Terms defined in the Terms & Conditions and/or the Dispute Resolution Rules are used herein with a capital letter.
1.1. Processing of personal data
By registering a Domain Name and accepting the Domain Name Registration Terms and Conditions ("Terms and Conditions"), the Registrant authorises the Registry to process personal and other data required to operate the Domain Name system. The Registrant explicitly agrees that the Registry can use the data for operating the system (which will include attribution of the Domain Name, transfer of a Domain Name to a new Registrant, transfer of one Domain Name or a portfolio of Domain Names to a new Registrar) and can only transfer the data to third parties:
- after the unambiguous consent of the Registrant,
- if ordered to do so by a public authority, carrying out its legitimate tasks,
- upon demand of an ADR Provider mentioned in Section 16 of the Terms and Conditions or
- as provided in Section 2 (WHOIS look-up facility) of this document.
The Registrant has the right to access his personal data and to arrange for it to be amended, where errors exist.
The Registrant must keep the Registry immediately informed through the Registrar of any change in name, address, e-mail address, telephone and fax numbers. An omission or delay in informing the Registry of such changes may result in the termination of the registration agreement.
For the purposes of ensuring the accuracy of the registration data as required by the Regulation(s) and other administrative purposes, the Registry may involve data processors and sub-data processors to process the Registrant’s personal data contained in the Registry’s registration database, always on behalf of and as instructed by the Registry.
1.2. Information collected for internal use
The following personal data will be collected for the internal use of the Registry (unless where also available through the WHOIS look-up facility provided for in Section 2 hereof):
- full name of the Registrant;
- technical contact name;
- postal address;
- e-mail address;
- telephone number;
- fax number (optional);
- language for the ADR proceedings, as referred to in Paragraph 3(a) of the Dispute Resolution Rules.
The information must be that of the Registrant and must not be recorded in the Register as that of the Registrar, proxy or representative of a person or entity that does not meet the General Eligibility Criteria.
Section 2. WHOIS Look-Up Facility
The Public Policy Rules require the Registry to provide a WHOIS look-up facility where, by typing in a .eu Domain Name in one of the available scripts, information about the administrative and the technical contact administering the Domain Name can be found.
When a Domain Name is registered the information relating to that registration sits in a WHOIS database in compliance with the rules set out below. The information collected includes Registrant contact information, the Registrar involved and details of the name servers to which the Registry delegates authority for the Domain Name and is further set out in Section 2.4. hereof.
By going to the Website of the Registry and typing in the Domain Name in the WHOIS look-up facility, information about that name and the Registrant can be accessed in accordance with the rules set out below.
When registering a Domain Name, the Registrant is required to accept the Registry's Terms and Conditions which authorises the Registry to make some personal data accessible on its web site, along with some other technical data, in order to guarantee the transparency of the domain name system towards the public.
The purpose of the WHOIS database, as set forth in the first paragraph of Article 16 of Commission Regulation (EC) No 874/2004 of 28 April 2004 is to provide reasonably accurate and up to date information about the technical and administrative points of contact administering the domain names.
If the Registry is holding false, incorrect or outdated information, the Registrant will not be contactable and may lose the name. By deliberately submitting inaccurate information, the Registrant would also be in breach of the Terms and Conditions which could also lead to loss of the Domain Name.
2.3. Identifying Natural Persons and Legal Persons
Those requesting to register a .eu Domain Name in one of the available scripts are required to provide certain information through an accredited Registrar. In respect of the name of the Registrant there are two fields: The first is 'Name' and the second is 'Company'. Both fields may be completed or just the 'Name' field.
If only the first field is completed, it is assumed that the registration is in the name of a private individual (natural person).
If the 'Company' field is completed, it is assumed that the company is the Registrant. This ensures that the Domain Name of the company cannot be "held hostage" by an employee who suddenly leaves or who is dismissed, and who tries to transfer or delete the Domain Name or to link it to another website via the managing agent.
2.4. Information published in the WHOIS
All Registrants are required to accept the Terms and Conditions in which the Registrant authorises the Registry to publish certain personal data.
- When the Registrant is a legal person or another form of organisation the Registry generally publishes the following information in its WHOIS:
- name, address and telephone and fax number of the Registrant;
- technical contact person;
- e-mail address of Registrant;
- language for the ADR proceedings, as referred to in Paragraph 3(a) of the Dispute Resolution Rules;
- technical data (such as status of the Domain Name or the name servers).
- When the Registrant is a natural person (private individual) the Registrant contact information published is restricted to the e-mail address, unless they request otherwise.
Natural persons who apply for a Domain Name will be explicitly informed by their Registrars of the possibility to create and use a specific functional e-mail address for publication in the WHOIS as an alternative to the use of their personal e-mail address.
All other information collected will only be kept for internal use in accordance with Section 1.2. hereof. This information will not be disclosed to third parties unless in accordance with Section 2.6. hereof.
2.5. Preventing misuse of WHOIS data
WHOIS data can be accessed through a purely textual command or by use of a web-based facility. The textual WHOIS look-up facility only contains technical information, which does however not specifically relate to the Registrant.
In order to prevent misuse of personal data available in the web-based WHOIS look-up facility the Registry takes the following steps:
- All who submit a WHOIS query are to be provided with an automatically generated random code which they must type in before receiving the answer to their query. Providing the code in the form of a picture rather than text will prevent easy automation of the system for data mining.
- E-mail addresses, and if published, postal addresses, telephone and fax numbers are displayed as images (pictures) rather than text making it difficult to automate capture of the data.
- Multi-criteria searching and other search facilities to search by name, e-mail address, address, fax or telephone numbers will not be possible.
- All those who submit a query to the WHOIS database will first be required to read and agree to the 'WHOIS legal statement and terms and conditions' which will inform the user that:
- the WHOIS services are provided for information purposes only;
- by submitting a query the user agrees not to use the information to:
- allow, enable or otherwise support the transmission of unsolicited, commercial advertising or other solicitations whether via email or otherwise;
- target advertising in any possible way;
- cause nuisance to the Registrant in any way by sending messages to them.
To prevent "data mining" using the textual command method, a maximum of 60 domain names within 60 seconds may be retrieved from the same IP address.
2.6. Disclosure of personal data
Third parties may have legitimate reasons to request the disclosure of personal data of natural persons not published in the WHOIS, but processed by the Registry for its internal use in accordance with Section 1.2. hereof.
The third party must individually request the disclosure of these data by filing an application form and:
- state and substantiate the legitimate reasons for the request
- read and agree to a disclaimer which requires the third party not to use the information made available for other purposes than those justified by the abovementioned legitimate reasons
- disclose its full name and address (including e-mail address, telephone and fax number, and the company number if the third party is a legal person)
The third party asking for access to the data would only be granted access to the requested data if it fulfils all requirements or if the Registry is ordered by a judicial authority within the European Union to grant such access.
The Registry reserves the right to institute the appropriate judicial proceedings against any third party who infringes this Section.
2.7. Internet Accessibility
For the web-based facility there will be special accessibility provisions to make sure that visually impaired people have equal access to the WHOIS information.
The automatically generated random code which must be typed in before receiving answer to the query will be displayed randomly in two colour combinations, facilitating the access for most colour-blind users.
All visually impaired users can request a special password from the Registry to access the data without having to type in the random code and to get the e-mail addresses in the form of plain text instead of images displaying the e-mail addresses.
To prevent "data mining" using the special password, a maximum of 100 domain names per day may be retrieved.
Visually impaired users will be requested to provide the Registry with a certificate confirming their disability. This certificate can be sent to the Registry by postal mail or by e-mail and should be issued by the responsible authority. The e-mail address of the user asking for the special password has to be included in the application for the special password as the user will receive it via e-mail.
The Registry shall deal with these applications in complete confidence and shall not pass on any information to third parties.