As part of your relationship with netart.com, your personal data may be processed for the following purposes:

Statistical analysis, satisfaction surveys and improvement of the quality of services provided. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is the possibility of improving the quality of the services provided (Article 6(1)(f) of the GDPR), and to the extent beyond the personal data necessary for the provision of electronic services, the legal basis for the processing of your personal data may be your consent (Article 6(1)(a) of the GDPR in conjunction with Article 18(4) of the Act of 18 July 2002 on the provision of services by electronic means). Your personal data will be processed for the duration of your use of netart.com services and your account in the Client Panel or until you object to the processing of your personal data for the purposes of statistical analyses and satisfaction surveys of netart.com services.

Marketing the services and activities of netart.com. The legal basis for the processing of your personal data will be the realisation of netart.com's legitimate interest in promoting the services and activities of netart.com (Article 6(1)(f) of the GDPR), in connection with consent to send marketing information by means of electronic communication. Your personal data will be processed for the duration of your use of netart.com services and your active consent to send marketing information by electronic means or until you object to the processing of your personal data for marketing purposes.

Payment processing and making settlements. The legal basis for the processing of your personal data will be the performance of a contract to which you are a party (Article 6(1)(b) of the GDPR). Your personal data will be processed until full settlement of the service or until the expiry of the statute of limitations for a claim for payment of remuneration due to us (as a rule, the statute of limitations for our claims for payment of remuneration expires at the end of the calendar year after two years from the date when the remuneration becomes due).

Payment processing and making settlements. In the case of payment processing by means of a Subscription Payment, the basis for the processing of your personal data will be your voluntary consent (Article 6(1)(a) of the GDPR) expressed by providing your personal data as specified in the Subscription Payment activation form and the activation of the Subscription Payment. Your personal data will be processed until you cancel your Subscription Payment or fully settle the service, or until the expiry of the statute of limitations for a claim for payment of remuneration due to us (as a rule, the statute of limitations for our claims for payment of remuneration expires at the end of the calendar year after two years from the date the remuneration becomes due).

Conducting correspondence. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to conduct correspondence within the framework of its business activities (Article 6(1)(f) of the GDPR). Your personal data will be processed for the duration of the correspondence and thereafter until the expiry of the statute of limitations for any claims related to the correspondence (as a rule, the statute of limitations expires at the end of the calendar year after the expiry of three or six years from the due date of the claim) or the statute of limitations for the possibility of imposing an administrative fine.

Operation of the Partnership Program and contests. The legal basis for the processing of your personal data will be the performance of a contract to which you are a party (Article 6(1)(b) of the GDPR in connection with the regulations of the Partnership Program and the regulations of the contest). Your personal data will be processed for the duration of your participation in the Partnership Program and the Partnership Program contest, respectively, and thereafter it will be stored in accordance with the retention period for accounting and tax obligations. If we ask for your consent to publicly disclose information about the winner of a prize in a contest, the legal basis for processing your personal data will be your voluntary consent (Article 6(1)(a) of the GDPR), and your personal data will be published in the websites operated by the company and will be kept there for an indefinite period of time (about two years), depending on the company's business needs, or until you withdraw the consent you have given.

Implementation of accounting and tax obligations. The legal basis for the processing of your personal data will be the performance of a legal obligation (Article 6(1)(c) of the GDPR in conjunction with Article 106e(1) and Article 112 of the Goods and Services Tax Act of 11 March 2004, in conjunction with Article 86 of the Tax Ordinance Act of 29 August 1997). Your personal data will be processed until the expiry of the statute of limitations on tax liability, i.e. for 5 years from the end of the calendar year in which the tax due date has passed.

Registration and maintenance of an account in the Client Panel. The legal basis for the processing of your personal data will be the performance of a contract to which you are a party or taking action at your request prior to entering into a contract (Article 6(1)(b) of the GDPR in conjunction with Article 18(1) and (2) of the Act of 18 July 2002 on the provision of electronic services in conjunction with the General Terms and Conditions of Contracts). Your personal data will be processed until you delete your account in the Client Panel. However, please note that netart.com is entitled to delete your Client Panel account on its own if you have not had an active service for at least three months prior to the deletion of your Client Panel account.

Complaint processing. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is the processing of complaints and defence against claims (Article 6(1)(f) of the GDPR). Your personal data will be processed for the time necessary to process your complaint, and thereafter documents relating to the complaint procedure will be stored until the expiry of the limitation period for claims (as a rule, the statute of limitations expires at the end of a calendar year after the expiry of three or six years from the due date of the claim).

The provision by electronic means of the services included in the netart.com offer. The legal basis for the processing of your personal data will be the performance of a contract to which you are a party (Article 6(1)(b) of the GDPR in conjunction with Article 18(1) and (2) of the Act of 18 July 2002 on the provision of electronic services in conjunction with the General Terms and Conditions of Contracts and the regulations of the service you make use of). Your personal data will be processed for the duration of the provision of services.

Provision of data at the request of entitled authorities. The legal basis for the processing of your personal data will be the performance of obligations provided by law (Article 6(1)(c) of the GDPR in conjunction with Article 18(6) of the Act of 18 July 2002 on the provision of electronic services in conjunction with the provision of national law governing the procedure of entitled authorities, such as Article 15 of the Act of 6 June 1997 Code of Criminal Procedure or Article 248 of the Act of 17 November 1964 Code of Civil Procedure). Your personal data will be processed until the expiry of the statute of limitations for claims - as a rule, this will occur on the last day of the calendar year after the expiry of three or six years from the due date of the claim (note that this period may be interrupted by law, which may result in an extension of the processing period) - or the statute of limitations for the possibility of imposing an administrative fine.

Establishment, exercise or defense of claims The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is to protect the interest of netart.com against claims and to assert claims (Article 6(1)(f) of the GDPR).Your personal data will be processed until the expiry of the statute of limitations for claims - as a rule, this will occur on the last day of the calendar year after the expiry of three or six years from the due date of the claim (note that this period may be interrupted by law, which may result in an extension of the processing period) - or the statute of limitations for the possibility of imposing an administrative fine.

Ensuring the security of services, the network, including preventing unauthorised access to electronic communications networks and preventing damage to computer systems. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to ensure adequate security of the services provided and the business conducted (Article 6(1)(f) of the GDPR). Your personal data will be processed for a period of time that ensures the security of the services, network and information.

As part of your relationship with netart.com, your personal data may be processed for the following purposes:

Conducting correspondence. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to conduct correspondence within the framework of its business activities (Article 6(1)(f) of the GDPR). Your personal data will be processed for the duration of the correspondence and thereafter until the expiry of the statute of limitations for any claims related to the correspondence (as a rule, the statute of limitations expires at the end of the calendar year after the expiry of three or six years from the due date of the claim) or the statute of limitations for the possibility of imposing an administrative fine.

Complaint processing. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is the processing of complaints and defence against claims (Article 6(1)(f) of the GDPR). Your personal data will be processed for the time necessary to process your complaint, and thereafter documents relating to the complaint procedure will be stored until the expiry of the limitation period for claims (as a rule, the statute of limitations expires at the end of a calendar year after the expiry of three or six years from the due date of the claim).

The provision by electronic means of the services included in the netart.com offer. (domain registration services and related services). The legal basis for the processing of your personal data will be the performance of a contract to which you are a party (Article 6(1)(b) of the GDPR in conjunction with Article 18(1) and (2) of the Act of 18 July 2002 on the provision of electronic services in conjunction with the General Terms and Conditions of Contracts and the regulations of the domain registration service and related services). Your personal data will be processed for the duration of the provision of services.

Consideration of complaints.The legal basis for the processing of your personal data will be the implementation of the legitimate interest of netart.com, which is the consideration of complaints and defense against claims (Article 6(1)(f) of the GDPR). Your personal data will be processed for the time necessary to handle the complaint, and then until the expiry of the limitation period for claims (as a rule, the limitation period takes place at the end of the calendar year after three or six years from the due date of the claim).

Provision of data at the request of entitled authorities. The legal basis for the processing of your personal data will be the performance of obligations provided by law (Article 6(1)(c) of the GDPR in conjunction with Article 18(6) of the Act of 18 July 2002 on the provision of electronic services in conjunction with the provision of national law governing the procedure of entitled authorities, such as Article 15 of the Act of 6 June 1997 Code of Criminal Procedure or Article 248 of the Act of 17 November 1964 Code of Civil Procedure). Your personal data will be processed until the expiry of the statute of limitations for claims - as a rule, this will occur on the last day of the calendar year after the expiry of three or six years from the due date of the claim (note that this period may be interrupted by law, which may result in an extension of the processing period) - or the statute of limitations for the possibility of imposing an administrative fine.

Establishment, exercise or defense of claims. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is to protect the interest of netart.com against claims and to assert claims (Article 6(1)(f) of the GDPR). Your personal data will be processed until the expiry of the statute of limitations for claims - as a rule, this will occur on the last day of the calendar year after the expiry of three or six years from the due date of the claim (note that this period may be interrupted by law, which may result in an extension of the processing period) - or the statute of limitations for the possibility of imposing an administrative fine.

Ensuring the security of services, the network, including preventing unauthorised access to electronic communications networks and preventing damage to computer systems. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to ensure adequate security of the services provided and the business conducted (Article 6(1)(f) of the GDPR). Your personal data will be processed for a period of time that ensures the security of the services, network and information.

As part of the use of the netart.com website, your personal data may be processed for the following purposes

Analysis of user activity and preferences. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is to be able to improve the functionalities used on the netart.com website (Article 6(1)(f) of the GDPR) and, with regard to information stored on your telecommunications terminal device, your consent (Article 6(1)(a) of the GDPR). Your personal data will be processed for the duration of your use of the netart.com website or until you lodge an objection, and thereafter - in the case of information retained also after the end of your use of the website - for a period of time allowing the realisation of the purpose related to the analysis of user activity and preferences, and, with regard to information stored in your telecommunications terminal device, no longer than until you withdraw your consent.

Marketing the services and activities of netart.com. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is the promotion of the services and activities of netart.com (Article 6(1)(f) of the GDPR), and, with regard to information stored in your telecommunications terminal device, your consent (Article 6(1)(a) of the GDPR). Your personal data will be processed until you object to the processing of your personal data for marketing purposes and, with regard to information stored on your telecommunications terminal device, until you withdraw your consent.

Conducting correspondence. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to conduct correspondence within the framework of its business activities (Article 6(1)(f) of the GDPR). Your personal data will be processed for the duration of the correspondence and thereafter until the expiry of the statute of limitations for any claims related to the correspondence (as a rule, the statute of limitations expires at the end of the calendar year after the expiry of three or six years from the due date of the claim) or the statute of limitations for the possibility of imposing an administrative fine.

Ensuring the security of services, the network, including preventing unauthorised access to electronic communications networks and preventing damage to computer systems. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com, which is to ensure adequate security of the services provided and the business conducted (Article 6(1)(f) of the GDPR). Your personal data will be processed for a period of time that ensures the security of the services, network and information.
Also read our Privacy Policy, which describes the terms under which we use cookies on our website.

In connection with the specification of your personal data in the Contact Person field or in the Registrant Representative field, we will process your personal data for the following purpose:

Conducting correspondence. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is to conduct correspondence within the framework of its business activities (Article 6(1)(f) of the GDPR). Contact with a Client with the legal status of a company is carried out through a contact person, and with a Registrant with the legal status of a company through a representative of the Registrant. A contact person is a representative of the Client authorised to contact us on behalf of the Client and to receive correspondence addressed to the Client. A Registrant Representative is a representative of the Registrant authorised to contact us on behalf of the Registrant with the legal status of a company and to receive correspondence addressed to such a Registrant. Your personal data will be processed for the duration of correspondence and thereafter until the expiry of the statute of limitations for any claims relating to the correspondence (as a rule, the statute of limitations expires at the end of a calendar year after the expiry of three or six years from the due date of the claim) or the statute of limitations for the possibility of imposing an administrative fine.

Establishment, exercise or defense of claims. The legal basis for the processing of your personal data will be the realisation of the legitimate interest of netart.com which is to protect the interest of netart.com against claims and to assert claims (Article 6(1)(f) of the GDPR).Your personal data will be processed until the expiry of the statute of limitations for claims - as a rule, this will occur on the last day of the calendar year after the expiry of three or six years from the due date of the claim (note that this period may be interrupted by law, which may result in an extension of the processing period) - or the statute of limitations for the possibility of imposing an administrative fine.

In connection with having an account in the Client Panel, using the services of netart.com and having a business relationship with netart.com, recipients of your personal data may be entities such as:

• nazwa.pl sp. z o.o. (ul. Pana Tadeusza 2, 30-727 Cracow) providing services related to the company's day-to-day operations, including customer service, analytical services, marketing services, project support, administrative and legal support, correspondence support, and document storage and destruction services;
• Expert Sender sp. z o.o. (ul. Cypriana Kamila Norwida 1, 80-280 Gdańsk) providing a tool for communication with Clients;
• LINK Mobility sp. z o.o. (ul. Toszecka 101, 44-100 Gliwice) providing an SMS communication tool;
• Rhenus Data Office Polska sp. z o.o. (al. Katowicka 66, 05-830 Nadarzyn) providing document destruction services;
• Rhenus Data Office Polska sp. z o.o. (al. Katowicka 66, 05-830 Nadarzyn) providing services in the field of archiving and destruction of documentation;
• TradeDoubler sp. z o.o. (ul. Puławska 2, bud. C, 02-566 Warszawa) providing affiliate services through its network of publishers;
• DeepL SE (Maarweg 165, 50825 Cologne, Germany) providing machine translation services.
• Thulium sp. z o.o. (Est. Zlotej Jesieni 7, 31-827 Cracow) providing a web chat tool.

In connection with the payment for netart.com services and your choice regarding the form of payment, recipients of your personal data may be entities such as:

• PayPro S.A. (Przelewy24, ul. Kanclerska 15A, 60-326 Poznań) providing support for all payments made online by the Customer (quick transfers, BLIK, card payment agent);
• Adyen N.V. (Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands) providing support for all payments made online by the Client;
• ING Bank Śląski S.A. (Sokolska 34, 40-086 Katowice) offering electronic banking services.

In addition, your personal data may be transferred to the following categories of entities: entities providing legal services and data protection consulting, entities providing accounting services, entities providing tax services, entities providing correspondence services, entities providing marketing services, entities providing analytical services, entities providing other services necessary for netart.com to provide services electronically, authorised entities and authorities.

If we provide you with a web domain registration and maintenance service, the type of recipients of your personal data will depend on the type of domain you register.

The .eu domains are registered by netart.com on the basis of an agreement with NetArt Registrar sp. z o.o. (ul. Pana Tadeusza 2, 30-727 Cracow), which is a domain registrar accredited with EURid and which makes the personal data of Registrants available to the European Registry for Internet Domains (EURid) (Telecomlaan 9, 1831 Diegem, Belgium), the operator of the .eu domain registry. NetArt Registrar is the recipient of the Registrant's data with regard to the domain name, identification data, address data, contact data, as well as nationality (due to the availability of .eu domains for persons having citizenship or residence in one of the member states of the European Union, Norway, Iceland or Liechtenstein). You can find detailed rules for the processing of personal data by NetArt Registrar on the NetArt Registrar website.

The .com, .net, .org, .info, and .biz global domains are registered by netart.com under an agreement with NetArt Registrar sp. z o.o. (ul. Pana Tadeusza 2, 30-727), which is an ICANN-accredited domain registrar. NetArt Registrar is the recipient of the Registrant's data in terms of domain name, identification data, address data, contact data. You can find detailed rules for the processing of personal data by NetArt Registrar on the NetArt Registrar website. NetArt Registrar shares Registrants' personal data with the following entities, depending on the type of domain:

• Internet Corporation for Assigned Names and Numbers (ICANN) Los Angeles 12025 Waterfront Drive, Suite 300, CA 90094-2536, USA;
• NCC Group Software Resilience (NA) LLC XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ, United Kingdom (Data Depository);
• Verisign Inc. Los Reston, 12061 Bluemont Way, VA 20190, USA (Registry Operator for .com and .net domains);
• Identity Digital Inc. 10500 NE 8th Street, Suite 750, Bellevue, WA 98004, USA (Registry Operator for .info domains);
• Public Interest Registry Reston, 11911 Freedom Drive, 10th Floor, Suite 1000, VA 20190, USA (Registry operator for .org domains).
• Registry Services, LLC 2155 E GoDaddy Way, Tempe, AZ 85284, USA (for .biz domains).

Country-specific domains and global nTLD domains are registered by netart.com under an agreement with Netim Limited Liability Company (Avenue Arthur Notebart, 59160 Lille, France), which is the registrar of country-specific domains and global nTLD domains. For detailed rules on how Netim processes personal data, please visit Netim's website. In the case of global nTLD domains, Netim shares Registrants' personal data with ICANN, Data Depositories and Registry Operators. In the case of country-specific domains, Netim shares Registrants' personal data with Registry Operators.

A list of Registry Operators for each domain extension can be found on the IANA (Internet Assigned Numbers Authority) top-level domain registry website, available here.

A list of Data Depositories for individual domain extensions can be found on the ICANN website, available here.

For the majority of domain extensions, Netim acts as an accredited Registrar, but in some cases, due to the specifics of a particular registry, it is not a party to the contract with the Registry Operator and cooperates with another accredited Registrar (who may use an additional Intermediary, also a recipient of the Registrant's data) to whom it makes the Registrant's data available - in which case it is this accredited Registrar (or its Intermediary) that transfers the Registrant's data to the relevant Registry Operator. This applies to domains with the following extensions:

If you would like to know detailed information about the accredited Registrar for the above extensions, we recommend that you contact Netim directly, which will be able to provide you with detailed information in this regard. If you will have any difficulties in obtaining this information - contact us, and we will try to help you get an answer to your inquiry.

If you use the service related to the replacement of Registrant data in the WHOIS database for global domains with alternative data, the recipient of your personal data in the scope of e-mail address and domain name will be Whois Data Protection sp. z o.o. (ul. Pana Tadeusza 2, 30-727 Cracow), which provides this service.

In addition, in connection with using the services of netart.com and having a business relationship with netart.com, recipients of your personal data may be entities such as:

• nazwa.pl sp. z o.o. (ul. Pana Tadeusza 2, 30-727 Cracow) providing services related to the company's day-to-day operations, including customer service, analytical services, marketing services, project support, administrative and legal support, correspondence support, and document storage and destruction services;
• Expert Sender sp. z o.o. (ul. Cypriana Kamila Norwida 1, 80-280 Gdańsk) providing a tool for communication with Clients;
• • LINK Mobility sp. z o.o. (ul. Toszecka 101, 44-100 Gliwice) providing an SMS communication tool;
• LINK Mobility sp. z o.o. (ul. Toszecka 101, 44-100 Gliwice) providing a tool for SMS communication;
• Rhenus Data Office Polska sp. z o.o. (al. Katowicka 66, 05-830 Nadarzyn) providing services in the field of archiving and destruction of documentation;
• Asseco Data Systems S.A. (ul. Żwirki i Wigury 15, 81-387 Gdynia) providing services related to the provision of SSL certificates;
• DeepL SE (Maarweg 165, 50825 Cologne, Germany) providing machine translation services.
• Thulium sp. z o.o. (Est. Zlotej Jesieni 7, 31-827 Cracow) providing a web chat tool.

In addition, your personal data may be transferred to the following categories of entities: entities providing legal services and data protection consulting, entities providing correspondence services, entities providing marketing services, entities providing analytical services, entities providing other services necessary for netart.com to provide services electronically, authorised entities and authorities.

In connection with the use of the netart.com, website, the recipient of your personal data may be:

• nazwa.pl sp. z o.o. (ul. Pana Tadeusza 2, 30-727 Cracow) providing services related to the company's day-to-day operations, including customer service, analytical services, marketing services, project support, administrative and legal support, correspondence support, and document storage and destruction services;
• Thulium sp. z o.o. (Est. Zlotej Jesieni 7, 31-827 Cracow) providing a web chat tool.

In addition, your personal data may be transferred to the following categories of entities: entities providing marketing services, entities providing analytical services, entities providing other services necessary for netart.com to provide electronic services, authorised entities and authorities.
Also read our Privacy Policy, which describes the terms under which we use cookies on our website.

As a rule, personal data of Clients and Contact Persons is not transferred outside the European Economic Area.

The exception to this is the cooperation with payment operator Adyen N.V., which is headquartered in Amsterdam, the Netherlands, but works with its group entities, which are based in the United Kingdom, Brazil, Mexico, the United States, Australia and Singapore, respectively. The countries listed are so-called third countries within the meaning of the GDPR, i.e. countries outside the European Economic Area. The European Commission has not issued a decision finding an adequate level of protection for personal data in these countries. Consequently, this justifies taking additional safeguards related to such a transfer. The transfer of personal data to these countries by Adyen N.V. is carried out in accordance with the rules set out in Chapter V of the GDPR. This means that the legal basis for the transfer of your personal data outside the European Economic Area is the application of a solution that provides adequate guarantees for your rights and freedoms in the form of an obligation of the entity to which your personal data will be disclosed to apply the provisions of the standard data protection clauses issued under the European Commission Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council. The content of these clauses is publicly available on the Internet in the EUR-lex electronic database of European Union legislation. Under these clauses, additional safeguards related to the transfer of data outside the European Economic Area have been introduced. Adyen N.V. also cooperates with affiliates in Japan and Canada, both of which have been recognised by the European Commission as guaranteeing an adequate level of personal data protection. For details, visit the Adyen website.

In addition, in connection with the use of netart.com and the use of cookies, some information may be shared with entities in third countries, specifically the United States. In this case, the legal basis for the transfer is also the obligation of the entity to which your personal data will be disclosed to apply the provisions of the standard data protection clauses issued under the European Commission Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council. The content of these clauses is publicly available on the Internet in the EUR-lex electronic database of European Union legislation. Under these clauses, additional safeguards related to the transfer of data outside the European Economic Area have been introduced. In particular, we have taken steps to minimise the extent of data transferred, anonymise it and encrypt it.

For more information about the security measures used by netart.com, visit netart.com. You can also ask the Data Protection Officer for details.

In the case of European domains, Registrants' data is generally not transferred outside the European Economic Area. However, due to the nature of the domain registration service, which allows the public presentation of content on the Internet, it is likely that the Registrant's data (which also applies to global and country domain Registrants) in terms of the content collected on the website (e.g. the domain name containing the Registrant's name, photographs on the website, entries on the website containing personal data, etc.) will be publicly accessible from anywhere in the world. The extent of the data made available on the Registrant's website is completely independent of the company and is administered solely by the Registrant. The role of netart.com is only to make available the Registrant's data collected in the Client Panel in order to register the domain to NetArt Registrar, which then makes the Registrant's data available to EURid. It is also important to note that EURid maintains a public WHOIS registry in which domain data, including the personal data of Registrants, can be published - we recommend reading EURid's detailed rules for maintaining this registry.

In the case of country domains, the transfer of personal data outside the European Economic Area occurs when the Registry Operator is based outside the European Economic Area. Usually, this situation occurs when the registered domain is assigned to a country outside the European Economic Area. For example, when registering a .ca domain, the Registrant must be aware that their personal data will go to the Registry Operator in Canada, as this is necessary to register the domain. The registration of a country domain is also linked to the maintenance of a public WHOIS registry in which domain data, including Registrants' data, may be published - we recommend reading the detailed rules of the relevant Registry Operator for these registries, as the rules in this regard may vary, depending on the extension in question.

In the case of global domains, there is a transfer of personal data outside the European Economic Area, due to the fact that Registry Operators, ICANN and Data Depositories are based outside the European Economic Area (generally in the United States). Therefore, the transfer of data outside the European Economic Area is necessary to register the domain. From the factual side, in the case of global domains, netart.com shares directly the Registrants' personal data only with the accredited Registrar (i.e. NetArt Registrar or Netim), which in turn, as an ICANN-accredited Registrar, shares the Registrants' personal data with the respective Registry Operator, Data Depository and ICANN. However, formally, the company is a party to the contract only with NetArt Registrar and Netim and only with these companies it directly shares the personal data of the Registrants. The registration of a global domain is also linked to the maintenance of a public WHOIS registry in which domain data, including Registrants' data, may be published - we recommend reading the detailed rules for the maintenance of these registries by ICANN, the relevant Registry Operator and the Registrar.

The legal basis for the transfer of personal data outside the European Economic Area by the Registrar may be in the form of standard data protection clauses issued under European Commission Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council. The content of these clauses is publicly available on the Internet in the EUR-lex electronic database of European Union legislation. As far as the countries for which the European Commission has issued a decision on the adequacy of data protection are concerned, this decision of the European Commission can be the legal basis for the transfer.

For more information about the security measures used by netart.com, visit netart.com. You can also ask the Data Protection Officer for details.