Data Privacy Statement
For our DENICdirect customers only:
"Controller" within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws and regulations is:
Kaiserstraße 75 – 77
60329 Frankfurt am Main
Phone: +49 69 27 235 0
Fax: +49 69 27 235 238
Please find the releavant data privacy statement of DENIC eG here
For all our DENIC Services customers:
"Controller" within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws and regulations is:
DENIC Services GmbH & Co. KG
Phone: (+49) 6151 62 90 940
Fax: (+49) 6151 62 90 941
To keep the following text easy to read, we are not differentiating female and male expressions.
1. General Information on Data Processing
1.1. Processing of Personal Data and their Purpose
DENIC Services GmbH & Co. KG (hereinafter referred to as "DENIC Services" or "we") processes personal data of the users exclusively to the extent required for providing a functional website and our content and services. The following data are processed when a user visits our website:
- The user's IP address
- The browser that is used (type, version, language);
- The operating system that is used;
- The Internet service provider of the user;
- Date and time of the visit to our website;
- The files called on at our website;
- The website the user accesses from our website;
Website the user calls up via our website; The processing and temporary storage of the IP address is necessary to enable the website to be made available on the computer of the user. For this purpose, the IP address of the user must be stored for the duration of the session. The log files contain IP addresses and other data that might enable the user to be identified. The data in the log files is stored to ensure proper functioning of the website. Moreover, this data is used to optimise DENIC Services' website and to ensure the security of the IT systems. The collected personal data will be processed exclusively for the aforementioned purposes and only to the extent required to achieve these purposes.
1.2. Legal Basis for the Processing of Personal Data
The personal data of our users is processed only after the user has given their consent. An exception applies only in such cases where prior consent cannot be obtained for factual reasons and where we are permitted by law to process the data. The data and the log files are stored on the basis of Article 6(1) (f) of the GDPR.
1.3. Deletion of Data and Duration of Retention
The personal data of the persons concerned will be deleted or blocked by us as soon as the purpose of retention of such data no longer applies. If the data is processed for the purpose of making the website available, it will be deleted as soon as the corresponding session is terminated. If the personal data is stored in log files is concerned, it will be deleted after a maximum period of thirty days. Storage beyond that period is permitted, if the IP addresses of the users was deleted or disassociated beforehand, so that the accessing client can no longer be identified.
- Language settings
- Log-in information.
Cookies are used to make the our website more user-friendly. The legal basis for the processing of personal data using cookies is Article 6(1) (f) of the GDPR. Cookies are stored on the computer of the user and from there transmitted to our website. Users may change the settings of their Internet browser to deactivate or restrict the transmission of cookies. Cookies that have been stored may be deleted at any time. If cookies are deactivated for DENIC's website, it may no longer be possible to fully use all functions of our website.
3. Google Analytics
We have activated the IP anonymization function on our website. Thus, Google cuts off part of the IP address of the user within member states of the European Union or in other contracting states to the Agreement on the European Economic Area prior to transmission of the data to the USA. Only in exceptional cases will the full IP address of the user be transmitted to a Google server in the USA and shortened there. The transmitted IP address of the user will not be merged with other Google data.
4. E-Mail Contact
We make available several e-mail addresses on our website to enable the user to contact us. If this option is used, the personal data of the user transmitted with the e-mail are stored by us. The legal basis for data processing in this context is Article 6(1) (f) of the GDPR. If the purpose of contacting us is to conclude a contract, the legal basis is Article 6(1) (b) of the GDPR in conjunction with our Domain Guidelines. The data are used exclusively for contacting and subsequent communication. The data are not passed on to any third party in this context. The personal data that were transmitted to us by e-mail are deleted as soon as the related communication with the user is terminated, i. e. as soon as it can be inferred from the circumstances that the issue in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a maximum period of thirty days.
DENIC Services has technical and organisational safety measures in place to protect the personal data of the user that is administered by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously improve our security measures in line with technological evolution.
6. Rights of the Data Subject
If DENIC Services processes your personal data, you are a data subject within the meaning of Article 4(1) of the GDPR, which gives you the following rights vis-à-vis DENIC Services:
6.1. Right of Access
Pursuant to Article 15 of the GDPR you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If your personal data is processed by us, you are entitled to obtain the following information from us:
- The purpose of processing;
- The categories of your personal data processed by us;
- The recipients or categories of recipients to whom we have or will disclose your personal data;
- (Where possible), the envisaged period for which your personal data will be stored by us, or, if not possible, the criteria used to determine that period;
- The existence of the right to request rectification or deletion of personal data concerning you, the right to restrict processing by us or the right to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- Where the personal data were not collected from yourself, any available information as to their source;
- The existence of automated decision-making, including profiling (as referred to in Article 22(1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
You have the right to be informed on whether or not your personal data are transferred to a third country or to an international organisation. In this context, you are entitled to be informed of the appropriate safeguards regarding the transfer pursuant to Article 46 of the GDPR.
6.2. Right to Rectification
Pursuant to Article 16 of the GDPR, you have the right to request DENIC Services to rectify and/or complete any inaccurate personal data concerning you.
6.3. Right to Erasure
Pursuant to Article 17 of the GDPR, you have the right to request DENIC Services to delete your personal data without undue delay. We are obliged to delete your data without undue delay if one of the following reasons applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which we based the processing of the data according to Article 6(1) (a), or Article 9(2) (a) of the GDPR, and there is no other legal basis for the processing;
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
- Your personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in European-Union or Member-State law to which DENIC Services is subject;
- Your personal data have been collected in relation to offered services of the information society referred to in Article 8(1) of the GDPR.
If we have made your personal data public and are obliged pursuant to Article 17(1) of the GDPR to delete the personal data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested that these controllers erase any links to your personal data, copy or replication of this data. The right to erasure does not exist if the data processing is required
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation to which DENIC Services is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC Services;
- For reasons of public interest in the area of public health (Articles 9(2) (h) and (i) and 9(3) of the GDPR);
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to under (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing;
- For the establishment, exercise or defence of legal claims.
6.4. Right to Restriction of Processing
Pursuant to Article 18 of the GDPR, you have the right to demand restriction of processing of your personal data if one of the following applies:
- You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you decline erasure of your personal data, requesting restriction of their use instead;
- DENIC Services no longer needs the personal data for the purposes of the processing, but you need such data to assert, exercise or defend legal claims;
- You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of DENIC Services override your grounds.
Where processing of your personal data has been restricted, such data shall, apart from storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the European Union or a Member State. If the processing of your personal data is restricted due to one of the above-mentioned circumstances, DENIC Services will inform you before the restriction of processing is lifted.
6.5. Notification Obligation
Once you have exercised your right to rectification, erasure or restriction of processing, pursuant to Article 19 of the GDPR we are obliged to communicate such request for rectification or erasure of personal data or restriction of processing to all recipients to whom the personal data have been disclosed by us, unless this proves impossible or involves disproportionate effort. You have the right to request DENIC Services to be informed about those recipients.
6.6. Right to Data Portability
Pursuant to Article 20 of the GDPR, you have the right to receive your personal data which you have made available to DENIC Services, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another data controller without hindrance from DENIC Services, if
- The processing is based on consent pursuant to Article 6(1) (a) or Article 9(2) (a) of the GDPR or on a contract pursuant to Article 6(1) (b) of the GDPR; and
- Processing is carried out by automated means.
In exercising this right, you can also demand that the personal data be transmitted directly from DENIC Services to another controller, if this is technically feasible. However, this must not impair any freedoms and rights of other persons. The right to data portability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in DENIC Services.
6.7. Right to Object
Pursuant to Article 21 of the GDPR, you are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) or (f) of the GDPR, including profiling based on these provisions. In this case, DENIC Services will no longer process your personal data, unless DENIC Services demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is necessary to assert, exercise or defend any legal claims.
6.8. Right to Revoke
Your Consent to Data Processing You have the right to withdraw your consent vis-à-vis DENIC Services to data processing at any time. To do so, you may write an e-mail to info[at]denic-services[dot]de. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
6.9. Automated Decision-Making in Individual Cases including Profiling
Pursuant to Article 22 of the GDPR, you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. This does not apply if the decision
- Is necessary for the purpose of entering into or performing a contract between you and DENIC Services;
- Is authorised by European-Union or Member-State law to which DENIC Services is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
- Is based on your explicit consent.
6.10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
7. Responsibility for Content and Information
The DENIC Services' website contains links that lead to Internet pages of external providers. At the time the links were set, no violations of civil or criminal law were evident on the linked pages. However, it cannot be ruled out that these contents may be subsequently changed by the respective providers. If you believe that linked external sites violate applicable law or have other inappropriate content, please let us know. We will check on it and remove the external link, if appropriate. DENIC Services is not responsible for the content and availability of linked external web pages.
8. Inclusion, Validity and Up-to-Datedness of the Data Privacy Statement
By using our website, you consent to your data being used as described above. This data privacy statement applies exclusively to the contents of our website. For the linked external content, other data privacy and data security provisions are applicable. Who is responsible for those linked sites can be seen from the imprint on the respective website. Further development of our website or the implementation of new technologies may render amendments to this data privacy statement necessary. DENIC Services therefore reserves the right to change this data privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.
As of: May 2019