.VI and GDPR

Introduction

The European General Protection Regulation comes into effect for most of Europe from 25 May 2018.

.VI has never shared our zone file with third parties, including ICANN or the IANA.  Nor have never sold Registrant, Administrative, Technical, nor Billing contact information to third parties.

Additionally, we have limited sharing of our data to the maximum extent possible regardless of if you reside or are resident of the European Union or not.  Generally, when asked for such information, the Registry’s response has almost always been “No.”  There are exceptions to this of course, both in the past and continuing forward after the implementation of the GDPR, as, for example, when executing a transfer of a domain from one Registrar to another, or in response to a request from law enforcement back-stopped by a subpoena.

We will continue this policy of minimal data sharing to third parties when the GDPR comes into effect.

“Whois”

.VI uses a web-based interface to provide whois information.  

Should .VI provide a publicly available port 43 “whois” service, the information provided will be the same as the web-based Whois service.

Use of your Data

In the course of registering domain names, we do store or process personal information.  Personal data is defined as information that relates to an identified or identifiable individual.

So how do we treat and process your data?

Here are a couple of examples.

If you make a payment to us using a credit or debit card, you have to provide us with your name, the postal billing address of your credit or debit card, as well as some additional information that is required for us to successfully have our bank process your payment.  In this case, your credit or debit card details are passed from us to our bank so that they can process your payment.

If you are associated with a Registration (either as the Registrant, or any of the Administrative, Technical, or Billing Contacts), we need to collect some personal information about you, such as your name, address, telephone number and email address so that we can contact you about the domain name if we have to, and also be able to verify your identity if you contact us.

Your Rights

You can ask us at any time to let you know:

(a) What personal information we possess

(b) How we process this information

and we will provide you with this explanation.  This information will be provided via registered postal mail for security purposes once we have verified your identity and recipient postal address.

You also have the right to request an explanation from us regarding:

(a)  The purpose of the processing of your data

(b) The categories of personal data that we hold

(c)  The recipients or categories of recipients to whom your data has been or will be disclosed to

(d) The period for which we expect to store your data and whether or not we take any decisions automatically from your data

You also have the right to request that we correct, erase, or restrict processing of the data about you in our possession, subject to the requirements regarding the minimum amount of data we must hold to maintain a valid domain registration.

You may also ask us to inform you about the source of the data, which will usually be from you, your agent (“registrar”) or your company (if listed as a contact person for them).

Lastly, if you remain dissatisfied with anything related to how we are holding or processing your data, you may complain to the appropriate Data Protection Authority.

If you have questions or concerns regarding our data privacy policy, please email the Registry at support@nic.vi with the subject line beginning “GDPR Question”.