Information about how we collect, process and protect personal data when you visit nextregister.eu.
We are very pleased that you have shown interest in our services. Data protection is of particular importance to us. The use of the websites operated under NextHost — NextRegister is generally possible without providing any personal data. However, if a data subject wishes to use specific services via our website, processing of personal data may become necessary. If the processing of personal data is required and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data — such as name, address, email address or telephone number — shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations. Through this privacy policy, we wish to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled.
As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
This privacy policy is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be readable and understandable for the general public, our customers and our business partners. To ensure this, we would like to first explain the terminology used.
In this privacy policy, we use the following terms:
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Justin FrankeOur website uses only technically necessary cookies. We do not use tracking, analytics, marketing or profiling cookies of any kind.
Cookies are text files that are stored in a computer system via an internet browser. Through the use of strictly necessary cookies, we can provide the users of this website with basic technical functionality (e.g. session continuity, remembering the cookie consent banner state). These cookies are essential for the operation of the website and do not require consent under Section 25(2) TTDSG and Art. 6(1)(f) GDPR.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programs.
Our website automatically collects a series of general data and information when the website is accessed by a data subject or an automated system. This general data and information is stored in server log files. The following may be collected:
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for the processing of this data is Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website). Server log files are stored separately from any personal data provided by a data subject and are routinely deleted after no more than 14 days, unless they are required for the documentation of an attack or other security incident.
On our website, we use Google Fonts to display our typography consistently across browsers. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
When you visit a page on our website, your browser loads the required font files directly from Google's servers (fonts.googleapis.com and fonts.gstatic.com). In doing so, your IP address and information about the browser used are transmitted to Google. This data may be processed on servers located in the United States.
According to Google's own statement, no cookies are set when fonts are loaded. The legal basis for this processing is Art. 6(1)(f) GDPR — our legitimate interest in a uniform and aesthetically pleasing presentation of our website. The data transfer to the USA is based on Google's certification under the EU-US Data Privacy Framework as well as standard contractual clauses pursuant to Art. 46(2)(c) GDPR.
You can prevent the loading of Google Fonts by configuring your browser to block JavaScript or by using browser extensions such as NoScript. Disabling Google Fonts may affect the visual appearance of our website.
For further information on Google's handling of user data, please refer to Google's Privacy Policy: https://policies.google.com/privacy
Our homepage embeds a contributor badge from AbuseIPDB, operated by Marathon Studios Inc., 1827 Powers Ferry Rd SE, Building 11, Suite 200, Atlanta, GA 30339, USA ("AbuseIPDB"). The badge is loaded directly from www.abuseipdb.com.
When you access our homepage, your browser establishes a direct connection to AbuseIPDB's servers in order to retrieve the badge image. As part of this connection, your IP address is transmitted to AbuseIPDB. We have no control over what data AbuseIPDB collects through this request or how long this data is retained.
The legal basis for this processing is Art. 6(1)(f) GDPR — our legitimate interest in transparently demonstrating our security commitment and our contributions to the broader internet security ecosystem. The data transfer to the USA is based on standard contractual clauses pursuant to Art. 46(2)(c) GDPR.
For more information on AbuseIPDB's data processing, please refer to their Privacy Policy: https://www.abuseipdb.com/legal
If you contact us via email (e.g. to justin@nxtinfra.net), your message including all transmitted personal data (name, email address, message content, optional attachments) will be processed by our mail provider and stored on our mail server for the purpose of processing your inquiry.
The legal basis for this processing is Art. 6(1)(b) GDPR (where the inquiry relates to a contractual relationship or pre-contractual measures) or Art. 6(1)(f) GDPR (in all other cases, our legitimate interest in responding to inquiries directed at us).
Your inquiry data will be deleted once the matter has been fully resolved and storage is no longer necessary, unless statutory retention obligations apply.
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Each data subject shall have the right granted by the European legislator to obtain confirmation as to whether or not personal data concerning him or her are being processed.
Each data subject shall have the right to obtain from the controller free information about his or her personal data stored at any time, as well as a copy of this information. Furthermore, the data subject is entitled to information about:
Each data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the grounds set out in Art. 17 GDPR applies and the processing is no longer necessary.
Each data subject shall have the right to obtain from the controller restriction of processing where one of the conditions in Art. 18 GDPR applies.
Each data subject shall have the right to receive the personal data concerning him or her, which were provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance, where the processing is based on consent or on a contract and is carried out by automated means.
Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her based on Art. 6(1)(e) or (f) GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her — as long as the decision is not necessary for entering into or performing a contract, authorised by Union or Member State law, or based on the data subject's explicit consent.
Each data subject shall have the right to withdraw his or her consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority responsible for our enterprise is:
Unabhängiges Datenschutzzentrum SaarlandArt. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our services. Where our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Where the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is to operate a stable, secure and visually consistent network and hosting service, to protect our infrastructure from abuse, and to ensure the well-being of all stakeholders involved.
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
Specific retention periods include:
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data which must subsequently be processed by us. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
As a responsible operator, we do not use automated decision-making or profiling.
We reserve the right to amend this privacy policy where required by changes in applicable law, our services or our data processing practices. The current version is always available at https://nextregister.eu/privacy. We recommend that you review this policy periodically.