Personal data that RNIDS processes, and the purposes for which it is being processed
RNIDS collects and processes personal data in order to pursue its contractual obligations with registrants, as laid down in the General Terms and Conditions for the Registration of National Internet Domain Names, in order to maintain distribution mailing lists which it controls and in order to improve the user experience for visitors to RNIDS’ websites.
RNIDS is running domain name registrations through accredited registrars who, in accordance with their agreement signed with RNIDS, are required to adhere to applicable RNIDS documents and regulations in regard to personal data protection.
As part of domain name registration services, RNIDS collects and processes the following personal data of registrants and administrative and technical contacts:
- name and surname,
- e-mail address,
- telephone number.
In other cases, RNIDS collects and processes:
- name and surname,
- e-mail address.
Details of the administrative and technical contact shall be supplied to RNIDS by the registrant, via the designated accredited registrar. Where these are private individuals, the registrant must obtain their explicit prior consent for collection and processing to be carried out for these purposes. RNIDS may, within a period of time it determines, require the registrant to supply proof of consent on the part of these persons for the collection and processing of personal data. Should the registrant fail to act in response to such a request, RNIDS will remove all personal data of these persons from its database without delay and enter the data of the registrant as administrative contact and technical contact.
Personal data collected for the purposes of domain name registration is kept for ten years after the domain name has expired. Personal data collected in other cases is kept for as long as there is a need for it to be processed, and there is consent obtained from the data subject.
Collected data is processed and kept solely for the purposes for which it was collected, regarding which the data subject is informed at the time of submission of the data. Such data will not be used for other purposes, and in particular not for advertising, consumer advice or market research.
RNIDS does not intentionally collect the personal data of persons younger than 18 years of age. Should RNIDS determine that it holds the personal data of such persons, it will immediately seek parental permission.
RIGHTS OF DATA SUBJECTS
Every data subject, pursuant to applicable regulations, has the minimum rights as described below. In addition to the stated rights, the data subject has other rights as guaranteed by applicable regulations.
The right to be informed
Every data subject who has supplied personal data to RNIDS has the right to be informed on and access to the data kept on him/her and processed by RNIDS.
The right to correction of incorrect personal data
Every data subject who has supplied personal data to RNIDS has the right to make corrections to incorrect data kept on him/her and processed by RNIDS.
The right to deletion of personal data (“right to be forgotten”)
Every data subject who has supplied personal data to RNIDS has the right to request the deletion of personal data kept on him/her and processed by RNIDS, where the legal requirements have been met for this.
Every data subject who has supplied personal data to RNIDS has the right to request the limitation of processing of all personal data kept on him/her and processed by RNIDS, where legal requirements have been met for this.
The right to be informed about correction or deletion of personal data or limitation of data processing
RNIDS must inform the data subject of measures undertaken relating to his/her request for correction, deletion or limitation of processing of personal data.
The right to transfer of personal data
Every data subject who has supplied personal data to RNIDS has the right to request that RNIDS facilitate the transfer of data to another controller in an electronic, easily transferable format.
The right to file a complaint
LEGAL BASIS FOR PERSONAL DATA PROCESSING
RNIDS has determined the contractual relationship and/or consent of the data subject to be the legal basis for collection and processing of personal data. The legal basis for the collection and processing of personal data additionally consists in the fulfilment of RNIDS’ obligations, the protection of the personal interests of data subjects or other persons and the legitimate interest of RNIDS or other parties.
BREACH OF DATA SECURITY
RNIDS has appropriate rules and procedures in place to safeguard personal data from unauthorised access, loss, misuse, alteration or destruction. Nevertheless, security from all potential threats cannot be completely guaranteed. According to RNIDS’ rules, personal data may only be accessed by those persons who need to know this data for the purposes of carrying out their work and must keep this data confidential.
In the event of an incident, RNIDS has a reaction and reporting policy and an established incident team which will immediately take appropriate steps and undertake the procedure prescribed for the event of an incident.
COOKIES AND SOCIAL MEDIA WIDGETS
RNIDS’ web pages use so-called “cookies” in order to distinguish you from other users on our websites. RNIDS websites may feature sharing applications for social networks such as Facebook, LinkedIn, Twitter and Google+ extensions.