WWW.NIC.RO - new generic TOP Level Domains

NIC.RO Data Privacy Statement

Your privacy is important to us. This privacy statement explains the personal data NIC.RO processes, how NIC.RO processes it, and for what purposes.

NIC.RO and its affiliates (we) are committed to safeguarding the privacy of our clients and users (you/your) who visit our website or use our services through other channels. This Data Privacy Statement is intended to inform you of the ways in which we collect personal information, the uses to which that information will be put, and the ways in which we will protect any personal information you choose to provide us directly or via this site or through other channels or our re-sellers.

"Controller" within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws and regulations is:

NIC.RO
a division of
S.C. Internet Service Romania, S.A.
12808 GRAN BAY PARKWAY WEST
JACKSONVILLE, FL 32258
+1 (914) 296 1014
HELLO [AT] ISR [DOT] CO [DOT] RO

The Data Protection Officer of NIC.RO can be contacted at privacy [at] isr [dot] co [dot] ro.

1. General Information on Data Processing

1.1. Processing of Personal Data for the Purpose of Contract Execution

NIC.RO processes personal data exclusively to the extent required for establishing, performing and executing the contractual relationship with the customer and for performing the related billing tasks.

These data are the domains, the names, addresses and the e-mail addresses of the domain holders.

The collected personal data will be used exclusively for the aforementioned purposes and only to the extent required to achieve these purposes. The data will not be used for advertising, for advising customers or for market research.

1.2. Transfer of Personal Data

Data of the domain are published via the "whois" service. Data of the domain-holders are available upon request to rightful requestors.

Publication of the data in this database is necessary for registering and using the domain and is performed in accordance with relevant data protection legislation.

1.3. Legal Basis for the Processing of Personal Data

Article 6(1) (a) of the GDPR is the legal basis as far as the processing of personal data is concerned for which NIC.RO obtains your, i.e. the data subject's, consent.

Article 6(1) (b) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary for the performance of a contract to which you as the data subject are a party. The same applies to the processing of data which is necessary for taking measures that are required prior to entering into a contract.

Article 6(1) (c) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary for compliance with a legal obligation to which NIC.RO is subject.

Article 6(1) (d) of the GDPR is the legal basis as far as the processing of personal data is concerned that is necessary in order to protect your, i.e. the data subject's, vital interests or those of another natural person.

Article 6(1) (f) of the GDPR is the legal basis as far as the processing of personal data is concerned for the purpose of safeguarding the legitimate interests of NIC.RO or that of a third party, except where such interests are overridden by your, i.e. the data subject's, interests or fundamental rights and freedoms.

1.4. Deletion of Data and Duration of Retention

Your personal data will be deleted or blocked as soon as the purpose of retention of such data no longer applies. Data may also be stored if such retention is provided for by European or national legislation in European Union laws, regulations or other legal provisions to which NIC.RO is subject. The data will also be deleted or blocked when a storage period specified in the mentioned laws and regulations expires, except where further retention of the data is necessary for the conclusion of a contract or for fulfilling a contractual obligation.

2. Provision of the Website and Creation of Log Files

Each time NIC.RO's web pages are accessed, the system automatically collects data and information of the accessing computer system. In this context, the following data is collected:

Information about the browser type and the version used
The user's operating system
The user's Internet service provider
The user's IP address
Date and time the pages are visited
Websites from which the user's system is referred to our website
Websites which the user's system accesses via our website.
The log files contain IP addresses and other data that might enable the user to be identified. This could be the case, e.g., if the link to the website from which the user is referred to our website or the link to the website to which the user exits our website contains personal data.

Such data is also stored in the log files of the system. However, this data is not stored together with other personal data of the user.

The temporary storage of the IP address by the system is necessary to enable the website to be made available on the computer of the user. For this purpose, the IP address of the user must be retained for the duration of the session.

The data in the log files is stored to ensure proper functioning of the website. Moreover, this data is used to optimise NIC.RO's website and to ensure the security of the IT systems. The data will not be used for advertising, for advising customers or for market research.

The data and the log files are stored on the basis of Article 6(1) (f) of the GDPR.

The data will be deleted as soon as their retention is no longer required to achieve the intended purpose of their collection. As far as the collection of data for the purpose of making the website available is concerned, this is the case as soon as the corresponding session is terminated. As far as the storage of data in log files is concerned, this is the case after a maximum period of seven days. Storage beyond these limits is possible. In this case, the IP addresses of the users will be deleted or disassociated, so that the accessing client can no longer be identified.

The collection of the data for making the website available and storage of the data in log files is essential for the purpose of operating our website. For this reason, the user cannot object to such collection and storage.

3. Cookies

NIC.RO's website uses so-called cookies in various places. A definition of cookies, how they are used and what you can do to prevent the use of cookies can be found in our Cookie Policy.

In the cookies, the following data are stored and transmitted:

- Language settings
- Domains in your current Registration Process
- Your IP Number.
Cookies are used to make the NIC.RO web pages more user-friendly. The legal basis for the processing of personal data using cookies is Article 6(1) (f) of the GDPR.

Cookies are stored on the computer of the user and from there transmitted to NIC.RO's website. Users may change the settings in their Internet browser so as to deactivate or restrict the transmission of cookies. Cookies that have been stored may be deleted at any time. This can also be effected in an automated way. If cookies are deactivated for NIC.RO's website, it may no longer be possible to use all functions to their full extent.

4. Web Analysis

The website of NIC.RO uses open source software for preparing statistical analyses of visits to the website. This does not involve the creation of personal user profiles, but only the collection of anonymous measurement data. The purpose of this web analysis is to improve the quality of our website.

The legal basis for data processing in this context is Article 6(1 (a) of the GDPR.

5. Security

NIC.RO has technical and organisational security measures in place to protect your personal data administered by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously improve our security measures in line with technological evolution.

6. Rights of the Data Subject

If NIC.RO processes your personal data, you are a data subject within the meaning of Article 4(1) of the GDPR, which gives you the following rights vis-à-vis NIC.RO:

6.1. Right of Access

You have the right to obtain from NIC.RO confirmation as to whether or not personal data concerning you are being processed.

Where that is the case, you are entitled to obtain the following information from NIC.RO:

The purposes of processing;
The categories of personal data processed by NIC.RO;
The recipients or categories of recipients to whom the personal data have been or will be disclosed;
(Where possible), the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
The existence of the right to request rectification or deletion of personal data concerning you, the right to restrict processing by NIC.RO or the right to object to such processing;
The existence of the right to lodge a complaint with a supervisory authority;
Where the personal data are not collected from yourself, any available information as to their source;
The existence of automated decision-making, including profiling (as referred to in Article 22(1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
You have the right to be informed on whether or not your personal data are transferred to a third country or to an international organisation. In this context, you are entitled to be informed of the appropriate safeguards regarding the transfer pursuant to Article 46 of the GDPR.

6.2. Right to Rectification

You have the right to request NIC.RO to rectify and/or complete any inaccurate personal data concerning you.

6.3. Right to Erasure

You have the right to request NIC.RO to delete your personal data without undue delay. NIC.RO will be obliged to delete your data without undue delay if one of the following reasons applies:

a. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b. You withdraw your consent on which the processing is based according to Article 6(1) (a), or Article 9(2) (a) of the GDPR, and there is no other legal basis for the processing; you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
c. Your personal data have been unlawfully processed;
d. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which NIC.RO is subject;
e. Your personal data have been collected in relation to offered services of the information society referred to in Article 8(1) of the GDPR.
If NIC.RO has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to delete the personal data, NIC.RO, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested that these controllers erase any links to your personal data, copy or replication of this data.

The right to erasure does not exist if the data processing is required

a. For exercising the right of freedom of expression and information;
b. For compliance with a legal obligation which requires processing in accordance with Union or Member State law to which NIC.RO is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in NIC.RO;
c. For reasons of public interest in the area of public health (Articles 9(2) (h) and (i) and 9(3) of the GDPR);
d. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to under (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing;
e. For the establishment, exercise or defence of legal claims.
6.4. Right to Restriction of Processing

You have the right to demand restriction of processing of your personal data if one of the following applies:

a. If you contest the accuracy of your personal data, for a period enabling NIC.RO to verify the accuracy of the personal data;
b. The processing is unlawful and you decline erasure of your personal data, requesting restriction of their use instead;
c. NIC.RO no longer needs the personal data for the purposes of the processing, but you need such data to assert, exercise or defend legal claims;
d. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of NIC.RO override your grounds.
Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the Union or a Member State.

If the processing of your personal data is restricted due to one of the above-mentioned circumstances, NIC.RO will inform you before the restriction of processing is lifted.

6.5. Notification Obligation

Once you have exercised your right to rectification, erasure or restriction of processing, NIC.RO is obliged to communicate such rectification or erasure of personal data or restriction of processing to all recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to request NIC.RO to be informed about those recipients.

6.6. Right to Data Portability

You have the right to receive your personal data which you have made available to NIC.RO, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another data controller without hindrance from NIC.RO, to which your personal data have been made available, if

a. The processing is based on consent pursuant to Article 6(1) (a) or Article 9(2) (a) of the GDPR or on a contract pursuant to Article 6(1) (a); and
b. Processing is carried out by automated means.
In exercising this right, you can also demand that the personal data be transmitted directly from NIC.RO to another controller, if this is technically feasible. However, this must not impair any freedoms and rights of other persons. The right to data portability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in NIC.RO.

6.7. Right to Object

You are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) or (f) of the GDPR, including profiling based on these provisions.

In this case, NIC.RO will no longer process your personal data unless NIC.RO demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is necessary to assert, exercise or defend any legal claims.

6.8. Right to Revoke

Your Consent to Data Processing You have the right to withdraw your consent vis-à-vis NIC.RO at any time. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.

6.9. Automated Decision-Making in Individual Cases including Profiling

You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. This does not apply if the decision

a. Is necessary for the purpose of entering into or performing a contract between you and NIC.RO;
b. Is authorised by Union or Member State law to which NIC.RO is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
c. Is based on your explicit consent.
6.10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

7. Inclusion, Validity and Up-to-Dateness of the Data Privacy Statement

By using our website, you consent to your data being used as described above. This data privacy statement is the currently valid version and dates from 25 May 2018.

Further development of our website or the implementation of new technologies may render amendments to this data privacy statement necessary. NIC.RO reserves the right to change this data privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.