Skip to main content

Policies on the collection, verification, publication, and disclosure of the domain holder’s data

Here you can find information about the data the Registry collects on .si domain holders, how the accuracy and completeness of this data are verified, which of this data is publicly available, and the conditions under which the Registry may disclose such data.

Collection of the domain holder’s data

The Registry collects and maintains the database of .si domain registrations containing the information necessary to identify domain holders or the points of contact administering the domains, as well as information necessary to establish contact with them.

The Registry collects and maintains this database pursuant to the Information Security Act (ZInfV-1) and based on legitimate interests to ensure the security, stability, and resilience of the DNS, to prevent and combat DNS abuse, and to prevent, detect, and respond to incidents. The data is also collected and maintained to protect the interests of third parties, enable them to contact a .si domain holder, ensure the disclosure of all relevant information upon a justified request for disclosure, and conduct proceedings in the event of initiated ARDS procedures.

The .si domain registration database contains the following information:

  1. Domain name
  2. Registration date
  3. Name and surname of the domain holder (if the domain holder is a natural person) or the name of the legal entity or sole proprietor (if the domain holder is a legal entity or sole proprietor)
  4. Domain holder’s contact or postal address, email address, and telephone number
  5. 5. Email address and telephone number of the point of contact administering the domain, if different from the domain holder’s email address.

The Registry collects and maintains the above information with due diligence and ensures that the data in the database is accurate and complete. The Registry collects and maintains the data through registrars with whom it cooperates in the registration of .si domains, and who are obliged to ensure that the data related to a domain is accurate and authentic at all times (Section 6.1.2 of the General terms and conditions for registration under .si). At the same time, the domain holder guarantees that the data in the database is accurate and up to date and undertakes to notify the registrar of any changes immediately, and the registrar is obliged to update the data accordingly (Section 6.1.1 of the General terms and conditions for registration under .si).

Verification (validation) of the domain holder’s data

Verification procedures

Through verification procedures, the Registry—through registrars with whom it cooperates in registering .si domains—ensures that domain registration databases contain accurate and complete information.

Verification procedures are carried out during the following periods:

  1. Upon registration of a new domain and renewal of an existing domain

    Verification of contact details

    When registering a new domain, the registrar verifies at least one of the two contact details (email address or telephone number) of the domain holder or the point of contact administering the domain.

    Verification is performed both syntactically and operationally:

    1. a. The email address must be in the proper format in accordance with RFC 5322 (or its successor) and must represent an existing account through which the domain holder or point of contact receives electronic messages (the registrar verifies this via a confirmation email or by another appropriate method).
    2. b. The telephone number must be in the proper format in accordance with ITU-T E 164 international numbering notation and must be verified as a functioning telephone number.

    The registrar performs the same syntactic and operational verification of at least one of the domain holder’s contact details (or the point of contact administering the domain) each time the domain registration is renewed.

    Verification of identity authenticity

    Upon registration of a new domain or renewal of an existing registration, the registrar may, based on a risk analysis (a so-called “risk-based approach”), at its own discretion or at the request of the Registry for a specific domain, notice that the registration may be malicious.

    In such cases, in addition to verifying one of the contact details (email address or telephone number), the registrar may also verify the accuracy and authenticity of the domain holder’s name and surname or business name by confirming their identity or actual existence. The registrar performs this verification in various ways, in accordance with its business policy (e.g., by requesting the submission of copies of the domain holder’s identity documents, checking the business register, requiring payments to be made via bank transfer—thereby ensuring that the domain holder’s bank has already performed verification, etc.). At the same time, the registrar also verifies the accuracy of the domain holder’s physical (postal) address.

  2. Upon transfer of a domain to a new domain holder, change of the domain holder’s name or business name, or change of contact details

    When an existing domain name is transferred to a new domain holder, the same verification procedures for the domain holder’s contact details (or the contact point managing the domain) and, where necessary, verification of identity authenticity are carried out as in the case of registering a new domain (point i).

    The domain holder is obliged to ensure that the data in the register is accurate and up to date and undertakes to immediately notify the registrar of any changes, whereas the registrar is obliged to update the data accordingly (Section 6.1.1 of the General terms and conditions for registration under .si). In this regard, the registrar informs domain holders at least once per year of the data related to the domain they have registered, which is entered into the database. The registrar updates the data entered in the database as soon as it becomes aware of or is notified of any changes.

    Likewise, in the event of a change to the domain holder’s name or business name, or a change to the domain holder’s contact details (or those of the point of contact administering the domain name), the same verification procedures for contact details and, where necessary, verification of identity authenticity are carried out as in the case of registering a new domain (point i).

  3. iii. Other data verification during the domain registration period

    If the registrar or the Registry receives a written substantiated complaint, or receives notification that the data in the database is inaccurate, false, or incomplete, the registrar—based on such complaint or notification, or at the request of the Registry that received it—shall also carry out a verification procedure. In such cases, the registrar verifies one of the domain holder’s contact details (or those of the point of contact administering the domain) and, where necessary, the authenticity of the domain holder’s identity (in accordance with point i; at the same time, the registrar also verifies the accuracy of the physical (postal) address).

    The Registry also conducts regular reviews of registered domains and the database. If, based on a risk analysis (a so-called “risk-based approach”), it determines at any time during the registration period that a specific domain registration may be malicious, it calls upon the registrar to carry out verification of the domain holder’s contact details (or those of the point of contact administering the domain) and, where necessary, verification of the authenticity of the domain holder’s identity (in accordance with point i; at the same time, the registrar also verifies the accuracy of the physical (postal) address).

Consequences of unsuccessful verification of contact details or identity authenticity

If, upon registration of a new domain or in relation to an existing domain, verification of the domain holder’s contact details is unsuccessful, the registrar shall set a deadline within which the domain holder must ensure that verification of at least one contact detail (email address or telephone number) is successful by correcting the data or ensuring its operability. The deadline may not exceed twenty-one (21) days.

If, based on a risk analysis, the authenticity of the domain holder’s identity and their physical (postal) address are also subject to verification and are not demonstrated after the first request to the domain holder, the registrar may set an additional deadline for the domain holder to provide proof of identity. This deadline may not exceed twenty-one (21) days.

If verification of contact details is still unsuccessful within the additional deadline, or if identity authenticity is not demonstrated, the domain shall be deactivated in accordance with Section 6.5.1 of the General terms and conditions for registration under .si or deleted in accordance with Section 6.2.2 of the General terms and conditions for registration under .si.

Public disclosure of certain domain holder’s data

The Registry provides public access to registration data that does not constitute personal data (in accordance with the General Data Protection Regulation (GDPR) and the Personal Data Protection Act – ZVOP-2) via a publicly accessible database connected to the RDAP protocol, which allows anyone to search for registration data by entering a domain name: https://www.register.si.

For domain holders that are legal entities, publicly available data includes information about the domain holder, the technical contact, and the registrar. For domain holders who are natural persons, only the contact email address is published in the publicly accessible database. A natural person may choose to voluntarily disclose additional data.

The legal bases for publishing personal data in this case are the Information Security Act (ZInfV-1) and the protection of legitimate interests (Article 6(1)(f) of the General Data Protection Regulation), particularly with regard to protecting the rights of third parties by enabling them to establish contact with the domain holder, ensuring greater security by providing information about the technical contact for resolving technical issues, and preventing malicious registrations (domains registered for the purpose of publishing unlawful online content).

Disclosure of domain holder’s data

Based on a lawful and substantiated request from a person with a legitimate reason for access, the Registry may also grant access to registration data for individual domains that is not otherwise publicly available.

A person who has a legitimate reason to access registration data for a specific domain must submit a written request to the Registry at info@register.si. The request must include a justification that sets out the legal basis or explanation of the entitlement to access the data, enabling the Registry to assess the necessity of granting access.

Upon receipt of a lawful and substantiated request containing an appropriate justification, the Registry may disclose data, for example, to a competent authority under the Information Security Act (ZInfV-1), to authorities responsible for the prevention, investigation, detection, or prosecution of criminal offences, and to CERT or CSIRT groups. Based on a lawful and substantiated request that includes a justification, the Registry may also disclose data to judicial, administrative, and inspection authorities for the purpose of conducting proceedings.

You can read more about this in Disclosure of information about a .si domain holder.