Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

Everything there is to know about how Afnic processes your personal data

Home > Your data

As a user of this website (“user”), you are informed that, for a simple visit of the website, the only personal data processed is the one processed for Cookies.

If you use the forms made available or avail yourself of services provided by Afnic through this website, Afnic collects and uses your personal data to respond to you and to provide you with these services.

Afnic is careful to protect your privacy in carrying out this processing of your personal data.

Afnic presents all the information relating to the processing of your personal data, your rights and how to exercise them.

Principles & Commitments

In the context of your use of this website, Afnic processes personal data in accordance with the provisions of the French Post and Electronic Communications Code (hereinafter referred to by its French abbreviation “CPCE”) and those applicable to the protection of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation” or “GDPR”).

Always available in the website footer, Afnic publishes the pages “Your Data” and updates them as and when necessary, to provide information relating to the processing of data of users of the website www.afnic.fr so as to ensure information and transparency regarding this processing.

Your personal data are processed by Afnic in a manner that ensures appropriate security in compliance with the legal framework relating to the protection of personal data, which are collected lawfully, fairly and in a transparent manner for specified, explicit and legitimate purposes and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. These accurate, complete and where necessary updated data are kept for as long as necessary for the said purposes. 

Afnic limits its processing of personal data to what is strictly necessary and clearly indicates for each processing operation:

  • Its purpose;
  • Its lawful basis;
  • Its duration;
  • The categories of data processed;
  • Whether the data are collected directly or indirectly;
  • Whether the data collected are mandatory or optional;
  • Their recipients;
  • Any transfers outside the European Union (EU) with measures to adequately protect your data.

Afnic does not process your data for purposes of automated decision-taking or profiling. Afnic does not subsequently process your data for any purpose other than those defined.

Exercise of your rights and freedoms

It’s simple! 

  1. Your rights
    As a data subject of at least one processing operation of the data of users of the website www.afnic.fr, you have rights and freedoms, namely the rights of access, objection, rectification and erasure of the data, the right to restrict processing, the right to withdraw your consent, if given, at any time, the right to lodge a complaint with a supervisory authority and the right to lay down guidelines for the retention, erasure and communication of personal data in the event of death.
  2. Exercise your rights – Contact the DPO (Data Protection Officer)

Any information and/or any other exercise of your rights and freedoms as regards the processing of personal data by Afnic can be carried out:

Association Française pour le Nommage Internet en Coopération
A l’attention de la Déléguée à la protection des données
Immeuble Stephenson
1 rue Stephenson
78180 Montigny-le-Bretonneux
France

List of processing operations

  1. The list

The personal data processing operations carried out by Afnic on the website www.afnic.fr are for managing:

  • The website and newsletters
  • Events
  • Administration of training registrations and learning paths
  • Management of members
  • Social networks
  • Checks on eligibility or reachability
  • Establishing relations with the administrative contact
  • Lifting of anonymity
  • Mediation
  • Alternative Dispute Resolution (ADR) procedures
  • Reports of domain names that are unlawful or contrary to public order
  • Applications for employment with Afnic
  • Personal rights and freedoms
  • Management of alerts under the French Data Protection Act and notifications of personal data breaches.

The description of each processing operation is available to you in the dedicated entries below or directly via the interactive table of contents.

For processing of personal data of holders of .fr, .re, .yt, .pm, .wf and .tf domain names, Afnic invites you to consult the information relating to the processing of holders’ data.

Find out more about the processing of holders’ data
  1. Understanding the description of a processing operation

In order to provide comprehensible and simple access, Afnic presents the information relating to each processing operation in the form of a fact sheet in accordance with the following model:

Name of the processing operation

  1. Purpose: Afnic processes your data for specified, explicit and legitimate purposes
  2. Lawful basis: The processing is necessarily on one of the following lawful bases:
  • Your consent (Article 6-1 (a) of the GDPR) 
  • In performance of a contract with the data subject or in preparation for such contract (Article 6-1 (b) of the GDPR)
  • In compliance with our legal obligations (Article 6-1 (c) of the GDPR)
  • To protect your vital interests or those of a third party (Article 6-1 (d) of the GDPR)
  • In the performance of our public service role (Article 6-1 (e) of the GDPR)
  • For the pursuit of our legitimate interests or those of a third party, while respecting your interests or fundamental rights and freedoms regarding the protection of your personal data (Article 6-1 (f) of the GDPR)
  1. Duration not exceeding that necessary for the purposes defined; this total duration is the duration of active retention plus that of subsequent retention in the archives
  2. Categories of data processed adequate, relevant and limited to what is necessary in relation to the purposes defined (data minimisation);
  3. How the data are collected:
  • Direct collection, the data are collected from you 
  • Indirect collection, the data are collected from a third party identified and authorised to communicate your data to us
  1. Nature of the data: they may be required (pursuant to a legal requirement, for a contract, etc.) or optional, in many cases with consequences if they are not provided.
  2. Recipients: the natural or legal person, public authority, department or any other body that receives communication of your data, whether or not from a third party
  3. Transfers outside the EU: this refers to the possibility of your data being transmitted to a recipient in a third country or an international organisation subject to adequate protection measures. A copy of these measures can be sent to you upon request to juridique@afnic.fr

The description of each processing operation is available to you in the dedicated entries below or directly via the interactive table of contents.

Management of the website and newsletters

  1. Purpose

Administrative processing of the website and newsletters allows Afnic to communicate about itself, its products, its services and items of topical interest. It comprises the following sub-purposes: 

– Presentation of Afnic news, events and figures 

– Administration of subscriptions to the newsletter and registrations for news bulletins

– Management of requests for contacts

– Presentation of the association, the technology watch, new members and invoicing

– Presentation of domain names, TLDs and information on how to register domain names and obtain accreditation

– Consultation of the Whois database, 

– Documentation (register interface, training, FAQ, lexicon, legal and technical references, useful links, other information)

– Subscription form for list of information for the press, press releases

– Public consultation space on Afnic projects 

– Exchange space (comments on blogs)

– Proposing diagnostics of online presence and action plan based on the results 

– Provision of advice, resources and content in various formats

– Relaying partner information and events

Collecting personal data in return for download of content on the ‘.brand’ (white paper, study, issue paper) in order to (i) collect contact details of persons interested in the content, (ii) invite to events and offer services related to the management of a TLD registry, (iii) transmit the collected data to the partner only for the Internet user coming from the partner’s website and and (iv) gather leads and allow subsequent marketing in the context of ICANN’s next gTLD round.

  1. Lawful basis: Consent (Article 6-1 (a) of the GDPR): by completing the forms available on the website (registration, subscription, etc.) or by participating in or contacting or questioning Afnic by electronic means
  2. Duration: Deletion (i) unless appealed against, one year after the end of the processing of the request expressed in the form, (ii) one year after the last contact, (iii) for data processed in exchange for the content on the .brand, after the launch of ICANN’s next gTLD round, or (iii) upon withdrawal of your consent. 

There is no limit of duration for data contributed to public consultations once they have been anonymised.

  1. Categories of data processed: Your identifying data. Any data from exchanges (correspondence) and those needed to provide our communication services. In the context of downloading the content on .brand, the data processed includes: the date of downloading the content and, for Internet users coming from a partner website, the partner website.
  2. How the data are collected: Direct collection
  3. Nature of the data: Necessary for the provision of the communication services concerned
  4. Recipients:

The Afnic internal departments concerned. Our service providers access only such data as fall within the scope of the purposes that are subcontracted: 

For the hosting of the website: Ecritel, 84 Rue Villeneuve, 92110 Clichy, registered with the Nanterre Trade & Companies Register under No 332 484 021 https://www.ecritel.fr/fr/

For the management, maintenance of the website and Afnic’social networking: SPINTANK, 32 Rue Alexandre Dumas, 75011 Paris – SIRET 490 067022 00049 – https://spintank.fr/

For the routing of newsletters/e-mails: Sarbacane Software, 3 avenue Antoine Pinay, Parc d’activités des 4 vents, 59510 Hem, France registered with the Lille Métropole Trade & Companies Register under No. 509 568 598 – https://www.sarbacane.com

For Internet user coming from a partner website, the partner is the recipient of this Internet user’s data collected in return for downloading the white paper on the .brand.

Provider for video hosting on YouTube (service provided by Google LLC via Google Ireland Limited, company under the Irish laws société de droit irlandais (Numéro d’immatriculation : 368047/Numéro de TVA : IE6388047V) Gordon House, Barrow Street Dublin 4 Irlande): autonomous data controller whose Privacy Policy is published at this address: https://policies.google.com/privacy?hl=fr

  1. Transfers outside the EU

No, apart from what is published on the website which is by its nature accessible without territorial limit

Management of events

  1. Purpose

The administrative processing of events allows Afnic to:

  • Organise and manage internal or external communication events in France or abroad 
  • Send invitations 
  • Produce communication material and disseminate it in all media and formats
  • Assess participants’ satisfaction after the events
  1. Lawful basis: The consent (Article 6-1 (a) of the GDPR) given by those invited to attend the event. In performance of the contract entered into (Article 6-1 (b) of the GDPR) by persons in the context of the event in the case of exploitation of image, voice, interview
  2. Duration: Three years from the last event in which the data subject took part. In the case of exploitation of image, voice, interview: the duration provided in the contract authorising exploitation.
  3. Categories of data processed: Your identifying data. The data of any exchanges (correspondence) and any data authorised for exploitation for the event.
  4. How the data are collected: Direct collection
  5. Nature of the data: Necessary for the provision of the services concerned
  6. Recipients: Afnic internal departments

Provider of the « Eventmaker » event management software application (sending of invitations, personalised website, logistical management of participants): EVENTMAKER (registered with the Paris Trade & Companies Register under No. 512 747 676; address: 38, rue Laffitte, 75009 Paris, France)

Provider of the solution for assessing participant’s satisfaction with events: SurveyMonkey Europe UC (CRO Ireland No.: 532327; address: 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Ballsbridge, Dublin 4, Ireland)

  1. Transfers outside the EU: No, apart from what is published on the website which is by its nature accessible without territorial limit

Administration of training registrations and learning paths

  1. Purpose

The computerised processing of the administration of training registrations and learning paths allows Afnic to:

  • provide participants with all the documents they need to follow their chosen learning path (registration, notification, attendance records, satisfaction questionnaire);
  • manage trainers and speakers;
  • obtain some of the documents needed for Qualiopi certification; and
  • present the auditor with a learning path for purposes of Qualiopi certification.
  1. Lawful basis: Fulfilment of legal obligations (Article 6-1 (c) of the GDPR) namely those resulting from the professional training delivered by Afnic, a Qualiopi-certified training institution.
  2. Duration: Four years, of which one year active retention and three years retention in the archives (duration of the Qualiopi certification cycle)
  3. Categories of data processed:

Identifying and contact data: first name, surname, email address;

Data for managing the training programme: status (student/ speaker), occupation, professional needs and plans relating to the training, course (title, date, place, modalities, certification, etc.), presence or absence, evaluation, satisfaction;

Data for managing the questionnaires and attendance:

Email address, Surname, First name, IP address, Organisation, Password, Device model, Browser, Signature, Professional title, Telephone number, Training sessions (Title, dates, room).

Data specific to trainers/speakers: CV, trainer’s/speaker’s contract, planning, evaluation.

  1. How the data are collected: directly, or indirectly via the employer.
  2. Nature of the data: Those necessary for the training programme.
  3. Recipients:

For the attainment of strategic and operational objectives, the employer ordering training services from Afnic.

For the management of the questionnaires and of attendance, Edusign and its sub-contractors for the digital attendance solution:

SIRET No.: 88206416500013 – 1 Rue du Prieure 78100 Saint-Germain-en-Laye, Website: www.edusign.com

  1. Transfers outside the EU: Transfer to the USA in the context of the operations sub-contracted to EDUSIGN for the following purposes as regards user data: Support and data processing, Emailing, Analytics. Data protection for these transfers is put in place by EDUSIGN with its sub-contractors.

Management of members

  1. Purpose

The administrative processing of members allows Afnic to:

– receive and administer membership applications and requests for other information;

– register and update the individual information needed for the administration of members, in particular the management of subscriptions, in accordance with the statutory provisions governing the data subjects;

– establish statistical statements or lists of members or contacts to respond to management needs, specifically with a view to sending bulletins, invitations, preparatory documents for meetings of association governance bodies and newsletters. Where these lists are selective, the criteria used are objective and based exclusively on characteristics corresponding to Afnic’s corporate object;

– to establish directories of members, including directories made available to the public on the Internet;

– to carry out prospecting actions with members and potential members by any means of communication. For online communication, processing of connection data may be carried out for purely statistical purposes.

– to manage the making available by Extranet of the member space;

– to organise the remote participation in meetings of association governance bodies and the implementation of online voting in this context (functioning of the election and issue of anonymised statistics);

– to grant remuneration to elected trustees who request it (means of remuneration, payment and transparency in General Meeting);

  • to communicate the complete list of domain names subject to prior review.
  1. Lawful basis:

Performance of the contract (Article 6-1 (b) of the GDPR) namely the membership contract established by online subscription which includes acceptance of Afnic’s Articles of Association and Internal Association Regulations.

Fulfilment of Afnic’s legal obligations as an association (Article 6-1 (c) of the GDPR)

Performance of a public service (Article 6-1 (e) of the GDPR) vested in Afnic under Article L211-4, 2) of the Heritage Code (public archives) and the legal framework of access to administrative documents (Code of relations between the public and the administration)

  1. Duration:

Civil status, Identity, Identification data: For members, data are retained for three years from the end of membership or longer (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations and/or public service missions. For trustees, data are retained for six years from the end of the term of office or longer (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations and/or public service missions. For membership applications or requests for information that are not followed up, the data are eliminated one year after the last exchange.

The membership account on the Extranet is purged one year after its closure.

Data on the association and its dealings: For members, data are retained for three years from the end of membership or longer (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations and/or public service missions. For trustees, data are retained for six years from the end of the term of office or longer (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations and/or public service missions.

Data relating to electronic voting (Belenios solution installed on Afnic server):

Voting cookies: Once the elector has finished voting, all identifying information is eliminated.

Public data, data on trustees and server data: (i) data are retained on the Afnic server before, during and for one week after the end of the election (vote counting) except for the general server connection logs and the security.log file, which are deleted two weeks after the votes are counted. (ii) They are retained in the archives for the duration of the term of office – four years from the vote counting (iii) They are then purged.

Unlimited duration: statistical election data (non-identifying data)

  1. Categories of data processed: Civil status, Identity, Identification data; Data on the association and its dealings; Data needed for electronic voting (Belenios solution installed on Afnic server)
  2. How the data are collected: Directly
  3. Nature of the data: Only such data as are necessary for the stated purposes.
  4. Recipients:

Civil status, Identity, Identification data: The persons statutorily responsible for managing the association. The departments responsible for administering and managing members. Members, for a detailed version of their directory. The public for the publication in the directory of members showing only first name, surname and organisation. The public for the publication of reports of governing bodies showing only first name, surname and organisation. The public in the case of application of the Patrimony Code and the framework of access to administrative documents. The data subject in the case of application of the framework of access to administrative documents.

Data on the association and its dealings: The persons statutorily responsible for managing the association. The departments responsible for administering and managing members. The public in the case of application of the Patrimony Code and the framework of access to administrative documents. The data subject in the case of application of the framework of access to administrative documents.

Data relating to electronic voting (Belenios solution installed on Afnic server): Election manager: Data on the manager and public data. Managers of the Afnic election server: Data on the manager, server data and public data. Accessible to electors: public data. Access to archived data: electors on request to allow them to check the result and verify its consistency with the election bulletin figures and the election manager.

  1. Transfers outside the EU: No

Management of Afnic’s social network accounts

  1. Purpose

The administrative processing of its social network accounts allows Afnic to:

  • Administer the accounts technically (creation, publications) 
  • Use social networks to access our content published on these networks 
  • Interact (publicly or through private messaging) with subscribers and other users of the platforms 
  • Increase Afnic’s visibility and that of its activity and its websites
  • Prepare usage statistics
  1. Lawful basis: The pursuit of Afnic’s legitimate interests, while respecting the fundamental rights and freedoms regarding the protection of personal data (Article 6-1 (f) of the GDPR)
  2. Duration: The data are stored for as long as the social network concerned exists, unless the user exercises the right of erasure or objection. 

Afnic does not configure and does not have data concerning you from the accounts and cookies operated by social networks. Consequently, only those responsible for these networks can respond to technical requests concerning the cookies used and the exercise of your personal rights.

  1. Categories of data processed: Data visible by default on social networks. Data made public by the user in the context of the configuration of his or her account on each of the social networks. Data on use of the social network for the production of anonymous statistics
  2. How the data are collected: Direct and indirect collection
  3. Nature of the data: Necessary in the case of voluntary access by the user to our available content and interaction with the user
  4. Recipients: For information publicised by the user, the public at large; otherwise only authorised persons in Afnic
  5. Transfers outside the EU: No, apart from what is published on social networks which is accessible without territorial limit. The data needed to prepare statistics may be processed outside the European Union, depending on the data management policy put in place by the person responsible for each social network.

Management of requests for verification of eligibility or contactability of a domain name holder

  1. Purpose

Administrative processing of requests for verification of eligibility or contactability of a domain name holder allows Afnic to: 

– Manage the checks initiated by Afnic in the context of its public service responsibilities 

– Allow a third party to ask the registry to verify the eligibility and/or contactability criteria

– Manage and process Notifications/Report Forms relating to requests for verification of eligibility and/or reachability

– Generate statistics

  1. Lawful basis: In the performance of our public service role (Article 6-1 (e) of the GDPR): Articles L45-3 and 45-5 of the CPCE. Naming policy and other applicable policies
  2. Duration: Destruction of requests for verification and of their processing two years after the closing of verification operations classed as not pursued. For those pursued (judicially, extra-judicially or by Afnic), destruction once the procedures instigated have been completed and their legal prescription period has come to an end
  3. Categories of data processed: Data identifying the person requesting verification and his or her representative if any. Data on the request for verification and its processing. Data on the processing of the verification of eligibility and the holder’s reachability
  4. How the data are collected: Direct collection
  5. Nature of the data: The requirement of the data is regulatory. For the applicant, failure to provide the data prevents the request from being processed. For the holder, failure to provide data may lead to the deletion of his or her portfolio of domain names in application of the CPCE and of the Naming Charter
  6. Recipients: The internal Afnic departments concerned. The registrar of the domain name concerned. The applicant and his or her representative receive the result of the procedure. The public consulting the Whois online directory of domain names sees the result of the procedure

Management of introductions to administrative contacts

  1. Purpose

The processing of introductions to administrative contacts allows Afnic to: 

– Put a third party in touch with the administrative contact of a domain name when the holder’s data are subject to restricted publication

– Enable third parties to send a message to the administrative contact via an interface on the website www.afnic.fr

– Generate statistics

  1. Lawful basis: For the sender of the message, is/her consent (Article 6-1 (a) of the GDPR). For the administrative contact:  In the performance of our public service role (Article 6-1 (e) of the GDPR): Arrangements for meeting the requirements of permanence, quality, availability and security of the registration service. Articles L45-1 §1 and R20-44-39 of the CPCE
  2. Duration: One year
  3. Categories of data processed: Data identifying the third party, sender of the message. Connection data of the third party, sender of the message.
  4. How the data are collected: Direct collection
  5. Nature of the data: For the third party, sender of the message, his or her identification data are necessary for the use of the contact interface.
  6. Recipients: Afnic forwarding the message. The administrative contact, holder is the sole recipient of the message sent by the third party

Management of requests for disclosure of personal data (lifting of anonymity)

  1. Purpose

The administrative processing of requests for disclosure of personal data or lifting of anonymity allows Afnic to: 

  • Reveal the identity and contact details of a private individual domain name holder subject to restricted publication upon well-grounded request of a third party. 
    • For the pursuit of the applicant’s legitimate interests, while respecting the holder’s interests or fundamental rights and freedoms regarding the protection of his/her personal data (Article 6-1 (f) of the GDPR) ; Afnic recognizes such interest when the domain name is an identical or nearly identical reproduction of: (i) a previously registered trademark protected in France, (ii) a previously registered distinctive sign (company name, business name, trading name or logo protected in France, domain name), (iii) a previously registered title protected by French copyright law, (iv) a family name or pseudonym. Afnic’s examination focuses particularly on the similarity of the signs and does not extend to the content of websites.
  • Reveal the identity and contact details provided by the domain name holder and subject to restricted publication (holder’s data and administrative contact’s data) in response to the exercise of a communication right.
    • In compliance with legal obligations and/or public service role (Article 6-1 (c) & Article 6-1 (e) of the GDPR) authorizing investigative powers of public authorities

– Manage user accounts of individuals who represent public authorities

– Manage requests for lifting of anonymity and generate statistics

  1. Lawful basis: In performance of its public service role (Article 6-1 (e) of the GDPR) in application of Article L45-2 of the CPCE and of the registry policies
  2. Duration: Six months, then deleted. Data for the management and connection generated by access via RDAP: 1/ In active records, for the duration of the user account ; in archive database, 5 years upon the end of the contract with the public authority ; 2/ The data present in the logs:: sliding six months  then deleted.
  3. Categories of data processed: The data identifying the applicants and their representatives. In the case of applicant’s legitimate interests: the data contained in the form and in documents attached thereto. The processing of the form. The data identifying the domain name holder in respect of whom the request is made. In response to the exercise of a communication right: The data contained in the request and in documents attached thereto. The identifying data provided by the domain name holder in respect of whom the request is made: data identifying the holder and data identifying the administrative contact. Data for the management and connection generated by access via RDAP to the Whois database by authorised representatives of public authorities which have a communication right. The administrative and operational data on the domain name concerned for the public authorities in application of the law or for third parties in application of a court ruling.
  4. How the data are collected: Direct collection
  5. Nature of the data: For applicants: obligatory, since without the data the request cannot be processed. For holders: erroneous identification data can lead to procedures calling their portfolio of domain names into question in application of the CPCE and of the Naming Charter
  6. Recipients: Regarding applicant’s personal data: The internal Afnic departments concerned. Regarding personal data, object of the Request for disclosure of personal data: the applicant and, if any, his/her representative on the legal basis they invoke such as:* For the pursuit of the applicant’s legitimate interests, while respecting the holder’s interests or fundamental rights and freedoms regarding the protection of his/her personal data (Article 6-1 (f) of the GDPR) ;* In compliance with legal obligations and/or public service role authorizing investigative powers of public authorities (Article 6-1 (c) & Article 6-1 (e) of the GDPR)=> The legal basis invoked by the applicant is in its sole responsibility; the applicant (or public authority) commits itself to receive and use the personal data received only for the purposes defined in its request on the legal basis invoked.Regarding personal data of the applicant and, if any, his/her representative exclusively in the case of applicant’s legitimate interests: the domain name holder as soon as he or she exercises his or her right to information data subjects right) received by Afnic before the data purge.

Management of the mediation procedure

  1. Purpose

Managing the mediation procedure enables Afnic to:

  • allow claimants to instigate mediation by the registry to seek a negotiated solution to a dispute in application of the mediation regulations
  • allow exchanges between the mediator, the parties and, where applicable, their representatives, and Afnic
  • implement the negotiated solution: delete or transfer the domain name forming the object of the mediation
  • manage the service: administration, security, information and statistics
  • manage the satisfaction surveys:
    • Prepare survey to improve mediation service
    • Send out survey invitations
    • Collect anonymized responses
    • Generate statistics on anonymized survey results
    • Publish anonymized survey results
  • manage mediators: verification of skills and experience, handling of cases, appointment and end of assignment
  1. Lawful basis: In performance of its public service role (Article 6-1 (e) of the GDPR) in application of the Agreement between the State/Afnic for the management of the .fr signed on 18 March 2022, Article L45-2 of the CPCE, the Naming Charter and the mediation procedure rules.Participation in the satisfaction survey: Consent of the data subject, who may optionally complete the satisfaction questionnaire after the mediation has ended (art. 6 -1. a/ of the RGPD).
  2. Duration:

Personal data processed for mediation cases: retention in active database for up to two months from the date of implementation of the negotiated solution or administrative closure, then retention in archive database for 5 years before purge.

Personal data of mediators in the context of the management of their assignments: deletion of all data one month after the end of the assignment, or later (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in application of legal obligations.

Personal data of satisfaction survey participants:

  • Survey invitation data: purged two months after the last exchange.
  • Survey results and statistics: by their very nature, these do not contain any personal data. Anonymized if necessary.
  • FRAMASOFT Matomo tracker: 13 months for the unique identifier, data collected is anonymized and kept for 6 months.
  1. Categories of data processed:

For the parties to the mediation and their representatives if any:

– surname, first name, postal and email addresses, telephone number

– the exchanges

– the negotiated solution: written report and its implementation (deletion/transfer of the domain name forming the object of the mediation)

Satisfaction survey participant data :

– E-mail address

– Survey answers

– FRAMASOFT Matomo trackers: Matomo generates a cookie with a unique identifier. The data collected (IP address, User-Agent…) is anonymized.

For the mediator:

– surname, first name, postal and email addresses, telephone number

– qualifications: skills and experience for acting as mediator

– information on impartiality and independence: verifications and declarations

– cases handled and exchanges for mediation procedures

For third parties: the information sent by the parties in the context of the exchanges under the mediation.

  1. How the data are collected:

For the parties to the mediation and their representatives if any: direct collection

For satisfaction survey participant data: Direct collection

For the mediator: direct collection

For third-party data transmitted by the parties: indirect collection

  1. Nature of the data:

For the parties to the mediation and their representatives if any: mandatory collection

For satisfaction survey participant data: optional subject to * survey requirements

For the mediator: mandatory collection

For third-party data transmitted by the parties: optional collection

  1. Recipients:

The mediator for the exchanges aimed at finding the negotiated solution

The relevant internal departments of Afnic for management of the mediation procedure

The service provider in charge of hosting the afnic.fr website for sending request forms for mediation via the afnic.fr website: ECRITEL, registered with the Nanterre Trade & Companies Register under number 332 484 021, having its registered office at 84 Rue Villeneuve, 92110 Clichy, FRANCE

The registrar(s) affected by the implementation of the negotiated solution

To manage the satisfaction survey:

– In-house: people in charge of processing

– FRAMAFORMS survey tool published by the service provider FRAMASOFT – Association loi 1901 declared at the Arles sub-prefecture on December 2, 2003 under n° 0132007842 – Siret n°: 500 715 776 00026 – c/o Locaux Motiv at 10 bis rue Jangot, 69007 Lyon.

– FRAMASOFT data hosting subcontractor: Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen, Germany

– Public: All recipients of anonymized survey results and statistics

  1. Transfers outside the EU:

No, subject to the party’s or parties’ choice of service provider (representatives and/or registrars) established outside the EU. The appropriate guarantees for any such transfers are those taken out by said parties, the data controllers, with their service providers.

Management of Alternative Dispute Resolution (ADR) procedures

  1. Purpose

The administrative processing of ADR procedures allows Afnic to:

– Enable a third party to call upon Afnic to demand the transfer or deletion of a domain name

– Enable a domain name holder subject to an ADR procedure to respond

– Manage the service alone (Afnic for SYRELI) or with the Centre (WIPO for EXPERT ADR EXPERT): administration, security, information and statistics

– Access the platforms (experts and those involved in the procedure)

– Manage the experts and persons involved

  1. Lawful basis: In the performance of our public service role (Article 6-1 (e) of the GDPR): Article L45-6 of the CPCE. Naming Charter and ADR Regulations
  2. Duration:

– Data relating to user accounts: Destroyed two months after their creation if no case file is opened OR destroyed after one year of inactivity from the last case file transferred to “CLOSED” status OR destroyed on demand

– Data relating to Support/College, Admin (Admin Afnic, Admin WIPO, Admin Accounting and Superadmin) and Expert accounts: Destruction upon resignation, removal or departure or later (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations

– Data relating to case files of Claimants, Holders, their representatives and, if applicable, the personal data of third parties: Data relating to a procedure are retained on a current basis by Afnic for a period of two months from the closure of the procedure when this is not followed by a judicial or extra-judicial procedure or any action instigated by or against Afnic. In the case of a judicial or extra-judicial procedure or a procedure instigated by Afnic against a respondent, the data relating to the procedure are retained by Afnic for the duration of the procedure and until the means of appeal are exhausted. Following the end of the processing on a current basis, data are retained, in archives, for five years before being destroyed. Data are not retained by the Experts or by the WIPO Centre.

– Personal data of the Experts and other Participants in the procedure: Apart from the data published in the context of the publication of decisions handed down and advertising of the activity of the ADR: upon resignation, removal or departure or longer (i) with the express consent of the data subject, (ii) in the event of dispute or (iii) in fulfilment of legal obligations.

Rulings publicised after anonymisation.

  1. Categories of data processed: Identifying data. Data from ADR files (pleas, exhibits, exchanges, etc.) and their processing (report, ruling, etc.).
  2. How the data are collected: Direct collection
  3. Nature of the data: Necessary. Erroneous identification or contact data will prevent receipt of the entire proceedings online. The domain name holder is free to respond to an ADR file. In any case the ADR ruling will be enforceable vis-à-vis the holder (see ADR Regulations)
  4. 7. Recipients: The internal Afnic departments concerned. The plaintiff, the holder and the representatives if any. The registrar in charge of the domain name forming the object of the ADR proceedings. If the plaintiff lodges the application with EXPERT ADR: The designated expert and the relevant departments of the WIPO Arbitration and Mediation Centre. The public as regards the ADR ruling
  5. Transfers outside the EU: In the case of a EXPERT ADR file, the recipient is the WIPO Arbitration and Mediation Centre, established in Switzerland as co-administrator of the EXPERT ADR procedure with Afnic. Means of ensuring adequate protection: Switzerland is a country recognised by the European Commission as offering a sufficient level of protection for personal data

Management of reports of domain names that are unlawful or contrary to public order

  1. Purpose: The administrative processing of reports of domain names that are unlawful or contrary to public order allows Afnic to:

– Enable anyone, through a form available on www.afnic.fr, to report to Afnic a domain name of an unlawful nature or contrary to public order

– Generate statistics

  1. Lawful basis: In the performance of our public service role (Article 6-1 (e) of the GDPR): Arrangements to meet the requirement of a mechanism allowing anyone to bring to Afnic’s attention a domain name likely to be unlawful or contrary to public order. Articles L45-1 §1 and R20-44-39 of the CPCE
  2. Duration: Destruction of requests for verification and of their processing two months after the closing of verification operations classed as not pursued. For those pursued (judicially, extra-judicially or by Afnic), destruction once the procedures instigated have been completed and their legal prescription period has come to an end
  3. Categories of data processed: Data identifying the sender of sender of the report. Data on the report and its processing. Data identifying the domain name holder. Data on the processing of the verification of eligibility and contactability
  4. How the data are collected: Direct collection
  5. Nature of the data: The requirement of the data is regulatory, and without them the requests cannot be dealt with
  6. Recipients: The Afnic internal departments concerned. The competent public authorities

Management of applications to and recruitment by Afnic

  1. Purpose

The administrative processing of applications to and recruitment by Afnic allows Afnic to manage spontaneous applications and applications in response to advertised job vacancies

  1. Lawful basis: The consent (Article 6-1 (a) of the GDPR) given by the data subject’s sending an application to Afnic, spontaneously or in response to an advertised vacancy
  2. Duration: Deleted one year after the last contact or earlier in the event of withdrawal of consent
  3. Categories of data processed: Your identifying data. Such data as are necessary and pertinent to respond to the requirements of the offer of employment. Our exchanges. Data on processing of applications. Outcome of applications.
  4. How the data are collected: Direct collection in principle. Indirect collection for gathering references from the candidate’s work environment (hierarchical superiors, colleagues, internship supervisors, clients, service providers, etc.). No other indirect collection without the candidate’s prior agreement
  5. Nature of the data: Necessary to allow processing of and response to the application
  6. Recipients: Afnic’s HR department. Afnic managers issuing the job offer for information relating to the performance of the functions. The recruitment agency commissioned by Afnic, if any.