The protection of your personal information is very important to us. Our processing of personal data is therefore designed to comply with applicable data protection laws and regulations. These Terms are intended to inform you of the personal data we process, the purposes for which it is processed, how it is processed, who has access to your personal information, how long we process that information and how you can exercise your rights in regard to these data processing.
If you have further questions about our practices or any of the rights described below, you may contact our Privacy Officer or our dedicated support.
For the fulfillment of the agreed data processing the "controller" within the meaning of the General Data Protection Regulation (Art. 4 para. 7 GDPR) and other data protection regulations is:
INWX GmbH & Co. KG
Telephone: 030/983 21 21 21
Our external data protection officer is:
IITR Datenschutz GmbH
Telephone: +49 89 189 173 60
For all other data processing in which we do not control the processing itself, in particular for domain registration services, the data controller is the registry operator of the respective TLD and ICANN as a common data controller with the registry operator.
Which of your personal data do we process?
When you use our services, we collect personal information that we process. Personal data is any information that relates to an identified or identifiable natural person.
Personal information that we process as inventory data about our customers includes:
- If you create an account with us and use our services:
Your name, e-mail address, telephone number and (if available) your fax number, your full personal address, the organization you work for (if necessary for the transaction), your preferred language, the IP addresses you use them to connect to our systems, your account name, the services you order, your financial information, including bank or credit card information, and your login information. We may also request additional personal information if required for the service you request.
- If you require assistance from our support:
Your telephone number, your e-mail address, your customer number
- If you request newsletters from us:
Your email address
- If you apply to us:
Your name, title, curriculum vitae, graduations, professional qualifications, general qualifications
Our processing of data of third parties
Purpose of processing
The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations.
Personal data may be transmitted to service providers acting as data controllers that are involved in our pro vision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collection and processing personal data. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.
The transmission of your personal data may in certain cases also be required by data controllers in order to comply with the applicable legal obligations under Art. 6 I c) GDPR. Please read the applicable registry policies for direct references to such legal obligations.
Your domain name registration data may also be processed and transmitted as part of a data escrow program to protect the registration of the domain if the registrar and / or registry operator terminates their domain name registration and management activity.
We may also share your personal information with third parties to protect the legitimate interests of those third parties under Art. 6 I f), unless those interests are overridden by your fundamental rights and freedoms.
We may also disclose your personal information to service providers and / or publish your information based on your expressed, informed and voluntarily given consent, for example if you expressly request publication of your data in a registry despite our ability to edit or hide it. This consent can be revoked at any time.
How do we handle personal data?
We process personal data in full compliance with the technical, organizational and legal requirements of the GDPR in our data centers in Germany. We publish data that you provide us for web hosting purposes in one of our shared hosting locations in Germany. As far as possible, we apply data minimization principles and continually update our security practices to protect your personal information and other information from unauthorized access, loss, destruction or alteration.
Access to your data is only possible via an encrypted connection. Third parties do not have access to your data unless we grant them access in accordance with these terms. We also require that everyone to whom we provide your information in accordance with these terms take appropriate security measures.
Legal basis for the processing of personal data
The legal basis is Art. 6 para. 1 lit. a) GDPR, insofar as INWX GmbH & Co. KG obtains the consent of the data subject for the processing of personal data.
Art. 6 para. 1 lit. b) GDPR serves as a legal basis, insofar as the processing of personal data is necessary to fulfill a contract of which the data subject is a party. The same applies to processing operations that are necessary to carry out pre-contractual measures.
Art. 6 para. 1 lit. c) DSGVO serves as the legal basis insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which INWX GMBH & Co. KG is subject.
Art. 6 para. 1 lit. d) GDPR serves as a legal basis, as far as vital interests of the data subject or another natural person require the processing of personal data.
Art. 6 para. 1 lit. f) DSGVO serves as the legal basis insofar as processing is necessary to safeguard the legitimate interests of INWX GmbH & Co. KG or a third party, unless the interests or fundamental rights and fundamental freedoms of the data subject requiring personal data protection prevail.
Who do we share your personal information with?
To the extent permitted by law, your data may be disclosed to the following parties:
We may provide your personal information to third party service providers, as long as they are directly involved in the provision of our services to you, such as a registry operator of a top level domain for which you have requested registration (please refer to the registration conditions for any relevant TLD to find the registry operator and its registration conditions). We can not influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and / or servers outside the European Union (so-called third countries). For an overview of whether this transfer is to a third country with adequate data protection level, please refer to our price list or the registration conditions.
We may transfer your personal information to third parties who are directly involved in the provision of payment services for payment options that you have selected to pay for our services, such as: Banks, loan providers, Paypal and others. This may require the transfer of your personal information to organizations and / or servers outside the European Union.
If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.
To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.
We may disclose your personal information to law enforcement agencies, other governmental or civilian authorities similarly authorized by applicable laws and regulations, and to courts with reasonable jurisdiction, as permitted by law. We will never sell your information to third parties.
Further data usage
We store your personal information processed for business purposes for at least one year after the termination of the service for which it was collected, or longer if required by law, such as under tax law. Data processed for other purposes will not be processed longer than required for the purposes for which it was collected, or until all applicable legal requirements have been met.
Applications are stored for six months without prior consent in accordance with § 61b (1) ArbGG i.V.m. and § 15 AGG. In the presence of consent, we save these two years.
Your rights with regard to your data
You have the right to access and correct your data through your customer interface with us or any agency service provider you use. You have the right to request information about your personal information and to request a copy of all your information in a standard format. You may request the updating of any incorrect, outdated or incomplete data at any time. We encourage you to periodically review the data you provide to ensure it is accurate, current, and complete. You have the right, under certain circumstances, to require the restriction of certain processing activities and to oppose certain processing activities. If and as far as the processing is based on the consent, this consent can be revoked at any time by the consenting party. You have the right to delete your data under certain circumstances. You have the right to be informed of where we have received your information from if we did not receive it directly from you. You can exercise your rights by contacting us at firstname.lastname@example.org or our data protection officer. If, contrary to expectations, our data protection officer can not clarify your request, you also have the right to file a complaint with a supervisory authority.
Anyone can contact the Berlin Commissioner for Data Protection and Freedom of Information if he believes he has been violated in his rights when collecting, processing or using his personal data:
Berlin Commissioner for Data Protection and Freedom of Information
Provision of the website and creation of logfiles
Every time our website is accessed, the server automatically collects data. The following data is collected here:
- Information about the browser type, language and version used The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time / time zone of access
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Websites that are accessed by the user's system through our website
- Transmitting data volume
These data are stored in corresponding log files. An evaluation takes place only in case of technical faults and / or maintenance. The logfiles will be deleted after 14 and 30 days
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer, and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. IP anonymization is active on this website. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website usage and internet usage.
You can also prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website. An opt-out cookie is stored on your device. This means that you will need to click this link again if you delete your cookies.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize our website.
We have entered into a contract data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
In the event of attacks on our website, we use the services of Cloudflare provided by Cloudflare, Inc.
Cloudflare provides web optimization and security services to improve and protect websites. These include a reverse proxy, a pass-through security service, and a content distribution network. Cloudflare collects information from the website visitors. This information may include, but is not limited to, IP addresses, system configuration information, and other traffic information to and from the website. Cloudflare collects and uses log data to operate, maintain and improve its services in accordance with customer agreements.
Cloudflare stores this information mainly in the US and in the EU. In general, Cloudflare stores data for less than 24 hours. However, if an IP addresse triggers Cloudflare's security alerts, storage duration exceptions may occur.
Cloudflare is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure transfer of personal data.
We have a contract data processing contract with Cloudflare.
More information can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
More information on Cloudflare's privacy can be found at https://www.cloudflare.com/en-us/privacypolicy/.
Which cookies are we also using?
- Necessary: These help to make a website usable by enabling basic functions such as page navigation and access to safe areas of the website. The website may not work properly without these cookies.
- Preferences: Preference cookies allow a website to remember information that changes the way the site behaves or looks; for example, your preferred language or the region in which you are.
- Statistics: Statistical cookies help website operators understand how visitors interact with websites by collecting and reporting information anonymously.
The following cookies are used:
- ixsess: On our website, we set a cookie that carries a randomly generated identifier (session ID). It is needed to store an authentication across multiple page views. The cookie contains no personal information. Its validity is limited to the current browser session, which means that it is automatically deleted when the browser is closed. (necessary)
- lang: remembers the selected language on the website. (Preferred)
The following cookies can be set by Google Analytics:
- ajs_group_id, ajs_user_id, ajs_anonymous_id: These three cookies come from segmentio's Analytics.js and are used to simplify the use of Google Analytics.
- _dc_gtm_UA- #: used by Google Tag Manager to control the loading of a Google Analytics script tag. (Statistics)
- _ga: Registers a unique ID that generates statistical information about how visitors use the site. (Statistics)
- _gat: Used by Google Analytics to reduce the query rate (Statistics)
- _gid: Registers a unique ID that generates statistical information about how visitors use the site. (Statistics)
The following cookies can bet set by Cloudflare:
- __cfduid: The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings to each individual client. For example, if the visitor is in a café that contains a number of infected computers, but the particular visitor's computer is trusted, this can be detected by the cookie. This does not store personal data. The expiration date is one year (necessary)
Anonymization of data
We have not taken any measures to anonymously process personal data in our system yet. Bank account data is stored in an encrypted format.
We provide anonymization and privacy services for domain name registrations in certain circumstances when the use of such services is permitted by the data controller (the registry operator).
Changes to these provisions