Data Privacy Statement
"Controller" within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection laws and regulations is:
Kaiserstraße 75 – 77
60329 Frankfurt am Main
Phone: +49 69 27 235 0
Fax: +49 69 27 235 238
The Data Protection Officer of DENIC eG can be contacted at privacy[at]denic[dot]de.
1. General Information on Data Processing
1.1. Processing of Personal Data for the Purpose of Contract Execution
DENIC processes personal data exclusively to the extent required for establishing, performing and executing the contractual relationship with the customer and for performing the related billing tasks.
These data are the domains, the names and addresses of the domain holders, of the administrative and the technical contacts and of the zone administrator. In addition, phone and fax numbers as well as the e-mail addresses of the technical contact and of the zone administrator are stored.
The collected personal data will be used exclusively for the aforementioned purposes and only to the extent required to achieve these purposes. The data will not be used for advertising, for advising customers or for market research.
1.2. Processing of Usage Data for the Purpose of Providing the DENIC Website
In order to analyse the usage behaviour of different (user) groups, DENIC temporarily collects statistical data using the "web-whois" (domain query). In this context, the answers of the users to the listed questions will also be stored. DENIC uses this information for performing random checks to verify whether the party submitting a query is authorised to do so and for the purpose of statistical evaluation. DENIC will delete the data collected for this purpose upon completion of evaluation, but no later than three months after the collection of such data.
1.3. Transfer of Personal Data
Data of the domain holders are published via the "whois" service. For more detailed information, please refer to the related FAQs at https://www.denic.de/en/faqs/.
Publication of the data in this database is necessary for registering and using the domain and is performed in accordance with relevant data protection legislation.
1.4. Legal Basis for the Processing of Personal Data
Article 6(1) (a) of the GDPR is the legal basis as far as the processing of personal data is concerned for which DENIC obtains your, i.e. the data subject's, consent.
Article 6(1) (b) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary for the performance of a contract to which you as the data subject are a party. The same applies to the processing of data which is necessary for taking measures that are required prior to entering into a contract.
Article 6(1) (c) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary for compliance with a legal obligation to which DENIC is subject.
Article 6(1) (d) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary in order to protect your, i.e. the data subject's, vital interests or those of another natural person.
Article 6(1) (f) of the GDPR is the legal basis as far as the processing of personal data is concerned for the purpose of safeguarding the legitimate interests of DENIC or that of a third party, except where such interests are overridden by your, i.e. the data subject's, interests or fundamental rights and freedoms.
1.5. Deletion of Data and Duration of Retention
Your personal data will be deleted or blocked as soon as the purpose of retention of such data no longer applies. Data may also be stored if such retention is provided for by European or national legislation in European Union laws, regulations or other legal provisions to which DENIC is subject. The data will also be deleted or blocked when a storage period specified in the mentioned laws and regulations expires, except where further retention of the data is necessary for the conclusion of a contract or for fulfilling a contractual obligation.
2. Provision of the Website and Creation of Log Files
Each time DENIC's web pages are accessed, the system automatically collects data and information of the accessing computer system. In this context, the following data is collected:
- Information about the browser type and the version used
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time the pages are visited
- Websites from which the user's system is referred to our website
- Websites which the user's system accesses via our website.
The log files contain IP addresses and other data that might enable the user to be identified. This could be the case, e.g., if the link to the website from which the user is referred to our website or the link to the website to which the user exits our website contains personal data.
Such data is also stored in the log files of the system. However, this data is not stored together with other personal data of the user.
The temporary storage of the IP address by the system is necessary to enable the website to be made available on the computer of the user. For this purpose, the IP address of the user must be retained for the duration of the session.
The data in the log files is stored to ensure proper functioning of the website. Moreover, this data is used to optimise DENIC's website and to ensure the security of the IT systems. The data will not be used for advertising, for advising customers or for market research.
The data and the log files are stored on the basis of Article 6(1) (f) of the GDPR.
The data will be deleted as soon as their retention is no longer required to achieve the intended purpose of their collection. As far as the collection of data for the purpose of making the website available is concerned, this is the case as soon as the corresponding session is terminated. As far as the storage of data in log files is concerned, this is the case after a maximum period of seven days. Storage beyond these limits is possible. In this case, the IP addresses of the users will be deleted or disassociated, so that the accessing client can no longer be identified.
The collection of the data for making the website available and storage of the data in log files is essential for the purpose of operating our website. For this reason, the user cannot object to such collection and storage.
In the cookies, the following data are stored and transmitted:
- Language settings
- Items in a shopping basket
- Log-in information.
Cookies are used to make the DENIC web pages more user-friendly. The legal basis for the processing of personal data using cookies is Article 6(1) (f) of the GDPR.
Cookies are stored on the computer of the user and from there transmitted to DENIC's website. Users may change the settings in their Internet browser so as to deactivate or restrict the transmission of cookies. Cookies that have been stored may be deleted at any time. This can also be effected in an automated way. If cookies are deactivated for DENIC's website, it may no longer be possible to use all functions to their full extent.
4. Web Analysis
The website of DENIC uses Piwik, an open source software for preparing statistical analyses of visits to the website. This does not involve the creation of personal user profiles, but only the collection of anonymous measurement data. The purpose of this web analysis is to improve the quality of our website.
The legal basis for data processing in this context is Article 6(1 (a) of the GDPR.
DENIC has technical and organisational security measures in place to protect your personal data administered by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously improve our security measures in line with technological evolution.
6. Rights of the Data Subject
If DENIC processes your personal data, you are a data subject within the meaning of Article 4(1) of the GDPR, which gives you the following rights vis-à-vis DENIC:
6.1. Right of Access
You have the right to obtain from DENIC confirmation as to whether or not personal data concerning you are being processed.
Where that is the case, you are entitled to obtain the following information from DENIC:
- The purposes of processing;
- The categories of personal data processed by DENIC;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed;
- (Where possible), the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request rectification or deletion of personal data concerning you, the right to restrict processing by DENIC or the right to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from yourself, any available information as to their source;
- The existence of automated decision-making, including profiling (as referred to in Article 22(1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
You have the right to be informed on whether or not your personal data are transferred to a third country or to an international organisation. In this context, you are entitled to be informed of the appropriate safeguards regarding the transfer pursuant to Article 46 of the GDPR.
6.2. Right to Rectification
You have the right to request DENIC to rectify and/or complete any inaccurate personal data concerning you.
6.3. Right to Erasure
You have the right to request DENIC to delete your personal data without undue delay. DENIC will be obliged to delete your data without undue delay if one of the following reasons applies:
- a. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- b. You withdraw your consent on which the processing is based according to Article 6(1) (a), or Article 9(2) (a) of the GDPR, and there is no other legal basis for the processing; you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
- c. Your personal data have been unlawfully processed;
- d. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which DENIC is subject;
- e. Your personal data have been collected in relation to offered services of the information society referred to in Article 8(1) of the GDPR.
If DENIC has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to delete the personal data, DENIC, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested that these controllers erase any links to your personal data, copy or replication of this data.
The right to erasure does not exist if the data processing is required
- a. For exercising the right of freedom of expression and information;
- b. For compliance with a legal obligation which requires processing in accordance with Union or Member State law to which DENIC is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC;
- c. For reasons of public interest in the area of public health (Articles 9(2) (h) and (i) and 9(3) of the GDPR);
- d. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to under (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing;
- e. For the establishment, exercise or defence of legal claims.
6.4. Right to Restriction of Processing
You have the right to demand restriction of processing of your personal data if one of the following applies:
- a. If you contest the accuracy of your personal data, for a period enabling DENIC to verify the accuracy of the personal data;
- b. The processing is unlawful and you decline erasure of your personal data, requesting restriction of their use instead;
- c. DENIC no longer needs the personal data for the purposes of the processing, but you need such data to assert, exercise or defend legal claims;
- d. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of DENIC override your grounds.
Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the Union or a Member State.
If the processing of your personal data is restricted due to one of the above-mentioned circumstances, DENIC will inform you before the restriction of processing is lifted.
6.5. Notification Obligation
Once you have exercised your right to rectification, erasure or restriction of processing, DENIC is obliged to communicate such rectification or erasure of personal data or restriction of processing to all recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request DENIC to be informed about those recipients.
6.6. Right to Data Portability
You have the right to receive your personal data which you have made available to DENIC, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another data controller without hindrance from DENIC, to which your personal data have been made available, if
- a. The processing is based on consent pursuant to Article 6(1) (a) or Article 9(2) (a) of the GDPR or on a contract pursuant to Article 6(1) (a); and
- b. Processing is carried out by automated means.
In exercising this right, you can also demand that the personal data be transmitted directly from DENIC to another controller, if this is technically feasible. However, this must not impair any freedoms and rights of other persons. The right to data portability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC.
6.7. Right to Object
You are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) or (f) of the GDPR, including profiling based on these provisions.
In this case, DENIC will no longer process your personal data unless DENIC demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is necessary to assert, exercise or defend any legal claims.
6.8. Right to Revoke
Your Consent to Data Processing You have the right to withdraw your consent vis-à-vis DENIC at any time. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
6.9. Automated Decision-Making in Individual Cases including Profiling
You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. This does not apply if the decision
- a. Is necessary for the purpose of entering into or performing a contract between you and DENIC;
- b. Is authorised by Union or Member State law to which DENIC is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
- c. Is based on your explicit consent.
6.10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
7. Inclusion, Validity and Up-to-Dateness of the Data Privacy Statement
By using our website, you consent to your data being used as described above. This data privacy statement is the currently valid version and dates from 6 April 2018.
Further development of our website or the implementation of new technologies may render amendments to this data privacy statement necessary. DENIC reserves the right to change this data privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.