processing (Art. 21 DS-GVO).

To make a claim under the GDPR, please contact the data controller using the contact details above or alternatively contact the Data Protection Officer. Should you wish to contact us by e-mail, please use an address stored with us in the system for sending so that we can assign you.

When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by mail.

If you are of the opinion that the processing of your personal data violates data protection law, you have a right of appeal pursuant to Art. 77 para. 1 DS-GVO to complain to a data protection supervisory authority of one’s own choice.

4. legal bases

In principle, we only process data if we have a legal basis to do so. We go into more detail on the various basics in the individual processings. In general, however, the following applies:

  • Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • When processing personal data that is necessary for the performance of a contract, Art. 6 para. (1) sentence 1 lit. b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
  • If the processing is necessary for the fulfilment of a legal obligation to which we are subject, Article 6 (1) sentence 1 lit. c) DS-GVO serves as the legal basis for the processing.
  • If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) sentence 1 lit. f) DS-GVO serves as the legal basis for the processing.

5. storage period

We delete the data we process or restrict processing in accordance with the statutory provisions, in particular Articles 17 and 18 DSGVO. Unless expressly stated in this privacy policy, we delete stored data as soon as it is no longer required for the intended purpose. Data is only stored after the purpose has ceased to exist if this is necessary for other and legally permissible purposes or if the data must be stored due to legal storage obligations. In these cases, processing is restricted, i.e. blocked and not processed for other purposes.

Statutory retention obligations arise, for example, from Section 257 (1) HGB (6 years for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and from Section 147 (1) AO (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

6. Children

Our website is not intended for children under the age of 16.

7. Recipients, third country transfers, linked third party websites

In the following, we would like to inform you about the third parties and processors to whom we transfer personal data. We use various third-party services on our website. These have different purposes, which we will go into in more detail in the individual descriptions. Basically, however, these services serve to make our internet presence functional, secure and visually appealing as well as to optimise its content on an ongoing basis. In general, we transfer personal data to the following categories of third parties:

Billing service providers, printing and postal service providers, insurance companies, telecommunication service providers, insurance brokers and experts for the examination and settlement of claims, public authorities, insofar as a justified request has been made, credit institutions and payment service providers for the processing of payments, external accountants, auditors, service providers for hosting and other services in connection with our website, legal advisors and auditors.

If personal data is transferred to a third country or an international organisation, we will inform you separately about the transfer and the underlying justification standard. The transfer is secured with standard contractual clauses pursuant to Art. 46 of the GDPR or other suitable transfer safeguards pursuant to Art. 44 et seq. of the GDPR.

If we use contractors for the processing of data, who are of course bound by our instructions, they are carefully selected, commissioned and regularly monitored by us. The assignments are based on agreements on commissioned processing in accordance with Art. 28 DS-GVO. Processing for the processors’ own purposes does not take place.

Processors include in particular IT service providers (maintenance and support), telemedia service providers for the operation of IT systems (web hosters for the provision of online platforms, providers of cloud software and backup services), service providers for the professional disposal of data waste.

Our website may contain links to third-party websites. We would like to emphasise that we are not responsible for the processing of your personal data on these websites within the meaning of Art. 4 No. 7 DS-GVO. Please refer to the privacy statements of the respective websites before disclosing personal data.

8. Data security

We use technical and organisational measures to protect your personal data against loss, manipulation, destruction or other attacks by unauthorised persons. We continuously improve our security measures according to the current state of the art. When transmitting your personal data via this website, we use transport encryption technology (TLS).

9. Automated decision making including profiling

Automated decision-making including profiling does not take place.

B. Collection and processing of your personal data when using our website

1. Technical provision of the website, hosting

Every time content on the website is accessed, data is temporarily stored there via so-called log files, which may allow identification. The following data is collected:

– Date and time of the request

– IP address of the calling computer

– Host name of the accessing computer

– Website from which the website was accessed

– Websites accessed via the website

– Page visited on our website

– data volume transferred

– Message whether the retrieval was successful

– Information about the browser type and version used

– Operating system

The temporary storage of data is necessary for the course of a website visit in order to enable the delivery of the website. Further storage of the log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Your IP address is shortened as quickly as possible so that it is no longer possible to identify you. The legal basis for the temporary storage is Art. 6 para. 1 p. 1 lit. b) DS-GVO. The legal basis for the further storage with shortened IP address is Art. 6 para. 1 p. 1 lit. f) DS-GVO. Our legitimate interest is the protection of our information technology systems (especially in the event of abusive attacks, so-called DDoS attacks). A personal evaluation of the data, in particular for marketing purposes, does not take place without prior consent.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are kept accessible only to administrators.

In order to operate this website, we use Amazon Web Services (“AWS”) of Amazon Inc, 410 Terry Avenue North, Seattle WA 98109, USA, a host provider, to process meta data and communication data of our website users on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this website pursuant to Article 6(1) p. 1 lit. f), Article 28 DS-GVO.

2. Newsletter

With your consent, we use your personal data to send you our newsletter to inform you about news from our company, new services and products, and events tailored to your interests. This includes information about current or future service and product offers as well as events with the participation of our company or group companies (e.g. trade fairs). In order to send you the newsletter, we need your e-mail address. The legal basis for the processing is your consent according to Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO. We use the personal data you provide during registration exclusively for sending our newsletter. After registering your e-mail address, you will receive an e-mail from us in which you must confirm that you would like to receive the newsletter by clicking on a link. If confirmation via hyperlink is not received within a period of 7 days, your data will be blocked and deleted after one month. We may also store your IP addresses, login and confirmation times in order to verify your login and to adequately investigate any possible misuse of your personal data.

We can analyse our newsletter campaigns. When you open an e-mail, a file contained in the e-mail (so-called web beacon) connects to our newsletter server. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter.

The legal basis for this is your consent and the necessity to fulfil a legal obligation to which we are subject, Art. 6 Para. 1 p. 1 lit. a) and c), Art. 7 DS-GVO. The legal basis for the transfer to a third country is also your consent in accordance with Art. 49 Para. 1 p. 1 lit. a) DS-GVO. It should be noted that the level of EU data protection cannot be guaranteed in the third country. In particular, effective legal remedies against official access to your personal data may not exist.

Your data will be processed in an electronic newsletter system for the duration of your subscription. For this purpose and for sending the newsletter, we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which processes the data on our behalf.

As we base the processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. In this case, we will immediately remove you from our newsletter distribution list in order to comply with your request. You can withdraw your consent at any time by sending an email to our data protection officer or by following the instructions at the end of a promotional/newsletter email. If you send us an e-mail, please let us know what your revocation should refer to so that we can allocate your request.

3. Commercial and business services

a. Direct marketing

We have a legitimate interest (direct marketing, recital 47 DS-GVO) within the meaning of Art. 6 1 p. 1 lit. f) DS-GVO in advertising to customers (persons with whom we maintain a business relationship) by e-mail or post. In particular, we may send you news about our company or group companies, information about events and invitations to evaluate our services and products.

For this purpose and for sending the newsletter, we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which processes the data on our behalf.

To send you advertising by post, we use a postal service provider.

You can object to receiving advertising at any time by sending an e-mail to our data protection officer or by following the instructions at the end of an advertising e-mail. If possible, please send your e-mail from the same e-mail address that you used when registering so that we can assign you more easily.

b. Domain queries (Whois)

We offer the possibility to obtain information about certain holder data of already registered domain names. In the case of a search query, the data you enter in the search field as well as the data categories listed under “Log files” are processed. The legal basis for the processing is, according to Art. 6 para. 1 p. 1 lit. b) DS-GVO, the necessity to process personal data for the fulfilment of a contract or for the implementation of pre-contractual measures in connection with the Domain Guidelines. Search requests are deleted no later than seven days after the request.

4. Contact

You can contact us by email, telephone and via our contact forms to request a quote or conduct other correspondence.

In order to be able to process your enquiry, we process names, e-mail addresses, if applicable the name of your company, position as well as mandatory details that are absolutely necessary for the preparation of an offer. The processing of your data in the context of contacting us by e-mail, contact form or telephone is based on our legitimate interest in good customer service in accordance with Art. 6 para. 1 p. 1 lit. f) DS-GVO or in accordance with Art. 6 1 p. 1 lit. b) DS-GVO, insofar as the contacts are in connection with contractual performance obligations, such as the application for a dispute entry.

We delete your contact requests immediately after processing, unless legal retention periods require further storage. After answering your request, we archive your request immediately. Inspection is only possible to a very limited extent. Purely informative enquiries, i.e. those that do not lead to a contract or do not contain any other content subject to retention, are deleted at the end of the year in which the enquiry was made. See “Retention periods” for more information.

When you use our contact form, we also process data about your location (country and city based on IP address), data obtained from our tracking system and data about the browser and device used. The legal basis is your consent, Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO.

We use a ticket management system to process customer claims and enquiries by e-mail and via the contact forms. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DS-GVO on the basis of our legitimate interests in the efficient processing of enquiries.

I would like to receive the email newsletter to receive information tailored to my interests about events, promotions, competitions, services and news from the CentralNic group of companies.