GDPR
In effect from 01.01.2022
This Privacy Notice explains how information about you is collected, used and disclosed by one.com when you use our website, mobile applications and other online products and services (collectively, the "Services") or when you otherwise interact with us.
We may amend this Privacy Notice from time to time. If we make changes, we will revise the date at the top of the notice and, depending on the specific amendments, we may provide you with additional notice. We encourage you to review the Privacy Notice whenever you access our Services to stay informed about our information practices and the ways you can help protect your privacy.
1. Collection of personal data
1.1 Collection at purchase
When you make a purchase with one.com, one.com will collect your contact information and birth date.
When you wish to register certain top-level domains, we may require further identification and in some countries we are legally required to obtain your social security number (e.g., in Denmark cf. the Danish Domain Names Act cf. s. 11 (2) (1) of Danish Data Protection Act) to be able to register the domain on behalf of you. If you consent to our newsletters, we will obtain your e-mail address for this purpose.
You can help one.com to keep your personal information accurate by logging into your "one.com control panel". We advise you to do so every time your personal details change.
1.2 Other collection
When you access or use our Services, we automatically collect information about you, including:
- Log Information: we log information about your use of our Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device information: we collect information about the device you use to access our Services, including information about the device’s software and hardware, Media Access Control ("MAC") address and other unique device identifiers, device token, mobile network information and time zone.
- Usage information: we collect information relating to your use of our Services, including which applications you use.
- Consumption information: we collect information about your consumption habits relating to your use of our Services, including which purchases you make.
- Information collected by cookies and other tracking technologies: we use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored on your computer’s hard drive or in device memory that help us to improve our Services and your experience and see which areas and features of our Services are popular. Please refer to our cookie policy for further information.
- Information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
- We also collect other information you provide directly to us, such as when you participate in a contest and promotion, request customer support, send us an email or otherwise interact with us. The types of information we may collect about you include your name, email address and any other information you choose to provide.
- We may also obtain information from other sources and combine that with information we collect through our Services. We may also collect information from app stores when you download or update one of our applications.
To the extent that you order on behalf of a company/legal entity then this privacy notice apply when we collect personal data on you as a contact person.
2. Use of personal data
We may use information about you for various purposes, including to:
- Our legitimate interest in or contractual obligation to providing, maintaining and improving our current Services cf. Article 6 (1) (f) and Article 6 (1) (b) of the GDPR;
- Our legitimate interest in developing, improving and optimizing new and current Services cf. Article 6 (1) (f) of the GDPR;
- Our legitimate interest in and contractual obligation to sending you technical notices, updates, security alerts and support and administrative messages cf. Article 6 (1) (f) and Article 6 (1) (b) of the GDPR;
- Our legitimate interest in processing your personal data for the purpose of communicating with you about products, services, offers, promotions and events offered by ONE.COM and others, and provide news and information we think will be of interest to you cf. Article 6 (1) (f) of the GDPR. We will however only forward direct marketing material on the basis of you prior marketing consent;
- Personalise and tailor advertisements, content or features to you personally – so called profiling and behavioral marketing on the basis of your consent cf. Article 6 (1) (a) of the GDPR;
- Our legitimate interest in processing and deliver contests and rewards cf. Article 6 (1) (f) of the GDPR. We will however only forward direct marketing material on the basis of you prior marketing consent;
- Our legitimate interest in monitoring and analysing trends, usage and activities relating to our Services cf. Article 6 (1) (f) of the GDPR;
- Our legitimate interest in linking or combining information we get from others to help understand your needs and provide you with better service cf. Article 6 (1) (f) of the GDPR;
- Carry out any other purpose for which the information was collected, including providing the required Services cf. Article 6 (1) (b) of the GDPR;
- In response to a request for information if we believe disclosure is in accordance with any applicable legal requirement cf. Article 6 (1) (c) of the GDPR; and
- Our legitimate interest in compiling statistics, conducting and sending market surveys and sending customer satisfaction surveys cf. Article 6 (1) (f) of the GDPR.
We may share information about you as follows or as otherwise described in this Privacy Notice:
- If we believe your actions are inconsistent with the spirit or language of our terms or policies, or to protect the rights, property, and safety of one.com or others. The processing is based on our legitimate interest cf. Article 6 (1) (f) of the GDPR;
- To pursue our legitimate interest in reporting abuse or clearly illegal activity cf. Article 6 (1) (e) of the GDPR;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company. The processing is based on our legitimate interest cf. Article 6 (1) (f) of the GDPR;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company cf. Article 6 (1) (f) of the GDPR;
- We may transfer your contact details to separate companies from which you have bought additional services through one.com; and
- We also may share anonymised information, which cannot reasonably be used to identify you taking into account reasonable and legal means.
- Our Services may offer social sharing features and other integrated tools (such as the Facebook "Like button"), which let you share actions you take on our Services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing relating to social sharing features, please visit the privacy policies of the entities that provide these features.
- We may allow third parties to serve advertisements and provide analytics services relating to our Services. These entities may use cookies, web beacons and other tracing technologies to collect information about your use of our Services, including your IP address, MAC address, device identifiers, software and hardware information, browser information, time zone and usage information. This information may be used by one.com and others to, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests and better understand your activity on our Services. Third-party analytics technologies are integrated into our Services, so if you do not want to be subject to these technologies, do not use or access our Services. Our Services may also integrate third party Application Program Interfaces (APIs), which allow others to collect and process information about you, including your geolocation information, to provide you with tailored advertisements, offers and other content. You have the ability to control the collection and use of your geolocation information at all times. You may disable location based services at any time by adjusting the settings of your mobile device. The processing will be based on your consent cf. Article 6 (1) (a) of the GDPR.
3. Recipients of your personal data
"Your personal data" are the data we collect about you upon purchase (as described in section 1.1) and other collection (as described in section 1.2.). Personal data may also be transferred to the entities listed in section 1.2 above.
3.1 Disclosure to other one.com entities
We disclose your personal data to recipients, which we collaborate with when we use your personal data as described in section 2. This includes (i) our support centres located in the Philippines, Sweden, Norway, the Netherlands and Denmark, (ii) our server parks located in Denmark and Norway, and (iii) system operations activities in Denmark and India. These recipients process your data (customer) on some occasions in the role as data processors pursuant to entered into data processing agreements. Our support centres process your data (customer data) as data processor on behalf of one.com, when it is necessary to provide support to you. Our data centres are the place we host the data you place on our web sites. The EU Commissions Standard Contractual Clauses is used if the processing takes place in an unsecure third country.
3.2 Disclosure to one.com’s collaborating partners
We use a further number of partners and subcontractors with whom we have data processing agreements with, in order to process personal data and when necessary to provide the required services. This includes IT-providers and providers that scan your web site in connection with purchasing our products and services. The EU Commissions Standard Contractual Clauses is used if the processing takes place in an unsecure third country.
3.3 Transfer to domain name authorities
As part of our obligations as a domain name registrar, one.com is required to provide certain information to naming authorities around the world about customers who register domain names at one.com.
This information will vary according to the guidelines from the domain name authority. As a general rule, the data we provide includes your contact details (name and address), but may also include your email, telephone number and date of birth. The relevant naming authority may make such information available for the public through open, accessible directories of domain name owners, socalled whois. The basis of the disclosure is our legal obligation cf. Article 6 (1) (c) of the GDPR.
3.4 Transfer of data to courts or authorities
Your data (customer data) is any information you have placed on your web space at one.com, for example emails, internet pages, photos and database content. one.com does not form any opinion or perform any legal review of your data (the customer data) on your web space account. We refer to our separately prepared documents in this regard for further info on disclosure to courts or authorities as well. Disclosure to the courts or authorities will be based on the legitimate interest in establishing legal claims cf. Article 6 (1) (f) of the GDPR and because it is necessary to carry out a task in the public interest cf. Article 6 (1) (e) of the GDPR.
4. Deletion of personal data
We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above. Generally this means that we will store your personal for as long as there is still an active subscription and when required to deliver the service and support. Otherwise we will store your personal data for up to 8 weeks after termination or longer if legal requirements demand us to do so (e.g., booking material must generally be stored in 5 years from the closing of the current financial year).
If you signed up for our newsletter personal data will be stored until you withdraw the marketing consent.
Personal data may also be stored as long as is necessary for the purpose for which it was collected, or longer if required under any contract, by applicable law or in order to establish, exercise or defend legal claims. If you have provided a cookie consent we refer to the pop-up window of cookies in term of the retention periods in relation hereto.
However, the data may be processed and stored for a longer period in anonymised form in order for us to improve the service.
5. Cookies
We use cookies on our website. You can read more about the use of cookies in our Customer Data Policy.
6. Security
We have implemented security measures to ensure that our internal procedures meet our high security policy standards. Accordingly, we strive to protect the quality and integrity of your personal data. This includes encryption of data and use of pseudonymisation or anonymisation whenever applicable.
It also includes physical and logical access control, backup, logs, encrypted communications and other measures to mitigate risks.
7. Your rights
You are at any time entitled to be informed of the personal data about you that we process, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data including profiling/automated decision making as well as processing based on our legitimate interests. Furthermore, you have the right to have your personal data rectified, erased or blocked. Moreover, you have the right to receive information about you that you have provided to us, and the right to have this information transmitted to another data controller (data portability).
If you wish to know more and/or exercise any of these rights, please contact one.com.
8. Withdrawal of consent
You may, at any time, withdraw any consent you have given and we will no longer process your personal data, unless we can continue the processing based on another purpose. If you wish to withdraw your consent, please contact one.com. Withdrawing you consent will not affect the lawfulness of processing based on consent before its withdrawal.
9. Amendment of data, etc.
If you want us to update, amend or delete the personal data that we process about you, if you wish to get access to the data, or if you have any questions concerning the above guidelines, you may contact one.com.
10. Complaints
If you wish to appeal against the processing of your personal data, please contact us as indicated above. You may also contact the Swedish Data Protection Agency, Drottninggatan 29, 104 20 Stockholm, Sweden.
11. Data controller, contact information and DPO
Data Controller
One.com Group AB
Carlsgatan 3
211 20 Malmö
Databeskyttelsesrådgiver (DPO)
Bech-Bruun
DPO Service
Langelinie Allé 35
2100 Copenhagen Ø, Denmark