At Registry .si, we respect your privacy. When processing your personal and other data, we always act with utmost care and in accordance with the applicable regulations on the protection of personal data.
In the continuation of this statement, we will explain:
- what personal data we process if you register a .si domain, and how we use them;
- how we safeguard your personal information when you visit our website;
- what your privacy rights are, and how the law protects you.
Who will manage your data?
The manager of the personal data collection is Registry .si, which operates under the auspices of the Academic and Research Network of Slovenia (ARNES) with its registered office at Tehnološki park 18, 1000 Ljubljana (hereinafter: »Registry .si«).
Contacts of the data protection officer
If you have any questions regarding the protection of your personal data or if you would like to exercise any right regarding your personal data, please email us at email@example.com, or contact the data protection officer at ARNES directly at firstname.lastname@example.org.
What personal data we process, how we obtain it and on what legal basis we process it
Registry .si obtains certain information in various ways, which enables the direct or indirect identification of an individual (personal data). We collect your personal data:
- either during the process of registering .si domains through our registrars who have a contract with us for participation in the registration of .si domains, or
- you provide it to us voluntarily by post, e-mail, telephone or otherwise, when you contact us to verify your registration information or when you submit the Request for disclosure of data concerning a third person;
We do not collect specific types of personal information such as details about your race or ethnic origin, political opinion, religious or philosophical beliefs, sex life, sexual orientation, union membership, or health, genetic and biometric data. We also do not collect any information on criminal convictions and crimes.
Collection and processing of personal data of .si domain holders
Personal data of .si domain holders are collected during the domain registration process via our registrars who have entered into a contract with us on participation in domain registration. To learn more, please read our General Terms and Conditions.
What personal data do we process if you are a .si domain holder?
In order to provide you with good services and to improve them further, we may process (collect, use, store, disclose by transmission) the following personal and other data of yours:
- first name, last name, permanent residence address, if the holder is a private individual;
- company/title and registered office, if the holder is an organization;
- holder’s email address (contact email address);
- telephone number or fax number of the institution;
- information on the technical contact person (first name, last name, email, address, phone or fax number).
It is vital that your information is accurate and up-to-date at all times during registration, so please notify your registrar of any changes to your information.
For what purposes do we process your personal data if you are a .si domain holder?
We process the collected personal data for various purposes:
- In order to smoothly perform the activities of the Registry .si, we must collect some personal information relating to your domain within the context of managing the domain name system under the .si top-level domain;
- In order to ensure the transparency and stability of the .si domain system, we must maintain a complete and accurate database of all registered .si domains. This helps create and maintain a trustworthy and safer Internet environment;
- in order to identify you and contact you directly regarding the registration of a .si domain, if and when necessary;
- in order to perform the contract if you are a holder of a .si domain.
On what legal basis do we process your personal data if you are the holder of a .si domain?
We need to collect and process your personal information in order to perform your contract or to protect our legitimate interests.
If you are the holder of a .si domain, we obtain your personal data from the registrar with whom you have agreed to register the domain. As soon as your domain is registered, you – the holder of the domain – have accepted our General Terms and Conditions as binding and entered into a contractual legal relationship with us (the holder and Registry .si enter into a contract through the general terms and conditions). The information provided by the registrar is required for the implementation of the said contract (Item 6(1)(b) of the General Data Protection Regulation).
Some of this information (only the contact email address, in case of individuals) is published in a publicly accessible database related to the WHOIS protocol, which allows anyone, by entering your domain, to search for your information (only the contact email address, in case of individuals), your domain information, technical contact and registrar. The legal basis for the publication of personal data in this case is the protection of legitimate interests (Item 6(1)(f) of the General Data Protection Regulation), especially in the interest of protecting the rights of third parties who are allowed to contact you as an .si domain holder, providing greater security by providing technical contact information for technical issues related to your domain and preventing malicious registrations (i.e. domains that are registered for the purpose of publishing illegal online content).
Which third parties (except for Register.si) use personal data collected during the registration of a .si domain?
We will use your personal data solely for the purposes stated above, and we will disclose and pass it on to third parties only if you give your explicit and unambiguous consent in the agreed form of communication. In addition, we will disclose your personal information when we are required to do so by our General Terms and Conditions or other legal obligations.
We require all third parties to safeguard your personal information and to comply with the law.
You can read more about the disclosure process here.
Collection and processing of personal data when visiting the Registry .si website
When you visit the website, information about your visit is recorded on the web server in the form of server files: date and time of visit, details about http query, IP number of your device, etc.
The data collected in this way shall be processed for the purpose of ensuring network and information security, i.e. the ability of a network or information system to prevent accidental events or illegal or malicious acts compromising the availability, authenticity, integrity and confidentiality of the stored or transmitted personal data. Such processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller (item 6(1)(e) of the General Data Protection Regulation).
The data collected in this way is stored for 90 days from the date of the visit to the website and is not passed on to other users since the website is hosted on the server infrastructure of the Arnes Public Institution.
Do we transfer personal data collected in this way to a third country or an international organization?
No. All data relating to your visit to the website is stored in an anonymised form on ARNES’ servers.
We use only essential cookies on the website, which are necessary for the proper technical operation of the website, or those necessary for the user to accept the service requested. These are cookies that are placed on the user’s device without consent, as they fall under the exception as defined in Article 225 of the Electronic Communications Act (ZEKom-2).
List of cookies on the website:
|Used to store visitor’s language selection.
Tracking and web analytics
We do not use technologies that identify and track visitors (e.g. fingerprinting). We use Matomo analytics to count visits and page views. Visitors’ IP numbers are anonymised and any profiling of visitors is prevented. We respect the browser settings of do-not-track. The analytical data is stored for 180 days.
How long is your personal information kept?
We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it or for as long as it is compulsory under the relevant legislation.
To determine the appropriate retention period, we consider the amount, nature and sensitivity of personal data, the potential risk of harm due to unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether these objectives can be achieved by other means and applicable legal requirements.
What rights do you have?
Upon your request regarding data relating to you, we will grant you access to personal data and the correction or deletion of personal data, or restrictions on processing in relation to them, as well as the right to object to the processing and the right to data portability.
When exercising any of your rights, or for any additional information, we are available at email addresses email@example.com and firstname.lastname@example.org. We will process your application and respond in accordance with the provisions of the General Data Protection Regulation and other applicable legislation.
If you believe that your rights or regulations on the protection of personal data have been violated, you can file a complaint with the competent state authority, i.e. the Information Commissioner of the Republic of Slovenia (Dunajska cesta 22, 1000 Ljubljana, phone: +386 1 230 97 30, fax: + 386 1 230 97 78, email: email@example.com). Nonetheless, we would appreciate it if you could first contact us and give us the opportunity to respond to your grounds of appeal before filing a grievance.
Safeguarding your personal data
At Registry .si, we work hard to regularly implement and update security measures to protect your personal data and other information from unauthorized access, loss, destruction or alteration. In addition, we restrict access to your personal information to those employees and contractors who must have the information and who have adequate knowledge of data security and security regulations. We strive to ensure that all information is securely stored, and we require our registrars to use appropriate technical and organizational procedures to secure your information.
We have also established procedures to deal with any alleged breaches of personal data. In the event of a breach, we will notify you and the relevant supervisory authorities when we are legally obliged to do so.