Processing and Protection of Personal DataAny data concerning a natural person that has been submitted to the EIF through the registration service or any other kind of operation related to domains constitute personal data. Also, any kind of operation that involves a registrant's personal data constitutes the processing of personal data.
- For the purposes of the Personal Data Protection Act, the EIF is the chief processor of personal data and a registrar is the authorised processor of personal data.
- Personal data is data, which is referring to the natural person. For example personal data is natural person name, address information, health issues, IP-address, e-mail address etc.
- Registrars are obliged to apply security measures for protecting personal data in order to secure them against accidental or unauthorised processing, publication or destruction!
- A registrar may forward personal data at its disposal only to the EIF and the person whom the data concern;
- Personal data submitted by a registrant to the EIF for processing may be disclosed to third persons only in the case and on the basis laid down in law. This may happen e.g. in a situation where a body fulfilling tasks of a public nature (e.g. a court or the Data Protection Inspectorate) requests the personal data of a domain registrant on the basis of legislation.
- Registrars confirm their compliance with the requirements of processing personal data in an annual confirmation letter!
Related sections in the Domain Regulation: 8 with subsections.