PROCESSING OF CLIENTS’ PERSONAL DATA
.GW is committed to ensuring that its costumers have greater control over their personal data, in line with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”). In this sense, we wish to ensure that the processing of personal data collected in the course of registration of a .gw domain is lawful, fair and transparent.
It is against this background and with a view to clarifying concepts and principles that we provide the information below, which should be understood without prejudice to the need to consult the applicable laws, regulations and administrative guidelines.
The National Regulatory Authority, Information Technology and Communication of Guinea Bissau and Associação DNS.PT jointly act as controllers of the personal data to which they have access in the scope of the management, registration and maintenance of domains under the ccTLD.GW.
The National Regulatory Authority, Information Technology and Communication of Guinea Bissau and the Association DNS.PT assume the quality identified in the previous paragraph following a collaboration protocol, whereby the technical and administrative management of the .GW domain is guaranteed by the latter entity, while the delegation of the .GW ccTLD in the sphere of the first.
Purpose of the processing
Save with regard to personal data to be disclosed in the WHOIS directory, the personal data of clients will only be processed as necessary for pre-contractual procedures requested by these clients or in the context of a contractual relationship resulting from registration of a .gw domain.
Management of the contractual relationship includes contacts, via web platform, email and/or telephone, for notices, clarification of issues or enquiries to assess customer satisfaction and the services provided.
Personal data of clients shall not be treated for any purpose other than those stated.
Processed personal data
Clients’ personal data will be collected directly through .GW’s corporate website (www.nic.gw).
The following data will be processed in respect of the domain owner, the manager and the person responsible for technical matters: name; address; country; email; telephone number; taxpayer number; NIB/IBAN.
Data subjects’ rights
- Right of access to your respective personal data. To exercise this right you should contact the .GW directly through the email address email@example.com;
- Right to rectification of any personal data that are inaccurate or incomplete. In order to exercise this right, please d contact your registrar or contact .GW directly using the email address firstname.lastname@example.org;
- Right to erasure of your personal data. In order to exercise this right, please contact your registrar or contact .GW directly using the email address email@example.com;
- Right to restrict the processing of your personal data. In order to exercise this right, please contact your registrar or contact .GW directly using the email firstname.lastname@example.org;
- Right to portability of your personal data. In order to exercise this right, please contact your registrar or contact .GW directly using the email address email@example.com;
- Right to object to the processing of your personal data. In order to exercise this right, please contact your registrar or contact .GW directly using the email firstname.lastname@example.org;
- Right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (www.cnpd.pt), should you believe that any of the above rights has been breached.
Processors, disclosure and transfer of personal data
In the treatment of the personal data of its clients, the .GW uses outsourced entities, namely, to registrar entities, in which case technical and organizational measures for data protection will always be implemented.
Thus, any entity subcontracted by .GW will treat the personal data of our customers in the name and on behalf of .GW, taking the necessary measures to protect such data against destruction, accidental or unlawful, accidental loss, alteration, diffusion or unauthorized access and any other form of illicit treatment.
Your personal data may be disclosed or transferred to court authorities and to any entity to which the law assigns powers in respect of criminal investigation or whose mission is to oversee or ensure compliance with the legislation applicable, in particular, to the protection of consumer rights, intellectual property, communications, security, public health and trade practices in general.
Only personal data necessary for their intended purpose will be disclosed and transferred.
Automated means and decisions
Personal data shall be treated by automated means, not being, however, subject to any individual automated decision-making process, including profiling, save as permitted under the applicable law.
Record retention periods
The record retention periods clearly resulting from the law, notably in respect of tax matters, shall be strictly complied with. In addition to personal data falling within the aforementioned scope, the remaining personal data will be stored and kept as long as necessary for the purpose for which they were collected and shall accordingly be destroyed upon expiry of the validity of the .gw domain name.
Any of the aforementioned understandings may be altered as a result of any law, court decision or recommendation of any competent administrative authority. In this event, this document will be updated as soon as possible and duly publicised at www.nic.gw.