EURid is responsible for processing your personal data.
Your personal data may be collected via the following methods: through the Domain Name registration processes via our network of accredited registrars, via e-mail, via telephone, via fax, by attendance at an event, by using cookies or other technologies to track visitors on our websites, through communication from suppliers or partners, via a testimonial, via access control tools or by completing a form on our websites, or via any other means. Occasionally, we may also collect your personal data if you have registered a domain name (other than a Domain Name) with another registry via a registrar who inputs your personal data into our registration system.
What personal data do we process about you?
Personal data is any information relating to an identified or identifiable natural person (i) that you voluntarily provide to us (e.g. through our online forms on our website, testimonials), (ii) that we collect from your visit(s) to our premises, events or website(s) or via your access and use of our products or services (e.g. via your login to my.eurid.eu).
In the context of our business activities and in order to provide you with good service and to improve our services where possible, we may process the following personal data about you: your name, your email, the organization you work for, your job title, your personal address, your language preference, your gender, your age, your unique identification alias in our system, your Domain Name, financial data including data related to your bank account or credit card information, or creditworthiness, judicial data in relation to Domain Names, your IP address; data about your login to and usage of my.eurid.eu, pictures and video footage.
Since it is not possible to register a Domain Name directly with us1, we collect your personal data from the company through which you registered your Domain Name. That company may be one of our accredited registrars2 or one of its resellers who collects your personal data on behalf of EURid.
For which purposes do we process your personal data?
We process your personal data for various purposes:
In order to be able to offer the best possible services for your Domain Name, we must collect some personal data in relation to your Domain Name. This also allows us to identify you and get in touch with you directly in relation to your Domain Name registration, if and when needed.
We are required to maintain a complete and accurate database of all registered Domain Names. The purpose of the WHOIS look-up facility (https://whois.eurid.eu/en/) is to provide accurate and up-to-date information about the technical and administrative contact persons administering the Domain Names3. This helps us in creating and maintaining a trusted and safe Internet environment.
We use your personal data to maintain and build long-term and sustainable relationships and to execute the contract we may have. We use your personal data to respond to your inquiries, to fulfill your requests, and/or to send you administrative information.
Your personal data may be used to comply with applicable regulations, to respond to requests or claims from public and government authorities, including public and government authorities outside your country of residence, or to protect our rights, privacy, safety or property, and/or our entities.
We may use your personal data to send you promotional messages, marketing, advertizing, and other information that may be of interest to you.
On what legal basis do we process your personal data?
We may process your personal data based on different legal grounds:
- The processing may be necessary to comply with our legal obligations as a registry or as a data controller.
- The processing may be necessary for the execution of your contract with us.
- The processing is necessary for the protection of our legitimate interests, in particular: the economic, commercial and financial interests, business continuity, security and confidentiality of customer information and products and the security of digital and physical infrastructure.
- In exceptional cases, our processing activities may be based on your consent.
With whom do we share your personal data?
We never sell your personal data to anyone. To the extent permitted by applicable law, your personal data may be disclosed to the following parties:
EURid entities: As part of the processing activities for the abovementioned purposes, personal data may be disclosed to other EURid entities.
European Commission and related institutions or agencies: EURid has been appointed by the European Commission as the registry manager of the .eu ccTLD and possible .eu variants in other scripts. We may share your personal data with the European Commission or any related institution or agency.
Escrow and storage providers: In order to guarantee our business continuity, we need to store and back-up all registration data, including your personal data. For such an escrow, storage and back-up of all personal data, we rely on providers located in the European Union.
Third parties: Your personal data may be disclosed to third parties including governmental authorities for legitimate reasons.
Research institutions: We may share your personal data with institutions for (statistical or scientific) research purposes. We do our utmost to ensure that proper technical and organizational measures are in place to safeguard your personal data.
Providers of identification verification or abuse prevention services: In order to prevent abusive Domain Name registrations by submitting unidentified, incorrect or outdated registration data, we may use third party service providers to verify the registration data that you have submitted.
Auditors: To ensure our business operations are correctly assessed, auditors may have access to your personal data.
Support helpdesk providers: In order to provide you with continual support, we may engage third parties as helpdesk providers. For the purposes of providing you with adequate support, such providers may have access to your personal data.
When we share your personal data, we seek to instruct the recipients where possible to process your personal data in accordance with our instructions.
What are your rights in relation to your personal data?
Unless your request is deemed excessive or unfounded, you may exercise the following rights in relation to your personal data:
- You have the right to request information concerning your personal data.
- You have the right to request a copy of all your data in a standard format.
- You have the right to modify or correct your personal data if it is wrong.
- You have the right to request the restriction of certain processing activities in certain circumstances.
- You have the right to object against certain processing activities.
- You have the right to withdraw your consent.
- You have the right to have your personal data erased in certain circumstances.
- You can easily exercise any of your rights by completing and submitting our online form.
We reserve the right to charge a reasonable fee in case your request is deemed excessive at our sole discretion.
Additionally, you have the right to file a complaint with your local supervisory authority, when you are of the opinion that our processing of your personal data is not in compliance with applicable legislation.
If you have a Domain Name, please help us keep the Internet safe by ensuring that your personal data is accurate, complete and up-to-date at all times. We empower you to take control of your personal data and to verify it at: https://my.eurid.eu/en/auth/login/?next=/en/.
You can always ask us about your personal data by sending an email to email@example.com.
Where and how long do we keep your personal data?
Your personal data is stored both electronically and manually, in-house and by third parties, in our data centres in the European Union, and can be accessed from our offices via dedicated network connections or from anywhere through an authenticated VPN connection.
We store your personal data in a form that permits identification for no longer than is necessary for the purposes for which your personal data is processed. This retention period differs based on the type of personal data processed, the purpose of processing and other factors.
As a holder of a Domain Name, we keep your personal data for ten (10) years after it becomes irrelevant4.
In case you have registered a domain name (other than a Domain Name) with another registry via a registrar who inputs your personal data into our registration system, your personal data is kept in our systems for one (1) year after the registration.
The personal data of individuals that we collect outside the scope of a contract in the context of our business activities is kept until it becomes irrelevant, in principle after one (1) year.
What security measures are taken to safeguard your personal data?
We are continuously implementing and updating our security measures to help protect your personal data and other information against unauthorized access, loss, destruction, or alteration. We do our utmost to ensure that all information is stored in a safe manner and we request our service providers to apply adequate security measures.
Cookies and other tracking technologies
1 According to the EC Regulation 733/2002 EURid cannot act as a registrar.
2 The list of all .eu accredited registrars can be found on https://eurid.eu/en/find-a-registrar/
3 Article 16 of Commission Regulation (EC) No 874/2004 of 28 April 2004.
4 Art. 2262 bis Belgian Civil Code.