Privacy Statement

General 

As manager of the  .be, .brussels and .vlaanderen domain name extensions, DNS Belgium obtains a number of personal data directly or indirectly, for which it is the data controller .   DNS Belgium is particularly careful with -- and proceeds to process -- such data mainly in order to guarantee the services we offer and to manage domain names.  We have also appointed a data protection officer who is responsible for the protection of the data. 

Below we explain which data we process and why. We also want to inform you about your rights and where you can go with questions and/or complaints.  

Contact data 

If you have questions about the processing of your personal data or your rights, you can always contact us. 

Data controller contact details 

DNS Belgium vzw

Ubicenter, Philipssite 5, box 13

3001 Leuven

privacy@dnsbelgium.be

Tel. +32 16 284970

Data protection officer details 

DNS Belgium vzw

Attention:  Peter Vergote

Ubicenter, Philipssite 5, box 13

3001 Leuven

dpo@dnsbelgium.be

Whose data do we process? 

DNS Belgium processes the data of the following persons: 

  • Registrants of a .be, . brussels or .vlaanderen domain name; 
  • Visitors of the website www.dnsbelgium.be  of or other websites of  DNS Belgium;
  • Persons who call on the services of DNS Belgium or come into contact with us through one of our communication channels; 
  • Persons who act as representatives of a party with which DNS Belgium works. 

The data of the registrant come into our possession directly through the registrar with whom the domain name was registered. The data of other persons is processed directly by DNS Belgium. 

Which data of registrants do we keep? 

When a domain name is registered, an agreement is concluded by and between DNS Belgium and the registrant.  To perform the agreement correctly, we processes the following data of registrants of .be, .brussels or. vlaanderen domain names: 

  • Forename and surname 
  • address,  
  • e-mail address, 
  • telephone and fax number.  

We process said data exclusively so as to be able to manage the three domain name zones. We do not use them for commercial purposes. 

DNS Belgium keeps the data for an unspecified period. Contact details which have never been linked to an actual domain name registration are however deleted automatically after 12 months. Contact data which are linked to an actual domain name registration may be deleted at the request of the party concerned if the domain name has been cancelled for more than 10 years. 

Why do we process data? 

DNS Belgium needs your data to inform you about (technical) problems with your domain name or when the general terms and conditions for the management of .be domain names change. 

We may have to share data with governmental authorities on account of legal requirements (e.g. judicial investigation). We also have to disclose the data to judicial or legal representatives of third parties who wish to assert certain rights on one or more specific domain names. 

We may also have to disclose data to the authorities which settle such disputes, i.e. CEPANI for .be domain names and WIPO (and other organisations which are designated by ICANN) for .brussels and .vlaanderen domain names. 

In principle, we do not disclose any personal details to countries or authorities outside the European Economic Area (EEA). If DNS Belgium receives a request to that end, we will ensure that appropriate guarantees exist and inform the registrant accordingly before complying with the request.  

Which data of visitors to our websites do we keep and for how long? 

We keep the following data of users/visitors of  www.dnsbelgium.be or other websites under the direct management of DNS Belgium:  

  • IP address  
  • cookies (data on the website such as language preference, number of pages viewed, which links were clicked, etc.).  

DNS Belgium processes these data exclusively in order to improve the use of the website and the service provided. We will not use such data for commercial purposes. 

When online forms are used, we process  certain data to prevent misuse (spam, false declarations, etc.), namely: 

  • forename and surname 
  • address 
  • e-mail address
  • telephone number 

We keep data processed as a consequence of a website visit for a period of one year, and then they are automatically deleted. 

We keep data which are processed when online forms are completed for an unspecified period. Such data are stored in an application for Customer Relationship Management (CRM) (more specifically that of BPM Online, www.bpmonline.com) which enables us to optimize our service.  

Processed personal data can be removed manually at the request of the party concerned if more than 12 months have lapsed since said data were stored. 

Which data do we have to disclose and why? 

We may have to disclose data that are processed as a consequence of the visit of our website to countries outside the European Economic Area (EEA). We have made sure that such data are anonymized so that the authority that receives the data cannot possibly identify the parties concerned.  

The data processed when using online forms are not disclosed to countries or authorities outside the EEA. 

Which data of persons who call on our services do we keep? 

We keep the following data of persons who call on the services of DNS Belgium or who come into contact with us in another way: 

  • forename and surname 
  • e-mail address 
  • telephone number 

DNS Belgium processes such data exclusively in order to improve our services and to address the needs of the persons who contact us more efficiently. We will not use the data for commercial purposes. 

The processing does not mean that we disclose them to countries or authorities outside the European Economic Area (EEA). 

We keep the processed data for an unspecified period (not by mere contacts over the telephone) in an application for Customer Relationship Management (CRM) (more specifically that of BPM Online, www.bpmonline.com) which enables us to optimize our service.    

Processed personal data can be removed manually at the request of the party concerned if more than 12 months have lapsed since said data were stored.

Which data of persons we work with do we keep? 

We keep the following data of persons who act as representatives of a party with which DNS Belgium works in a professional, contractual or other manner: 

  • forename and surname 
  • e-mail address
  • telephone number 

We process such data exclusively in order to facilitate the cooperation with the parties concerned. We will not use the data for commercial purposes. 

The processing does not mean that we disclose them to countries or authorities outside the European Economic Area (EEA). 

The processed data are kept by DNS Belgium for an unspecified period. They are stored in an application for Customer Relationship Management (CRM) to optimize the cooperation with contractual and other professional partners.  

Processed personal data can be removed manually at the request of the party concerned if more than 12 months have lapsed since the professional cooperation arrangement was terminated or as soon as the party concerned is no longer connected with the organisation with which DNS Belgium cooperates.

What are your rights? 

A summary of your rights is given below to make the new regulation on the protection of your privacy comprehensible.  

Right of access to data processed by DNS Belgium 

If this is not sufficiently evident from our privacy policy, you can always ask us which of your data we process, why, to whom we provide it, and how long we store it.   We may require specific identity details from you in order to answer your question properly.

Right to rectification of data processed by DNS Belgium  

It is obviously in both our interests for us to process only correct data. If you find that certain data are incorrect or incomplete, you are of course always welcome to inform us. We will supplement or correct your data as promptly as possible.    A particular remark is in order for .be/.brussels/.vlaanderen registrants because we do not control this data directly. We only process it based on the input from the registrar who manages your domain name.    As a registrant, you must report changes in your personal data to the registrar who manages your domain name at that time. The registrant will adapt the data for you and make sure that these changes are entered also in the DNS Belgium database. If you do not have your data updated,  you run the risk that the registrar cannot contact you (to send the annual renewal invoice, for instance) and your domain name may be deleted inadvertently.

Right to erasure (right to be forgotten) 

DNS Belgium is the unique source that can provide a summary of the lifecycle of a domain name. In that respect, we would like to keep the registration history of a domain name intact.  This does not of course preclude that DNS Belgium will consider every request to exercise the right to be forgotten and assess the feasibility thereof.   We mention in our privacy policy how long we keep certain data. DNS Belgium is naturally prepared to delete data if it ascertains that: 

  1. the aforementioned period has expired; 
  2. the data are no longer needed for envisaged processing purposes. 

Right to restriction of processing 

DNS Belgium endeavours to keep the processing of personal data to a minimum.    If you think the processing by us should be restricted further, please let us know. We  will then examine as promptly as possible whether the conditions of Article 18 GDPR are met and whether further restriction is appropriate. 

Right to data portability 

DNS Belgium is ready to help with administrative simplification and can above all provide .be/.brussels/.vlaanderen registrants with data that can prove useful for transferring to other authorities.    We would like to point out that our registrants can download a certificate with the summary of the registrant data. For more information, go to our homepage and type your domain name underneath “verify details”.

Right to object to data processing 

DNS Belgium endeavours to keep the processing of personal data to a minimum. If you nonetheless think that you can object to the processing of your data, feel free to inform DNS Belgium.  The data protection officer will look into your specific situation in the light of the provisions of Article 21 GDPR and assess whether your objection to processing is justified. If the data protection officer’s assessment of your request is positive, DNS Belgium will cease immediately any further processing of your data.  

Automated individual decision-making, including profiling 

DNS Belgium takes no decision based on automated processing or profiling. 

Lodging a complaint with the competent authorities 

If you think that your rights are infringed or that DNS Belgium has failed to protect them, you can lodge a complaint with the competent governmental authority responsible for the protection of your personal data (Data Protection Authority or DPA).  

In principle, you must lodge your complaint with the authority of the EU Member State in which you reside.  For Belgium that is the  

Privacy Commission, 

35 Drukpersstraat  

1000 Brussels 

Tel. +32 2 2744800, 

www.privacycommission.be    

We would of course appreciate it if you contacted us first to see whether a solution to the problem can be found.  

A  complete and detailed summary of  your rights is set out in Articles 15-20 of the General Data Protection Regulation (GDPR), available at:  https://eur-lex.europa.eu/legal-content/NL/TXT/PDF/?uri=CELEX:32016R0679&from=EN

Additional announcements 

Registrant data lookups  

DNS Belgium offers a search function on its website www.dnsbelgium.be that can be used to obtain the contact details of a registrant by entering the specific domain name. 

DNS Belgium wishes to stress that this search function has been adapted to protect the privacy of registrants to the maximum. 

First of all, a distinction is drawn between domain names registered in the name of private individuals and of legal entities.

For domain names registered in the name of private individuals, the registrant’s data are fully protected and can therefore not be consulted through an ordinary search. The same applies to any “onsite” and/or “tech” contacts linked to such domain names, when a private individual is also concerned. For linked contacts of the managing registrar, we cannot show the name of natural contact persons any longer, but we can show the contact details of the company. 

For domain names registered in the name of legal entities, the registrant’s data are always shown in a search, except when a natural contact person is concerned. For linked “onsite,” “tech” and registrar contacts, the same rules apply as those mentioned above for private domain name registrations. 

Access to data for staff of DNS Belgium 

As already mentioned, the internal systems of DNS Belgium (e.g. the CRM application) sometimes contain personal data.  DNS Belgium has taken measures so that its staff can access personal data only as and when required to carry out their respective tasks in the organisation.  This prevents unnecessary exposure of personal data and minimizes the risk of data leaks. 

Technical security measures 

In line with the mirroring of critical components of its management systems, DNS Belgium uses cloud services.  For instance, we use the cloud services of AWS to host the registration platform.  DNS Belgium has opted for a specific setup, whereby all data hosted at AWS are encrypted using the most recent cryptographic technologies. In the – very highly unlikely – eventuality of a serious incident at AWS, where data might be accessed by unauthorized persons, the data of DNS Belgium will still be illegible because of the applied encryption. Naturally, this once again leads to the further minimization of data leaks. 

Guarantees on non-commercial use of your data 

DNS Belgium is not a commercial entity, and will not use your data for commercial purposes. It will consequently not pass your data on to third parties, not even our business partners, even when they explicitly so request. You therefore get a guarantee from us that your data will not be used for direct marketing, commercial e-mails, or other forms of canvassing. 

DNS Belgium discloses the data to third parties only in the following cases: 

  • at the request of a (local or federal, judicial or administrative)  governmental authority so that it can carry out its legal duties; 
  • at the request of a dispute settlement institution in an alternative dispute resolution (ADR) procedure; 
  • at the request of an interested party, with prior assessment by the legal department of DNS Belgium (see further). 

But even in these situations, we examine whether it is necessary to disclose data on a case-by-case basis.  

DNS Belgium calls on third parties for certain technical solutions such as AWS for cloud services. This means that data can be stored on locations other than the registered office of DNS Belgium. As already explained, in such cases, DNS Belgium takes the necessary precautions to secure adequate data protection (in particular through encryption) in order to prevent unauthorized access. 

Requesting the contact details of a specific registrant 

If the registrar of a .be, . brussels or .vlaanderen domain name is a private individual, his contact details may not be consulted via the search tool on our site.  Those who wish to request such data, can complete  this application form and submit it to the legal department of DNS Belgium.  On this application form, the applicant has to: 

  • indicate and underpin the legitimate reasons for his request; 
  • accept a waiver in which he undertakes not to use the requested personal data for purposes other than those indicated in the application form (and/or indicated in the appended documents);
  • Provide his full name and address, including e-mail address, telephone and fax number, and in the case of a legal entity, the company number. 

The legal department of DNS Belgium will examine and assess each application thoroughly in the light of the requirements for such special data processing. If the assessment is positive, the requested data will be provided to the applicant.