- General. 2
- Responsible person 2
- Data Protection Officer 2
- Your rights. 3
- Legal basis. 3
- Storage duration 4
- Children 4
- Recipients, third country transfers, linked third party websites 4
- Data security 5
- Automated decision making including profiling. 5
- Collection and processing of your personal data when using our website. 5
- Technical provision of the website, hosting. 5
- Newsletter 6
- Commercial and business services. 7
- Direct marketing. 7
- Domain queries (Whois) 7
- Contact. 7
The protection of your personal data (also “data”) is an important concern for us. In the following, we would therefore like to inform you which categories of data we process for which purposes when you visit our website.
1. person responsible
Jointly responsible parties pursuant to Art. 4 No. 7, Art. 26 EU General Data Protection Regulation (“DS-GVO”) are RegistryGate GmbH, Wilhelm-Wagenfeld-Str. 16, 80807 Munich, Germany, and CentralNic Group PLC, registered in England & Wales (Registration Number 08576358), address: 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. E-Mail: firstname.lastname@example.org.
2. data protection officer
c/o Rickert Rechtsanwaltsgesellschaft
Colmantstraße 15, 53115 Bonn
For the attention of the Data Protection Officer
If you have any questions or comments about this privacy statement or data protection in general, please contact us by e-mail at email@example.com or by post at the above address.
The Data Privacy Officer of CentralNic Group PLC can be contacted by post at: Data Privacy Officer, CentralNic Group PLC, 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. He can be reached by e-mail at firstname.lastname@example.org.
3. Your rights
You may exercise the following free rights against the data controller in accordance with the law:
– Revocation of your consent (Art. 7 para. 3 DS-GVO);
– Right of access (Art. 15 DS-GVO);
– Right to rectification or erasure (Art. 16 and Art. 17 DS-GVO);
– Right to restriction of processing (Art. 18 DS-GVO);
– Right to data portability (Art. 20 DS-GVO);
– Right to object to processing (Art. 21 DS-GVO).
To make a claim under the GDPR, please contact the data controller using the contact details above or alternatively contact the Data Protection Officer. Should you wish to contact us by e-mail, please use an address stored with us in the system for sending so that we can assign you.
When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by mail.
If you are of the opinion that the processing of your personal data violates data protection law, you have a right of appeal pursuant to Art. 77 para. 1 DS-GVO to complain to a data protection supervisory authority of one’s own choice.
4. legal bases
In principle, we only process data if we have a legal basis to do so. We go into more detail on the various basics in the individual processings. In general, however, the following applies:
- Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing personal data that is necessary for the performance of a contract, Art. 6 para. (1) sentence 1 lit. b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
- If the processing is necessary for the fulfilment of a legal obligation to which we are subject, Article 6 (1) sentence 1 lit. c) DS-GVO serves as the legal basis for the processing.
- If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) sentence 1 lit. f) DS-GVO serves as the legal basis for the processing.
5. storage period
Statutory retention obligations arise, for example, from Section 257 (1) HGB (6 years for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and from Section 147 (1) AO (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Our website is not intended for children under the age of 16.
7. Recipients, third country transfers, linked third party websites
In the following, we would like to inform you about the third parties and processors to whom we transfer personal data. We use various third-party services on our website. These have different purposes, which we will go into in more detail in the individual descriptions. Basically, however, these services serve to make our internet presence functional, secure and visually appealing as well as to optimise its content on an ongoing basis. In general, we transfer personal data to the following categories of third parties:
Billing service providers, printing and postal service providers, insurance companies, telecommunication service providers, insurance brokers and experts for the examination and settlement of claims, public authorities, insofar as a justified request has been made, credit institutions and payment service providers for the processing of payments, external accountants, auditors, service providers for hosting and other services in connection with our website, legal advisors and auditors.
If personal data is transferred to a third country or an international organisation, we will inform you separately about the transfer and the underlying justification standard. The transfer is secured with standard contractual clauses pursuant to Art. 46 of the GDPR or other suitable transfer safeguards pursuant to Art. 44 et seq. of the GDPR.
If we use contractors for the processing of data, who are of course bound by our instructions, they are carefully selected, commissioned and regularly monitored by us. The assignments are based on agreements on commissioned processing in accordance with Art. 28 DS-GVO. Processing for the processors’ own purposes does not take place.
Processors include in particular IT service providers (maintenance and support), telemedia service providers for the operation of IT systems (web hosters for the provision of online platforms, providers of cloud software and backup services), service providers for the professional disposal of data waste.
Our website may contain links to third-party websites. We would like to emphasise that we are not responsible for the processing of your personal data on these websites within the meaning of Art. 4 No. 7 DS-GVO. Please refer to the privacy statements of the respective websites before disclosing personal data.
8. Data security
We use technical and organisational measures to protect your personal data against loss, manipulation, destruction or other attacks by unauthorised persons. We continuously improve our security measures according to the current state of the art. When transmitting your personal data via this website, we use transport encryption technology (TLS).
9. Automated decision making including profiling
Automated decision-making including profiling does not take place.
B. Collection and processing of your personal data when using our website
1. Technical provision of the website, hosting
Every time content on the website is accessed, data is temporarily stored there via so-called log files, which may allow identification. The following data is collected:
– Date and time of the request
– IP address of the calling computer
– Host name of the accessing computer
– Website from which the website was accessed
– Websites accessed via the website
– Page visited on our website
– data volume transferred
– Message whether the retrieval was successful
– Information about the browser type and version used
– Operating system
The temporary storage of data is necessary for the course of a website visit in order to enable the delivery of the website. Further storage of the log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Your IP address is shortened as quickly as possible so that it is no longer possible to identify you. The legal basis for the temporary storage is Art. 6 para. 1 p. 1 lit. b) DS-GVO. The legal basis for the further storage with shortened IP address is Art. 6 para. 1 p. 1 lit. f) DS-GVO. Our legitimate interest is the protection of our information technology systems (especially in the event of abusive attacks, so-called DDoS attacks). A personal evaluation of the data, in particular for marketing purposes, does not take place without prior consent.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are kept accessible only to administrators.
In order to operate this website, we use Amazon Web Services (“AWS”) of Amazon Inc, 410 Terry Avenue North, Seattle WA 98109, USA, a host provider, to process meta data and communication data of our website users on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this website pursuant to Article 6(1) p. 1 lit. f), Article 28 DS-GVO.
With your consent, we use your personal data to send you our newsletter to inform you about news from our company, new services and products, and events tailored to your interests. This includes information about current or future service and product offers as well as events with the participation of our company or group companies (e.g. trade fairs). In order to send you the newsletter, we need your e-mail address. The legal basis for the processing is your consent according to Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO. We use the personal data you provide during registration exclusively for sending our newsletter. After registering your e-mail address, you will receive an e-mail from us in which you must confirm that you would like to receive the newsletter by clicking on a link. If confirmation via hyperlink is not received within a period of 7 days, your data will be blocked and deleted after one month. We may also store your IP addresses, login and confirmation times in order to verify your login and to adequately investigate any possible misuse of your personal data.
We can analyse our newsletter campaigns. When you open an e-mail, a file contained in the e-mail (so-called web beacon) connects to our newsletter server. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter.
The legal basis for this is your consent and the necessity to fulfil a legal obligation to which we are subject, Art. 6 Para. 1 p. 1 lit. a) and c), Art. 7 DS-GVO. The legal basis for the transfer to a third country is also your consent in accordance with Art. 49 Para. 1 p. 1 lit. a) DS-GVO. It should be noted that the level of EU data protection cannot be guaranteed in the third country. In particular, effective legal remedies against official access to your personal data may not exist.
Your data will be processed in an electronic newsletter system for the duration of your subscription. For this purpose and for sending the newsletter, we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which processes the data on our behalf.
As we base the processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. In this case, we will immediately remove you from our newsletter distribution list in order to comply with your request. You can withdraw your consent at any time by sending an email to our data protection officer or by following the instructions at the end of a promotional/newsletter email. If you send us an e-mail, please let us know what your revocation should refer to so that we can allocate your request.
3. Commercial and business services
a. Direct marketing
We have a legitimate interest (direct marketing, recital 47 DS-GVO) within the meaning of Art. 6 1 p. 1 lit. f) DS-GVO in advertising to customers (persons with whom we maintain a business relationship) by e-mail or post. In particular, we may send you news about our company or group companies, information about events and invitations to evaluate our services and products.
For this purpose and for sending the newsletter, we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which processes the data on our behalf.
To send you advertising by post, we use a postal service provider.
You can object to receiving advertising at any time by sending an e-mail to our data protection officer or by following the instructions at the end of an advertising e-mail. If possible, please send your e-mail from the same e-mail address that you used when registering so that we can assign you more easily.
b. Domain queries (Whois)
We offer the possibility to obtain information about certain holder data of already registered domain names. In the case of a search query, the data you enter in the search field as well as the data categories listed under “Log files” are processed. The legal basis for the processing is, according to Art. 6 para. 1 p. 1 lit. b) DS-GVO, the necessity to process personal data for the fulfilment of a contract or for the implementation of pre-contractual measures in connection with the Domain Guidelines. Search requests are deleted no later than seven days after the request.
You can contact us by email, telephone and via our contact forms to request a quote or conduct other correspondence.
In order to be able to process your enquiry, we process names, e-mail addresses, if applicable the name of your company, position as well as mandatory details that are absolutely necessary for the preparation of an offer. The processing of your data in the context of contacting us by e-mail, contact form or telephone is based on our legitimate interest in good customer service in accordance with Art. 6 para. 1 p. 1 lit. f) DS-GVO or in accordance with Art. 6 1 p. 1 lit. b) DS-GVO, insofar as the contacts are in connection with contractual performance obligations, such as the application for a dispute entry.
We delete your contact requests immediately after processing, unless legal retention periods require further storage. After answering your request, we archive your request immediately. Inspection is only possible to a very limited extent. Purely informative enquiries, i.e. those that do not lead to a contract or do not contain any other content subject to retention, are deleted at the end of the year in which the enquiry was made. See “Retention periods” for more information.
When you use our contact form, we also process data about your location (country and city based on IP address), data obtained from our tracking system and data about the browser and device used. The legal basis is your consent, Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO.
We use a ticket management system to process customer claims and enquiries by e-mail and via the contact forms. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DS-GVO on the basis of our legitimate interests in the efficient processing of enquiries.
I would like to receive the email newsletter to receive information tailored to my interests about events, promotions, competitions, services and news from the CentralNic group of companies.