The protection of your personal information is very important to us. Our processing of personal data is therefore designed to comply with applicable data protection laws and regulations. These Terms are intended to inform you of the personal data we process, the purposes for which it is processed, how it is processed, who has access to your personal information, how long we process that information and how you can exercise your rights in regard to these data processing.
If you have further questions about our practices or any of the rights described below, you may contact our Privacy Officer or our dedicated support.
For the fulfillment of the agreed data processing the “controller” within the meaning of the General Data Protection Regulation (Art. 4 para. 7 GDPR) and other data protection regulations is:
INWX GmbH
Prinzessinnenstr. 30
10969 Berlin
E-Mail: datenschutz@inwx.de
Telephone: 030/983 21 21 21
Our external data protection officer is:
IITR Datenschutz GmbH
Marienplatz 2
80331 Munich
E-Mail: email@iitr.de
Telephone: +49 89 189 173 60
For all other data processing in which we do not control the processing itself, in particular for domain registration services, the data controller is the registry operator of the respective TLD and ICANN as a common data controller with the registry operator.
Which of your personal data do we process?
When you use our services, we collect personal information that we process. Personal data is any information that relates to an identified or identifiable natural person.
Personal information that we process as inventory data about our customers includes:
- If you create an account with us and use our services:
Your name, e-mail address, telephone number and (if available) your fax number, your full personal address, the organization you work for (if necessary for the transaction), your preferred language, the IP addresses you use them to connect to our systems, your account name, the services you order, your financial information, including bank or credit card information, and your login information. We may also request additional personal information if required for the service you request. - If you require assistance from our support:
Your telephone number, your e-mail address, your customer number - If you request newsletters from us:
Your email address - If you apply to us:
Your name, title, curriculum vitae, graduations, professional qualifications, general qualifications
Our processing of data of third parties
By transmitting personal data of third parties (e.g. when you order a service for someone else using their per sonal information or when using their personal information as additional contacts) you are responsible about informing affected parties about the terms of our privacy policy and for obtaining the necessary consent of those parties for your use and our processing of their data. You will particularly inform them about any processing and transfers of their data to other parties as described in this policy.
Purpose of processing
The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations.
Personal data may be transmitted to service providers acting as data controllers that are involved in our pro vision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collection and processing personal data. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.
The transmission of your personal data may in certain cases also be required by data controllers in order to comply with the applicable legal obligations under Art. 6 I c) GDPR. Please read the applicable registry policies for direct references to such legal obligations.
Your domain name registration data may also be processed and transmitted as part of a data escrow program to protect the registration of the domain if the registrar and / or registry operator terminates their domain name registration and management activity.
We may also share your personal information with third parties to protect the legitimate interests of those third parties under Art. 6 I f), unless those interests are overridden by your fundamental rights and freedoms.
We may also disclose your personal information to service providers and / or publish your information based on your expressed, informed and voluntarily given consent, for example if you expressly request publication of your data in a registry despite our ability to edit or hide it. This consent can be revoked at any time.
How do we handle personal data?
We process personal data in full compliance with the technical, organizational and legal requirements of the GDPR in our data centers in Germany. We publish data that you provide us for web hosting purposes in one of our shared hosting locations in Germany. As far as possible, we apply data minimization principles and continually update our security practices to protect your personal information and other information from unauthorized access, loss, destruction or alteration.
Access to your data is only possible via an encrypted connection. Third parties do not have access to your data unless we grant them access in accordance with these terms. We also require that everyone to whom we provide your information in accordance with these terms take appropriate security measures.
Legal basis for the processing of personal data
The legal basis is Art. 6 para. 1 lit. a) GDPR, insofar as INWX GmbH obtains the consent of the data subject for the processing of personal data.
Art. 6 para. 1 lit. b) GDPR serves as a legal basis, insofar as the processing of personal data is necessary to fulfill a contract of which the data subject is a party. The same applies to processing operations that are necessary to carry out pre-contractual measures.
Art. 6 para. 1 lit. c) DSGVO serves as the legal basis insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which INWX GmbH is subject.
Art. 6 para. 1 lit. d) GDPR serves as a legal basis, as far as vital interests of the data subject or another natural person require the processing of personal data.
Art. 6 para. 1 lit. f) DSGVO serves as the legal basis insofar as processing is necessary to safeguard the legitimate interests of INWX GmbH or a third party, unless the interests or fundamental rights and fundamental freedoms of the data subject requiring personal data protection prevail.
Who do we share your personal information with?
To the extent permitted by law, your data may be disclosed to the following parties:
We may provide your personal information to third party service providers, as long as they are directly involved in the provision of our services to you, such as a registry operator of a top level domain for which you have requested registration (please refer to the registration conditions for any relevant TLD to find the registry operator and its registration conditions). We can not influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and / or servers outside the European Union (so-called third countries). For an overview of whether this transfer is to a third country with adequate data protection level, please refer to our price list or the registration conditions.
We may transfer your personal information to third parties who are directly involved in the provision of payment services for payment options that you have selected to pay for our services, such as: Banks, loan providers, Paypal and others. This may require the transfer of your personal information to organizations and / or servers outside the European Union.
If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.
To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.
We may disclose your personal information to law enforcement agencies, other governmental or civilian authorities similarly authorized by applicable laws and regulations, and to courts with reasonable jurisdiction, as permitted by law. We will never sell your information to third parties.
Further data usage
We store your personal information processed for business purposes for at least one year after the termination of the service for which it was collected, or longer if required by law, such as under tax law. Data processed for other purposes will not be processed longer than required for the purposes for which it was collected, or until all applicable legal requirements have been met.
Applications are stored for six months without prior consent in accordance with § 61b (1) ArbGG i.V.m. and § 15 AGG. In the presence of consent, we save these two years.
Your rights with regard to your data
You have the right to access and correct your data through your customer interface with us or any agency service provider you use. You have the right to request information about your personal information and to request a copy of all your information in a standard format. You may request the updating of any incorrect, outdated or incomplete data at any time. We encourage you to periodically review the data you provide to ensure it is accurate, current, and complete. You have the right, under certain circumstances, to require the restriction of certain processing activities and to oppose certain processing activities. If and as far as the processing is based on the consent, this consent can be revoked at any time by the consenting party. You have the right to delete your data under certain circumstances. You have the right to be informed of where we have received your information from if we did not receive it directly from you. You can exercise your rights by contacting us at datenschutz@inwx.de or our data protection officer. If, contrary to expectations, our data protection officer can not clarify your request, you also have the right to file a complaint with a supervisory authority.
Anyone can contact the Berlin Commissioner for Data Protection and Freedom of Information if he believes he has been violated in his rights when collecting, processing or using his personal data:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Germany
https://kontakt.datenschutz-berlin.de/
Provision of the website and creation of logfiles
Every time our website is accessed, the server automatically collects data. The following data is collected here:
- Information about the browser type, language and version used The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time / time zone of access
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Websites that are accessed by the user”s system through our website
- Transmitting data volume
These data are stored in corresponding log files. An evaluation takes place only in case of technical faults and / or maintenance. The logfiles will be deleted after 14 and 30 days
Matomo
This website uses the software “Matomo” www.matomo.org. Matomo sets a cookie (a text file) on your computer, with which your browser can be recognised. The following data is stored:
- the IP address of the user (anonymised)
- the sub-page called up and the time of the call-up
- the page from which the user accessed our website (referrer)
- which browser with which plug-ins, which operating system and, if applicable, which screen resolution is used
- the time spent on the website
- the pages on this website that are accessed from the sub-page called up.
The data collected with Matomo is stored on our own servers. It is not passed on to third parties.
Cloudflare
In the event of attacks on our website, we use the services of Cloudflare provided by Cloudflare, Inc.
Cloudflare provides web optimization and security services to improve and protect websites. These include a reverse proxy, a pass-through security service, and a content distribution network. Cloudflare collects information from the website visitors. This information may include, but is not limited to, IP addresses, system configuration information, and other traffic information to and from the website. Cloudflare collects and uses log data to operate, maintain and improve its services in accordance with customer agreements.
Cloudflare stores this information mainly in the US and in the EU. In general, Cloudflare stores data for less than 24 hours. However, if an IP addresse triggers Cloudflare”s security alerts, storage duration exceptions may occur.
Cloudflare is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure transfer of personal data.
We have a contract data processing contract with Cloudflare.
More information can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
More information on Cloudflare”s privacy can be found at https://www.cloudflare.com/en-us/privacypolicy/.
Cookies
Which cookies are we also using?
On our website we use cookies that can be divided into the following categories:
- Necessary: These help to make a website usable by enabling basic functions such as page navigation and access to safe areas of the website. The website may not work properly without these cookies.
- Preferences: Preference cookies allow a website to remember information that changes the way the site behaves or looks; for example, your preferred language or the region in which you are.
- Statistics: Statistical cookies help website operators understand how visitors interact with websites by collecting and reporting information anonymously.
The following cookies are used:
- ixsess: On our website, we set a cookie that carries a randomly generated identifier (session ID). It is needed to store an authentication across multiple page views. The cookie contains no personal information. Its validity is limited to the current browser session, which means that it is automatically deleted when the browser is closed. (necessary)
- lang: remembers the selected language on the website. (Preferred)
The following cookies can bet set by Cloudflare:
- __cfduid: The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings to each individual client. For example, if the visitor is in a café that contains a number of infected computers, but the particular visitor”s computer is trusted, this can be detected by the cookie. This does not store personal data. The expiration date is one year (necessary)
Anonymization of data
We have not taken any measures to anonymously process personal data in our system yet. Bank account data is stored in an encrypted format.
We provide anonymization and privacy services for domain name registrations in certain circumstances when the use of such services is permitted by the data controller (the registry operator).
Changes to these provisions
We reserve the right to change this Privacy Policy from time to time. The current version is available on our website. Should a change significantly restrict rights of registered users, we will notify them. In addition, the currently available privacy policy is valid for our website users. We also inform you about changes via newsletter.