EURid is responsible for processing your personal data.
Your personal data may be collected via the following methods: through the Domain Name registration processes through our network of accredited registrars; through your logging to my.eurid.eu and the verification of the validity of your registration; via email or telephone; by attendance at an event; by using cookies or other technologies which track visitors on our websites; through communications from suppliers or partners; via a testimonial; via access control tools or by completing a form on our websites; or via any other means. Occasionally, we may also collect your personal data if you have registered a domain name (other than a Domain Name) with another registry via a registrar who inputs your personal data into our registration system.
What personal data do we process about you?
Personal data is any information relating to an identified or identifiable natural person (i) that you provide voluntarily to us (e.g. through our online forms on our website, testimonials, etc.), (ii) that we collect from your visit(s) to our premises, events or website(s) or via your access and use of our products or services (for example, via your login to my.eurid.eu).
In the context of our business activities, and in order to provide you with good service and to improve our services where possible, we may process the following personal data about you: your domain name(s), your unique identification alias, your first, middle and last name, your (registered) address, your telephone number(s), your email address(es), your language preferences, the organisation for which you work, your country of citizenship, your identification document’s registration number, the expiration date of your identification document, the municipality issuing your identification document, your bank account number, [your birth date], [your gender], [your special status], your IP address, and any other personal data that you may provide to us.
We collect your personal data from the company through which you register your Domain Name(s). That company may be one of our accredited registrars1 or one of its resellers who collects your personal data on behalf of EURid.
For which purposes do we process your personal data?
We process your personal data for various purposes.
In order to be able to offer the best possible services for your Domain Name, we must collect some relevant personal data regarding your registration. This also allows us to identify and get in touch with you directly in relation to your Domain Name registration if, and when, needed.
We are required to maintain a complete and accurate database of all registered Domain Names. The purpose of the WHOIS look-up facility (https://whois.eurid.eu/en/) is to provide accurate and up-to-date information about the technical and administrative contact persons administering the Domain Names2. This helps us in creating and maintaining a trusted and safe Internet environment. Moreover, your personal data may be processed for identification purposes in order to verify the validity of your registration.
We use your personal data to maintain and build long-term, sustainable relationships and to execute the contract(s) we may have. We use your personal data to respond to your inquiries, to fulfil your requests, and/or to send you administrative information.
Your personal data may be used to comply with applicable regulations, to respond to requests or claims from public and government authorities (including public and government authorities outside your country of residence), or to protect our rights, privacy, safety or property, and/or our entities.
We may use your personal data to send you promotional messages, marketing, advertising, and other information that may be of interest to you.
On what legal basis do we process your personal data?
We may process your personal data based on different legal grounds as follows:
- Processing may be necessary in order to comply with our legal obligations as a registry or as a data controller;
- Processing may be necessary for the execution of your contract with us;
- Processing is necessary for the protection of our legitimate interests such as: economic, commercial and financial interests, business continuity, the security and confidentiality of customer information and products, and the security of digital and physical infrastructure;
- In exceptional cases, our processing activities may be conducted with your consent.
With whom do we share your personal data?
We never sell your personal data to anyone. To the extent permitted by applicable law, your personal data may be disclosed to the following parties:
EURid entities: As part of the processing activities for the abovementioned purposes, personal data may be disclosed to other EURid entities.
European Commission and related institutions or agencies: EURid has been appointed by the European Commission as the registry manager of the .eu ccTLD and possible .eu variants in other scripts. We may share your personal data with the European Commission or any related institution or agency.
Escrow and storage providers: In order to guarantee our business continuity, we need to store and back-up all registration data, including your personal data. For such an escrow, storage and back-up of all personal data, we rely on providers located in the European Union.
Third parties: Your personal data may be disclosed to third parties, such as governmental authorities, for legitimate reasons.
Research institutions: We may share your personal data with institutions for (statistical or scientific) research purposes. We do our utmost to ensure that proper technical and organisational measures are in place to safeguard your personal data.
Providers of identification verification or abuse prevention services: In order to prevent abusive Domain Name registrations which submit unidentified, incorrect or outdated registration data, we may use third party service providers to verify the registration data that you have submitted.
Auditors: To ensure our business operations are assessed correctly, auditors may have access to your personal data.
Support helpdesk providers: In order to provide you with continual support, we may engage third parties as helpdesk providers. For the purposes of providing you with adequate support, such providers may have access to your personal data.
When we share your personal data, we seek to instruct the recipients wherever possible to process your personal data in accordance with our instructions.
What are your rights in relation to your personal data?
Unless your request is deemed excessive or unfounded, you may exercise the following rights in relation to your personal data:
- You have the right to request information concerning your personal data;
- You have the right to request a copy of all your data in a standard format;
- You have the right to modify or correct your personal data if it is wrong;
- You have the right to request the restriction of certain processing activities in certain circumstances;
- You have the right to object against certain processing activities;
- You have the right to withdraw your consent;
- You have the right to have your personal data erased in certain circumstances;
- You can easily exercise any of your rights by completing and submitting our online form.
We reserve the right to charge a reasonable fee in case your request is deemed excessive at our sole discretion.
Additionally, you have the right to file a complaint with your local supervisory authority, if you are of the opinion that our processing of your personal data is not in compliance with applicable legislation.
If you have a Domain Name, please help us keep the Internet safe by ensuring that your personal data is accurate, complete and up-to-date at all times. We empower you to take control of your personal data and to verify it at https://my.eurid.eu/en/auth/login/?next=/en/.
You can always ask us about your personal data by sending an email to [email protected].
Where and how long do we keep your personal data?
Your personal data is stored both electronically and manually, in-house and by third parties, in our data centres in the European Union, and can be accessed from our offices via dedicated network connections or remotely through an authenticated VPN connection.
We store your personal data in a form that permits identification for no longer than is necessary for the purposes for which your personal data is processed. This retention period differs based on the type of personal data processed, the purpose of processing, and other such factors.
As a holder of a Domain Name, we keep your personal data for ten (10) years after it becomes irrelevant3.
In case you have registered a domain name (other than a Domain Name) with another registry via a registrar who inputs your personal data into our registration system, your personal data is kept in our systems for one (1) year after registration.
The personal data of individuals that we collect outside the scope of a contract in the context of our business activities is kept until it becomes irrelevant (in principle after one (1) year).
What security measures are taken to safeguard your personal data?
We are continuously implementing and updating our security measures to help protect your personal data and other information against unauthorised access, loss, destruction or alteration. We do our utmost to ensure that all information is stored in a safe manner and we request that our service providers apply adequate security measures.
Cookies and other tracking technologies
1 A list of all .eu accredited registrars can be found on https://eurid.eu/en/find-a-registrar/.
2 Article 12 of Regulation (EU) 2019/517 of the European Parliament and of the Council of 19 March 2019.
3 Art. 2262 bis Belgian Civil Code.