CORE News
COREhub
Type the domain name e.g: corehub.net

Privacy Policy

This is COREhub’s Personal Data Protection Policy (“Privacy Policy”). It is addressed and applies to all data subjects holding domain names or who will register domain names sponsored by COREhub (IANA 15).

At COREhub we take personal data protection seriously. This Privacy Policy has been reviewed and redrafted to bring Our personal data protection rules into compliance with the General Data Protection Regulation (“GDPR”) and following the “best practices” guidelines published by the Spanish Data Protection Agency.

This Privacy Policy is divided in two parts:
Basic Information:
it summarizes the main aspects of the Privacy Policy.
Extended Information:
it develops the Basic Information adding further details.

Basic Information About Personal Data Protection Policy

  • Controller: We are COREhub, S.R.L.U. (“We”, “Us” “Our”) and you can contact Us at legal@corehub.net. Complete contact information: corehub.net/about
  • Purpose: We only collect and process data which is strictly necessary to provide You, domain name registrant data subject (“You”, “Your”), with the domain name registration services requested by You or by one of Our resellers on Your behalf.
  • Data Processed: We only collect and process the following data during the domain name registration with respect to each domain name We sponsor (“jointly, the Data Processed”):
    • Domain name
    • Domain name category and launch phase (when applicable)
    • Registrant’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Technical contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Administrative contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Billing contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Any other data element required by ICANN and/or the relevant Registry Operator (for example, some Registry Operators require a declaration of “Intended Use” or further evidence to demonstrate compliance with specific eligibility requirements).
    • Service-related data that is not personal in nature (name of reseller providing the service; domain name registration date and expiration; domain status; name servers associated to the domain name; DNSSEC service request, as the case may be).
  • Legal Basis for Processing: Processing is necessary for the performance of the Registration Agreement, the contract which You have entered or must enter with Us prior to registering any domain name sponsored by Us.
  • Recipients:
    • Registry Operators: To provide You with the domain name registration services requested, We must transfer some or all of the Data Processed to the relevant Registry. A list of the Registry Operators operating each supported TLD, and their respective Policies, is available here.
    • ICANN: Upon ICANN’s request, we must share the data with ICANN for inspection, as required in Our agreement with ICANN.
    • Processors: Processing will be carried out by third party processors (such as the Escrow agent and other technical vendors), all of which have provided sufficient technical and organisational guarantees in full compliance with the GDPR.

    More information about data recipients and other third party processors can be found in the Extended Personal Data Protection Policy.

  • Public Whois: Some Data Processed is published in the public “Whois” database service, where the information may be consulted, on a query-by-query basis, by anybody with access to the Internet. This publication is done only to the extent strictly necessary to provide You with the domain name registration services requested, as detailed below in the “Extended Information About Personal Data Protection Policy”.
  • Source: The Data Processed have been obtained from the reseller to which You have requested the domain name registration. The said reseller will be a joint controller of the Data Processed and a sole controller for any other personal information which you may have provided to them in addition to the Data Processed.
  • Retention: The Data Processed will be deleted one (1) year after the termination of the Registration Agreement. Specifically, We completely erase contact handles from the production system when they are not linked to an active domain for longer than one (1) year. We keep historical data in a secure, separate and access-restricted database for a longer period to comply with mandatory statutory provisions (tax, accounting, legal claims. etc.), as detailed in the “Extended Information About Personal Data Protection Policy”.
  • Rights: You’ve got lots of rights, including the right of access, the right (and duty of) rectification, the right to request the erasure and restriction of the processing, the right to object to the processing as well as the right to data portability. Be aware, though, that in some cases the exercise of these rights may make Us unable to continue providing you with the domain name registration service. You also have the right to complain to the Information Commissioner’s Office and to the DPAs. If you need a hand in exercising your rights, feel free to contact us at legal@corehub.net.
  • Additional Information: You can find additional information below, in the “Extended Information About Personal Data Protection Policy”.

Extended Information About Personal Data Protection Policy

  1. Who Are We (Controller)

    We are COREhub, S.R.L.U. (“COREhub”, “We”, “Us” “Our”), a limited company with registered office at:

    C/ Creu Coberta, 17 1-1
    08014 Barcelona, Spain
    Ph. +34 935 275 235
    VAT No: B-65873663

    COREhub is registered at the Barcelona Mercantile Registry in tome 43392, section 80, sheet B-428101, Annotation 1. You can contact Us at legal@corehub.net.

    We operate on a purely reseller-based business model and only in exceptional cases We accept direct registration from end customers. Thus, if You, domain name registrant (“You”, “Your”), have a questions or need support about the processing of Your data, consider contacting the registrar or reseller associated to your domain name first.

  2. What Data We Process (Data Processed)

    We collect and process the following data during the domain name registration with respect to each domain name We sponsor (hereinafter, jointly referred as “Data Processed”):

    • Domain name
    • Domain name category and launch phase (when applicable)
    • Registrant’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Technical contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Administrative contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Billing contact’s full name, postal address, e-mail address, voice telephone number, and (where available) fax number
    • Any other data element required by ICANN and/or the relevant Registry (for example, some Registries require a declaration of “Intended Use” or further evidence to demonstrate compliance with specific eligibility requirements).
    • Service-related data that is not personal in nature (reseller providing the service; domain name registration date and expiration; domain status; name servers associated to the domain name; DNSSEC service request, as the case may be).
  3. What Data We Do Not Process

    We do not collect nor process any data other than that mentioned in Section 2 above. For example, We do not collect or store:

    • Any information regarding the means and source of payment of the domain name registration (such as “card on file”, transaction number provided by a third party payment processor, etc.), or
    • Any log files, billing records and other records containing communications source and destination information.

    You may have provided such information (and/or other) to the COREhub reseller in charge of your domain name. For any issue regarding that data, you must contact the COREhub reseller in charge directly.

  4. What is the Legal Basis for the Processing

    Processing is necessary for the performance of the Registration Agreement, the contract which, according to ICANN rules, You have entered or must enter with Us (through one of Our resellers, as the case may be) prior to registering any domain name sponsored by Us.

  5. Why We Process Data (Purpose)

    We only collect and process data which is strictly necessary to provide You with the domain name registration services requested by You or by one of Our resellers on Your behalf. We will not process any data in a manner incompatible with this purpose.

    1. Data for which We Are the Data Controller (jointly with Our resellers, Registries and ICANN)

      Processing of the following data:

      • Registrant’s Name
      • Organization
      • Postal Address
      • Email
      • Administrative Contact Email
      • Service-related data that is not personal in nature (member/reseller providing the service; registration date and expiration; domain status; name servers; DNSSEC service)

      Is necessary for the performance of the Registration Agreement, the contract which You have entered or must enter with Us prior to registering any domain name sponsored by Us, and provide You with the registration services requested by You.

      We are for all these Data Processed items COREhub is a joint controller with our resellers, the Registry Operators and ICANN.

      The Data Processed may used by Us and/or by Our corresponding reseller to verify Your compliance with the Registration Agreement and to send You mandatory notifications like expiration notices, whois accuracy notices, change of registrant notices, transfer notices and other notices strictly required for compliance.

    2. Data for which COREhub is the Data Processor (on behalf of the Registries and/or ICANN)

      For the rest of the Data Processed (administrative contact other than email; technical contact; eventually billing contact) COREhub is a data processor on behalf of the Registry Operators and/or ICANN who mandate the processing of such data. And for TLD-specific information (such as “intended use”; “specific business activity” etc.) We are data processors on behalf of the respective Registry Operators.

  6. For How Long Do We Keep The Data (Retention)

    The Data Processed will be deleted one (1) year after the termination of the Registration Agreement. Specifically, We completely erase contact handles from the production system when they are not linked to an active domain for longer than one (1) year. This one-year post-contractual retention period is currently mandated by ICANN.

    Due to statutory retention obligations (tax, accounting, etc), we keep historical data in a separate access-restricted database, stored in secured servers that We control, for a period of six (6) years after the termination of the Registration Agreement (Art. 30 Código de Comercio). This retention time may vary if the applicable laws change. In cases where the is a current or potential legal claim, We may keep specific historical information associated to that claim for as long as it is reasonable needed to solve the claim.

    We limit the access to the data (production and historical) to the employees that need access to do their jobs, mostly support, accountants/tax advisors, lawyers and ICT (developers).

  7. From Whom Do We Collect the Data (Source)

    We operate on a purely reseller-based business model and only in exceptional cases We accept direct registration from end customers. Thus We normally obtain the Data Processed from the reseller to which You have requested the domain name registration. The said reseller is therefore a joint controller of the Data Processed.

  8. Data From Third Party Individuals

    With respect to third-party individuals whose personal data You may provide to Us with (through the corresponding reseller), You represent and warrant that You have informed such third-party individuals of the intended uses and recipients of their personal data, of how can they access and, if necessary, modify the data We hold about them. You also represent and guarantee that You have obtained from such third party individuals the corresponding consent to process their personal data according to this Registration Agreement.

  9. To Whom We Disclose the Data (Recipients)

    To comply with the Registration Agreement and be able to provide You with the domain name registration services requested by You through one of Our resellers We must disclose the Data Processed to:

    • Relevant Registry Operators: To provide You with the domain name registration services requested, We must transfer some or all of the Data Processed to the relevant Registry. A list of the Registry Operators operating each supported TLD, and their respective Policies, is available here.
    • Escrow Agent: A reputable escrow agent mutually approved by COREhub and ICANN, to be held in escrow, with no use other than verification that the deposited data is complete, consistent, and in proper format, until released to ICANN. COREhub has entered into an agreement with Iron Mountain available here to ensure the implementation of standard contractual clauses for the transfer of personal data to third countries (Controller-to-Processor transfers) for registrar data escrow services.
    • Internet Corporation For Assigned Names and Numbers (ICANN): Upon ICANN’s request, We must make the Data Processed available for ICANN’s inspection, as required in Our agreement with ICANN, a standard agreement which We must comply with to keep Our accreditation as domain name Registrar. It may also be used for the notification of complaints or reports of registration abuse.
    • Law Enforcement: We may disclose your Contact Information if We are requested to by any Law enforcement agency where We believe We are required to comply with the request under any applicable laws.
    • Public Whois: Some of the Data Processed will be be published in the public “Whois” database service to the extent strictly necessary to provide You with the domain name registration services requested.
    • Other Processors Technical Vendors: Processing will also be carried out by third party processors which, on behalf of COREhub, will process the Data Processed to provide different technical and administrative domain name registration services. Currently, these third party processors are the following:
    ProcessorTechnical Task
    Axone Services & Developpement SA
    Cours de Rive 2
    Geneva, Switzerland    		Registrar administrative support, secretariat functions and managing of Gateway05 (platform for new gTLDs)
    Kamp Netzwerkdienste GmbH
    Vestische Strasse 89-91
    Oberhausen, Germany    		Account Server management and maintenance
    Knipp Medien und Kommunikation GmbH
    Martin-Schmeisser-Weg 9
    Dortmund, Germany    		Registrar technical support and management of GatewayNG (unified technical platform for legacy gTLDs, ccTLDs and soon for new gTLDs)

    All these processors have provided sufficient guarantees to have implemented appropriate technical and organisational measures in such a manner that processing will meet the requirements of the General Data Protection Regulation and ensure the protection of the rights of the data subject.

  10. You Must Keep the Data Processed Updated (Accuracy)

    You agree to provide all the required information of the domain name being registered as well as complete, accurate and reliable contact details from persons or entities associated with domain name records as required by the registration process. During the term of the domain name registration, You shall immediately correct and update the Data Processed.

  11. What Can You Do (Rights)

    You have the following rights with regards to Your Data Processed:

    • Right of access
    • Right (and duty of) rectification
    • Right to request the erasure
    • Right to request the restriction of the processing
    • Right to object to the processing
    • Right to data portability. You may request a copy of Your Data Processed information in Our possession to review, modify or update it by sending Us an email to legal@corehub.net

    If you need a hand in exercising your rights, feel free to contact us at legal@corehub.net.

    Be aware that the exercise of some of these rights (like the right to request the erasure or to object the processing of Your Data Processed) may make Us unable to continue providing you with the domain name registration service.

    You may have the right to lodge a complaint with your local data protection authority or the Spanish Data Protection Office (Agencia Española de Protección de Datos). Their information can be found on their website at www.agpd.es

  12. Contacting Us

    If you have any questions about our privacy policy, You may contact Us by e-mail on legal@corehub.net.