DK Hostmaster is the data controller and has the following contact details:
Collection and purpose
The collection and processing of personal data is necessary for the provision of services to DK Hostmaster’s customers, including the establishment of customer relationships with registrants, maintaining contact, providing services and support, invoicing etc. DK Hostmaster is also required by law to collect information for the purpose of maintaining the whois database. We only collect the minimum personal data required to meet our obligations as administrator of .dk domain names.
DK Hostmaster only collects personal data about registrants, a registrant’s proxy and billing contact (if applicable), and registrars. The personal data we collect and process consists primarily of contact information and information about the registration of a domain name, in the form of:
- telephone number,
- user ID,
- CPR number,
- CVR number,
- IP address,
- domain name,
- invoice numbers, and
- credit note numbers.
In connection with submitting an application for a domain name to a registrar, you must also enter into an agreement with DK Hostmaster on the right of use of a .dk domain name. In this connection, information is transferred from the registrar to DK Hostmaster so that DK Hostmaster can perform registration in the whois database and subsequently contact the registrant.
DK Hostmaster collects and processes information in connection with the use of DK Hostmaster’s self-service portal. In connection with the use of our registrar portal, the personal data also includes the registrar’s employees, who are registered in DK Hostmaster’s systems.
DK Hostmaster may also collect and process updated personal data in connection with checking the contact information and identity of registrants, as well as validation of contact information by searching for information registered under a CPR or CVR number, see more below. This is necessary to ensure that the personal data we process about you is accurate, as required by the Danish Domain Names Act. Therefore, it is also important that you always keep your own personal data in our systems up to date.
Checking registrants’ contact information and identity
All new registrants wishing to register a new .dk domain name, and who reside in Denmark, must complete an identity check with NemID of their contact information and identity. As part of this check, DK Hostmaster collects the CPR number to confirm the connection between the NemID used and a registrant who is a private individual. When DK Hostmaster has established this connection, the CPR number will be automatically deleted.
Similarly, all existing registrants will be met with a request for an identity check with NemID when accessing DK Hostmaster’s self-service portal.
Risk-based identity check
All new registrants wishing to register a new .dk domain name, and who reside outside Denmark, must complete a risk-based check of their contact information and identity. DK Hostmaster conducts a risk assessment of the information received from the registrar. If this assessment finds that there is a low or high probability of incorrect contact information or false identity, the new registrant must complete a documentation process, in which the applicant must submit documentation in addition to that listed in the previous section:
- photo identification, name and address, and
- a portrait photo.
Personal data submitted by a new registrant in connection with the documentation processwill be deleted after no more than 24 hours if the documentation is approved by DK Hostmaster. If the documentation is not approved, the application is denied and the domain name is deleted. In such cases, the submitted documentation will be retained for five weeks to ensure that DK Hostmaster can submit the documentation to the Complaints Board for Domain Names in the event of an appeal of DK Hostmaster’s decision. The deadline for appeals to the Complaints Board is four weeks after the decision, and DK Hostmaster keeps the documentation for one additional week to ensure time for processing of the appeal.
Fair and transparent processing of personal data
In connection with the collection of your personal data, we inform you of the data we process relating to you and the purpose of this processing. You will receive information about this at the time of collection of your personal data.
Security is a top priority for DK Hostmaster. We have a strong focus on the protection of our data, systems and services. The DK Hostmaster information security policy and our ISO 27001 certification form the foundation for our activities to secure systems and services, and protect our customers’ data. You can read more about this here.
As part of our high standards for information security, we protect our critical and sensitive information and information systems from being compromised or used without authorization. We protect your personal data from destruction by mistake, loss, alteration, unauthorized publication and disclosure to unauthorised parties.
Data processing agreement
We always enter into a data processing agreement with suppliers who process personal data on our behalf, and we ensure that our data processors comply with high standards of information security.
Deletion of personal data
We will delete your personal data when it is no longer necessary for the purpose for which we originally collected, processed and stored this information. For example, even if you cancel your agreement on the right of use of a domain, keep in mind that we will continue to store some information. This information is necessary for determining important actions taken by you or by us during the customer relationship. This may include information we need in the event of legal claims that may arise from an agreement between a registrant or registrar and DK Hostmaster. We regularly review our need to store information so that we do not store more than necessary.
Release of information
Marketing or commercial use
DK Hostmaster does not release personal data to any third party for marketing or other commercial purposes.
It is important that internet users can identify the person or company that is the registrant of a given domain name. Therefore, the name, address and telephone number must generally be available to the public in our whois database. This is required by section 18(1) of the Danish Domain Names Act.
The Danish Domain Names Act allows registrants to keep their address and/or telephone number hidden if other legislation excludes this information from the public domain. In order for DK Hostmaster to accept a request for anonymity, you must either have name and address protection in the Danish civil registration system (CPR), or under the legislation of the country where your address is located.
Please note that as a proxy for a registrant, you can only have your information hidden if you have name and address protection as mentioned above. The billing contact will always be hidden from the public in the whois database, but not from the registrant’s self-service portal.
DK Hostmaster may release personal data to a third party on request. This includes personal data about registrants that is anonymous in the whois database. You can read more about the release of data here.
DK Hostmaster is entitled to release name and address data about all registrants (including registrants that are anonymous in the whois database) to DK Hostmaster’s auditor in connection with the auditing of DK Hostmaster’s financial statements.
Right of access
You are always entitled to access to the personal data we have registered about you. If you request access to your personal details, we will require evidence of your identity to ensure that the data is only released to the right person.
At your request, we can inform you of the data we process that relates to you. However, access to this information may be limited out of consideration for the privacy protection of other persons, trade secrets or intellectual property rights.
To request access to your personal data, write to firstname.lastname@example.org with “Access to personal data” in the subject line.
Right to deletion or correction of your personal data
If you believe the personal data we are processing about you is inaccurate, you are entitled to correction of this data. You must contact us and inform us what the inaccuracies are and how they can be corrected.
In some cases, we will be obliged to delete your personal data. If you believe that your data is no longer necessary in relation to the purpose for which we obtained it, you can request deletion of the data. You can also contact us if you believe that your personal data is being processed in violation of the law or other legal obligations.
When you contact us to request the correction or deletion of your personal data, we will check whether the conditions for such correction or deletion have been met, and if this is the case we will perform the correction or deletion as quickly as possible.
Right of objection
You have the right to object to our processing of your personal data. If your objection is legitimate, we will discontinue processing of your personal data. However, please note that processing of your personal data is a requirement for having an agreement with DK Hostmaster on the right of use to a .dk domain name, as this data is necessary to administer the customer relationship.
Visiting DK Hostmaster’s website
When you visit dk-hostmaster.dk, you will see a top banner with information about cookies for statistics. Clicking "OK" sets session cookies and cookies to collect statistics and the banner disappears. The information in cookies is anonymous to us and will not be linked to the individual user.
Use of DK Hostmaster's self-service systems
If you log in to selvbetjening.dk-hostmaster.dk, a cookie is placed on your computer, which is used exclusively as a key to the self-service portal. The cookie, named "DKHM_SB_SESSION", is only relevant as long as you are active in our self-service portal. The cookie remains in the browser until the browser is closed.
Please direct complaints about DK Hostmaster’s processing of personal data to:
Danish Data Protection Agency
Borgergade 28, 5
DK-1300 Copenhagen K
Tel.: +45 3319 3200
December 19, 2017, version 3.0
Do you like to know more about our general policy for release of data?