Domini.AD WEBSITE PRIVACY POLICY

 

In accordance with the Law 29/2021, of 28 October, Qualified of Personal Data Protection (hereinafter, the "LQPD"), Domini.ad undertakes to comply with its obligation of secrecy regarding personal data, to treat them confidentially and to keep them protected by appropriate security measures.

The purpose of this Privacy Policy is to provide information on your rights under the LQPD and on the use that the data controller will make of your personal data as a user of the Website and/or the services of Domini.ad (hereinafter, the "User").

 

  1. WHO IS THE DATA CONTROLLER?

The data controller of the website https://www.domini.ad (hereinafter, the "Website") is Andorra Telecom, S.A.U. (hereinafter, "Andorra Telecom"), an Andorran public entity registered in the Andorran Companies Registry under number 15522, with registered office at C/ Mossèn Lluís Pujol, número 8-14 in Santa Coloma (AD500) and Tax Registration Number: 710646-J; incorporated by virtue of the Law 33/2014, of 27 November, of Creation of the Public Company Andorra Telecom, SAU and the Decree 23-12-2020 approving the Telecommunications Infrastructure Regulations of the Principality of Andorra.

E-mail: protecciodades@andorratelecom.ad

Data Protection Officer: Sergi Majoral Llimiñana

 

  1. TO WHOM DOES THIS PRIVACY POLICY APPLY?

This Privacy Policy applies to you if you have contacted us, among other things, in the following cases:

  • If you have registered an .ad domain
  • You are a contact associated with an .ad domain name
  • You are an employee of an entity with which we have a contractual relationship
  • You are a subscriber to our newsletter
  • You have visited our Website
  • You have attended one of our training activities
  • You have contacted us through any other channel we make available to you (e-mail, telephone, events, etc.)

Your personal data may be collected by the following methods:

  • Through the domain name registration processes
  • Through our network of authorised registrars
  • By e-mail, telephone and/or fax
  • By your registration to participate in any of our training activities
  • By attendance at an event
  • Through the communication of suppliers or partners
  • By a form on our Website
  • Or by any other means that we may use to carry out our activities

In accordance with articles 7 and 8 of the LQPD, only persons over the age of 16 may give their consent to the processing of their personal data in a lawful manner by Andorra Telecom. In the case of a minor under 16 years of age, the consent of the minor's legal representative will be required.

 

  1. WHICH OF YOUR PERSONAL DATA DO WE PROCESS?

Personal data is any information relating to an identified or identifiable natural person (i) that you voluntarily provide to us (for example, through forms on our Website), (ii) that your registrar has provided to us for the registration of your domain name, and (iii) that we collect from your attendance at our events or visits to our Website.

In the context of our business and training activities and in order to provide you with a good service and to improve our services where possible, and depending on the information we need in order to carry out the service for which you have contacted us, we may process the following personal data:

  • Identifying data: your name, e-mail, telephone number, your personal address, your unique identifier in our system, your domain name, your IP address.
  • Employment data: organisation where you work, job title.
  • Data with personal characteristics: your language preference, your gender, your age, images and video files.
  • Financial data: data related to your bank account or credit card information.

For some of the training activities we may need to process your ID card and employment status. We will only request these data where it is essential for two reasons: (i) to check the suitability of candidates to undertake the course, and (ii) to certify the participation.

In the case of domain holders and associated contacts, since it is not possible to register a domain name directly with us, we collect your personal data through the company with which you have registered your domain. This company may be one of our authorised registrars or one of their distributors who collect your personal data on our behalf.

 

  1. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data for different purposes:

  • In order to provide the best possible services for your domain, we must collect personal data regarding your domain name. This also allows us to identify you and contact you directly in connection with the registration of your domain name, if necessary.
  • We use your personal data to maintain and build long-term relationships and to execute any contract we may have. We use your personal data to respond to your enquiries, to fulfil your requests and/or to send you administrative information.
  • Your personal data may be used to comply with the applicable law. It may also be used to respond to requests or complaints from public and governmental authorities, including public and governmental authorities outside your country of residence, or to protect our rights, privacy, safety, or property and/or our entities.
  • We may use your personal data to send promotional messages, marketing, information about the .ad community and other information that may be of interest to you.

We inform you that the required data are essential to carry out the requested services, and your refusal to provide them implies the impossibility of carrying them out.

The information provided by the User to Andorra Telecom through the forms must be exact and truthful. The User guarantees the authenticity of all the data provided and will keep the information given to Andorra Telecom updated so that it corresponds, at all times, to the User's real situation. In the event of inaccurate, incomplete or false statements communicated by the User, he/she will be the only party responsible for any damages that may be caused to Andorra Telecom or third parties.
 

  1. PRINCIPLES FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

Domini.ad shall comply with the following principles for the processing of personal data relating to registered name holders and other data subjects:

  • We will ensure that data is processed in a lawful, fair and transparent manner in relation to registered name holders and other data subjects ("lawfulness, fairness and transparency").
  • We will collect the data for specified, explicit and legitimate purposes and will not process them in a way that is incompatible with this purpose ("purpose limitation").
  • We will ensure that the data are adequate, relevant and not excessive regarding the purposes for which they are processed ("data minimisation").
  • We undertake to maintain the accuracy of the data and, where necessary, to keep them up to date in accordance with the purposes for which they are being processed ("accuracy").
  • We will not retain data in a form that allows the registered name holder and other data subjects to be identified for longer than is necessary for the permitted purposes ("retention period limitation").
  • And we will process the data in a way that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, as well as against accidental loss, destruction, or damage. This will be done through the use of appropriate technical or organisational measures ("integrity and confidentiality").

 

  1. WHO HAS ACCESS TO YOUR PERSONAL DATA?

Your personal data will only be accessible by the qualified personnel of Domini.ad who must process them, and in the cases essential for the provision of the service that links you with us, by the personnel of the entities that collaborate with Domini.ad for the provision of that service.

Andorra Telecom undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the collected data, so as to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss, or alteration of transferred, stored or otherwise processed personal data, or the unauthorised communication or access to these data.

Personal data will be processed as confidential by the Data Controller, who undertakes to inform and guarantee by means of a legal or contractual obligation that this confidentiality will be respected by its employees, partners and any other person to whom it makes the information accessible.

 

  1. ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

We may process your personal data depending on various legal reasons:

  • To comply with our legal obligations as a registry or data administrator.
  • For the protection of our legitimate interests and in particular: economic, commercial and financial interests, business continuity, the security and confidentiality of customer information and products, and the security of the digital and physical infrastructure.
  • Due to the consent you have provided in connection with the activities of Domini.ad.
  • For the maintenance of contractual relations with registrars and domain owners.

 

  1. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We want to assure you that we do not sell your personal data to any third party. However, in accordance with applicable law and, in particular, the provisions of the domain name registration agreement, we may have to disclose your personal data to the following entities:

  • Technical support and storage providers: in order to ensure the proper functioning of the registry activities, which enable the registration of your domain name, it is necessary to store and back up all registration data, including your personal data.
  • Third parties: your personal data may be shared with third parties, including government authorities, where there are legitimate grounds to do so.
  • ICANN (or Internet Corporation for Assigned Names and Numbers): it is an international non-profit entity responsible for coordinating the technical aspects and essential policies of the Internet's domain name system and IP address resource. ICANN may receive your information in connection with the registration of your .ad domain, as required by our registration agreement with ICANN.
  • Auditors: in order to ensure an accurate assessment of our business operations, auditors may have access to your personal data.

When we share your personal data, we ensure that we instruct the recipients to process your data in accordance with our instructions wherever possible.

The links contained on the Domini.ad Website may lead to third-party websites. Domini.ad assumes no liability for the content, information, or services that may appear or be provided on these sites, which are for information purposes only, and in no case imply any relationship between Domini.ad and the persons or entities that own the content of the sites where they are located.

 

  1. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

In accordance with the LQPD in its third chapter, at any time, interested parties may exercise the rights described below, unless their request is considered excessive or unfounded:

  • The right to request information about their personal data and to have it provided to them in a concise, transparent, intelligible and easily accessible form in clear and plain language.
  • The right to access the personal data being processed.
  • The right to request a copy of all his/her data in a standard format.
  • The right to modify or correct his/her personal data if they are incorrect.
  • The right to request the restriction of certain processing activities in specific circumstances.
  • The right to object to certain processing activities.
  • The right to withdraw his/her consent.
  • The right to have his/her personal data erased in certain circumstances.

They may exercise any of their rights by drafting and sending a request by e-mail to protecciodades@andorratelecom.ad. The request will be answered within a maximum period of one month as provided by law, as from the day following the date of receipt of the request by Domini.ad.

However, the deadline may be extended for a further two months, considering the complexity and number of requests.

Additionally, interested parties may contact the Andorran Data Protection Agency with registered office in Andorra la Vella, C/ Doctor Vilanova, 15-17, planta 5a (AD500) Principality of Andorra; or through the website https://www.apda.ad/ regarding any question related to the processing of their data by Domini.ad.

 

  1. WHERE AND HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Your personal data are stored both electronically and physically, internally and by third parties, and will be kept for the time necessary to comply, in each case, the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of the data, as from the end of the relationship with Domini.ad.

This retention period differs according to the type of personal data processed, the purpose of the processing and other factors.

As a domain name holder, we retain personal data for one (1) year after deletion of the domain name.

Personal data of individuals that are collected outside the scope of a contract in the context of our business activities are retained for up to one (1) year after their irrelevance.

In compliance with the provisions of Article 30 of the LQPD, Domini.ad will be obliged to block the data when they are rectified or deleted.

The blocking of the data consists of their identification and reservation, adopting technical and organisational measures to prevent their processing, including their visualisation, for the sole purpose of making the data available to the courts and tribunals, the public prosecutor's office or the competent public administrations, in particular the data protection authorities, for the enforcement of possible liabilities arising from the processing and only for the period of limitation of these. Once this period has elapsed, Domini.ad will proceed to destroy the data.

 

  1. WHAT SECURITY MEASURES ARE TAKEN TO SAFEGUARD YOUR PERSONAL DATA?

We are implementing and continually updating our security measures to help protect your personal data and other data against unauthorised access, loss, destruction, or alteration. We make every effort to ensure that all information is stored securely, and we require our service providers to implement appropriate security measures.

 

  1. REGISTRATION DATA FOR .AD DOMAINS

This section informs you of the processing of your registration data in accordance with ICANN's policies and the LQPD.

  1. Responsible party

ICANN, the Domini.ad Registry and its Registrar are the joint Controllers (or processors where applicable) for the processing of your registration data, as described in this section.

The main reasons for processing include, among others, the maintenance of the operation of your domain name, domain name transfers, as well as the needs of the WHOIS tool.

The role of ICANN, a non-profit organisation in California, United States, is to establish policies affecting the processing and publication of its data, as well as to regulate and ensure that the domain name system is secure and stable.

ICANN contractually requires us and your Registrar to process your personal data and to apply the policies governing these, which, in part, are policies established by the ICANN community. ICANN also requires, from all parties contractually involved, regular reporting on compliance with these policies.

The role of the Registrar is to provide domain name holders with domain name registration and related services. According to the requirements set by ICANN, registration data must be processed by the Registrar and subsequently transferred to the Registry.

The role of the Registry, in this case the Domini.ad Registry, is to maintain the central repository for all of them.

You can contact us here:

Domini.ad Registry

C/ Mossèn Lluís Pujol, 8 - 14, Santa Coloma, AD500 Andorra la Vella, Principality of Andorra

E-mail: info@domini.ad


 

  1. The data we process. Registration Data

As a domain, we have specific provisions for your registration data. The registration data is the set of data contained in this section, including the data of all contacts as well as the intention of use ("Registration Data").

The following data are collected by the Registrars and then transferred to the Domini.ad Registry:

  • Domain Name
  • Name Servers
  • Name of the Holder
  • Organisation
  • Address
  • Telephone number and telephone extension
  • Fax number and fax extension
  • Intention of use of your Domain Name (the purpose or objective of the domain holder in using a specific domain name on the Internet).

The same elements that are collected from the domain Owner are also collected from the administrative and technical contacts. Furthermore, the billing contact, although the latter one is optional.

 

  1. Legal basis for collection

The legal basis for the collection of your data is Art. 6.1.b) of the LQPD. For the domain holder and for the intended use, it is in order to execute the Domain Name Registration Policies, in accordance with the specific eligibility requirements, and for post-registration validation; for the administrative contact, it is in order to enable Domain Name managements, such as transfers, and for regulatory monitoring purposes; for the technical contact, it is to enable contact for technical reasons.

Where data is collected from third parties, for example, where the owner and administrative and/or technical contacts differ from the person(s) providing the data to the Registrar, the Registrar is responsible for informing these third parties of the elements of this Registration Policy, including the provisions relating to privacy.

ICANN, the Registry and the Registrar are responsible for the data.

 

  1. Transfer of data to the Registry

We also require the Registrar to transfer the data in the previous section. The legal basis for this is Art. 6.1.f) of the LQPD, as we have a legitimate interest in identifying and investigating patterns of conduct that may violate the regulation, in providing information regarding domain ownership disputes, and in operating a central repository of owner’s data.

For this processing activity, ICANN and the Registry are the data controllers, with the Registrar being the data processor.

 

  1. Data processing by third parties

We use the services of the Unió Temporal d’Empreses constituted by Fundació puntCAT and CORE Association as back-end technical service providers for the Registry of domains, which is responsible for the processing of your data.

 

  1. Publication of data

The Registry will not publish your data in the WHOIS or make them public, except in the following cases:

  • The transfer of your data will only take place if there is sufficient legal basis for this transfer, which will be assessed on a case-by-case basis. The legal basis may be Art. 6.1.b) (in the case of UDPR –Domain-Name Dispute-Resolution Procedure– or of URS –Uniform Domain-Name Dispute Resolution System–); Art. 6.1.c) (in the case of requests from competent public authorities); or Art. 6.1.f) (legal basis in the legitimate interest of a third party).

Until ICANN adopts an accreditation model for processing applications, all applications will be handled individually by the Registry.

 

  1. Data retention period

Registration Data shall be deleted as soon as the reason for its processing has ceased to exist. The data processed by the Registry shall be deleted upon expiry of the retention periods imposed by law. The Registry shall comply with Articles 20 and 22 of the LQPD.

ICANN may impose some of these retention periods. Registration Data may have to be maintained for a period of one (1) year after the domain has been deleted.

 

  1. Correction of your data

You agree to promptly correct and update your Data during the registration period of your Domain Name, if at any time they are no longer correct.

 

  1. Rights

You may exercise the following rights:

  • Right of access of the interested party: Art. 18 LQPD.
  • Right to rectification: Art. 19 LQPD. Amendments can be requested to your Registrar, as the Registry cannot execute this rectification itself.
  • Right to deletion: Art. 20 LQPD. The deletion of the data may result in the cancellation of your domain.
  • Right to restriction of processing: Art. 22 LQPD.
  • Right to data portability: Art. 23 LQPD.
  • Right to object: Art. 24 LQPD.

You have the right to lodge a complaint with the Andorran Data Protection Agency regarding our processing of your data.

 

  1. Processing of your data

We will only process your data in accordance with the LQPD and will take all technical and organisational measures to protect your data from loss, misuse, unauthorised access, modification or publication and deletion. We will also take any legally required security measures.

 

  1. CONTACT

If you have any questions about this Privacy Policy or if you wish to exercise any of your rights set out above, you may contact us at protecciodades@andorratelecom.ad.