Data Privacy Statement
"Controller" within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws and regulations is:
Kaiserstraße 75 – 77
60329 Frankfurt am Main
Phone: +49 69 27 235 0
Fax: +49 69 27 235 238
The Data Protection Officer of DENIC is:
Mr Ingo Wolff
Walbecker Straße 53
1 General Information on Data Processing
1.1 Processing of Personal Data and their Purpose
DENIC eG (hereinafter referred to as "DENIC" or "we") processes personal data of the users exclusively to the extent required for providing a functional website and our content and services. The following data are processed when a user visits our website:
- The user's IP address
- The browser that is used (type, version, language);
- The operating system that is used;
- The Internet service provider of the user;
- Date and time of the visit to our website;
- The files called on at our website;
- The website the user accesses from our website;
Website the user calls up via our website; The processing and temporary storage of the IP address is necessary to enable the website to be made available on the computer of the user. For this purpose, the IP address of the user must be stored for the duration of the session. The log files contain IP addresses and other data that might enable the user to be identified. The data in the log files is stored to ensure proper functioning of the website. Moreover, this data is used to optimise DENIC's website and to ensure the security of the IT systems. The collected personal data will be processed exclusively for the aforementioned purposes and only to the extent required to achieve these purposes.
1.2 Legal Basis for the Processing of Personal Data
The personal data of our users is processed only after the user has given their consent. An exception applies only in such cases where prior consent cannot be obtained for factual reasons and where we are permitted by law to process the data. The data and the log files are stored on the basis of Article 6(1) (f) of the GDPR.
1.3 Deletion of Data and Duration of Retention
The personal data of the persons concerned will be deleted or blocked by us as soon as the purpose of retention of such data no longer applies. If the data is processed for the purpose of making the website available, it will be deleted as soon as the corresponding session is terminated. If the personal data is stored in log files is concerned, it will be deleted after a maximum period of thirty days. Storage beyond that period is permitted, if the IP addresses of the users was deleted or disassociated beforehand, so that the accessing client can no longer be identified.
- Language settings
- Log-in information.
3 Google Analytics
If you want to avoid your data being recorded by Google Analytics, please click here Deactivate Google Analytics. An opt-out cookie will be set that prevents that your data is recorded when you visit our website in the future.
We have activated the IP anonymization function on our website. Thus, Google cuts off part of the IP address of the user within member states of the European Union or in other contracting states to the Agreement on the European Economic Area prior to transmission of the data to the USA. Only in exceptional cases will the full IP address of the user be transmitted to a Google server in the USA and shortened there. The transmitted IP address of the user will not be merged with other Google data.
4 E-Mail Contact
We make available several e-mail addresses on our website to enable the user to contact us. If this option is used, the personal data of the user transmitted with the e-mail are stored by us. The legal basis for data processing in this context is Article 6(1) (f) of the GDPR. If the purpose of contacting us is to conclude a contract, the legal basis is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. The data are used exclusively for contacting and subsequent communication. The data are not passed on to any third party in this context. The personal data that were transmitted to us by e-mail are deleted as soon as the related communication with the user is terminated, i. e. as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a maximum period of thirty days.
5 DENIC Domain Query (Web-whois)
If a user has a legitimate interest in the holder data of a domain, they can use the DENIC domain query to obtain specific holder information. For more detailed information, please go to https://www.denic.de/en/service/whois-service/. If a user makes use of this possibility to submit a query, the data they enter in the input mask (including the IP address of the user and the date and time when the query is sent) are transmitted to us and stored. The legal basis for the processing of these data is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. Use of the data is strictly limited to the context of the domain query. The personal data are deleted as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data that were collected during the sending process are deleted after a maximum period of thirty days.
We make available several tools on our website, such as our nameserver check, our IDN web converter or our password encryption tool. If a user makes use of one of these options, the data they enter in the input mask (including the IP address of the user and the date and time when the query is sent) are transmitted to us and stored. The legal basis for the processing of these data is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. Use of the data is strictly limited to the context of the respective tool. The data are not passed on to any third party in this context. The personal data are deleted as soon as the related communication with the user is terminated, i. e. as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data that were collected during the sending process are deleted after a maximum period of thirty days.
7 Mailing Lists
On our website, we make available several mailing lists to which a user can subscribe free of charge. If a user subscribes to a mailing list, the following personal data is processed by us:
- E-mail address
- IP address of the computer from which the subscription application is submitted
- Date and time of dispatch
During the registration process, we obtain the user's consent for processing the data and refer them to this data privacy statement. In connection with the data processing that is performed for dispatch on the mailing lists, no data is passed on to third parties. The data are used exclusively in connection with the mailing lists. The legal basis for the processing of the personal data is Article 6(1) (a) of the GDPR. The e-mail address of the user will be stored by us until the user unsubscribes from the mailing list. The subscription can be cancelled at any time as explained in the note contained in each contribution. In case the subscription is cancelled, the personal data will be deleted immediately.
8 DISPUTE Online Assistant
On our website, we make available a Dispute Online Assistant, which can be used as a template for submitting a request for a DISPUTE entry for a .de domain. If a user makes use of this option, the data they enter in the input mask are transmitted to us and stored: Domain
- First name
- Last name
- Address (street, house no, city, postal code, country)
- E-mail address
- Free field for individual text
- The user's IP address
- Date and time of dispatch
The legal basis for the processing of these data is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. Use of the data is strictly limited to the processing of the DISPUTE application and the subsequent communication. The personal data of the input mask are deleted as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data that were collected during the sending process are deleted after a maximum period of thirty days.
9 DENIC Members' Webpages
On our website, we offer our members access to a password-protected member section. To get access, our members must register here with the access data we have sent to them upon request. The data are entered in an input mask, transmitted to us and stored by us. The following data are collected in this context:
- User name
- The user's IP address
- Date and time of dispatch
We use these data for administering the membership of the member concerned. If required, we pass on the data of the user within the extent permitted by law to our partner companies that support us in the proper performance of the contract. For their part, these companies are obliged to comply with the applicable data protection regulations; in particular, these companies are only allowed to process the data for the fulfilment of their tasks on our behalf and only in accordance with our instructions. The legal basis for the processing of these data is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. Upon termination of the membership with DENIC, we delete the data, unless contractual and/or legal obligations require that they are retained for a longer period.
DENIC has technical and organisational safety measures in place to protect the personal data of the user that is administered by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously improve our security measures in line with technological evolution.
11 Rights of the Data Subject
If DENIC processes your personal data, you are a data subject within the meaning of Article 4(1) of the GDPR, which gives you the following rights vis-à-vis DENIC:
11.1 Right of Access
Pursuant to Article 15 of the GDPR you have the right to obtain from DENIC confirmation as to whether or not personal data concerning you are being processed. If your personal data is processed by us, you are entitled to obtain the following information from DENIC:
- The purpose of processing;
- The categories of your personal data processed by us;
- The recipients or categories of recipients to whom we have or will disclose your personal data;
- (Where possible), the envisaged period for which your personal data will be stored by us, or, if not possible, the criteria used to determine that period;
- The existence of the right to request rectification or deletion of personal data concerning you, the right to restrict processing by DENIC or the right to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- Where the personal data were not collected from yourself, any available information as to their source;
- The existence of automated decision-making, including profiling (as referred to in Article 22(1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
You have the right to be informed on whether or not your personal data are transferred to a third country or to an international organisation. In this context, you are entitled to be informed of the appropriate safeguards regarding the transfer pursuant to Article 46 of the GDPR.
11.2 Right to Rectification
Pursuant to Article 16 of the GDPR, you have the right to request DENIC to rectify and/or complete any inaccurate personal data concerning you.
11.3 Right to Erasure
Pursuant to Article 17 of the GDPR, you have the right to request DENIC to delete your personal data without undue delay. We are obliged to delete your data without undue delay if one of the following reasons applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which we based the processing of the data according to Article 6(1) (a), or Article 9(2) (a) of the GDPR, and there is no other legal basis for the processing;
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
- Your personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in European-Union or Member-State law to which DENIC is subject;
- Your personal data have been collected in relation to offered services of the information society referred to in Article 8(1) of the GDPR.
If we have made your personal data public and are obliged pursuant to Article 17(1) of the GDPR to delete the personal data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested that these controllers erase any links to your personal data, copy or replication of this data. The right to erasure does not exist if the data processing is required
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation to which DENIC is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC;
- For reasons of public interest in the area of public health (Articles 9(2) (h) and (i) and 9(3) of the GDPR);
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to under (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing;
- For the establishment, exercise or defence of legal claims.
11.4 Right to Restriction of Processing
Pursuant to Article 18 of the GDPR, you have the right to demand restriction of processing of your personal data if one of the following applies:
- You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you decline erasure of your personal data, requesting restriction of their use instead;
- DENIC no longer needs the personal data for the purposes of the processing, but you need such data to assert, exercise or defend legal claims;
- You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of DENIC override your grounds.
Where processing of your personal data has been restricted, such data shall, apart from storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the European Union or a Member State. If the processing of your personal data is restricted due to one of the above-mentioned circumstances, DENIC will inform you before the restriction of processing is lifted.
11.5 Notification Obligation
Once you have exercised your right to rectification, erasure or restriction of processing, pursuant to Article 19 of the GDPR we are obliged to communicate such request for rectification or erasure of personal data or restriction of processing to all recipients to whom the personal data have been disclosed by us, unless this proves impossible or involves disproportionate effort. You have the right to request DENIC to be informed about those recipients.
11.6 Right to Data Portability
Pursuant to Article 20 of the GDPR, you have the right to receive your personal data which you have made available to DENIC, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another data controller without hindrance from DENIC, if
- The processing is based on consent pursuant to Article 6(1) (a) or Article 9(2) (a) of the GDPR or on a contract pursuant to Article 6(1) (b) of the GDPR; and
- Processing is carried out by automated means.
In exercising this right, you can also demand that the personal data be transmitted directly from DENIC to another controller, if this is technically feasible. However, this must not impair any freedoms and rights of other persons. The right to data portability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC.
11.7 Right to Object
Pursuant to Article 21 of the GDPR, you are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) or (f) of the GDPR, including profiling based on these provisions. In this case, DENIC will no longer process your personal data, unless DENIC demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is necessary to assert, exercise or defend any legal claims.
11.8 Right to Revoke
Your Consent to Data Processing You have the right to withdraw your consent vis-à-vis DENIC to data processing at any time. To do so, you may write an e-mail to privacy[at]denic[dot]de. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
11.9 Automated Decision-Making in Individual Cases including Profiling
Pursuant to Article 22 of the GDPR, you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. This does not apply if the decision
- Is necessary for the purpose of entering into or performing a contract between you and DENIC;
- Is authorised by European-Union or Member-State law to which DENIC is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
- Is based on your explicit consent.
11.10 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
12 Responsibility for Content and Information
The DENIC website contains links that lead to Internet pages of external providers. At the time the links were set, no violations of civil or criminal law were evident on the linked pages. However, it cannot be ruled out that these contents may be subsequently changed by the respective providers. If you believe that linked external sites violate applicable law or have other inappropriate content, please let us know. We will check on it and remove the external link, if appropriate. DENIC is not responsible for the content and availability of linked external web pages.
13 Inclusion, Validity and Up-to-Datedness of the Data Privacy Statement
By using our website, you consent to your data being used as described above. This data privacy statement applies exclusively to the contents of our website. For the linked external content, other data privacy and data security provisions are applicable. Who is responsible for those linked sites can be seen from the imprint on the respective website. Further development of our website or the implementation of new technologies may render amendments to this data privacy statement necessary. DENIC therefore reserves the right to change this data privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.
As of: September 2018