Data Privacy Statement
Thank you for your interest in DENIC eG and our website. The protection of your personal data and your privacy are very important to us. In this privacy statement, we would like to inform you about how we handle your data. The party responsible for data processing, hereinafter referred to as "Controller" within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws and regulations, is:
Kaiserstraße 75 – 77
60329 Frankfurt am Main
Telefon: +49 69 27 235 0
Telefax: +49 69 27 235 238
The Data Protection Officer of DENIC eG is:
Walbecker Straße 53
When you make use of one of DENIC eG's offerings, e.g. our website or the tools we provide there, we will process your personal data. We process your data in strict confidence and only for the purpose we tell you when we collect the data. We process your data always in keeping with the standards of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection provisions.
1. Provision of the Website
Whenever you visit our website, a range of general data and information, including personal data, is collected by our systems. The following data is stored in the log files of our servers:
- IP address (possibly in an anonymised, abbreviated form)
- Date and time of your access (time stamp)
- Details of the access request and destination address (protocol version, HTTP method, referrer, user-agent string)
- Name of the file that has been accessed and amount of data transmitted (requested URL incl. query string, size in bytes)
- Message whether the request was successful (HTTP status code)
- Website from which the request is made
- Browser type or app used
- Operating system and the interface it uses
- Language and version of browser software
When processing this data, we will not draw conclusions about your person. Neither a personal evaluation nor an evaluation of the data for marketing or profiling purposes will take place. The legal basis for data processing in this context is Article 6(1) (f) of the GDPR. The processing of this data is technically inevitable in order to make our website available and to guarantee stability and security of our systems. It is not possible to use our website without such processing of data, so you cannot object to this processing. Your data will be deleted when you leave our website, i.e. as soon as your session is finished. If your personal data is stored in log files, it will be deleted after a maximum period of thirty days.
2.1 Necessary Cookies
Necessary cookies are cookies that are technically required to allow the website to function correctly. Some of these necessary cookies ensure the technical stability of our website and enable safety-relevant functions. Necessary cookies are also a prerequisite for being able to use certain functions, such as those of our member section. It is not possible to use our website without such processing of data, so you cannot object to this processing. We use this type of cookies to enhance the security and functionality of our website and the web applications we offer. Necessary cookies do not contain personal data, i.e. no IP addresses and other information is collected that would allow tracing. We use the following necessary cookies:
|Cookie||Purpose||Deadline for Deletion||Type|
|fe_typo_user||Identifies sessions (for TYPO3 frontend login) and enables use of the member login and the member section||End of session||Technical/functional|
|JSESSIONID||Enables use of the RAI (Registrar Admin Interface)||End of session|
|oam.Flash.RENDERMAP.TOKEN||Enables use of the RAI (Registrar Admin Interface)||End of session|
The legal basis for the processing of personal data using necessary cookies is Article 6(1) (f) of the GDPR. We use technically required cookies for the purpose of making the use of the website easier and more convenient for you. Some functions of our website will not work without cookies being used. For these functions, it is necessary that your browser will be recognised when you revisit our website after visiting other websites. These purposes constitute our legitimate interest. Your user data that we collect through technically required cookies will not be used to create user profiles.
2.2 Cookies for Usage Analysis
Cookies for usage analysis enable us to analyse the way you use our website. With the help of these cookies we can monitor the effectiveness of our website and detect errors. Moreover, these cookies provide information allowing us to optimise our services and carry out web analyses. For usage analysis, we use the following cookies:
|Cookie||Provider||Purpose||Duration of Storage||Third-country transfer// Safeguards pursuant to Art. 44 et seq. GDPR|
|_ga||Google (Google Analytics, vgl. Ziff. 2.2.1)||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 Years||USA // Privacy Shield|
|_gat_gtag_UA_ 122425792_1||Google (Google Analytics, vgl. Ziff. 2.2.1)||Used by Google Analytics to limit the request rate||1 Minute||USA // Privacy Shield|
|_gid||Google (Google Analytics, vgl. Ziff. 2.2.1)||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Day||USA // Privacy Shield|
The legal basis for the processing of personal data using cookies for usage analysis is your consent in accordance with Art. 6(1) (a) GDPR.
2.2.1 Google Analytics
Our website uses Google Analytics by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Within the scope of the services, Google may process your personal data. In this context, it cannot be ruled out that Google will also transfer the information to a US-based server. Google is committed to comply with EU-US Privacy Shield Frameworks. For further information, please refer to https://policies.google.com/privacy/frameworks?gl=dehttps://policies.google.com/privacy/frameworks?hl=en.
We have no influence on which of your personal data will be processed by Google and on how Google processes this data. In accordance with Google's privacy statement, the following personal data may be processed (https://policies.google.com/privacy?gl=de#infocollect) depending on the Google service that is used:
- Information about the apps, browsers and devices you use when accessing Google services
- Unique IDs, type and settings of your browser, type and settings of your device, operating system, information on the mobile phone network (name of the mobile phone provider, phone number, version number of the app)
- Data on the interaction of your apps, browsers and devices with Google services (e.g. IP address, crash reports, system activities as well as date, time and reference URL of your request).
- Activity data (e.g. terms you search for, videos you watch, content and ads you view and interact with)
- Location information
We have activated the IP anonymisation function on our website. As a result, your IP address will be abbreviated by Google as early as possible, so that it is not possible to assign it to a person. For further information on how Google uses data from websites with integrated Google services, please refer to https://policies.google.com/technologies/partner-sites?hl=enhttps://policies.google.com/technologies/partner-sites?hl=de.
The legal basis for data processing in this context is Article 6(1) (f) of the GDPR.
Right to Object
You have the right to withdraw your consent at any time with effect for the future without giving reasons, by deleting the corresponding cookies in your browser settings (see section 2 above). In this case, you might no longer be able to make full use of all functions of our website. The visitor may further prevent Google from processing their data by applying a browser add-on to opt out from Google Analytics. You will find further information and the add-on at https://tools.google.com/dlpage/gaoptout?hl=en.
3. Contacting Us
There are various options to get in contact with us.
3.1 Scope of Data Processing
3.1.1 Contact Forms
On our website, you will find contact forms that you can use to contact us electronically. In this case, we will store your personal data transmitted to us with the form. In the respective forms, you can see which data is concerned. In these forms, only those fields that are absolutely necessary in order to make use of the respective functionality are marked as mandatory fields.
You can also contact us via the e-mail addresses provided on our website. In this case, we will store your personal data transmitted to us with the e-mail (e.g. e-mail address, time of sending, information revealed in the text of the message).
3.1.3 Postal Mail
You can also contact us by post. In this case, we will store your personal data you send to us (e.g. address details or information revealed in the text).
You can also contact us by fax. In this case, we will store your personal data you send to us (e.g. fax number, sender identification or information revealed in the text).
You can also contact us by phone. In this case, we will store your personal data (e.g. phone number or information revealed in the conversation).
3.2 Legal Basis
The legal basis for processing personal data transmitted within the scope of a general request or an e-mail is Art. 6(1) (f) of the GDPR. If you contact us in the context of an existing contract or prior to entering into a contract, the legal basis is Art. 6(1) (b) of the GDPR. In all other cases, the legal basis for processing your data is Art. 6(1) (f) of the GDPR. Processing your contact requests is our legitimate interest.
3.3 Purpose of Data Processing
The purpose of processing this data is the handling of your contact request. Your data is processed exclusively for this purpose. The data is not passed on to any third party in this context.
3.4 Duration of Storage of Your Personal Data
After your contact request has been processed completely, we restrict your data for further processing. Unless you have given your express consent to further use of your data, your data will be deleted once the statutory retention periods under fiscal and commercial law have expired.
4. DENIC Domain Query (whois-Service)
If domain holders or third parties show that they have a legitimate interest in the holder details of a domain, they can use the DENIC domain query service to obtain specific holder information. For further information please refer to https://www.denic.de/service/whois-service/anfragen-dritter-zu-inhaberdaten/https://www.denic.de/en/service/whois-service/third-party-requests-for-holder-data/.
In this case, we will store your personal data that is transmitted to us in connection with the whois service. In the respective forms, you can see which data is concerned. In these forms, only those fields that are absolutely necessary in order to make use of the respective functionality are marked as mandatory fields. If domain holders themselves make the DENIC domain query, the legal basis for processing the data is Art. 6(1) (b) of the GDPR in conjunction with our Domain Guidelines and/or our Domain Terms and Conditions . If a third party makes a domain query, the legal basis for processing the data is Art. 6(1) (a) of the GDPR. Use of this data is strictly limited to the context of the whois service. The personal data is deleted as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data collected during the sending process (IP address of the party making the query as well as date and time of sending) will be deleted after a maximum period of thirty days.
5. Mailing Lists
On our website, we make available several mailing lists to which users can subscribe free of charge.
5.1 Scope of Data Processing
If you subscribe to a mailing list, we will process the following personal data:
- E-mail address
- IP address of the computer used
- Date and time of sending.
During the registration procedure, you will be asked to consent to the processing of your data. We verify your subscription through a so-called double opt-in procedure. Thus, we make sure that the e-mail address indicated in connection with the subscription of the mailing list is actually your address. After entering the required data in the registration form (name, e-mail address), you will receive an automated e-mail with a link for activation. Once you have confirmed the link, you will be subscribed to the respective mailing list.
5.2 Legal Basis
The legal basis for the processing of your personal data is Art. 6(1) (a) of the GDPR.
5.3 Purpose of Data Processing
The data is processed for the purpose of performing the subscription service of the mailing list. Your data is processed exclusively for this purpose. The data is not passed on to any third party in this context.
5.4 Duration of Storage of Your Personal Data
We store your personal data for the duration of your subscription to our respective mailing list.
Right to Object
You have the right to withdraw your consent at any time without giving reasons with effect for the future by clicking the link to cancel your subscription which you will find in each mail.
6. DISPUTE Online Assistant
On our website, we make available a Dispute Online Assistant, which can be used as a template for submitting a request for a DISPUTE entry for a .de domain. We will store your personal data transmitted to us in connection with our Dispute online assistant. In the corresponding form, you can see which data is processed. In the form, only those fields that are absolutely necessary in order to make use of the respective functionality are marked as mandatory fields. The legal basis for processing your data is Art. 6(1) (b) of the GDPR in conjunction with our Domain Guidelines and/or our Domain Terms and Conditions. Use of the data is strictly limited to the processing of the Dispute request and the subsequent communication. The personal data from the input mask is deleted as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data that is collected during the sending process will be deleted after a maximum period of thirty days.
7. Member Section
On our website, we offer our members access to a password-protected member section. To get access, you must register using the access data we sent you upon request. We will store your personal data transmitted to us in connection with this service. In the corresponding form, you can see which data is processed. In the form, only those fields that are absolutely necessary in order to make use of the respective functionality are marked as mandatory fields. We use this data for administering your membership. To the extent permitted by law, we will pass on your data, if required, to our partner companies that support us in the due performance of the contract. These companies, too, are obliged to comply with all applicable data protection regulations; in particular, they are only allowed to process the data for the fulfilment of their tasks on our behalf and only in accordance with our instructions. The legal basis for processing your data is Art. 6(1) (b) of the GDPR in conjunction with our Domain Guidelines and/or our Domain Terms and Conditions. Upon termination of your membership with DENIC, we will delete the data, unless contractual and/or legal obligations require that they are retained for a longer period of time.
8. Rights of the Data Subject
When we process your personal data, you are a data subject within the meaning of Article 4 No. (1) of the GDPR, which gives you the following rights vis-à-vis us:
- Right of Access (Art. 15 GDPR)
- Right to Rectification (Art. 16 GDPR)
- Right to Erasure (Art. 17 GDPR)
- Right to Restriction of Processing (Art. 18 GDPR)
- Right to be Notified (Art. 19 GDPR)
- Right to Data Portability (Art. 20 GDPR)
- Right to Object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
- Right to revoke your consent to data processing (Art. 7(3) GDPR)
You have the right to withdraw the consent you have given us at any time, e.g. by sending an e-mail to privacy[at]denic[dot]de. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
Right to Object (Art. 21 GDPR)
Pursuant to Article 21 of the GDPR, you are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) or (f) of the GDPR, including profiling based on these provisions. In this case, we will no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is necessary to establish, exercise or defend any legal claims.
If you want to exercise one of these rights, please contact our Data Protection Officer privacy[at]denic[dot]de.
We would like to point out that in certain cases we may ask you to provide additional information in order to verify your identity. This enables us to ensure that information is not disclosed to unauthorised persons, e.g. when you exercise your right of access. Automated decision making does not take place on our website.
We have technical and organisational security measures in place to protect your personal data from accidental or intentional corruption, loss, destruction or access by unauthorised persons. We continuously improve our security measures in line with technological evolution.
10. Responsibility for External Content
Our website contains links that lead to Internet pages of external providers. We have no influence on such providers and cannot ensure that they comply with the applicable data protection regulations. If you believe that any linked external sites violate applicable law or have other inappropriate content, please let us know. We will check on that and remove the external link, if appropriate. We cannot be held responsible for the content and availability of linked external web pages.
11. Validity and Up-to-Dateness of the Data Privacy Statement
Continuous development of our websites or the implementation of new technologies may render amendments to this data privacy statement necessary. We reserve the right to change this privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.Continuous development of our websites or the implementation of new technologies may render amendments to this data privacy statement necessary. We reserve the right to change this privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.
Last updated: May 2020