This Service Agreement ("Agreement") is entered into between Domeneshop AS ("Domainnameshop"), a private limited liability company incorporated in Norway with registration number 930834408, and you, and is made effective as of the date of electronic acceptance. The terms "we", "us" or "our" shall refer to Domainnameshop. The terms "you", "your" or "customer" shall refer to any individual or entity who enters into this Agreement with us.
This Agreement is divided into three parts:
- General Terms and Conditions: general provisions for all customers of Domainnameshop
- Registration Agreement: applies to registration, transfer and renewal of domain names
- Terms and Conditions for Hosting Services: apply to email, web and other hosting services
In addition, the following appendices are included and incorporated into this Agreement:
- Privacy Policy: describes how we collect and process personal data
- List of Registry Operators: links to the policies for the top-level domains that we offer
- Data Processing Agreement: if you decide to use our hosting services to store or transfer personal data
Your electronic acceptance of this Agreement signifies that you have read, understood, and agree to be bound by all the terms and conditions in each of the parts of the Agreement that applies to you. Submission of your domain name registration application, transfer application, and/or application for hosting services constitute acceptance of all the terms, conditions, specifications and policies contained and referenced herein.
This Agreement will become effective on 1 November 2024, and this version replaces all previous revisions of the Agreement. Domainnameshop reserves the right to make changes to the terms of the Agreement based on unforeseen events, increased fees, market developments or service developments. This may include, but is not limited to, changes to usage restrictions, usage guidelines, resource allocation or security procedures. Domainnameshop will give you written notice of any changes at least 30 days before they come into force. This notice will be sent to the email address you have provided to us. The notice will contain a clear overview of the changes and the dates they come into force. If you cannot accept the notified changes, and the changes put you at a disadvantage compared to the original Agreement, you have the right to terminate the Agreement free of charge before the changes take effect. If you do not terminate the Agreement within the specified deadline, it is considered acceptance of the new terms. You do not have the right to terminate the Agreement if Domainnameshop confirms that the changes will not apply to you.
- Definitions: A top-level domain ("TLD") is the uppermost level in the domain name hierarchy, i.e. a domain that consist of only one label after the dot (e.g. .com or .no). A country-code top-level domain ("ccTLD") is a TLD officially assigned to a particular country or territory (e.g. .no or .uk). A generic top-level domain ("gTLD") is a TLD that is not a ccTLD but is intended for generic use anywhere in the world (e.g. .com or .shop). A registrar ("registrar") is an entity, such as Domainnameshop, that provides domain name registration services to end users. A Registry Operator ("Registry Operator") is the central registration authority that maintains the database of all registered domains under a particular TLD (see list in Appendix 2). ICANN ("ICANN") is the Internet Corporation For Assigned Names and Numbers, a not-for-profit public-benefit corporation that, among other things, organizes and oversees all gTLDs.
- Fees and payment: All services provided by Domainnameshop are invoiced according to the fees published on https://domainnameshop.com/pricelist at the time of purchase. Domainnameshop reserves the right to modify fees and surcharges at any time, for any reason, at its sole discretion. Unpaid invoices for delivered services shall attract a late payment fee and interest at a rate according to Norwegian law. Domainnameshop reserves the right to transfer payment claims to a third party. Except as provided herein, all fees are non-refundable, in whole or in part, even if your domain registration or service is suspended, cancelled or transferred prior to the end of your then-current term.
- Term of service, renewal and termination: Unless otherwise specified, all services provided by Domainnameshop are for a one-year initial term, and is renewable thereafter for successive one-year terms. You acknowledge and agree that the renewal fee may be higher or lower than the price you paid for the then-current term of service. A renewal invoice is normally sent to the billing address 30-60 days prior to expiry of the current term, giving you ample time to cancel or make changes to current services. Transferring a domain name away from Domainnameshop to another registrar or service provider is regarded as a cancellation of your services with us, unless you have informed us in advance that the services are to be continued. If you have not received a renewal invoice by the expiry date of the current term, it is your responsibility to contact us and request that the services be renewed and a renewal invoice issued.
- Accuracy of information: You agree to provide true, accurate, current, and complete information as required by the application process. You agree to respond within 7 (seven) business days to any inquiries Domainnameshop may make to determine the validity of any information provided by you. You understand that Domainnameshop relies on the contact information you provide to send you important information and notices regarding your domains and services. Failure by you for any reason to provide Domainnameshop with accurate and reliable information at any time, or to timely respond to any inquiries to verify the information you provide, shall be considered a material breach of this Agreement.
- Obligation to keep information up to date: It is your responsibility to ensure that all contact information is current and valid for all your domain names and related services. Changes to contact information must be made via the control panel available at https://domainnameshop.com/login. Domainnameshop does not accept notification of changes via email, fax or postal mail. If you do not keep the contact information updated, your domains and/or related services may, at the worst, be deactivated or deleted because there is no way to contact you.
- Customer service level commitments: Free customer support is available with all services provided by Domainnameshop. Support requests can be sent via email or our contact form at https://domainnameshop.com/contact. We also offer telephone support on weekdays, see our web page for opening hours. All support requests submitted via email or through our webpage will receive an initial response within 2 (two) working days. Any complaints regarding the customer service we provide are first handled by our normal customer support department, either by email or telephone, and escalated to the Chief Support Officer and ultimately to the Managing Director.
- Acceptable Use Policy (AUP): Services provided by Domainnameshop must not be used for any purposes that Domainnameshop, at its sole discretion, may find unacceptable. Examples of unacceptable use include, but are not limited to: transmission of unsolicited email (so-called "spam" or "junk mail") to private persons or organizations; port scanning; denial of service (DoS) attacks; attempts at gaining unauthorized access to Domainnameshop's servers or servers belonging to a third party; dissemination of computer viruses and trojans, whether on purpose or not; distribution or promotion of material that may be considered as racist, pornographic or defamatory, or material that expresses religious or political extremism; activities prohibited by Norwegian or international law; activities that promote unlawful behavior, such as hate crimes or terrorism; activities that are designed to or that effectively defame, slander, harass, embarrass, threaten, abuse, or harm third parties; identity theft and activities that impersonate the identity of any third parties; activities that are harmful to minors in any way; activities that constitute fraud or that have a fraudulent purpose; activities that are designed to or that effectively infringe upon the copyright, trademark, trade secret, or other intellectual property rights of a third party; activities that constitute or promote obscenity, profanity, indecency, tortuous behavior, hatred, vulgarity, harassment, invasion of privacy or publicity rights of a third party, or physical harm of any kind against any group or individual; or any other unacceptable material or activity of any kind as Domainnameshop at its sole discretion may determine. Unacceptable use also covers activites where services provided by Domainnameshop are indirectly involved, for example if a domain name registered through Domainnameshop points to an external server distributing or promoting illegal material, or if a domain name registered through Domainnameshop is promoted via unsolicited email sent from servers not belonging to Domainnameshop. It is also not permitted to carry out white-hat operations such as penetration testing, vulnerability scanning, or phishing drills, so-called ethical hacking, without Domainnameshop's explicit prior written consent. You agree and accept that any use of your account with Domainnameshop, whether or not on your behalf and whether or not with your permission, that conflicts with our Acceptable Use Policy, shall consitute a material breach of this Agreement. In the event that Domainnameshop deletes, suspends, cancels, terminates, or otherwise interrupts any service to you or your customer account for violation of our Acceptable Use Policy, any and all fees paid to Domainnameshop shall be non-refundable and ineligible for account credit.
- Confidentiality of account and login information: All usernames and passwords for your accounts with Domainnameshop (e.g. for the control panel, FTP, email accounts, login shell, database etc.) are strictly confidential, and you agree that you are solely responsible for maintaining the confidentiality of your passwords and login information. It is your responsibility to share this information only with the people (e.g. webmasters) who need this information in their work with maintaining your domains and related services. You agree to immediately change the password if you suspect that its security has been compromised, or if a person who knows the password is no longer associated with the domain or related services. You also agree to periodically change your passwords as a security precaution. If a password has not been changed in a long time, Domainnameshop reserves the right to automatically generate a new password for you. We also reserve the right to change the password if we suspect that the account has been accessed by an unauthorized party. You agree to immediately notify Domainnameshop of any unauthorized use of your account, or any other breach of security. You also agree that you are solely responsible for any and all charges, liabilities, and/or activities that occur on your account, whether initiated by you, by others on your behalf, or unauthorized, or by any other means. You agree that in no event shall Domainnameshop be liable for any loss whatsoever that you may incur as a result of someone else using your password, account, and/or account information, either with or without your knowledge or consent. Your further agree that you could be held liable for any losses incurred by Domainnameshop or another party due to someone else using your password, account, or account information. Domainnameshop specifically disclaims any liability for any activity occurring on your account, whether authorized by you or not.
- Resale: If you resell any domain name registered with Domainnameshop, you agree to inform any customer of yours of the fact that they are registering their domain name through Domainnameshop, an accredited registrar of ICANN and the Registry Operator for the domain. You further agree not to represent, whether orally, in writing, or by symbols, that you are an accredited registrar of ICANN or the Registry Operator or that you are an authorized reseller of Domainnameshop. You agree to obtain from any customer of yours acceptance of, and evidence of acceptance of, Domainnameshop's then-prevailing Service Agreement. Any agreement you enter with any customer of yours shall not conflict with this Agreement or any policies of ICANN or the Registry Operator. You understand and agree that if you resell any service obtained through Domainnameshop and any customer of yours violates any provision of this Agreement or any policy of ICANN or the Registry Operator, Domainnameshop reserves the right to cancel, terminate, or otherwise interrupt your customer account or any and all services. You understand and agree that if you resell any service obtained through Domainnameshop, you hereby assume full and complete responsibility for, and agree that Domainnameshop shall have no responsibility or liability for, any and all activities, complaints, or cancellations by the party to whom you resell Domainnameshop's services. You further agree to release, indemnify, defend, and hold harmless Domainnameshop against any claims, losses, and liabilities relating to or arising out of your resale of Domainnameshop's services.
- Term and termination of Agreement: The term of this Agreement shall continue in full force and effect as long as you have a customer account with Domainnameshop. You agree that, should you cancel or terminate this Agreement with Domainnameshop, you will not receive any refund or credit of any fees you may have paid to Domainnameshop, except as otherwise expressly stated herein. Should you elect to cancel or terminate this Agreement with Domainnameshop, you agree to provide at least 30 (thirty) days written notice to Domainnameshop. You agree that Domainnameshop may terminate this Agreement or any part of its services in the event of significant or repeated breaches of this Agreement or if termination is or becomes required by any policy of ICANN. Based on the specific circumstances surrounding a breach and as far as is practically possible, Domainnameshop will give notice in advance of the implementation of any measures, e.g. account deactivation. Should Domainnameshop cancel, discontinue, or terminate your account, this Agreement, or any services it provides to you as a result of significant or repeated breaches of this Agreement, no fees will be refunded or credited to you. Domainnameshop's failure to notify you or act upon any possible breach by you, shall not excuse you from the breach and shall not constitute a waiver of Domainnameshop's right to notify you or act upon such breach at a later time.
- Indemnification of Domainnameshop: You agree to release, indemnify, defend and hold harmless Domainnameshop from any and all losses, liabilities, claims, damages, costs and expenses that are due to or related to abuse of Domainnameshop's services or material breaches of this Agreement, including breaches of our Acceptable Use Policy (AUP). This indemnification obligation shall survive the termination or expiration of this Agreement.
- Indemnification of ICANN and Registry Operators: You agree to release, indemnify, defend, and hold harmless ICANN and all Registry Operators from any and all losses, liabilities, claims, damages, costs and expenses that are due to or related to abuse of Domainnameshop's services or material breaches of this Agreement, including breaches of our Acceptable Use Policy (AUP). This indemnification obligation shall survive the termination or expiration of this Agreement.
- Warranty disclaimer: You agree that the use of our services is solely at your own risk. Domainnameshop's services are provided "as is" and we make no warranty that our services will meet your requirements. You yourself are responsible for ensuring that Domainnameshop's services can be used for the purposes you intended.
- Limitation of liability: Domainnameshop is legally obliged to deliver a service that is in accordance with the agreement you enter into with us. If errors or deficiencies occur with the service, you must immediately notify us at the specified contact address and send documentation of such errors or deficiencies. We will immediately start the troubleshooting process and try to fix the problem as quickly as possible. We will also inform you about the status and progress. If a service provided by us is down or does not work as agreed for a period that exceeds 24 hours, you are entitled to compensation with a proportionate price reduction for the affected period. The discount will be calculated based on the total contract value and the total downtime. You have the right to claim compensation for direct (but not indirect) financial losses arising as a result of circumstances over which we have control and which are due to errors or deficiencies in the service. In no event shall Domainnameshop's maximum aggregate liability exceed the amount you have paid to Domainnameshop for the particular service. Domainnameshop cannot be held responsible for losses caused by events beyond Domainnameshop's control.
- Force majeure: Neither party shall be deemed in default or shall hold the other party responsible for any failure or delay in the performance of its obligations under this Agreement in the event of an earthquake, flood, fire, storm, vulcanic eruption, natural disaster, war, terrorism, armed conflict, cyber attack, state of emergency, pandemic, labour strike, lockout, or boycott, provided that the party relying upon this section shall have given prompt written notice to the other party of such event within 5 (five) days within the occurrence of such event, and shall have taken all reasonably necessary steps to mitigate the effects of the event. Should the force majeure event persist for a period of more than 30 (thirty) days, Domainnameshop may at its option terminate this Agreement.
- Entire agreement: This Agreement, including all specifications and policies incorporated herein by reference, constitutes the entire agreement between the parties concerning the subject matter of this Agreement and supersedes any prior arrangements, representations, statements, negotiations, understandings, proposals or undertakings, oral and written, with respect to the subject matter hereof.
- Severability: If any provision of this Agreement is determined to be invalid, illegal, or unenforceable in any jurisdiction, the remainder of the Agreement shall not be affected thereby, and to this end the provisions of this Agreement shall be severable.
- Governing law and jurisdiction: This Agreement shall be governed by the laws and judicial decisions of the Kingdom of Norway. As a consumer, you have the right to complain to the Norwegian Consumer Authority (Forbrukertilsynet) if you believe that we are not complying with our legal obligations. Any disputes or disagreements relating to this Agreement should be sought resolved amicably. If you are a consumer, the dispute should be settled finally at your venue. For all other cases, the dispute should be settled with the Oslo District Court as the venue.
- Language: This Agreement is executed in the English language. To the extent any translation is provided to you, it is provided for convenience purposes only, and in the event of any conflict between the English and translated version, where permitted by law, the English version shall prevail.
- Initial term and included services: Domain names are registered for a one year initial term, unless otherwise specified on our website. The registration fee includes use of Domainnameshop's nameservers or delegation to external nameservers. Any other services for the domain, such as email and web hosting, must be ordered separately and paid for according to the fees published on https://domainnameshop.com/pricelist.
- Domain name registration is binding and non-refundable: An application for domain name registration is binding from the time Domainnameshop receives the application. Domain name registration is a service which is considered to be delivered in full at the time of registration, and as such the Norwegian Act on the right to repent a sale of goods after a cooling-off period (Angrerettloven) which gives the customer 14 days to regret and cancel consumer purchases done through phone, mail or the Internet, does not apply. As soon as the domain name application is sent from Domainnameshop to the Registry Operator, the application cannot be cancelled, and the registration fee must be paid in full. This also applies if you should change your mind and do not want to register the domain or if you want to cancel the domain before the end of the registration term. All registration fees and renewal fees are non-refundable.
- Eligibility requirements: Different TLDs have different eligibility requirements, and you warrant that the domain name applicant meets the requirements for the TLD under which you apply for a domain. For example, domain names under .eu can only be registered by persons and organizations within the European Union/European Economic Area, and domain names under .no can only be registered by Norwegian organizations and private individuals resident in Norway. For a complete list of eligibility requirements, please refer to the Registry Operator's policies for each TLD (see Appendix 2).
- Third party rights: When submitting a domain name application, you are solely responsible for ensuring that neither the domain name itself nor the manner in which it is directly or indirectly used violates or infringes in any ways the rights, including trademark rights, copyrights or other intellectual property rights of any third party. Domainnameshop recommends that you undertake the necessary research, including a trademark search, to ensure that a successful registration will not not violate or infringe any third party rights, before submitting the application.
- Required information: You agree to provide Domainnameshop with the following contact information for each domain name application: (1) the full name, postal address, email address, voice telephone number, and (where available) fax number of the Registered Name Holder, (2), the name of an authorized person for contact purposes in the case of a Registered Name Holder that is an organization, association or corporation, (3) the name, postal address, email address, voice telephone number, and (where available) fax number of the administrative contact for the domain name, and (4) the name, postal address, email address, voice telephone number, and (where available) fax number of the technical contact for the domain name. Under some TLDs, you must also specify additional identification information for the Registered Name Holder, such as an organization number or VAT identification number (if the Registered Name holder is an organization, association or corporation) or a birth date or national identity number (if the Registered Name Holder is an individual). In addition, you must provide the primary nameserver and secondary nameserver(s) for the domain name.
- Registered Name Holder: The Registered Name Holder ("domain holder", "holder" or "registrant") means the person or legal entity who is the holder of a registered domain name, as specified in the contact information for the domain name. If you are the Registered Name Holder, you understand and accept that Domainnameshop in capacity as registrar for your domain will act on your behalf towards the Registry Operator in all matters concerning registration, renewal and maintenance of your domain. If you yourself are not the Registered Name Holder, but are ordering or paying for services or otherwise controls the management of the domain name on behalf of the Registered Name Holder, then you acknowledge and warrant that you have obtained the Registered Name Holder's explicit permission to act on its behalf and enter into this Agreement, and that the Registered Name Holder has been informed of all relevant parts of this Agreement pertaining to its domain name registration.
- Account Holder: The Account Holder means the person or legal entity who controls the username and password for managing the domain name in Domainnameshop's control panel at https://domainnameshop.com/login. If you are the registrant of the domain, you authorize that the Account Holder may update nameservers, DNSSEC parameters, contact information and all other domain name data on your behalf. You understand that this authorization can only be revoked for as long as you are still listed as the registrant in the domain name record. You further agree to release, indemnify, defend, and hold harmless Domainnameshop against any claims, losses, and liabilities arising out of any dispute between you and the Account Holder.
- License of use: A Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the domain name.
- Accuracy of registration data: You agree to provide Domainnameshop with accurate and reliable contact details and to correct and update them within 7 (seven) days of any change during the term of the domain name registration. If you intentionally provide inaccurate or unreliable information, fail to update the information within 7 (seven) days of any change, or fail to respond over 15 (fifteen) days to Domainnameshop's inquiries about the accuracy of the contact details, this shall constitute a material breach of this Agreement and be a basis for suspension and/or cancellation of the domain name registration.
- Data processing and publication: You understand and consent to that Domainnameshop may store and process the contact data you provide under "Required Information" above and share this information with Registry Operators and law-enforcement authorities for the purpose of identifying and contacting the Registered Name Holder, administrative or technical contact in the event of a domain name dispute, suspicion of unlawful activities, technical problem or other urgent issue relating to the domain. You may access and update the contact data at any time from the control panel at https://domainnameshop.com/login. Domainnameshop agrees that we will not process the contact data in a way that is incompatible with the purposes set forth above, and that we will take reasonable precautions to protect contact data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. If you provide contact data on any third party person who has not entered into this Agreement, you represent that this person has been informed about and consented to the data processing principles outlined above. You further agree that the following information may be made publicly available on the Internet via WHOIS (e.g. https://domainnameshop.com/whois) and other means: (1) the domain name registered; (2) the name, postal address, email address, and telephone and fax numbers for the registrant and contact persons for the domain (if required by the WHOIS policy for the TLD); (3) the hostnames and IP addresses of the nameservers for the domain, and, (4) the date of registration, date of last modification and expected expiration date. For details on which data elements that are published in WHOIS, please refer to the WHOIS policy for each TLD (see list in Appendix 2). For more detailed information regarding processing and publishing of personal data, please refer to our Privacy Policy.
- Dispute resolution: You agree to be bound by the appropriate domain dispute resolution policy ("Dispute Policy") applicable to the domain that you have selected. The Dispute Policies are hereby incorporated and made a part of this Agreement by reference (see Appendix 2). Certain disputes, as specified in the applicable Dispute Policy, are subject to that Policy. In the event such dispute arises, you agree that you will be subject to the provisions specified in the Dispute Policy in effect at the time your domain registration is disputed by a third party. The Dispute Policy may be modified at any time by the applicable Registry Operator(s) and your continued use of the domain registered to you after any such Dispute Policy modification shall constitute your acceptance of the modified Dispute Policy.
- Right to refuse or cancel registration: Domainnameshop reserves the right to reject your domain name application for any reason it may see fit, for example in case of suspicion of inaccurate information provided by you, suspicion that the domain will be used for any unlawful purpose, or if Domainnameshop has doubts about your credibility or solvency. You also agree that a successful domain name registration may later be subject to suspension, cancellation or transfer (1) if an ICANN adopted specification or policy requires it, (2) to correct mistakes by Domainnameshop or the Registry Operator in registering the domain name, or (3) for the resolution of disputes concerning the registered domain name.
- Submission of application does not guarantee registration: A successfully submitted domain name application to Domainnameshop is no guarantee that the domain can actually be registered. The domain may be reserved or prohibited to register, it may be registered by someone else, the application may be incomplete, there may be technical errors (for example incorrect configuration of nameservers), or other errors that prevent the domain from being registered. As a registrar, Domainnameshop's responibility is restricted to forwarding the application from you to the Registry Operator for the TLD in question and communicate the result of the registration request from the Registry Operator back to you. Domainnameshop shall not be held liable for any possible errors or inaccuracies related to the submission of the application to the Registry Operator, whether caused by you, by Domainnameshop or by the Registry Operator. Applications are normally forwarded promptly from Domainnameshop to the Registry Operator, but no guarantee about this is given. Please note that it may happen that a domain name is available at the time you submit your application to Domainnameshop, but not at the time Domainnameshop forwards the application to the Registry Operator. Domainnameshop strongly discourages that you start using the domain name on material for commercial purposes, business cards etc., before you have received a confirmation from Domainnameshop that the domain has been successfully registered.
- Renewal and expiration of domain: You are solely responsible for ensuring that any and all domains and additional services are renewed prior to their expiration date, should you so desire their renewal. Domainnameshop shall have no liability to you or any third party in connection with the renewal, including, but not limited to, any failure or errors in renewing the services. You may be notified at Domainnameshop's sole discretion when renewal fees are due. Should these fees go unpaid within the time specified in a notice or reminder regarding renewal, your registration will be cancelled and the domain deleted from the registry. If your billing information is not accurate, you are solely responsible for the failure to renew.
- Restoration of deleted domain: For registries that enforce a Redemption Grace Period (RGP), a deleted domain may be restored by paying an additional redemption restoration fee in addition to the annual renewal fee, within the time frame of the grace period, as defined by the Registry Operator (usually 30 days). For registries that do not have a RGP policy, restoration of a deleted domain is not possible. The redemption restoration fee for a given TLD can be found in our pricelist on https://domainnameshop.com/pricelist.
- Change of registrant: You agree that any change to the registrant name, registrant organization or registrant email address of a domain name under a gTLD is to be considered a change of registrant, and that the ICANN Inter-Registrant Transfer Policy, as specified on https://www.icann.org/resources/pages/transfer-policy-2016-06-01-en will apply to any such changes. In particular, you agree that a change of registrant must be approved by both the current and the new registrant, and that the new registrant must accept to enter into this Agreement before the change of registrant can be processed. If you are the current registrant of the domain, you further agree that the Account Holder for your domain may act as a "Designated Agent" according to the ICANN Inter-Registrant Transfer Policy, and you give your explicit authorization that the Account Holder may approve the change of registrant on your behalf.
- Registrar transfer: When initiating a transfer into Domainnameshop, you must complete all required information requested through the online transfer application, i.e. contact information, nameserver information, etc., and the registrant must accept and enter into this Agreement. Domainnameshop may choose to accept or reject your domain name transfer application for any reason at its sole discretion. If a domain name is transferred away from Domainnameshop to another registrar, then you are not entitled to any refund for the remaining term. You understand and acknowledge that according to the ICANN Inter-Registrar Transfer Policy, as specified on https://www.icann.org/resources/pages/transfer-policy-2016-06-01-en, you may not transfer a domain that is under a gTLD to another domain registrar during the first 60 (sixty) days from the effective date of your: (1) initial domain registration, (2) completion of a domain transfer into Domainnameshop, or (3) change of registrant of the domain name. Your request to transfer a domain to another registrar may be denied in situations described in the Dispute Policy, including, but not limited to, a dispute over the identity of the domain holder; bankruptcy; and default in the payment of any fees. You agree that Domainnameshop may, but is not obligated to, automatically opt your domain name into its transfer lock service to help protect against unauthorized transfers. Domainnameshop does not warranty nor guarantee that the service will prevent any unauthorized transfer of domain name(s). You may log in to your account and disable this service at anytime if you do not wish to use the service. Domainnameshop will not be liable for any inconvenience this may cause you to properly transfer your domain. You are solely responsible for a failure to transfer the domain, and Domainnameshop shall not be liable for such a failure.
- Domain authorization code (AUTHINFO): You agree that Domainnameshop may set an authorization code (AUTHINFO) for your domain with the Registry Operator, to protect your domain from unauthorized transfers. You also agree that Domainnameshop may change the authorization code periodically, and that Domainnameshop may refuse to give out the current authorization code by any other means than by email to the email address of the Registered Name Holder or Account Holder, as specified in the current contact information for your domain.
- Domain parking page: If you choose to use Domainnameshop's nameservers for your domain, and you do not specifically add any DNS records through the control panel, your domain will be "parked" with Domainnameshop, i.e. Internet users that type in your domain in a web browser will be redirected to a Parking Page. By using Domainnameshop's nameservers, you hereby consent to and authorize Domainnameshop's placement of a Parking Page on your parked domain. In the event that your domain registration expires and is not renewed on time, you also authorize Domainnameshop to change the nameservers for your domain and redirect it to a Parking Page. You may change the nameservers back again (or "un-park" the domain) after the renewal is complete.
- Pre-orders: The following additional terms and conditions contained in this section apply where you authorize and direct Domainnameshop to attempt to register a domain name if and when the applicable Registry Operator launches a new TLD, a new domain policy, or a new service ("Pre-Order"). By Pre-Ordering a domain registration, you understand and agree that Domainnameshop shall make a good faith effort to contact the applicable Registry Operator and to register the selected domain name on your behalf, as soon as practicable after the launch of the new policy, service or sunrise period, should that domain name become available for registration. In order to place an order for a Pre-Ordered domain name, you agree to pay any and all fees to Domainnameshop as set forth on our website and in accordance with the terms of this Agreement. You understand and agree that any such successful registration of a Pre-Ordered domain name is subject to the terms and conditions of this Agreement. You understand and agree that the registration of domain names is on a first-come first-served basis. You also acknowledge and agree that the domain name you select for Pre-Order may not become available, for any number of reasons, including but not limited to, the reserved-status of new top-level domain names, blocked status, or the prior registration of the domain name by another party. Domainnameshop makes no guarantees, representations, or warranties that a particular domain name will be available now or in the future, or at any time. You acknowledge and agree that Domainnameshop shall have no liability for the inability to register, or non-completion of registration of, a Pre-Ordered domain name. You acknowledge and agree that, from time to time, the applicable Registry Operator may impose limited and/or temporary restrictions on use for domains available through newly launched policies, services or sunrise periods, including, but not limited to, the ability to set WHOIS contact information, nameservers or transfer lock status. You acknowledge and agree that Domainnameshop shall have no liability for any such restrictions or limitations on use.
- Premium domain names: Some Registry Operators have implemented tiered pricing, where certain domain names are categorized as "premium names" and may only be registered and/or renewed at a higher price than the standard price. You understand and acknowledge that the price list on https://domainnameshop.com/pricelist only displays standard prices. Domainnameshop will attempt to check with the Registry Operator if a domain has a premium price before displaying the search results, but we give no guarantees that the domain can actually be registered/renewed at the listed price.
- Internationalized Domain Names (IDNs): When registrering a domain name containing non-ASCII characters, so-called IDNs (Internationalized Domain Names), it is your responsibility to ensure that any users who wish to access the domain have the necessary software installed. Domainnameshop is not responsible for any problems relating to the inability to utilize such domains due to lack of support for IDN in the end users' software.
- Additional terms for gTLDs: Domainnameshop is an ICANN accredited registrar and operates under the 2013 Registrar Accreditation Agreement (RAA). As a registrant of a gTLD through Domainnameshop, you have certain rights and responsibilities, as explained on https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en. You agree to submit to proceedings under ICANN's Uniform Domain-Name Dispute Resolution Policy (UDRP), available at http://www.icann.org/udrp/. You understand that ICANN may update its rules, procedures and policies for gTLDs from time to time, and that it is your responsibility to obtain, read, understand and abide by these rules, procedures and policies as soon as they are published on ICANN's website.
- Additional terms for .no domains: You understand that Domainnameshop is not allowed to submit your domain name application to the .no Registry Operator, Norid AS, before we have received an electronic signature/acceptance of the Applicant's Declaration (Egenerklæring ved søknad om domenenavn), and that applications will be processed in the order which we receive the Declarations, not the actual applications. You acknowledge that Domainnameshop may choose to reject the Applicant's Declaration if we suspect that the person who has signed the Declaration is not the person specified in the application, or is not authorized to sign documents on behalf of the entity applying for the domain.
- Additional terms for .dk domains: When ordering a .dk domain name you at the same time give your consent to waive your right of cancellation in accordance with the Danish Consumer Contracts Act (Forbrugeraftaleloven). If your residence is in Denmark, the .dk Registry Operator, Punktum dk A/S, will validate your name and address information with the information in either the Danish Civil Registration Register (CPR-register) or the Danish Central Business Register (CVR-register). Punktum dk is entitled to delete your registration of a domain name in case your name and address information cannot be validated. According to the Danish Act on Internet Domains your information regarding name, address and phone number shall be publicly available. This is done in the public WHOIS database which contains information of all registered .dk domain names. A natural person having name and address protection in the Danish CPR-register or according to another country's legislation may be anonymous in the WHOIS database.
- Additional terms for .se domains:
Domeneshop AS is an official registrar for the Swedish top-level domain .SE. We process personal data for .se domains in accordance with the Swedish "Personal Data Act" (1998:204) and .SE's integrity policy. Our customer service level commitments for holders of .se domains are explained on https://domainnameshop.com/se.
- Additional terms for .uk domains: Domeneshop AS is an official Nominet Member and a Channel Partner for the .uk top-level domain. Our customer service level commitments for holders of .uk domains are explained on https://domainnameshop.com/uk. You understand and agree that the .uk Registry Operator, Nominet, will attempt to validate your name and address information and that the domain name may be deactivated or deleted if the validation procedure is not completed on time.
- Acceptance of Registry Operator's policies, terms and conditions: The Registry Operator for each TLD has its own set of policies, terms and conditions. You agree to obtain, read, understand and abide by the rules set forth in these policies for each of the TLDs applicable to you. The policies for each TLD are listed and referenced in Appendix 2 for your convenience. However, you yourself are responsible for obtaining the latest version of the policies applicable to you, in the case that the links provided are no longer current.
- Hosting service: With "hosting service", we refer to any service that utilizes Domainnameshop's servers or IP addresses. This includes, but is not limited to, web hosting, email, unix shell access, database access, our site builder, our web forwarding service, and use of our nameservers (DNS). All hosting services are subject to our Acceptable Use Policy (AUP) and to the limitations and restrictions specified in our FAQ, such as rate limiting of email messages and database queries, memory restrictions on PHP scripts and running processes, etc. We reserve the right to update our FAQ with new limits and restrictions at any time, and these new limits and restrictions will come into effect at the time of publishing.
- Web hosting: The web hosting service ("web hosting" or "hosted website") is a service where you rent disk space on one of Domainnameshop's servers. You are assigned a username and a password, which gives you access to your own file directory for storage of files (web pages, documents, images, scripts, programs, etc.) that you upload yourself via a file transfer program. You understand and agree that Domainnameshop only provides the disk space, and that you take full responsibility for the contents of all files that are uploaded to your hosted website. If you install any scripts or programs, you agree to keep these up to date at all times, and to promptly upgrade to a newer version whenever needed to fix security issues. You further agree to assume full and complete responsibility for, and agree that Domainnameshop shall have no responsibility or liability for, your end users' content and all activities on your website (e.g. contents in a forum or comments on a blog). You understand and agree that, if you transfer your domain name or web hosting service to a third party in conjunction with a live website or allow your domain name registration to expire, you will no longer be able to use and/or access your hosted website with us.
- Email service: You agree not to use the email service to send unsolicited messages ("spam"), neither to private persons nor to companies/organizations. You understand and acknowledge that Domainnameshop may filter email messages from/to your email addresses with us, in order to reduce the amount of spam messages going through our servers. Domainnameshop takes no responsibility or liability for email that is delayed, rejected or incorrectly flagged as spam (false positives). Neither do we take any responsibility or liability for unwanted messages that are delivered to your inbox without being flagged or rejected by our spam filter.
- Content restrictions: You agree and warrant not to use our hosting services to distribute or promote pornographic, racist or obscene material, material that expresses religious or political extremism, material that harass or threaten third parties, or material that violates or infringes the intellectual property rights of others. We also do not allow contents related to gambling or online pharmacies. Domainnameshop reserves the right to, promptly and without prior notice, deactivate services and delete material that may fall under the above mentioned categories, or material that Domainnameshop considers to be objectionable, unethical or in violation of our Acceptable Use Policy (AUP). If in doubt whether the content you intend to distribute is within the boundaries of what we allow, please contact us for a clarification prior to publishing.
- Security and confidentiality of hosting data: All hosting services provided by Domainnameshop operate in a shared server environment, where multiple customers and users have login access to the same physical file and database resources. It is your responsibility to make sure that the permissions on all your files and databases are set as restrictive as necessary in order to limit access only to the intended users or recipients, and that you are always using strong passwords that are hard to guess or crack. If not, Domainnameshop cannot guarantee the integrity and confidentiality of your data, and you risk the possibility that unauthorized users may access your data. Domainnameshop does not take any responsibility for a breach of security resulting out of your failure to set correct permissions or use strong passwords.
- Limitation of bandwidth and system resources: All our hosting services normally include unlimited traffic and free use of scripts and programs (CGI, PHP, etc.) on hosted websites where this is enabled. However, Domainnameshop reserves the right to temporarily or permanently restrict the available bandwidth in cases where a hosted website is using bandwidth to an extent that is endangering the security and stability of our systems. Domainnameshop also reserves the right to, promptly and without prior notice, disable or delete scripts and programs that use system resources (CPU, memory, etc.) to an extent that is endangering the stability of Domainnameshop's servers, exceeds the limits and restrictions given in our FAQ, or if they contain security holes enabling non-authorized users access to resources on Domainnameshop's network. Current recommended and/or enforced resource limits are listed in our FAQ:
- Data Processing Agreement: If you decide to use our hosting services to store or transfer personal data, then it is your responsibility to make sure that you are complying with all applicable legislation relating to data protection and privacy, including the Norwegian Personal Data Act (Personopplysningsloven) and the European Union's General Data Protection Regulation (GDPR). Examples of personal data include names, birth dates, postal addresses, phone numbers, email addresses, IP addresses or any other data that may be used directly or indirectly to identify natural persons. By using our hosting services to store or process these types of data, you assume the role of a Data Controller, whereas Domainnameshop as the hosting provider becomes a Data Processor. The relation between the Data Controller (you) and the Data Processor (us) is regulated through a Data Processing Agreement (DPA). Our standard DPA is attached to this Agreement in Appendix 3. Here we provide a high-level description of how we store and protect your hosting data. Ultimately, you as the Data Controller must decide if the descriptions and warranties we give are sufficient for you to utilize our hosting services to store and process the types of personal data you intend to.
In Domainnameshop we take your privacy seriously. All personal data are collected, stored, processed, transferred and disposed of in accordance with the Norwegian Personal Data Act (Personopplysningsloven) and the European Union's General Data Protection Regulation (GDPR). This Privacy Policy explains in detail how we process personal data.
- Who we are and how to contact us:
The entity responsible for collecting and processing personal data (the data controller) is Domeneshop AS, a private limited liability company incorporated in Norway with registration number 930834408. Our contact information is available on
https://domainnameshop.com/contact.
- Personal data we collect from you:
There are three categories of data we collect from you that may contain personal data:
- Domain contact data: Data you submit to us in order to identify the registrant, administrative contact and/or technical contact in relation to a domain name registration. This includes name, address, phone number, fax number (optional) and email address. In addition, birth date is collected if required by the applicable TLD. National identity number is only collected for TLDs that require this. For Norwegian citizens/residents applying for a .no domain, the national identity number is collected and stored with the .no Registry Operator, Norid, and a PID number is issued in its place (see https://pid.norid.no/). Domainnameshop only collects and processes this PID number, not the national identity number that it is linked to.
- Customer contact data: Data you submit to us in order to identify the Account Holder and/or billing contact in relation to a domain name registration or hosting service. This includes name, address, phone number and email address(es).
- Automatically collected data: Data that you do not submit to us directly, but that are automatically gathered by our system when you or the users of your hosting services interact with our servers, pay invoices from us or contact our customer support. This category includes web server access logs, email server logs, your list of email correspondents (address book) when using our webmail service, notifications of payments to our bank account, support history, and other automatically generated system logs. Such logs may include timestamps, IP addresses, email addresses, bank account numbers, names, HTTP request headers and other data. Our webpages also make use of cookies, which may be used to identify individual persons. An explanation of how and why we use cookies is given in our FAQ.
- Purpose of processing of personal data:
- Your domain contact data (category 1) is used by Domainnameshop to identify the holder and contact persons for a domain name. In addition, we will use your customer contact data (category 2) to send you invoices. Both are necessary for us to be able to fulfill our agreement with you, cf. GDPR Article 6 point (b) of paragraph 1.
- We may also send you annual reminders to keep your contact information up-to-date and other notifications. The legal basis for the processing is our legitimate interest in communicating important information to customers, cf. GDPR Article 6 point (f) of paragraph 1.
- Automatically collected data (category 3) may be used by Domainnameshop to maintain, protect and improve our services, to provide you with a better customer support experience, and to detect, prevent, or otherwise address fraud, security or technical issues. The legal basis for the processing is GDPR Article 6 point (f) of paragraph 1 - our legitimate interest in safeguarding security and improving our services.
- Via the account settings, you can choose to subscribe to our newsletter, offers and campaigns. You can also accept SMS with payment reminders and other important information about your customer relationship. The legal basis for the processing is your consent, cf. GDPR Article 6 point (a) of paragraph 1.
Please note that the Registry Operator may publish the contact information, either partly or in full, in their WHOIS database, depending on their policy. This is done in order to have a way to contact the person(s) responsible for the domain name, e.g. in case of technical problems with the domain, if the domain is being abused for spam, fraud or criminal activities, or if a dispute over third party rights to the domain name should arise. We recommend that you always read the privacy policy of the relevant Registry Operator.
- How you can access and update your personal data:
You can access and update your contact data for your domains and for your account with us at any time from the control panel at https://domainnameshop.com/login. Here you can also delete any information that is optional and not needed for the domain management process.
- How we share your personal data:
- We will share your domain contact data with the Registry Operator for the applicable TLD, as required to carry out the domain name registration and management process. This is necessary to fulfill our agreement with you, cf. GDPR Article 6 point (b) of paragraph 1.
- We may also share personal data with third parties who have a legitimate interest for this, cf. GDPR Article 6 point (f) of paragraph 1. This may be, for example, to enable domain name transfers, to initiate contact with the domain name registrant or account holder, to renew a domain that is about to expire, or to investigate technical problems. We may also share your contact data with the dispute resolution provider according to the applicable domain name dispute resolution policy. In addition, for domain names that are under a gTLD, we are contractually obligated by ICANN to publish domain contact data in WHOIS and to deposit these data to the data escrow provider DENIC Services GmbH & Co. KG on a weekly basis, as a backup measure in the unlikely event that the contact information is lost from the domain name registry if the Registry Operator goes bankrupt or is subject to unrecoverable technical failure and data loss.
- Domainnameshop is part of Miss Group, and we can share personal data with other companies in the group on the basis of our and the recipients' legitimate interest when the conditions are met, cf. GDPR Article 6 point (f) of paragraph 1. Sharing of personal data can be necessary for reasons of personnel management, collaboration across companies for marketing purposes and facilitating organizational restructuring. In some cases, companies in the group may process personal data on our behalf in accordance with a data processing agreement.
- We may also share your personal data in order to pursue any legal claims against you, for example in the event of infringement of the intellectual property rights of others, in the event of fraud or other criminal activity.
- In addition, we may share personal data with Norwegian police or other public authorities if presented with a court order, seizure warrant or other equivalent request for disclosure of information. In some cases, we will also be legally obliged to share personal data with accountants, auditors or tax authorities.
- Transfer of personal data outside EU/EEA:
Several Registry Operators that we transfer personal data to are located outside the European Union and the European Economic Area. These include VeriSign (USA), Public Interest Registry (USA), Identity Digital (USA), GoDaddy Registry (USA), Tucows Registry (Canada), CIRA (Canada), Nominet (UK), CentralNic (UK), CI Domain Registry (Guernsey), SWITCH (Switzerland) and GMO Registry (Japan). See full list in Appendix 2. When personal data are transferred between us and the Registry Operator, the information is always encrypted using TLS encryption of the underlying data transfer protocol (EPP or FTP).
The aforementioned countries are all subject to a decision on an adequate level of protection by the European Commission, which means that personal data can be transferred to these countries on the same terms as countries within the EU/EEA. For some of the countries (e.g. USA), the adequacy decision is conditional, which means that it only covers certain businesses or sectors in the country. In the event that a Registry Operator is not subject to an adequacy decision, we will provide a transfer basis according to GDPR Chapter V, for example the European Commission's standard clauses.
- Automatic processing and decision-making based on personal data:
The personal data you submit to us are subject to a number of automatic checks, and data that do not pass the checks may be rejected or flagged for manual inspection before forwarding your information to the Registry Operator. For example, we may check that the address is syntactically correct, that the zipcode matches the city/place name and that the country you have specified matches the country of your IP address.
- Your rights:
- Right to access: You have the right to access and to obtain a copy of the personal data we have registered about you, as long as the obligation of confidentiality does not prevent this. In order to ensure that personal data are handed over to the right person, we can require that access requests take place in writing and that your identity must be verified.
- Right to object: In certain cases, you have the right to object to the processing of personal data.
- Right to rectification, erasure and restriction: In some cases, you have the right to demand that we delete or correct personal data we have stored about you. In some situations, you can also ask us to limit the processing of information about you.
- Right to data portability: If you decide to transfer your domain name(s) away from us, all contact information relating to your domain(s) will still be present in the Registry Operator's central registry database in a standardized format, and can be automatically transferred to your new registrar of choice using the EPP registry-registrar protocol.
- How long we keep your personal data:
Personal data are kept for the duration of the term of the domain name registration service or hosting service and for at least 2 years after the termination of the service. Personal data pertaining to invoices and payments are kept for tax purposes for at least 5 years after the end of the financial year, as required by Norwegian law.
- Personal data processed as part of hosting services:
Any personal data that you or your users submit, upload, send, store or process using the hosting services provided by Domainnameshop are not covered by this Privacy Policy. This includes personal data that are uploaded to your website, personal data that you store in files or in a database on Domainnameshop's servers, personal data that are sent by email to or from you, or any other personal data that you collect, store, transfer or process using our hosting services that are not explicitly requested by us for fulfillment of the domain name registration process or the services we provide to you. Domainnameshop is not the data controller for such personal data, only a data processor who processes personal data on your behalf. You as data controller are responsible for handling all such personal data in accordance with current privacy laws and regulations, and for publishing your own Privacy Policy. For details on how Domainnameshop processes and protects personal data as part of our hosting services, please refer to our Data Processing Agreement.
- Your right to complain:
If you are a natural person residing in the European Union or European Economic Area and you believe that our use and processing of your personal data are not in compliance with the General Data Protection Regulation (GDPR) or any other applicable legislation, you have the right to complain to the Supervisory Authority in either Norway (Datatilsynet) or in your country of domicile.
The Registry Operators for the TLDs we offer and their respective policies are listed and referenced below for your convenience. However, you yourself are responsible for obtaining the latest version of the policies applicable to you, in the case that the links provided here are no longer current.
between
Domeneshop AS
Christian Krohgs gate 16, 0186 Oslo, Norway
Registration number: 930834408
("Domainnameshop")
and
Each individual customer who uses Domainnameshop's hosting services
("Data Controller")
1. Definitions
"Data Processing Agreement" (abbreviated "DPA") means the provisions set out in this agreement.
"GDPR" means the General Data Protection Regulation (EU) 2016/679, as adopted by the European Parliament and Council on 14 April 2016.
"Privacy legislation" means all applicable laws and regulations relating to data protection and privacy, including the GDPR and the Norwegian Personal Data Act (Personopplysningsloven).
"Personal data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Data subject" means the individual to whom a specific set of personal data relates.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this DPA, Data Controller shall refer to the customer.
"Data Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller. In this DPA, Data Processor shall refer to Domainnameshop.
"The Parties" means the Data Controller and the Data Processor when they are referred to jointly.
"Sub-Processors" means other Data Processors that Domainnameshop uses to process personal data.
"Supervisory Authority" means an independent public authority which is established by a EU/EEA member state pursuant to GDPR Article 51. In Norway, the Supervisory Authority is Datatilsynet.
2. Background and objectives
This Data Processing Agreement is an addendum to the Terms and Conditions for Hosting Services ("Hosting Agreement") that comes into effect when the Data Controller uses any of Domainnameshop's hosting services (DNS, email, web hosting, etc.) to store, transfer or otherwise process personal data. It describes the rights and responsibilities for the customer as Data Controller and Domainnameshop as Data Processor.
The objective of this DPA is to:
- regulate the Parties' rights and obligations when processing personal data;
- ensure that the requirements of the Privacy legislation are complied with when implementing the Hosting Agreement; and
- ensure that personal data are not processed unlawfully, comes into unauthorized hands or is processed for purposes other than those stipulated in this DPA.
In the event of a conflict between the provisions of this DPA and other agreements between the Parties, including the Hosting Agreement, the provisions of the DPA shall prevail.
3. Scope, purpose and duration of the processing
Domainnameshop will make its hosting servers available to store and process the Data Controller's data, including any personal data. The purpose of the processing is to allow the Data Controller to use Domainnameshop's storage space, processing power and bandwidth capacity to upload, transfer and process personal data as part of the hosting services provided to the Data Controller. The duration of this DPA shall be as long as Domainnameshop processes personal data on behalf of the Data Controller.
Categories of personal data may be customers, suppliers, employees, members, students, visitors, participants, users or any other groups of natural persons, as defined by the Data Controller.
Types of personal data may be names, birth dates, postal addresses, phone numbers, email addresses, IP addresses, usernames, passwords, customer numbers, national identity numbers, credit card numbers, purchase history, log files, user behaviour and preferences, location data, photographs, video clips, or any other types of data, as defined by the Data Controller, that may be used alone or in conjuction with other data to identify a natural person.
4. Data Controller's rights and responsibilities
The Data Controller's instructions to Domainnameshop are set out in this DPA with appendices. By uploading or transferring personal data using Domainnameshop's hosting services, the Data Controller grants Domainnameshop permission to store the information on its servers and to implement the necessary security measures to protect the information against unauthorized access and accidental data loss. The Data Controller can give subsequent instructions as long as Domainnameshop processes personal data on behalf of the Data Controller. Such subsequent instructions must be given to Domainnameshop in writing and must be documented.
The Data Controller commits to:
define the categories of personal data and the types of personal data that are to be processed, and to determine the purposes for which and the manner in which any personal data are processed;
make sure that all personal data are processed according to current Privacy legislation, including the GDPR;
when transferring and storing personal data using Domainnameshop's hosting services, to pay attention to the security recommendations set out in Schedule 1 of the DPA; and
immediately notify Domainnameshop if the Data Controller believes that instructions or demands from Domainnameshop are in breach of current Privacy legislation.
The Data Controller also has the right to terminate the Hosting Agreement and DPA with Domainnameshop if Domainnameshop no longer fulfills its obligations according to GDPR Article 28 paragraph 1.
5. Data Processor's rights and responsibilities
The Data Processor must only collect, register, compile, store or in other ways process personal data to the extent necessary to fulfill the Hosting Agreement and the DPA. The Data Processor shall, as a general rule, treat all data that are transferred or stored as part of the Hosting Agreement as potentially containing personal data, and protect them accordingly.
The Data Processor commits to:
only process personal data according to documented instructions from the Data Controller, unless otherwise required by Union law or national law. In that case, Domainnameshop must notify the Data Controller of the legal obligation in advance of the processing, unless the relevant law prohibits such information being provided for reasons of public interest.
make sure that all employees of Domainnameshop that have access to personal data are authorised to do so and will treat the data confidentially in accordance with a confidentiality agreement or statutory duty of confidentiality. The confidentiality obligation also applies after the termination of the DPA. Domainnameshop shall not disclose or give access to the personal data to anyone other than its own employees, Sub-Processors or to employees of the Data Controller, without this being agreed in writing with the Data Controller or following a law, regulation or decision by a public authority.
have in place the necessary technical and organisational security measures according to GDPR Article 32 to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. The security measures are described in more detail in Schedule 1 of the DPA.
comply with the conditions set forth in GDPR Article 28 Paragraphs 2 and 4 when it comes to engaging another Data Processor. Domainnameshop does not use any Sub-Processors at the time of the agreement. The Data Controller accepts that Domainnameshop may engage Sub-Processors in the future. In such a case, Domainnameshop must notify the Data Controller of the name and contact information of Sub-Processors in advance. The Data Controller has the right to object to the use of Sub-Processors. If the Data Controller objects to the use of a new Sub-Processor, the Data Controller must inform Domainnameshop without undue delay. If Domainnameshop engages a Sub-Processor, the relevant Sub-Processor shall be subject to the same obligations as stipulated in this DPA. Domainnameshop stores the Data Controller's data on servers in the EU/EEA. An exception applies to DNS zone data, which may be stored on servers worldwide for optimal performance.
taking into account the nature of the processing and to the extent possible, relay to Data Controller any inquiries from Data subjects about exercising their privacy rights according to GDPR Chapter III, such as the right to access, rectification and erasure.
assist Data Controller in ensuring compliance with the relevant requirements pursuant to GDPR Articles 32-36 insofar as this is possible, taking into account the nature of processing and the information available to Domainnameshop, and to inform Data Controller without undue delay if a security breach should occur, including the information needed for Data Controller to notify the Supervisory Authority and/or the Data subjects if need be.
within 12 months after the termination of the Hosting Agreement, delete all personal data that have been processed on behalf of the Data Processor, including any backups. Exceptions apply if Union law or national law require the personal data to be kept further.
upon request, contribute to audits and inspections and make available to Data Processor all information needed to demonstrate compliance with Domainnameshop's obligations as Data Processor according to this DPA and the GDPR. The Data Controller has the right to carry out such audits at its own expense, a maximum of once a year with four weeks' advance notice.
Domainnameshop must immediately notify the Data Controller if Domainnameshop believes that instructions or demands from the Data Controller are unreasonable to comply with or in breach of current Privacy legislation. Domainnameshop has the right to terminate the Hosting Agreement and DPA with the Data Controller if the Data Controller gives illegal or unreasonable instructions or demands and do not accept to change these after being notified of it.
6. Governing law and jurisdiction
This Data Processing Agreement is subject to Norwegian law. The Parties agree to submit to the jurisdiction of the Oslo District Court.
Schedule 1: Security measures and recommendations
Domainnameshop has implemented a large variety of security measures, both technical and organisational, to protect the integrity and confidentiality of the Data Processor's data. At Domainnameshop, risk analysis and data protection is a continuous process. Security measures that have been implemented include, but are not limited to:
- Physical access control to hosting servers
- Firewalls for intrusion detection and prevention
- Redundant storage (RAID) and power supply (UPS)
- Routine backup procedures with backup servers in a separate physical building (in case of fire, flood or other disaster)
- Short response time for applying security updates (to prevent zero-day exploits)
- Use of strong encryption when moving data between servers
- Logging to detect and prevent security incidents and to provide audit trails
- Disaster recovery planning and testing
In a shared server hosting environment like Domainnameshop's, simple user errors by the Data Processor such as setting wrong file permissions on a file may jeopardize the security of the data. Domainnameshop therefore emphasizes the importance of the Data Controller setting correct permissions on all files and databases, and using strong passwords for all login accounts.
Here are some additional security recommendations that the Data Controller should follow to protect the data:
- When using Domainnameshopp's web hosting services for the processing of personal data, all web traffic should be encrypted using HTTPS instead of normal (unencrypted) HTTP. For all web hosting packages, Domainnameshop offers free HTTPS encryption with algorithms and certificates according to current industry standards. However, it is the Data Controller's responsibility to ensure that this has been activated in the control panel.
- Domainnameshop also recommends that when personal data are transferred to or from hosting servers using the FTP protocol, or when email is send using SMTP or read using POP or IMAP, that the encrypted (SSL/TLS enabled) variants of these protocols are used. Domainnameshop supports both encrypted and unencrypted data transfer, but the Data Processor must make sure that the client software that is being used has been configured to use SSL/TLS encryption.
- For storing passwords, it is recommended that, when technically possible, these are stored in an encrypted or hashed form instead of cleartext.
- Use of Domainnameshop's shared server hosting environment for processing sensitive personal data is strongly discouraged. Sensitive personal data includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. For such data it is recommended to use a dedicated server or virtual private server (VPS). Domainnameshop does not offer these kinds of services.