Personal Data and Privacy Policy
1st September 2023
© IP Twins
Introduction
This Privacy Policy has been prepared for you by IP Twins SAS (hereinafter “IP Twins”), a company incorporated in France, with registered office at 78, rue de Turbigo, 75003 Paris, France, registered in the Registre du Commerce et des Sociétés under number 441 049 376 and of which Mr. Sylvain Hirsch, Chief Executive Officer, is the legal representative.
IP Twins provides services relating to the management of domain name portfolios and the monitoring and protection of trademarks on the Internet. With very few exceptions, IP Twins customers are legal persons. The prospects of IP Twins are exclusively legal persons. In the course of its business activities, IP Twins is required to process your Data, for example:
– when you browse our site iptwins.com or when you use our tools (Detective, Domainarium, Identitool, Similaritool);
– when, personally or on behalf of a legal entity, you register a domain name;
– when, in your personal capacity or on behalf of a legal person, you subscribe to our newsletters;
– when you contact our team, by any means whatsoever.
The purpose of this Privacy Policy is to inform you of how we process your Data and the reasons that lead us to conduct such operations. This Privacy Policy aims to provide you with information on:
– the Data controller;
– the purposes of the Processing;
– the legal basis of the Processing;
– the duration of the retention of your Data;
– the possible transfer of your Data outside the European Union and, in this case, the recipients of your Data;
– the security measures we use to protect your Data;
– your rights and how to exercise them with the competent Data Protection Authority.
We have endeavoured to draft this Privacy Policy in the clearest and most transparent manner.
Definitions
For the purposes of this Privacy Policy, we mean:
- “consent“: any indication of your wishes by which you, by a statement or by clear affirmative action, signifies agreement to the Processing of your Data;
- “GDPR“: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=FR
- “ICANN”: Internet Corporation for Assigned Names and Numbers: www.icann.org.
- “IP Twins Services“: covers iptwins.com website, all IP Twins’ applications (Domainarium, Identitool, Similaritool, and Detective), IP Twins’ newsletter, and services offered via computer or telephone communication systems.
- “Personal data” or “Data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a professional position, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing“: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor“: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “RAA“: Registration Accreditation Agreement (“RAA”); in concrete terms, this is the between ICANN and IP Twins.
- “Recipient“: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- “Registration data directory services” or “Whois“: a set of domain name directories whose essential function is the identification of the natural or legal person who has registered a domain name and who is presumed to be the domain name holder.
- “Registration data“: data collected from a natural or legal person with regard to the registration of a domain name (section 2 of the Temporary Specification).
- “Registry Agreement“: a gTLD Registry Agreement entered into between a Registry Operator and ICANN, including any Registry Agreement based on the New gTLD Registry Agreement approved by ICANN’s Board of Directors on 2 July 2013 and as amended.
- “Registry“: an ICANN-accredited entity for the management of a Top Level Domain (or extension) such as .fr, .com, .uk, .inc., Etc.
- “Specification“: a term used by ICANN to refer to an annex to the Accreditation Agreement between ICANN and Registrars.
- “Temporary Specification“: Provisional gTLD Registration Data Policy adopted on May 17, 2018, through ICANN Board Resolutions 2018.05.17.01 and 2018.05.17.09. https://www.icann.org/en/system/files/files/gtld-registration-data-temp-spec-17may18-fr.pdf
- “Third party“: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- “WhoIs“: a set of domain name directories whose essential function is the identification of the natural or legal person who has registered a domain name and who is presumed to be the owner.
Legal Framework
As a French company, IP Twins is subject to French law and the law of the European Union. In this respect, IP Twins complies in particular with:
Legislative and regulatory provisions relating to data protection, in particular:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to data processing and the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation, known as “GDPR”); and
– la loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (French law related to personal data);
Legislative and regulatory provisions other than those specifically governing data protection, in particular:
– Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) and its transposition into French law by Loi No. 2004-575 of 21 June 2004 sur la confiance dans l’économie numérique (known as “LCEN”);
– Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights (known as the “IPRED Directive”) and its transposition into French law in the Intellectual Property Code.
Jurisprudence and jurisdictional decisions from:
– European Union courts; and
– French courts.
To ICANN Contractual Documents:
– the Registrar Accreditation Agreement with ICANN (“RAA”); and
– the Temporary Specification for gTLD Registration Data Adopted on 17 May 2018, by ICANN Board Resolutions 2018.05.17.01 – 2018.05.17.09, incorporated by reference into the RAA, with the stipulations of this Temporary Specification superseding all other ICANN specifications for WhoIs directory services (1.3 of the Temporary Specification).
IP Twins insists on that the legislative, regulatory and jurisprudential provisions prevail over the contractual stipulations. This means that in the event of a conflict or difficulty of interpretation between, on the one hand, a legislative, regulatory or jurisprudential provision emanating from French or European Union law and, on the other hand, a stipulation of the RAA, the former prevail over the seconds.
Scope
This Privacy Policy applies to:
– Personal Data as defined in Article 2 above;
– all the services offered by IP Twins;
– our newsletters.
Data Protection Principles
The confidentiality of your Data is of the utmost importance to us. IP Twins complies with Data Protection principles as set out in Section 5 of the GDPR:
The lawfulness, the loyalty and the transparency of the Processing. The lawfulness of the Processing we perform results from:
– your Consent to a contract with IP Twins (domain name registration agreement, audit contract, online brand protection agreement, terms, and conditions for the use of iptwins.com), to which this Privacy Policy is incorporated;
– the necessary nature of the Processing of your Data for the proper performance of the contracts to which you have granted in a personal capacity or on behalf of a legal person;
– the legal obligations to which IP Twins must comply;
– the necessary nature of the Processing for the purpose of protecting legitimate interests pursued by IP Twins or by Third Parties.
The limitation of the purposes for which the Data are processed:
– we only collect Data about you if we have a reason to do so;
– we process your Data only to the extent necessary to achieve a specific objective related to our services and our legislative, regulatory and contractual obligations;
– we prohibit any resale of your Data and any use of your Data for profiling purposes;
Minimization of Data:
– we limit the collection and any other Processing of your Data to the strictest necessary;
Accuracy of the data:
– legal and regulatory provisions oblige us to guarantee the accuracy of your Data;
– it is also your responsibility to exercise your right of rectification.
Limitation of data retention:
– we limit the retention of your Data over time,
Integrity of your Data:
– we implement all the means at our disposal to guarantee the security of your Data.
Confidentiality of your Data:
– we guarantee the confidentiality of your Data, within the limits of the applicable legal framework as defined in a non-exhaustive way in article 3 of this Privacy Policy.
Who is the Data Controller?
By default, the controller is IP Twins.
However, in certain circumstances related to Data Processing resulting from the domain name operations, the Controller may be ICANN or the registry. In this case, IP Twins takes the quality of Processor.
Processing of Data
7.1. For registration and maintenance of domain names
7.1.1. What Data?
When you register a domain name, we must collect the following information:
– your first name ;
– your last name;
– if applicable, the name of the legal entity on behalf of which you register the domain name;
– your personal postal address or the mailing address on behalf of which you register the domain name;
– your personal email address, your professional email address or the email address of the department responsible for managing the domain names of the legal entity on behalf of which you register the domain name;
– your personal or professional telephone number;
– your personal or professional fax number;
– encrypted information relating to means of payment;
– your personal username and password or the username and password of the account associated with the legal entity on behalf of which you register the domain name.
This information is integrated into a WhoIs record. Please note that all information contained in a WhoIs record is not Personal Data.
7.1.2. For what purpose and on what legal basis?
We process the information referred to in 7.1.1. for reasons set out in section 4 of the Temporary Specification:
First, the Processing of this information is essential to ensure the exercise of your rights on your domain names.
Second, the GDPR authorizes the Processing of this information for public interest reasons or for a legitimate interest, in particular for reasons related to the security of the networks, the protection of consumers/Internet users, and the respect of intellectual property rights. For example, WhoIs Information Processing is essential in a domain name court proceeding, whether it is a court proceeding or an out-of-court proceeding that you consent to in the domain name registration agreement with IP Twins or to which you have consented in a domain name registration agreement with another domain name registrar.
Third, the Processing of this information is essential to the provision of domain name services and their maintenance, including:
– to check the correctness and, if necessary, update the information contained in a WhoIs record (including data of a technical nature and personal data);
– to allow communication with the domain name holder, for example for billing issues or reminders of renewal dates;
– to transfer a domain name to a Third party or to another registrar;
– to guarantee the continuity of the service in case a registry or a registrar would stop its activities.
7.1.3. Is your Data made public or transferred to Third Parties?
In accordance with the provisions of the GDPR and the stipulations of Annex A of the Temporary Specification, we do not disclose your Data. However, in accordance with the provisions of the GDPR (in particular Article 49.1.e)) and in accordance with the provisions of Articles 2.5., 4.1. and 4.2. of Annex A of the Temporary Specification, we are under the obligation to make available to the Third Parties a request mechanism by which we could be forced to disclose your Data.
In any event, IP Twins complies with the jurisdictional decisions issued by the competent authorities and whose purpose is, in whole or in part, to facilitate the identification of a natural person.
7.1.4. How long is your Data kept?
Retention of WhoIs Data is not the responsibility of IP Twins, but of the Registry (see Appendix C of the Temporary Specification entitled “Data Processing Requirements”). For example:
– If you or the company that you represent is the holder of a .COM domain name, VeriSign, Inc. retains the WhoIs information (including your Data);
– If you or the legal entity that you represent is the holder of a domain name whose extension is .FR, it is the Association Française pour le Nommage Internet en Corporation (AFNIC) which retains the WhoIs information (including your Data).
Retention of Data related to gTLD domain names
According to the ICANN Data Retention Specification, the information contained in a Whois record must be retained for two years after the expiry of the registration agreement. As for the Banking Data, they must be kept for a minimum period of 180 days. IP Twins draws your attention, on the one hand, to the fact that “The requirements of [the] Temporary Specification override and replace the requirements” of the Data Retention Specification and, on the other hand, the fact that the Temporary Specification does not contain any stipulations on the retention of Data.
Retention of Data related to ccTLD domain names
The duration of the retention of the information contained in a WhoIs record is determined by the relevant Registry.
7.2. For other commercial services
We conduct Processing of your Data in the following situations:
– when we enter into a pre-commercial or commercial relationship with you;
– when you subscribe to one or more of our newsletters.
7.2.1. What Data?
As part of a commercial relationship between IP Twins and the legal entity you represent and as part of a prospecting activity, we may collect and process the following Data:
– your first name and last name;
– your professional position;
– the name of the legal person you represent;
– the mailing address of the legal person you represent;
– your professional email address or the email address of the legal person you represent;
– your business phone number;
– your professional fax number;
– the encrypted information relating to the means of payment of the legal person you represent;
– the username and password of the account associated with the legal person you represent.
As part of our newsletters, we collect and process the following Data:
– your first name and surname;
– your professional position;
– the name of the legal entity you represent;
– your professional email address or the email address of the legal entity you represent (in this regard, we recommend delivering an institutional business email address, showing the domain name of the legal entity).
7.2.2. For what purpose and on what legal basis?
Processing the Data referred to in Article 7.2.1. is the consequence of your Consent. The Processing of your Data is also a necessity for the performance of the contract that binds IP Twins to the legal person you represent.
7.2.3. Can your Data be transferred?
We do not transfer the information and Data referred to in 7.2.1.
However, the following circumstances may require us to transfer these information and Data: merger; acquisition or in the unlikely event of a cessation of activity.
7.2.4. What is the duration of the Data retention?
We retain the Data for the duration of the contractual relationship between IP Twins and the legal person you represent. Subsequently, as of the expiry date of the relevant contract, we only retain non-personal information.
We retain the information relating to the performance of the contract (orders, billing, payment, etc.) for ten years after the expiry date of the contract, as accounting proof.
In accordance with article L. 133-24 of the French Monetary and Financial Code, the data relating to your credit card are retained by our secure payment provider until full payment and, for evidence in case of a claim, for 13 months, or 15 months if it is a deferred debit card. As for the cryptogram of your card, it is retained only for the time required to complete each transaction.
The telephone conversations with our team are not recorded, so they are not retained.
We retain the Data collected for our newsletter until you decide to unsubscribe.
We keep the Data collected as part of our newsletters until you exercise your right of deletion.
7.3. Data collected automatically
7.3.1. Login information
On the iptwins.com website, we collect information that browsers and servers make available to us. This information, which is not Personal Data, is the type of browser you use, your IP address, the choice of language, or the date and time of access to our site.
7.3.2. Cookies
Cookies are text files that, when you visit our site iptwins.com, are stored in a hard drive space of your computer system for a maximum of twelve months.
A cookie does not identify you personally, except when they are aggregated for profiling purposes. At IP Twins, we do not use cookies for profiling or advertising purposes.
We only place in your computer system strictly necessary cookies for your login credentials and the registration of your preferences (language and location). These cookies are mainly used to identify you more easily and allow you to navigate more smoothly on iptwins.com.
We mainly use analytics cookies. These cookies allow us to obtain anonymous statistics of visits to our site in order to optimize it and detect possible malfunctions.
In addition, since the website iptwins.com displays share buttons to social media platforms, third-party companies (namely Twitter, LinkedIn and Facebook) can integrate into your computer system cookies that will be used to track your online activity. Please note that we have no direct control over the information collected by Third Party Cookies.
Finally, we deposit cookies necessary for your security and ours.
Third Party Data
As part of its online brand protection services, IP Twins is required to know the identity or Personal Data of Third Parties, suspected by our customers or ourselves to commit civil or criminal offences (such as cybersquatting, and counterfeiting).
In this case, IP Twins sends a request to Third parties (other registrars, online market platforms or social networks). In these circumstances, IP Twins does not act as a Data Controller, but as a Recipient.
In any event, IP Twins performs Third Party Data Processing solely for the purpose of responding to an alleged breach of public policy or to protect and safeguard our customers’ intellectual property rights.
How is your Data protected?
We protect the privacy of your Data with the same level of requirement that we protect our customer’s intellectual property rights.
We use physical, electronic and security safeguards in connection with the collection, retention and disclosure of your Data.
What are your rights?
Your Data is your property. Any unauthorized use of your personal data is an infringement of your rights. You are therefore free to limit the information you provide, unsubscribe from our newsletter, and determine your browser’ settings to manage or refuse cookies.
10.1. Your rights
Your Data is your property.
You have the right to access your Data.
You have the right to ask:
– their rectification or update of your Data;
– the deletion of your Data;
– the portability of your Data, to be received in a structured and commonly used format.
You may object to the Processing of your Data.
You may require the limitation of the Processing of your Data when you object to it, when you dispute the accuracy of your Data, when you believe that the Processing of your Data is unlawful or when you consider that the limitation is necessary for the defence of your rights in court.
Finally, you can also give instructions for the fate of your Data in the event of death.
10.2. Your right to refuse commercial solicitations
Please note that the right to refuse commercial solicitations can only be exercised by a natural person. IP Twins only send commercial solicitations to legal persons.
We comply with the Data protection rules regarding Consent that require for the prior and express collection of your Consent for the electronic sending of commercial prospecting. If you subscribed to our newsletter with a personal email address, you always have the possibility to unsubscribe by clicking on the relevant link which is at the bottom of each newsletter.
10.3. Your right to manage and delete cookies
The registration of a cookie in your computer system is subject to your Consent. You can always change your preferences on your browser.
We also alert you that the setting of your browser determines your browsing comfort.
We are not liable for the consequences of uncomfortable or impossible navigation resulting from our inability to deposit or consult the cookies necessary for normal operations.
How to exercise your rights?
11.1. Contact us
For any information regarding your Data processed by IP Twins, you can contact us:
- By email: juristes@iptwins.com.
- By telephone: +33 (0)1 42 78 93 12.
- By post: 78, rue de Turbigo, 75003 Paris, France
The rectification or withdrawal will be carried out without delay.
The National Commission for Computing and Liberties (CNIL) provides you with letter templates that you can adapt to your needs:
https://www.cnil.fr/fr/modeles/courrier
We will respond to your request without delay.
11.2. Your recourse before the Data Protection Authority
For any information on the scope of the rights that you hold on your Data and on the means of exercising them, we invite you to inquire at the Commission Nationale Informatique et Libertés (CNIL), which is the competent Data Protection Authority:
3 Place Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: +33 (0) 1 53 73 22 22 (Monday to Thursday from 9h to 18h30 / Friday from 9h to 18h)
Fax: +33 (0) 1 53 73 22 00
The CNIL website can be consulted at the following address: www.cnil.fr.
If you believe that we have infringed your Data, you have the possibility to file a complaint with the CNIL, at the following address:
– https://www.cnil.fr/fr/plaintes/
Copyright
This Privacy Policy is an intellectual property of IP Twins and is protected by copyright laws.