All customer data is subject to Austrian data protection laws (which are stricter than EU regulations and much stricter than US ones):
Personal data is hereby defined as:
* Billing name, address, email, phone and payment data (Source bank account/owner, PayPal owner and similar)
* Customer account data that is not published public in the RIPE database
* IP address at sign-up and support/sales enquiries via the website(s)
* Content of emails sent between us
* IDs/Passports and other documents (registration papers, end user agreements) submitted to us (see on bottom of this page)
In simple terms, what we WILL do with your personal data:
* Store it permanently in a database secured by common procedures (Limit by user/password) or as files (for emails)
* Use it internally as required to forward abuse
* Use it for requested assignments/allocations at our partner ISPs
* Send you no more than 1 commercial offer per year from our or a company at least 25% owned by us
And what we WILL NOT do with it:
* Sell or give it to other companies
* Publish it (*1)
Website statistics include full user IP addresses and are not sent to an external service for analysis.
If we get served an Austrian court order we will comply with it and provide the data we have - as required by Austrian law (sorry). If we doubt the validity of the claim/order we will challenge it on behalf of the customer afterwards, this service is free but comes with no guarantees. If possible we inform the customer of the orders existence and/or forward the order itself.
We do not reply to court orders or police enquiries from any other country than Austria (we will however, of course, reply if the order is re-certified by an Austrian court). We are not liable to damages caused by police operations later defined as illegal by an Austrian court.
*1 = In case of emails sent to us and/or usage of the contact form (but not for order notes) this only applies after we replied.
Further terms related to identity verification documents and contracts:
Please see here for encryption guide and how to obtain secure access for document submittal: https://w.ip6.im/info:submit-documents
We can only guarantee secure handling of documents from our side - As we have to transfer it to the RIR we cannot guarantee their handling. We cannot guarantee security of your transmission provider (ISP) or mail provider either.
If we use an external LIR for registration services they do not get access to IDs - The request is sent by our staff inside the RIPE LIR portal and the uploaded file cannot be retrieved anymore afterwards (*1). We only use external LIRs owned/operated by EU based companies (*2). In other regions we communicate with the RIR staff directly by email and attach the ID documents in the final step.
RIPE is “incorporated” in the Netherlands while we are (currently) subject to Austrian laws which do not require us to store ID data (as this is a RIR requirement and not a government one), due to this we delete all IDs once sent to the respective RIR. We do keep copies of the contractual agreement (“End user agreement”).
AFRINIC is incorporated in Mauritius, LACNIC is incorporated in Uruguay, ARIN is incorporated in the United States and APNIC is incorporated in Australia - Thus if you obtain services from us inside this regions and/or supplied by this RIRs your data as required by them (name, company name, address, phone, email, depending on request ID and/or contracts) is supplied to them and subject to their policies which can be obtained on their websites.
*1 = It might be possible to obtain a copy of the ID from RIPE as LIR account admin. It is possible for Dutch and by extension EU law enforcement to retrieve IDs/contracts from RIPE.
*2 = Our own LIR(s) and/or LIR(s) we control a majority of may be located outside EU, in this case no transfer of data outside the EU is taking place as the file is uploaded/sent from an EU location to RIPE.