Service Specific Provisions

This document is referenced by our Privacy Statement and Terms & Conditions. It outlines the operation of individual services from a data protection viewpoint and outlines the roles and responsibilities of the Customer (you), Irish Domains Limited (us) and where applicable, any external service provider. It also details the disclosure policy in relation to individual services and retention periods for data including personal information.

SERVICE SPECIFIC PROVISIONS

GENERAL

For account level data exchanges (signup, payment, account maintenance, support systems) Irish Domains is the Data Controller as we determine purposes and means of the processing of this information. In this context, resellers are therefore Data Processors when they are accepting such information for the purposes of operating their customer's accounts.

For service level data exchanges, the model depends on the service type and nature as outlined below.

SPAM FILTERING (Irish Domains)

• Email Server Protection
• Advanced Spam Filtering
• Business Spam Filtering

The above Spam Filtering Services are provided by Irish Domains in conjunction with N-able SpamExperts. In this case, Irish Domains is a Data Processor and N-Able is a sub-processor - both companies may filter emails on behalf of and under instruction from the customer. The Customer is the Data Controller and the legal basis for processing is fulfillment of contract. The Processing may take place within Irish Domains' network, or on SpamExperts' network in Europe. Because the Processor and Sub-processor have no control over the content or nature of email messages, responsibility is limited to the personal data relating to the operation of the account and the general security of the physical infrastructure providing the filtering service, but excluding any personal data or content within emails processed via the service. The filtering service may retain email server logs for up to one calendar year including sender and recipient addresses, IP address of sender and/or receiver, time and date of processing (legal requirement). Quarantined emails are retained for 30 days. Service specific data (allowed email addresses, service contact email address) is retained for 60 days after provision of the service ends.

Sub-processor: SpamExperts BV, De Deel 1D, 8302 EJ Emmeloord, The Netherlands

SSL CERTIFICATES

• RapidSSL (DigiCert)
• RapidSSL Wildcard (DigiCert)
• Geotrust True Business ID (DigiCert)
• Globalsign AlphaSSL Single-Domain Cert
• Globalsign AlphaSSL Wildcard Cert
• GlobalSign Organizational SSL Certificate
• Comodo PositiveSSL Single-Domain Cert
• Comodo PositiveSSL Multi-Domain Cert
• Comodo EV SSL (Single or Multi-Domain)

For SSL Certificates, the Certificate Authority (CA) is the Data Controller and Irish Domains are a data processor operating under contract on behalf of the CA. The legal basis for processing is fulfillment of contract. To provide a certificate, the CA requires the organization name, contact name, email address and phone number of the person requesting the cert. When requesting the cert, the customer is responsible for generating the Certificate Signing Request (CSR) and this request will usually contain a contact email address which in the case of Organizational or EV certificates will be embedded in the issued cert and therefore disclosed publicly. For this reason we recommend a neutral (non-personally identifiable) email address is used.

Controller: DigiCert Inc., 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043, USA
Controller: GMO GlobalSign, Ltd., Maidstone, Kent, UK
Controller: Comodo Security Solutions Limited., Salford, Greater Manchester, UK

SHARED WEB HOSTING

• LiteSpeed Web Hosting (SOHO, Starter, Business, Developer)

For the above Shared Web Hosting services, Customer is the Data Controller and Irish Domains is a Data Processor insofar as we provide web hosting services on for the benefit and under the direct control of the Customer. Because these services allow Customer to upload personal data and web applications over which we have no knowledge or direct control, Irish Domains responsibility is limited to the personal data relating to the operation of the account and the general security of the infrastructure providing the web hosting services, but excluding any data or applications that Controller uploads or otherwise processes via the web hosting service.

Applications and data placed on the web hosting service by Customer will be deleted 60 days after the expiration of the contracted service.

Email messages sent via the shared web hosting services may be subject to outbound spam filtering by an external provider (sub-processor) operating under contract with Processor.

Sub-processor: Mailchannels Corporation, Vancouver, British Columbia, Canada.

CLOUD VPS HOSTING

• Cloud VPS Linux
• Virtuozzo VPS Linux

For the above Cloud VPS services, Customer is the Data Controller and Irish Domains is a Data Processor insofar as we provide infrastructure services on for the benefit and under the direct control of the Customer. Because these services allow Customer to upload personal data and web or other applications over which we have no knowledge or direct control, Irish Domains responsibility is limited to the personal data relating to the operation of the account and the general security of the physical infrastructure providing the VPS hosting services, but excluding any data or applications that Controller uploads or otherwise processes via the service. No personal data is disclosed by Irish Domains in relation to this service.

EMAIL HOSTING

• LiteSpeed Web Hosting (SOHO, Starter, Business, Developer)
• Email Only Hosting (ID Mail 10, 25, 50, 100)

For the above Irish Domains provided Email Services, Irish Domains is a Data Processor as we receive, transmit and store email messages on behalf of and under instruction from the customer. The Customer is the Data Controller and the legal basis for processing is fulfillment of contract. The Processing takes place within Irish Domains network in Europe, there are no external disclosures other than the actual transmission of emails as implied in the service.

Because Irish Domains has no control over the content or nature of email messages, or the storage or retrieval of messages, Irish Domains responsibility is limited to the personal data relating to the operation of the account and the general security of the physical infrastructure providing the email services, but excluding any personal data or content that Controller or end-users transmit, store or otherwise process via the service. The email service may retain email server logs for 60 days or such longer period as may be required by law. This may includs sender and recipient addresses, IP address of sender and/or receiver, time and date of processing (legal requirement). Service specific data (email user names, addresses & passwords) is retained for 60 days after provision of the service ends.

DOMAIN NAME REGISTRATION

Registering a domain name requires the establishment of a registration agreement between the customer (Registrant) and the underlying top-level domain registry (Registry) or ICANN accredited Registrar. For the purposes of registering domain names, Irish Domains acts as a Data Processor and the relevant Domain Registry or ICANN accredited Registrar will usually acts Data Controller. For some top-level domains, the Registry and Registrar may be joint Data Controllers.

Registration data is disclosed to the relevant Controller, and may be retained or further disclosed (via whois) according to the privacy policy, terms and conditions or registration agreement of the relevant Controller.

.IE

Controller: IE Domain Registry Limited, 2 Harbour Square Crofton Road, 4th Floor, Dun Laoghaire, Dublin
Terms and Conditions: https://www.iedr.ie/about-the-iedr/our-policies/
Privacy Policy: https://www.iedr.ie/privacy-policy/

.EU

Controller: EURid VZW., Woluwelaan 150, 1831 Diegem, Belgium
Terms and Conditions: https://eurid.eu/d/215556/Terms_and_Conditions_EN.pdf
Privacy Policy: https://eurid.eu/en/other-infomation/privacy-policy/

.UK

Controller: Nominet UK, Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom
Policies: https://www.nominet.uk/resources/policy/policies-rules/

.COM .NET .ORG .WEBSITE .IRISH etc.

Domains in generic top-level domain names (gTLDs) may be registered via the different ICANN accredited registrars below.
You can check the registrar of record for a given gTLD domain here: https://whois.icann.org/en

Registrar: Tucows Inc., 96 Mowat Avenue, Toronto, ON M6K 3M1, Canada
Registration Agreement: https://opensrs.com/wp-content/uploads/Tucows_ExhibitA.html

Registrar: 1API GmbH, Talstrasse 27, 66424 Homburg, Germany
Registration Agreement: https://www.1api.net/legal/registrant_agreement

Registrar: eNom LLC., Kirkland, Washington, USA
Registration Agreement: https://www.enom.com/terms/agreement.aspx

Registrar: Hosting Concepts B.V., Hofplein 20, 3032 AC Rotterdam, The Netherlands Registration Agreement: https://doc.openprovider.eu/Registration_Agreement

Other ccTLDs

Registrar: EPAG Domainservices GmbH, Niebuhrstr. 16b, 53113 Bonn, Germany
Registration Agreement: https://www.epag.de/downloads/exhibit-a.htm

Registrar: Ascio Technologies Corp, Strandvejen 125, DK-2900 Hellerup, Denmark
Registration Agreement: https://www.ascio.com/policies/ascio-registration-agreement

RELATED INFORMATION

• PRIVACY STATEMENT
• TERMS AND CONDITIONS
• DATA PROCESSING AGREEMENT