PDF download: Data Processing Agreement (pdf)
The protection of your personal data is very important to us. Our processing of personal data is therefore designed to be fully compliant with applicable data protection laws and regulations.
With this policy we intend to clarify and inform you – our customer – about which personal data we process, the purposes of said processing, how this processing is performed, who has access to your personal data, for how long we process this data and how you can exercise your rights with regard to our data processing.
For the personal data required by us for the performance of the agreed service, "Controller" within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection laws and regulations is:
Im Oberen Werk 1
66386 St. Ingbert
Email: info (at) key-systems (dot) net
The data protection officer of Key-Systems can be contacted at datenschutz (at) key-systems (dot) net.
For all other processing of data where we do not control the processing, particularly for domain registration services, the controller is the registry operator of the relevant TLD as well as – for all registrations in generic top level domains – ICANN is joint controller with the registry operator.
What personal data do we process about you?
Personal data is any information relating to an identified or identifiable natural person. We process data that you provide voluntarily to us, data that we collect in an automated fashion when you visit our premises, events or websites and data processed when you access and/or use our products and services.
We may process the following personal data about our customers as inventory data: your name, your email address, your phone number and (if applicable) fax number, your job title, your full personal address, the organization you work for (if applicable to the transaction), your gender, your language preference, the IP addresses you use to connect to our systems, your account name, the services you order, your financial data including bank account or credit card information, your login details.
We may also request additional personal data if required for the specific service you requested.
Our processing of third party data
Purposes for processing
The data you transmit to us upon requesting a service (or for correction, renewal or updates of service requests) is required to establish a contractual relationship between you and us, for purposes required for our provision of requested services as well as auxiliary services to you, for proper and secure management of your customer account, to prevent abusive use of our services, to enable us to provide information on expiration and required renewals of services and to allow us to comply with applicable legal obligations. The legal basis for such processing is Art. 6 I b) GDPR.
Personal data may be transmitted to service providers acting as data controllers that are involved in our provision of services to you (such as registry operators, certification authorities, ICANN) in furtherance of the purposes of these data controllers for collecting and processing personal data based on their legitimate interests in accordance with Art 6 I f) GDPR. Legitimate interests pursued by data controllers regarding your data transmitted to them by us include the establishing of a contractual relationship between you and the provider, the mitigation and/or prevention of abuse and/or fraud, the verification of compliance with applicable eligibility requirements and/or acceptable use policies for services provided by them, the central management of a service register, assurance of data accuracy and the provision of continuity of service in case of our business failure.
Transmission of your personal data may also, in some cases, be required by data controllers to comply with applicable legal obligations in accordance with Art. 6 I c) GDPR. Please review the applicable registry policies for direct references to such legal obligations.
Your domain name registration data may also be processed and transmitted in the context of a data escrow program in order to safeguard domain registrations in case the registrar and/or registry operator ceases its activity of registering and managing domain names.
We may also transfer your personal data to third parties to safeguard legitimate interests of such third parties in accordance with Art 6 I f), except where such interests are overridden by your fundamental rights and freedoms.
We may also transmit your personal data to service providers and/or publish your data based on your explicit, informed and freely given consent, if applicable, for example if you explicitly request the publication of your data in a registration database despite our ability to redact or hide such data. This consent may be withdrawn at any time.
How do we process personal data?
We process personal information in full compliance with the technical, organizational and legal requirements of the GDPR in our data center(s) in Germany. We publish data you provide to us for web-hosting purposes in one of our shared hosting locations in Germany or on the Isle of Man, or – at your request – in the USA. We apply data minimization principles where possible and we continuously update our security measures to help protect your personal data and other information against unauthorized access, loss, destruction or alteration. Access to your data is possible only through an encrypted connection. Third parties do not have access to your data unless we provide such access in accordance with the terms below. We also request that everyone we transmit your data to in accordance with this policy apply adequate security measures.
To whom do we forward your personal data?
To the extent permitted by law, your personal data may be disclosed to the following parties:
We may provide access to your data to other group companies affiliated with ourselves strictly for purposes of providing you with a better service.
We may forward your personal data to third-party service providers directly involved in the provision of our service to you, such as a registry operator of a top level domain in which you have requested a registration (please review terms of registration applicable to each relevant TLD in order to determine the registry operator and its terms of registration). We are unable to influence the data requirements of such parties. Such transfers may require the transfer of your personal data to organizations and/or servers located outside the European Union.
We may forward your personal data to third-party payment providers directly involved in the provision of payment services for payment facilities chosen by you to pay for our services, such as a banks, credit card service providers, Paypal and others. This may require the transfer of your personal data to organizations and/or servers located outside the European Union.
If applicable, your personal data may be provided to operators of registration database (formerly whois) services and the users of such services if required and such provision and use is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, as permitted under under Art. 6 I f) of the GDPR.
To ensure business continuity, your personal data may be provided to escrow service providers as well as to backup storage providers.
We may disclose your personal information to law enforcement agencies, to other government and/or civil authorities similarly authorized by applicable laws and regulations and to courts of appropriate jurisdiction if so required by law. To ensure data accuracy and to prevent abusive use of our services, we may use third-party verification service providers to check the data you have provided. To assess our business operations, we may also provide access to your data to our auditors.
For support purposes, we may provide access to your personal data to providers of third-party support services.
We will never sell your personal data to anyone.
Further data usage
We will only use the data for the purposes of advertising, customer service or market research if such use is necessary to provide or improve the service and if the customer has provided prior consent. Such consent may be revoked at any time. We will store your personal data that is processed for business purposes for a minimum of one year after the termination of the service it was collected for, or longer if required by legal requirements, such as the tax code. Data processed for other purposes is processed no longer than necessary for the purposes for which your data is processed or until all applicable legal requirements are met.
Your rights with regard to your data
You have the right to access and correct your data through your control interface with us or any intermediary service providers you may employ. You have the right to request information concerning your personal data and to request a copy of all your data in a standard format. You may at any time request to update all incorrect, out-of-date or incomplete data and to help us keep the internet safe we encourage you to regularly review the data you provided to ensure it is accurate, current and complete. You have the right to request the restriction of certain processing activities in certain circumstances and to object against certain processing activities. If and as far as processing is based on consent, that consent can be withdrawn at any time by the consenting party. You have the right to erasure your data in certain circumstances. You have the right to be informed where we obtained your personal data in case it was not directly obtained from you. You can exercise your rights by contacting us. You also have the right to lodge a complaint with a supervisory authority.
Traffic data, e.g. data being collected and used to measure the amount of usage of a telecommunication service, will only be collected as necessary for the purpose of performance of services and invoicing. We also collect traffic data with regard to any login attempts into our systems. Traffic data will not be stored longer than six months above the time required for invoicing and the provision of the service, unless the customer requests a longer storage time within the scope of a statistics function. Traffic data will not be used to create user profiles.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
In case IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP anonymization is active on this website.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.
Usage of Hotjar
Our websites use Hotjar web analytics service. Hotjar Ltd. is an European company based in Malta (Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel.: +1 (855) 464-6788)
Hotjar may record mouse clicks, mouse movements and scrolling activity. Hotjar collects information regarding pages visited, actions which are taken, country, device used, operating system, and browser used. Hotjar does not collect personally identifiable information that you do not voluntarily enter in this website. Hotjar does not track your browsing habits across websites which do not use Hotjar services.
Google Adwords conversion tracking
We use the online advertising program “Google AdWords” and, as part of Google AdWords, conversion tracking. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad served by Google, a conversion tracking cookie will be placed on your device. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification.
If you visit certain web pages on our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked through the websites of advertisers.
The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. It tells customers the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
Google Web Fonts
In the interest of a consistent and attractive presentation of fonts and our online offers, this website uses the “Google Web Fonts” service provided by Google. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
When you access the page, the required web fonts are saved by your browser in your browser cache to display texts and fonts correctly. If your browser does not support Google Web Fonts, a default font will be used by your computer.
By using Google Web Fonts, the browser you use will connect to Google's servers and report that our website has been accessed through your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services.
ActiveCampaign data tracking
Our websites use ActiveCampaign tracking services to track your visits to our website and to allow us to personalise content, products and services by associating page visits with contact records. ActiveCampaign, LLC is a US-American company based in 1 North Dearborn Street, 5th floor, Chicago, IL 60602. For questions on their use of your data, you can also contact [email protected] The information generated by the tool will be transmitted to and stored by ActiveCampaign on servers in the United States for no longer than 30 days.
Cookies and other tracking technologies
When you visit our websites, we may request your approval to store certain information on your devices in the form of a cookie in order to better provide our services to you. Denial to accept our cookies may result in a loss of functionalities on our websites and user interfaces for you.
Anonymization of data
We currently have not implemented measures regarding the anonymized processing of personal data in our system. Credit card details are stored in an encrypted format. We do offer anonymization and privacy services for domain name registrations in certain circumstances where the use of such services is permitted by the data controller (the registry operator).
Changes to this policy
Please note that the data protection information may be changed at any time with due regard to the applicable data protection regulations. The version being made available on our website at the time of your order or last visit to our website applies. We will inform you about any changes either directly by newsletter or indirectly through your service provider.
We’re Here to Help
If you have further queries or need a hand, check out our Help Centre where we answer frequently asked questions. You can also get in touch with our local support team for 1:1 advice.