Política de privacidad

Esta información sólo está disponible en Inglés.

The protection of your personal data is very important to us. Our processing of personal data is therefore designed to be fully compliant with applicable data protection laws and regulations.

With this policy we intend to clarify and inform you – our customer – about which personal data we process, the purposes of said processing, how this processing is performed, who has access to your personal data, for how long we process this data and how you can exercise your rights with regard to our data processing.

For the personal data required by us for the performance of the agreed service, "Controller" within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection laws and regulations is:

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Germany
Phone: +49-68949396850
Email: info (at) key-systems (dot) net

The data protection officer of Key-Systems can be contacted at datenschutz (at) key-systems (dot) net.

For all other processing of data where we do not control the processing, particularly for domain registration services, the controller is the registry operator of the relevant TLD as well as – for all registrations in generic top level domains – ICANN is joint controller with the registry operator.

What personal data do we process about you?

Personal data is any information relating to an identified or identifiable natural person. We process data that you provide voluntarily to us, data that we collect in an automated fashion when you visit our premises, events or websites and data processed when you access and/or use our products and services.

We may process the following personal data about our customers as inventory data: your name, your email address, your phone number and (if applicable) fax number, your job title, your full personal address, the organization you work for (if applicable to the transaction), your gender, your language preference, the IP addresses you use to connect to our systems, your account name, the services you order, your financial data including bank account or credit card information, your login details.

We may also request additional personal data if required for the specific service you requested.

Our processing of third party data

By transmitting personal data of third parties (e.g. when you order a service for someone else using their personal information or when using their personal information as additional contacts) you are responsible about informing affected parties about the terms of our privacy policy and for obtaining the necessary consent of those parties for your use and our processing of their data. You will particularly inform them about any processing and transfers of their data to other parties as described in this policy.

Purposes for processing

The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations. The legal basis for such processing is Art. 6 I b) GDPR.

Personal data may be transmitted to service providers acting as data controllers that are involved in our provision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collecting and processing personal data based on their legitimate interests in accordance with Art 6 I f) GDPR. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.

Transmission of your personal data may also, in some cases, be required by data controllers to comply with applicable legal obligations in accordance with Art. 6 I c) GDPR. Please review the applicable registry policies for direct references to such legal obligations.

Your domain name registration data may also be processed and transmitted in the context of a data escrow program in order to safeguard domain registrations in case the registrar and/or registry operator ceases its activity of registering and managing domain names.

We may also transfer your personal data to third parties to safeguard legitimate interests of such third parties in accordance with Art 6 I f), except where such interests are overridden by your fundamental rights and freedoms.

We may also transmit your personal data to service providers and/or publish your data based on your explicit, informed and freely given consent, if applicable, for example if you explicitly request the publication of your data in a registration database despite our ability to redact or hide such data. This consent may be withdrawn at any time.

How do we process personal data?

We process personal information in full compliance with the technical, organizational and legal requirements of the GDPR in our data center(s) in Germany. We publish data you provide to us for web-hosting purposes in one of our shared hosting locations in Germany or on the Isle of Man, or – at your request – in the USA. We apply data minimization principles where possible and we continuously update our security measures to help protect your personal data and other information against unauthorized access, loss, destruction or alteration. Access to your data is possible only through an encrypted connection. Third parties do not have access to your data unless we provide such access in accordance with the terms below. We also request that everyone we transmit your data to in accordance with this policy apply adequate security measures.

To whom do we forward your personal data?

To the extent permitted by law, your personal data may be disclosed to the following parties:

We may provide access to your data to other group companies affiliated with ourselves strictly for purposes of providing you with a better service.

We may forward your personal data to third-party service providers directly involved in the provision of our service to you, such as a registry operator of a top level domain in which you have requested a registration (please review terms of registration applicable to each relevant TLD in order to determine the registry operator and its terms of registration). We are unable to influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and/or servers located outside the European Union.

We may forward your personal data to third-party payment providers directly involved in the provision of payment services for payment facilities chosen by you to pay for our services, such as a banks, credit card service providers, Paypal and others. This may require the transfer of your personal data to organizations and/or servers located outside the European Union.

If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.

To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.

We may disclose your personal information to law enforcement agencies, to other government and/or civil authorities similarly authorized by applicable laws and regulations and to courts of appropriate jurisdiction if so required by law. To ensure data accuracy and to prevent abusive use of our services, we may use third-party verification service providers to check the data you have provided. To assess our business operations, we may also provide access to your data to our auditors.

For support purposes, we may provide access to your personal data to providers of third-party support services.

We will never sell your personal data to anyone.

Further data usage

We will only use the data for the purposes of advertising, customer service or market research if such use is necessary to provide or improve the service and if the customer has provided prior consent. Such consent may be revoked at any time. We will store your personal data that is processed for business purposes for a minimum of one year after the termination of the service it was collected for, or longer if required by legal requirements, such as the tax code. Data processed for other purposes is processed no longer than necessary for the purposes for which your data is processed or until all applicable legal requirements are met.

Your rights with regard to your data

You have the right to access and correct your data through your control interface with us or any intermediary service providers you may employ. You have the right to request information concerning your personal data and to request a copy of all your data in a standard format. You may at any time request to update all incorrect, out-of-date or incomplete data and to help us keep the internet safe we encourage you to regularly review the data you provided to ensure it is accurate, current and complete. You have the right to request the restriction of certain processing activities in certain circumstances and to object against certain processing activities. If and as far as processing is based on consent, that consent can be withdrawn at any time by the consenting party. You have the right to erasure your data in certain circumstances. You have the right to be informed where we obtained your personal data in case it was not directly obtained from you. You can exercise your rights by contacting us. You also have the right to lodge a complaint with a supervisory authority.

Traffic data

Traffic data, e.g. data being collected and used to measure the amount of usage of a telecommunication service, will only be collected as necessary for the purpose of performance of services and invoicing. We also collect traffic data with regard to any login attempts into our systems. Traffic data will not be stored longer than six months above the time required for invoicing and the provision of the service, unless the customer requests a longer storage time within the scope of a statistics function. Traffic data will not be used to create user profiles.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

In case IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP anonymization is active on this website.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser Addon or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain).

An opt-out cookie will be stored on your device, which means that you'll have to click this link again if you delete your cookies.

Usage of Hotjar

Our websites use Hotjar web analytics service. Hotjar Ltd. is an European company based in Malta (Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel.: +1 (855) 464-6788)

Hotjar may record mouse clicks, mouse movements and scrolling activity. Hotjar collects information regarding pages visited, actions which are taken, country, device used, operating system, and browser used. Hotjar does not collect personally identifiable information that you do not voluntarily enter in this website. Hotjar does not track your browsing habits across websites which do not use Hotjar services.

Google Web Fonts

In the interest of a consistent and attractive presentation of fonts and our online offers, this website uses the “Google Web Fonts” service provided by Google. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
When you access the page, the required web fonts are saved by your browser in your browser cache to display texts and fonts correctly. If your browser does not support Google Web Fonts, a default font will be used by your computer.

By using Google Web Fonts, the browser you use will connect to Google's servers and report that our website has been accessed through your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services.

More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://www.google.com/policies/privacy/.

Cookies and other tracking technologies

When you visit our websites, we may request your approval to store certain information on your devices in the form of a cookie in order to better provide our services to you. Denial to accept our cookies may result in a loss of functionalities on our websites and user interfaces for you.

Anonymization of data

We currently have not implemented measures regarding the anonymized processing of personal data in our system. Credit card details are stored in an encrypted format. We do offer anonymization and privacy services for domain name registrations in certain circumstances where the use of such services is permitted by the data controller (the registry operator).

Changes to this policy

Please note that the data protection information may be changed at any time with due regard to the applicable data protection regulations. The version being made available on our website at the time of your order or last visit to our website applies. We will inform you about any changes either directly by newsletter or indirectly through your service provider.

Thank you for your interest in our website. The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. Below, we would like to inform you in detail about which data is collected during your visit to our website and your use of our offers there, and how we subsequently process or use this data.

Please note that this Privacy Policy may be updated from time to time due to the implementation of new technologies or legislative changes. We will notify you of these changes as appropriate, and we will, of course, duly take your interests into account when making changes.

Please also see our separate Domain Name Registration Privacy Policy regarding the processing of personal data for registration of domain names. The purpose of that policy is to inform you about how personal data is processed when a domain is registered.

If not stated otherwise, the following information apply to all domain names related to RRPproxy.


A. General Information

1. Controller

The controllers are Key-Systems GmbH, Im Oberen Werk 1, 66386 St. Ingbert, Germany, and CentralNic Group PLC, a company registered in England & Wales with Registration Number 08576358, Address: 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. E-mail: info@centralnic.com.

Within the CentralNic group certain departments and tasks are shared between the individual group companies. The controllers shall jointly determine the purpose and means of processing. This is described below and in our Privacy Policy regarding the processing of personal data for registration of domain names. Hereinafter, the use of the name "CentralNic" refers to the joint controllers collectively, unless one or more entities are expressly mentioned. If you have any questions or claims regarding data protection, you can contact any group company mentioned in this privacy policy and our website.

2. Data Protection Officer

Thomas Rickert
c/o Rickert Rechtsanwaltsgesellschaft
Colmantstraße 15, 53115 Bonn
Deutschland
attn: Data Protection Officer
E-mail: privacy.key-system@rickert.law

If you have any questions or comments about this Privacy Policy or about data protection in general, please contact our data protection officer by e-mail at privacy.key-system@rickert.law.

The Data Privacy Officer of CentralNic Group PLC can be contacted at Data Privacy Officer, CentralNic Group PLC, 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR or by e-mail at internal.compliance@centralnic.com.

3. Your rights

You may assert the following rights free of charge against any person responsible for the processing of your personal data:

- Right to withdraw your consent.

- Right of access: You may request access to your personal information that we process.

- Right to object: You have the right to object to the processing of your personal data at any time for reasons relating to your special situation.  The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims. The collection of data for the provision of the website and the storage of the log files is absolutely necessary for the operation of the website.

- Right to rectification: If the information concerning you is not (or is no longer) accurate, you may request a rectification. If your data is incomplete, you may request their completion.

- Right to erasure: You can request the erasure of your personal data.

- Right to restriction of processing: you have the right to request a restriction on the processing of your personal data.

- Right to data portability: you have the right to receive or have a third party receive the data that we process automatically on the basis of your consent or in the performance of a contract. This right only applies to (electronically) data processing carried out by automated means whereat the processing is either based on your consent or on a contract pursuant and that you have us provided with the data yourself. Therefore, the right is not applicable to the log files collected via our website.

For the assertion of claims, please contact the controller or data protection officer (find contact details above). Should you wish to contact us by e-mail, please use an address used to access our system so that we can identify you.

You also have the right to lodge a complaint about the controller's processing of your personal data with a supervisory authority responsible for data protection.

4. Legal Bases for Processing Your Data

In principle, we only process data when a legal basis is available. We specify the legal basis in the segments about data processing, but in general, we are permitted to process your personal data if one of the following conditions applies.

- The data subject’s consent for the processing of personal data.

- Processing personal data as a necessity for the fulfilment of a contract in return for payment or free of charge. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.

- The processing is necessary for the fulfilment of a legal obligation to which we are subject.

- The processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh the above-mentioned interests.

5. Retention Periods

The data processed by us will be erased or their processing will be restricted in compliance with the legal regulations. Unless expressly stated in the context of this Privacy Policy, we will erase data stored by us as soon as it is no longer required for their intended purpose. Data will only be retained beyond the time it is no longer needed for its intended purpose if this is necessary for other legally permissible purposes or if the data must be retained longer due to statutory retention obligations. In these cases, processing is restricted, i.e. blocked, and the data are not processed for other purposes. For example, a statutory retention obligation exists, due to documentation obligations under tax and corporate law.

6. Children

Our website is not intended for children under the age of 16.

7. Recipients of Data, Third-Country Transfers, Linked Third-Party Websites

We do use external service providers for the processing of your data and hereby want to inform you about the third parties and processors we transfer data to. We use various third-party services on our website. These have different purposes, which we will discuss in more detail in the individual descriptions. These services serve to make our website functional, secure, and visually appealing, as well as to optimise its content on an ongoing basis. In general, we transfer data to the following categories of recipients:

Billing service providers, print- and postal providers, insurances, telecommunications provider, insurance broker and subject matter experts for assessing and regulating of claims, public authorities, provided a justified request, credit institutions and payment service providers, external accountant, auditors, Host Providers and other service providers for this website, and legal counsel.

In the case of cross border transfer (transfer to a third country or to an international organisation) we do inform you separately about the recipient, and the correspondent legal basis. However, in the case that your data is transferred outside of the European Union either to Controllers or Processors, the transfer is justified by the Standard Contractual Clauses according to the Annex of the Commission Decision 2010/87/EU regarding the Directive 95/46/EC, or by other safeguards.

As far as processors are being used, they are bound by our instructions under data protection law. These service providers are our contractors and assist with processing of your personal data, for example, to provide this website. These contractors have been carefully selected and authorised and are regularly monitored. The authorisations are based on agreements for processing. The processors do not perform any independent processing for their own purposes.

Our website may contain links to third-party websites. If you follow a link to one of these websites, we point out to you that these offers have their own data protection policies and that we are not the controllers for the processing of your data on these websites. Please review each privacy policy before disclosing personal information to those controllers.

8. Data Security

We apply technical and organisational security measures to protect personal data that is collected, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorised persons. Our security measures are continuously improved in line with technological developments. To protect your data in transit we use encryption technologies (TLS).

9. Automated Decision Making

We do not use automated decision making, including profiling.

10. Data processing when you are based in the EU/EEA

When you are based in the EU/EEA, we only process data when a legal basis is available as mentioned above. For EU/EEA related data processing, in general, the following legal bases shall apply to the processing of data under our responsibility.

- The data subject’s consent for the processing of personal data, Article 6 (1) (a), Article 7 GDPR.

- Processing personal data as a necessity for the fulfilment (performance) of a contract in return for payment or free of charge, Article 6 (1) (b) GDPR. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.

- The processing is necessary for the fulfilment of a legal obligation to which we are subject, Article 6 (1) (c) GDPR.

- The processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh the above-mentioned interests, Article 6 (1) (f) GDPR.

Subject to the member states’ legal requirements, you may be entitled to assert the following rights: Right of access by the data subject, Article 15 GDPR, Right to rectification, Article 16 GDPR, Right to erasure (‘right to be forgotten’), Article 17 GDPR, Right to restriction of processing, Article 18 GDPR, Right to data portability, Article 20 GDPR, Right to object, Article 21 GDPR, Right to withdraw consent, Article 7 (3) GDPR, Right to lodge a complaint with a supervisory authority, Article 77 GDPR.

 

B. Collection and Processing of your Personal Data when using our Website

1. Technical Provision of the Website, Hosting

For the informational use of our website, you generally do not need to actively provide personal data. Each time you use the internet, your browser is transmitting certain information which we store in so-called log files, such as:
•    Date and time of retrieval of one of our web pages;
•    your IP address;
•    host name of the connecting device;
•    the website from which our website was accessed;
•    following websites that were accessed via our website;
•    the page visited on our website;
•    the transmitted amount of data and the access status (file transmission, file not found etc.);
•    your browser type and version used;
•    the operating system used.
The temporary storage of the data is necessary for the course of a website visit to enable delivery of the website. Further storage of the log files takes place in order to ensure the functionality of the website and the security of the information technology systems (especially to prevent abusive attacks, so-called DDoS attacks). Unless otherwise specified, your IP address will be shortened as soon as possible so that it is no longer possible to identify you. The legal basis for the temporary storage is to provide you with our website for the fulfilment of a contract or to process operations necessary for the implementation of pre-contractual measures. The legal basis for further storage with a shortened IP address is our legitimate interest to protect our information technology systems. A personal evaluation of the data, in particular for marketing purposes, does not take place without prior consent.
To operate this website, we, the Key-Systems GmbH, Im Oberen Werk 1, 66386 St. Ingbert, Germany, serve as a hosting provider ourselves to process meta and communication data of our website users, on our behalf and based on our legitimate interests in an efficient and secure provision of this website.
    2. Security and Performance
Sentry
To ensure the technical stability of our service, we monitor it using the Sentry service (Functional Software Inc., 132 Hawthorne Street, San Francisco, California 94107, USA). Among other things, this allows code errors to be identified and then corrected. Sentry does not process data for advertising purposes or for the purpose of analysing your usage behaviour. Information on possible causes of errors is collected anonymously or anonymised immediately after collection.
The legal basis for the use of Sentry is our legitimate interests in a secure and user-friendly design of our services.
We have concluded a data processing agreement with Sentry, on the basis of which Sentry may only process and delete your personal data on our instruction.
In addition, we have concluded European standard contractual clauses with the provider, with which the provider has undertaken to comply with European data protection law for the services it provides. Furthermore, we have agreed with Sentry on the encryption of data during transmission and in the stored state as additional measures.
You can find further information at https://sentry.io/privacy/.
    3. Other plugins and embedded third-party content
    a. Google Fonts
This applies to: https://me.hexonet.net/, https://ca.hexonet.net/, https://shop.hexonet.net/, https://hexonet.domains/
This website uses Google Fonts of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding Company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Fonts is an interactive register with over 800 fonts, that Google provides free of charge.
Google Fonts is an important tool, to keep the high quality of our website. With Google Fonts we can use fonts without having to upload them to our servers. These fonts are automatically optimised for the web and there save data traffic and result in quicker loading times.
Google Fonts supports all established browsers and works reliantly on most mobile devices.
The legal basis is formed by our legitimate interests in the efficient and secure provision of the website.
Google Fonts does not set any cookies on your device. The data is requested via the google-domains fonts.googleapis.com and fonts.gstatic.com. According to Google, these requests are processed separately from other services Google provides. This includes your Google account, if you have one.
Google captures the usage of CSS (Cascading Style Sheets) as well as the fonts used and saves this data securely. Google stores CSS-requests for a day on their servers, which mostly are located outside of the EU. Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection. Google’s goal is to improve loading time of websites by caching the fonts once and then using them again on any other website that uses Google Fonts. Next to this data, every Google Fonts request also automatically transmits data like your IP-address, language settings, screen resolution, name, and version of your browser to the Google Servers. This is necessary to ensure a correct graphical display.
    b. Font Awesome
This applies to: https://www.hexonet.net/
This website uses Font Awesome, to embed fonts and icons into the website to make our website more visually attractive. For this purpose we use the processor Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA. Further information on data protection can be found at https://fontawesome.com/privacy.
The legal basis is formed by our legitimate interests in the efficient and secure provision of the website. Font Awesome is an important tool, to keep the high quality of our website. With Font Awesome we can use fonts without having to upload them to our servers. These fonts are automatically optimised for the web and there save data traffic and result in quicker loading times.
Font Awesome supports all established browsers and works reliantly on most mobile devices.
Font Awesome does not set any cookies on your device.
Font Awesome guarantees by means of standard contractual clauses to maintain the EU level of data protection. Font Awesome’s goal is to improve loading time of websites by caching the fonts once and then using them again on any other website that uses Font Awesome. Next to this data, every Font Awesome request also automatically transmits data like your IP-address, language settings, screen resolution, name, and version of your browser to the Font Awesome Servers. This is necessary to ensure a correct graphical display.
    4. Newsletter
We use your personal data to send you our newsletters and to inform you about news from our company, new services, new products, and events tailored to your interests. This includes information on current or future range of services and products as well as functions and events with participation of our company or group companies (e.g. trade fairs). To send you the newsletter, we need your e-mail address. The legal basis for the processing is your consent. We will use the personal data you provided during registration exclusively for sending our newsletter. After the registration of your e-mail address, you will receive an e-mail from us asking for you to confirm that you wish to receive the newsletter by clicking a link. If the confirmation by hyperlink is not given within a period of 7 days, your information will be blocked and deleted after a month. We are also entitled to keep your IP addresses, and times of registration and confirmation times to verify your registration and to appropriately clarify any possible misuse of your personal data.
We can analyse our newsletter campaigns. When you open an e-mail, a file contained in the e-mail (so-called web-beacon) connects to our newsletter-server. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The legal basis for this is your consent and the necessity for compliance with a legal obligation to which we are subject. The legal basis for the transfer to a third country is as well your consent. Please note that the level of EU data protection cannot be guaranteed in the third country. In particular, effective legal remedies against official access to your personal data may not exist.
Your data will be stored and processed in an electronic newsletter system for the duration of your subscription. For this purpose and for sending the newsletter, we use the processor ActiveCampaign, 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States, which processes data on our instructions.
Since we base our processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. If you do so, we will immediately remove you from our newsletter distribution list to comply with your request. You can withdraw your consent at any time by sending an e-mail to our data protection officer or by following the instructions at the end of a promotional/newsletter e-mail. If you send us an e-mail, please let us know what your withdrawal should refer to so that we can assign your request.
    5. Commercial Services
    a. Account Registration
You may register a customer account. Registration of domain names is only possible if you have a registered account. You will need to provide some personal data during the registration process, which is marked with "mandatory field". These are generally the following categories of data:  
Contact Name (First Name, Last Name), Address, City, Zip Code, Country, State, Phone number, E-Mail address
If you are registering an account as a company, we furthermore collect the following data:
Company/Organisation, Legal representative (CEO)
We will use this data for identification of customers and to administer your account. Additionally, the data will be used to pre-fill your domain name registration forms when you register an account. The legal basis for the data processing is the necessity to process personal data for the fulfilment of a contract or to process operations necessary for the implementation of pre-contractual measures.  
Additionally, you may voluntarily provide further categories of data. This data will be processed for our legitimate interest of additional verification and quicker communication.
Furthermore, you will choose a User-ID and a password to log into your account. Please make sure that no unauthorised person gets access to the log-in credentials for your account.
A registered account is necessary to register domain names. For the processing of your personal data for domain name registrations, please refer to our Domain Name Registration Privacy Policy.
    b. Payment
We use various payment methods from third party payment providers. If you choose one of these payment methods, your payment data will be forwarded to the respective payment service provider for payment processing. These third-party providers process your personal data as an independent controller according to their privacy terms. The transfer is based on the fulfilment of the contract and on our legitimate interests in secure payment processing and fraud prevention.
Please refer to the Terms and Conditions, Terms of Use and Privacy Policy of the respective payment provider.
    • PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE
    • Alipay (Europe) Limited, 11-13, Boulevard de la Foire, L – 1528, Luxembourg. https://global.alipay.com/docs/ac/Platform/privacy, https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html
    • Adyen N.V., Simon Carmiggelstraat 6 – 50, 1011 DJ Amsterdam. https://www.adyen.com/policies-and-disclaimer/cookie-policy
When selecting the payment methods purchase on account and instalment purchase, in particular the following personal data is processed by us or our payment service provider as a controller for the purpose of payment processing and in this context for identity and credit checks:
    • Contact and identification information: name, date of birth, national identification number, title, billing and delivery address, e-mail address, mobile phone number; nationality, salary, etc.
    • Payment information: debit and credit card data (card number, expiry date and the CVV check digit), account number, etc.
    • Information about the processing of the order, such as product type, product number, price, etc.
In the event that the payment method "purchase on account" or "instalment purchase" is selected, we or our payment service provider may process personal data and information about the user's previous payment history as well as probability values for the user's payment history in the future (so-called scoring) in order to decide whether the payment method can be offered to the user. The scoring is calculated on the basis of scientifically recognised mathematical-statistical methods.
    c. Direct Marketing
We have a legitimate interest (direct advertising) in advertising customers (persons with whom we have had a business relationship) by e-mail or post. In particular, we may send you news about our company or group companies, information on events and invitations to review our services and products.
For this purpose and for sending the newsletter, we use the processor ActiveCampaign, 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States, which processes data on our instructions.
To send you advertising by post, we use a post service partner.
You can object to the sending of advertising at any time by sending an e-mail to our data protection officer or by following the instructions at the end of a promotional e-mail. If possible, please send your e-mail from the same e-mail address you used for registration, so that we can assign you more easily.
    d. Domain Query (Whois)
We offer the possibility to obtain information about certain owner data of already registered domain names. In the event of a search query, the data you enter into the search field and the categories of data listed under “log files” are processed. The legal basis for the processing is the necessity to process personal data for the fulfilment of a contract or to process operations necessary for the implementation of pre-contractual measures in connection with the domain guidelines. Search requests are deleted no later than seven days after the request.
    6. Contact, CRM
Contact forms can be found at: https://me.hexonet.net/, https://shop.hexonet.net/, https://hexonet.domains/
You can contact us by e-mail, telephone, fax and via our contact forms to request a quote or to conduct other correspondence.
In order to process your request, we process names, e-mail addresses, possibly the names of your company, position, mandatory information, which are absolutely necessary to create an offer. The processing of your data in the context of contact made by e-mail, a contact form or by telephone takes place on the basis of our legitimate interest to provide a good customer service or is necessary to fulfil a contract or to process operations necessary for the implementation of pre-contractual measures insofar as the contacts are related to contractual performance obligations such as the request of a dispute entry.
Contacting us for abuse and complaint messages requires users to log into their account. In addition, the categories of data listed in “log files” are processed. If you want to request a dispute entry, we also need your further contact details (last name, first name, address, name of the company) as well as a description of your request, stating the domain in question.
We will delete your contact requests immediately after processing unless statutory retention periods require continued retention. After answering your inquiry, we will archive your request immediately. Access is only possible to a very limited extent. Solely informative inquiries, i.e. which do not result in a contract or do not contain any other content that needs to be retained, will be deleted at the end of the year in which the request was made. See "Retention periods" for more information.
We use a ticket management system to process customer claims and inquiries by e-mail and via the contact forms. The legal basis for the processing is our legitimate interest in the efficient processing of requests.
This applies to: https://me.hexonet.net/, https://shop.hexonet.net/, https://hexonet.domains/
When using our contact form, we also process your location (country and city of IP address), session token, tracking data, and device and browser info from http requests. Legal basis for this data processing is your consent.
This applies to: https://www.hexonet.net/
Your contact data may be stored in a customer relationship management system ("CRM system") if a business relationship exists or a business can be expected to be initiated on the basis of prior communication. The legal basis for this is our legitimate economic interests in being able to systematically manage customer and prospect contact data. For personal data in the CRM system, a check is made after two years at the end of the respective calendar year to determine whether it is necessary to continue storing it. If there is no need to do so and no further legal obligations to retain data exist, the data will be deleted.
    7. Applications
This applies to: https://www.hexonet.net/, https://hexonet.jobs/
When you apply for a job with us, we process your personal data in accordance with the information below.
    a. Controller
Our company is part of the CentralNic group of companies. In this group, certain departments and tasks are shared between different companies in the group. Among other things, this concerns personnel administration. In some cases, a job that is advertised here is also related to other companies in the group. In these cases, the companies named in the application process and CentralNic Group PLC are joint controllers within the meaning of Article 4 No. 7, Article 26 GDPR.
All companies mentioned comply with the requirements of the GDPR. If you have any questions or claims regarding data protection, you can contact any company listed here and in the respective job advertisement.
Insofar as you apply to us via a third-party site (job portal), the data protection provisions of the controller for these sites apply to the processing taking place on these sites.
    b. Information on the application process
We process your application data in order to be able to assess whether you have the aptitude, qualifications and professional performance for the position for which you are applying. For us, the legal requirements for the selection process result in particular from labour law and anti-discrimination laws. The legal basis for processing within the scope of the selection procedure for the establishment of an employee or trainee relationship is Article 88, Article 6 (1) (b), GDPR in conjunction with § 26 (1) Bundesdatenschutzgesetz (BDSG).
If your application documents contain special categories of personal data, e.g. information on health, religious conviction or ethnic origin, we also base our processing on Article 9 (2) (b), Article 88 GDPR, § 26 (3) BDSG due to our legal obligations.  Furthermore, we also process your information on the basis of Article 9 (2) (h) GDPR, § 26 (3) BDSG in order to be able to take occupational health and preventive health measures, if necessary.
In the application process, we will use all the information you provide to progress your application and to check whether we can offer you a job with us. We also have to comply with our legal obligations as an employer. The provision of the personal data is necessary for the lawfulness of the selection process to be carried out. Failure to include relevant personal data in the application documents may result in your not being considered for the vacant position.
We will only use your contact details to contact you and inform you about the progress of the application procedure. We will only use other information contained in the application documents to determine your suitability for the vacant position.
    c. Storage Duration, Applicant Database/Talent Pool
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If an employment relationship, training relationship, internship or other employment status is established following the application process, the data will initially be stored and transferred to the personnel file. Otherwise, the application process ends for you at the time you receive a rejection. This also applies to unsolicited applications.
In this case, your personal data will be deleted six months after receiving the rejection, unless a longer storage duration is necessary for the defence of legal claims. The defence or enforcement of legal claims is also our legitimate interest within the meaning of Article 6 (1) (f) GDPR.
We will inform you separately about the storage duration of your personal data if an employment relationship is established.
If you wish us to include you in a subsequent recruitment process, after your application has been rejected, we will store your application documents based on your consent, Article 6 (1) (a), Article 7 GDPR, § 26 (2) BDSG. In this case, we will obtain your consent separately. As described in the case of an initial application, your application documents will be stored until the next recruitment process and destroyed six months after receiving the rejection, unless a longer storage duration is necessary for the defence of legal claims.
    d. Recipients of Data
In some cases, we use external service providers for the processing of your data, which are bound to our instructions as processors according to Article 28 GDPR. They assist us as contractors in the processing of your personal data. The contractors have been carefully selected and commissioned by us and are monitored regularly. The assignments are based on data processing agreements in accordance with Article 28 GDPR. An independent processing by the processors for their own purposes is not carried out.
Recipients are our e-mail service providers and the provider of a cloud-based system for receiving and managing applications and implementing an effective role and authorisation concept. In the event of a successful application, your data furthermore will be processed by using a cloud-based personnel management system.
In addition, your personal data may be disclosed to other group companies if there is a legitimate interest within the meaning of Article 6 (1) (f) GDPR based on the job description. This is usually the case if the employment relationship is likely to have a high group relevance due to group-wide cooperation.  
    8. Social-Media
Unless otherwise stated, we process your data on the basis of our legitimate interests in order to improve content and to make it more convenient for you to use. The purposes described coincide with our legitimate interests. If cookies are used in connection with the embedding of social media content, this is done on the basis of your consent.
    a. Links to Social-Media Profiles
This applies to: https://www.hexonet.net/
Our website integrates links to our presences on different social media sites. This is done via a linked graphic of the respective site. This prevents an automatic transfer of data to the site. A transfer will only take place when you click the link ad, being forwarded to the respective site. The respective site will then collect information whereby the data might be processed in the USA.
The collected data includes your IP-address, time, and date and from where you clicked the link. If you are logged into your social media account of the respective site, the site operator might assign the data to your account. You can prevent this by logging out on your social media account.
The following social networks are integrated into our site by linked graphics:
Facebook
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://www.facebook.com/policy.php
Twitter
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
Privacy Policy: https://twitter.com/privacy
LinkedIn
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Instagram-Data Security Policy: https://help.instagram.com/519522125107875
    b. YouTube
This applies to: https://me.hexonet.net/, https://ca.hexonet.net/, https://shop.hexonet.net/
This website uses YouTube, a service of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding Company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to embed videos.
The embedding improves our online presence by enabling us to provide you with information about our company and products in an easily accessible way.
By integrating the YouTube plugin, information about the use of this website including your IP-address is collected and send to a google server located in the United States. If you are logged into your YouTube or Google account, this data will be assigned to it. Otherwise, it will be assigned to a separate Ad-ID.
We use YouTube in its advanced privacy mode. According to YouTube, this means that data will only be transferred to YouTube servers when you start the video.
Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection.

The legal basis is your consent. Upon the first visit to our website, we ask for your consent. Consent may be withdrawn at any time. This can be done here (link to Cookie-Settings of the website) or by deleting the cookies in your browser.

YouTube permanently stores cookies on your device. If you do not agree to this processing, you have the option of preventing the installation of cookies in the settings in your browser.
Further information about purpose and extent of processing and the storage time can be found at https://policies.google.com/privacy.
    c. Twitter Buttons
This applies to: https://www.hexonet.net/
Buttons of the Twitter platform are embedded on our website (provider Europe: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland). If you call up a page of our website that contains such a button, a direct connection between your browser and the Twitter server is only established when you click on the button.
Twitter thereby receives the information that you have visited our site with your IP address. If you click the button while you are logged into your Twitter account, you can link the content of our pages on your Twitter profile. This enables Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
If you do not wish Twitter to be able to associate your visit to our pages, please log out of your Twitter account. You can find more information on this in Twitter's privacy policy at https://twitter.com/de/privacy.
    d. Facebook Buttons
This applies to: https://www.hexonet.net/
Buttons from Facebook are integrated on our website (provider Europe: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). If you call up a page of our website that contains such a button, your browser only establishes a direct connection with the Facebook servers when you click on the button.
This provides Facebook with your IP address and information about your browser and operating system. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. When you click the button, the corresponding information is also transmitted directly to a Facebook server and stored there. Depending on your privacy settings, this information is published on Facebook. Facebook may process this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, please log out of Facebook before visiting our website. Information on Facebook's data protection can be found at https://www.facebook.com/about/privacy/.
    e. LinkedIn Buttons
This applies to: https://www.hexonet.net/
Buttons of the LinkedIn platform are embedded on our website (provider Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). If you call up a page of our website that contains such a button, a direct connection between your browser and the LinkedIn server is only established when you click on the button.
LinkedIn thereby receives the information that you have visited our site with your IP address. If you click the button while you are logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
If you do not wish LinkedIn to be able to associate your visit to our pages, please log out of your LinkedIn account. You can find more information on this in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.
    C. Statistics, Web-Analytics, Advertising based on Tracking and Retargeting – Use of Cookies
In some cases, we or our partners use cookies or process your data in such a way that your consent is required. Cookies are small text files that can be stored on your device when you visit our website.  Tracking is possible using various technologies like the pixel technology or log file analysis. Consent is given via the so-called cookie banner, which must be actively clicked. Our cookie policy explains how you can disable individual functions to which you have consented. There you will find information on when cookies expire, how to delete cookies and how to withdraw your consent.
Unless otherwise stated, the processing described in this section is based on your consent. Learn more about how to withdraw your consent in our cookie policy. Our cookie policy is linked in the footer of our website.
    1. Web-Analytics, Statistics
To determine which content from our website is most interesting for you we continuously measure the number of visitors and the most viewed content. Therefore, we process your personal data
    • to record the number of visitors of our websites,
    • to record the respective visiting times of our website visitors and
    • to record the sequence of visits to different websites and product sites to optimise our website.
    a. Google Analytics
This website uses Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding Company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the usage of our web services. The collected data is used to optimise our website and our advertising effort.

Google Analytics is a web-analysing-service provided by Google. Google processed this data on our behalf and is contractually bound to implicate measures to ensure the integrity and confidentiality of the data.

Upon visiting our website, the following data is processed:
    • IP-address (in a shortened form. User cannot be directly identified)
    • Approximate location (country and city)
    • Technical information like browser, internet provider, device and screen resolution
    • User behaviour (accessed pages, clicks and scroll-behaviour)
    • Orders including the revenue of the ordered products
    • Origin of your visit (from which website or which advertisement our site was reached)
    • Session length and if the site was left without any interaction
    • Adding to favourites
    • Sharing of content (social media)

The legal basis is your consent. Upon the first visit to our website, we ask for your consent. Consent may be withdrawn at any time. This can be done here (link to Cookie-Settings of the website) or by deleting the cookies in your browser. Another possibility is the browser addon provided by google, which deactivates Google Analytics. You can download it here: https://tools.google.com/dlpage/gaoptout?hl=dehttps://tools.google.com/dlpage/gaoptout?hl=de

Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection.

Google Analytics sets cookies in your browser for the duration of two years from your last visit. These cookies contain a randomly generated User-ID, with which you can be recognised upon your next visit. The recorded data is stored in combination with the randomly generated User-ID, which makes an analysis of pseudonymised user profiles possible. This data will be automatically deleted after 14 months. Other data is stored in aggregated form indefinitely.

    b. Google Tag Manager
This applies to: https://me.hexonet.net/, https://ca.hexonet.net/, https://shop.hexonet.net/, https://hexonet.domains/
Together with Google Analytics we use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Holding Company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The Tag Manager allows us to place and administrate small code elements called “tags” via an interface. The tool itself does not process any personal data itself. Google Tag Manager enables the activation of tags, which allows other services to collect data, but does not access the data itself.
Further information about the Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/faq.html
    c. Hotjar
This applies to: https://www.hexonet.net/
This website uses Hotjar (Service Provider: Hotjar Ltd, St Julians Business Centre, Elia Zammit Street 3, St Julians STJ 3155, Malta, Europa), to better understand our users’ needs and to optimise this service and experience.
Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
The legal basis is your consent. Upon the first visit to our website, we ask for your consent. Consent may be withdrawn at any time. This can be done here (link to Cookie-Settings of the website) or by deleting the cookies in your browser.
According to Hotjar, the data will only be retained for as long as is necessary for the purpose(s) for which we originally collected it or as required by law. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see https://www.hotjar.com/legal/policies/privacy/.
    2. Advertising based on Tracking and Retargeting
We would like to show you - also on the websites of our advertising partners - only advertising that really interests you. Therefore, we use the technologies of so-called tracking and retargeting on our website for advertising that is tailored to your interests. Cookies are usually used for this purpose, but other technologies such as so-called "fingerprinting" are also used in some cases. The cookies temporarily stored for this purpose enable our retargeting partners to recognise visitors to our website under a pseudonym and to display only products that are likely to interest you. Fingerprinting recognizes your device based on your computer hardware, software, add-ons and browser settings.
Unless otherwise stated, the processing described in this section is based on your consent. Learn more about how to withdraw your consent in our cookie policy. There you will find information on when cookies expire and how to delete cookies. Our cookie policy is linked in the footer of our website.
In detail, we use the data collected for statistical and advertising purposes
    • for targeted advertising, also via advertising networks in cooperation with partners,
    • to measure the success and billing of advertising measures between advertising partners and us,
    • to keep track of what ads you have already seen to prevent you from seeing the same one again and
    • to assess which parts of our website need to be optimised.
Unless otherwise stated, we use the following services as processors and contractually oblige them to process data only on our behalf.
    a. Google DoubleClick
This applies to: https://me.hexonet.net/, https://ca.hexonet.net/, https://shop.hexonet.net/
DoubleClick by Google ("DoubleClick") is a service by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). DoubleClick uses cookies to display most relevant advertisements. Google keeps track of the advertisements you have seen and which of them you have actually viewed. Using the DoubleClick cookies allows Google and its advertising network to serve advertisements based on your previous web page visits (or even apps). Google will transmit information generated by the cookies to a Google server for analysis and storage. You can prevent cookies from being saved by setting your browser software accordingly.
For more detailed information on the terms and conditions of use and data protection, please visit: https://www.google.com/analytics/terms/de.html or https://www.google.com/intl/de/analytics/privacyoverview.html.
    b. Facebook Pixel
This applies to: https://www.hexonet.net/
Facebook Pixel is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The service enables us to determine target groups for advertisements on Facebook, so-called "Facebook Ads", based on website visits and surfing behaviour. We also use this pixel to measure the effectiveness of online marketing measures. In this way, we can track the actions of users after they have seen a Facebook Ad and/or clicked and then placed an order. When you visit a website, the pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or are already logged in to Facebook, your visit to this site will be logged in your profile. The collected user data is anonymous for us and therefore does not allow us to draw any conclusions about your identity. However, this data is stored and processed by Facebook so that it is possible to draw conclusions about the respective user profile. Data processing by Facebook is carried out according to the Facebook data usage guidelines. For this purpose, we have concluded a joint controller arrangement with Facebook. For more information about Facebook's data processing, please visit: https://www.facebook.com/about/privacy/.

The protection of your personal data is very important to us. Our processing of personal data is therefore designed to be fully compliant with applicable data protection laws and regulations.

With this policy we intend to clarify and inform you – our customer – about which personal data we process, the purposes of said processing, how this processing is performed, who has access to your personal data, for how long we process this data and how you can exercise your rights with regard to our data processing.

For the personal data required by us for the performance of the agreed service, "Controller" within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection laws and regulations is:

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Germany
Phone: +49-68949396850
Email: info (at) key-systems (dot) net

The data protection officer of Key-Systems can be contacted at datenschutz (at) key-systems (dot) net.

For all other processing of data where we do not control the processing, particularly for domain registration services, the controller is the registry operator of the relevant TLD as well as – for all registrations in generic top level domains – ICANN is joint controller with the registry operator.

What personal data do we process about you?

Personal data is any information relating to an identified or identifiable natural person. We process data that you provide voluntarily to us, data that we collect in an automated fashion when you visit our premises, events or websites and data processed when you access and/or use our products and services.

We may process the following personal data about our customers as inventory data: your name, your email address, your phone number and (if applicable) fax number, your job title, your full personal address, the organization you work for (if applicable to the transaction), your gender, your language preference, the IP addresses you use to connect to our systems, your account name, the services you order, your financial data including bank account or credit card information, your login details.

We may also request additional personal data if required for the specific service you requested.

Our processing of third party data

By transmitting personal data of third parties (e.g. when you order a service for someone else using their personal information or when using their personal information as additional contacts) you are responsible about informing affected parties about the terms of our privacy policy and for obtaining the necessary consent of those parties for your use and our processing of their data. You will particularly inform them about any processing and transfers of their data to other parties as described in this policy.

Purposes for processing

The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations. The legal basis for such processing is Art. 6 I b) GDPR.

Personal data may be transmitted to service providers acting as data controllers that are involved in our provision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collecting and processing personal data based on their legitimate interests in accordance with Art 6 I f) GDPR. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.

Transmission of your personal data may also, in some cases, be required by data controllers to comply with applicable legal obligations in accordance with Art. 6 I c) GDPR. Please review the applicable registry policies for direct references to such legal obligations.

Your domain name registration data may also be processed and transmitted in the context of a data escrow program in order to safeguard domain registrations in case the registrar and/or registry operator ceases its activity of registering and managing domain names.

We may also transfer your personal data to third parties to safeguard legitimate interests of such third parties in accordance with Art 6 I f), except where such interests are overridden by your fundamental rights and freedoms.

We may also transmit your personal data to service providers and/or publish your data based on your explicit, informed and freely given consent, if applicable, for example if you explicitly request the publication of your data in a registration database despite our ability to redact or hide such data. This consent may be withdrawn at any time.

How do we process personal data?

We process personal information in full compliance with the technical, organizational and legal requirements of the GDPR in our data center(s) in Germany. We publish data you provide to us for web-hosting purposes in one of our shared hosting locations in Germany or on the Isle of Man, or – at your request – in the USA. We apply data minimization principles where possible and we continuously update our security measures to help protect your personal data and other information against unauthorized access, loss, destruction or alteration. Access to your data is possible only through an encrypted connection. Third parties do not have access to your data unless we provide such access in accordance with the terms below. We also request that everyone we transmit your data to in accordance with this policy apply adequate security measures.

To whom do we forward your personal data?

To the extent permitted by law, your personal data may be disclosed to the following parties:

We may provide access to your data to other group companies affiliated with ourselves strictly for purposes of providing you with a better service.

We may forward your personal data to third-party service providers directly involved in the provision of our service to you, such as a registry operator of a top level domain in which you have requested a registration (please review terms of registration applicable to each relevant TLD in order to determine the registry operator and its terms of registration). We are unable to influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and/or servers located outside the European Union.

We may forward your personal data to third-party payment providers directly involved in the provision of payment services for payment facilities chosen by you to pay for our services, such as a banks, credit card service providers, Paypal and others. This may require the transfer of your personal data to organizations and/or servers located outside the European Union.

If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.

To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.

We may disclose your personal information to law enforcement agencies, to other government and/or civil authorities similarly authorized by applicable laws and regulations and to courts of appropriate jurisdiction if so required by law. To ensure data accuracy and to prevent abusive use of our services, we may use third-party verification service providers to check the data you have provided. To assess our business operations, we may also provide access to your data to our auditors.

For support purposes, we may provide access to your personal data to providers of third-party support services.

We will never sell your personal data to anyone.

Further data usage

We will only use the data for the purposes of advertising, customer service or market research if such use is necessary to provide or improve the service and if the customer has provided prior consent. Such consent may be revoked at any time. We will store your personal data that is processed for business purposes for a minimum of one year after the termination of the service it was collected for, or longer if required by legal requirements, such as the tax code. Data processed for other purposes is processed no longer than necessary for the purposes for which your data is processed or until all applicable legal requirements are met.

Your rights with regard to your data

You have the right to access and correct your data through your control interface with us or any intermediary service providers you may employ. You have the right to request information concerning your personal data and to request a copy of all your data in a standard format. You may at any time request to update all incorrect, out-of-date or incomplete data and to help us keep the internet safe we encourage you to regularly review the data you provided to ensure it is accurate, current and complete. You have the right to request the restriction of certain processing activities in certain circumstances and to object against certain processing activities. If and as far as processing is based on consent, that consent can be withdrawn at any time by the consenting party. You have the right to erasure your data in certain circumstances. You have the right to be informed where we obtained your personal data in case it was not directly obtained from you. You can exercise your rights by contacting us. You also have the right to lodge a complaint with a supervisory authority.

Traffic data

Traffic data, e.g. data being collected and used to measure the amount of usage of a telecommunication service, will only be collected as necessary for the purpose of performance of services and invoicing. We also collect traffic data with regard to any login attempts into our systems. Traffic data will not be stored longer than six months above the time required for invoicing and the provision of the service, unless the customer requests a longer storage time within the scope of a statistics function. Traffic data will not be used to create user profiles.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

In case IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP anonymization is active on this website.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser Addon or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain).

An opt-out cookie will be stored on your device, which means that you'll have to click this link again if you delete your cookies.

Usage of Hotjar

Our websites use Hotjar web analytics service. Hotjar Ltd. is an European company based in Malta (Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel.: +1 (855) 464-6788)

Hotjar may record mouse clicks, mouse movements and scrolling activity. Hotjar collects information regarding pages visited, actions which are taken, country, device used, operating system, and browser used. Hotjar does not collect personally identifiable information that you do not voluntarily enter in this website. Hotjar does not track your browsing habits across websites which do not use Hotjar services.

Google Web Fonts

In the interest of a consistent and attractive presentation of fonts and our online offers, this website uses the “Google Web Fonts” service provided by Google. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
When you access the page, the required web fonts are saved by your browser in your browser cache to display texts and fonts correctly. If your browser does not support Google Web Fonts, a default font will be used by your computer.

By using Google Web Fonts, the browser you use will connect to Google's servers and report that our website has been accessed through your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services.

More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://www.google.com/policies/privacy/.

Cookies and other tracking technologies

When you visit our websites, we may request your approval to store certain information on your devices in the form of a cookie in order to better provide our services to you. Denial to accept our cookies may result in a loss of functionalities on our websites and user interfaces for you.

Anonymization of data

We currently have not implemented measures regarding the anonymized processing of personal data in our system. Credit card details are stored in an encrypted format. We do offer anonymization and privacy services for domain name registrations in certain circumstances where the use of such services is permitted by the data controller (the registry operator).

Changes to this policy

Please note that the data protection information may be changed at any time with due regard to the applicable data protection regulations. The version being made available on our website at the time of your order or last visit to our website applies. We will inform you about any changes either directly by newsletter or indirectly through your service provider.