Data Privacy Statement

The protection of your data is one of the most important policies of our company. This is why we process your data in our computing centres in Germany in accordance with stringent data protection legislation. We would like to inform you, by way of this Privacy Statement, of the manner in which we collect and process data if you visit our website and use our services.

1. The data we collect and process

Contractual data: We collect, process and store the data that you provide if you place an order with us, e.g. your name, your address, your bank details or credit card number/s. Additionally, we store and process data relating to the order and payment history.

Data that you store on our servers: We collect, process and store the data that you yourself store when using our services. This encompasses the creation of backup copies in our backup systems.

Log data: If you visit our website or use our services, the device that you use to retrieve the site automatically transfers log data (connection data) to our servers. This is particularly so if you are uploading or downloading data. Log data contain, for instance, the IP address of the device that you use to access the website or a service, the type of browser by means of which you obtain access, the website that you have visited prior thereto, your system configuration, as well as information on the date and time. We store IP addresses only insofar as this is necessary for us to render services. Otherwise, the IP addresses are deleted or anonymised.

Cookies: We use cookies at various places on our website.

Cookies are small identifiers that a server stores on the terminal device that you use to access our website or our services. They contain information that can be retrieved upon accessing our services and thus facilitate more efficient and better utilisation of our offerings.

We use both permanent cookies and so-called session cookies. Session cookies are deleted as soon as you close your Web browser. Permanent cookies remain on your terminal device until they are deleted, but no longer than 60 days.

Cookies serve to improve our services and the utilisation of specific features. Thus, cookies are also used to collect statistical values relating to our website, for instance in respect of the number of visitors.

Additionally, our website also uses cookies of third-party providers, such as Google Analytics.

At no point in time, however, do the cookies placed on your terminal device identify the user, instead solely identifying the device used.  No mapping takes place of the information stored by means of the cookies in relation to any personal data that you have stored with us.

You can adjust your browser in such a manner that it notifies you prior to placing cookies, or so that it blocks such placement. Potentially, you may then be unable to use certain functions of our website.

Website tracking: We use Web analysis services on our website and within various services. To this end, your IP address is transferred to the service provider. IP addresses are anonymised immediately after receipt. You may dissent from data collection via econda (econda dissent). When the Google Analytics service is used, your IP address is truncated prior to transmission to the USA within a member state of the European Union or in other countries that are party to the Agreement on the European Economic Area. You can prevent data from being collected by Google Analytics by downloading and installing the browser plugin from Google.

2. How we process and use your data

We process and use your data to execute the contract and to render our services, to improve our services and our Web pages and adapt them to your requirements, to provide updates and upgrades and to ensure that you receive notifications relating to the service.

3. How we share data with third parties

For purposes of domain registration, we must share specific personal data with registrars and registration authorities. Such data are stored in the databases of the registration authorities and are publicly retrievable, to varying degrees, via Whois enquiries specific to the registration authorities.  For the registration of a “.de” domain, for instance, currently the name and address of the owner of the domain owner, the administrative and technical contact associate and the zonal administrator, and – additionally – the telephone and fax numbers, as well as the e-mail address, of the technical contact associate and of the zonal administrator, are shared with DENIC eG, Frankfurt, where they are stored. The name and address can be viewed by customers as well as third parties at any time at www.denic.de within the parameters of a “Whois” enquiry. In the case of .com, .net, and .org domains, we must also share the telephone and fax numbers, as well as the e-mail address, of the administrative contact associate. This information is publicly retrievable within the respective Whois databases. Further information on the data published in the Whois of the various registries can be found here.

We release data to authorities and third parties only in accordance with statutory regulations or in the instance of judicial orders.  Information may be issued to authorities in consequence of a statutory regulation in respect of hazard prevention or for purposes of prosecution. Third parties receive data only if a judicial order provides for this. This may be the case, for instance, in instances of breach of copyright.

4. Modification, blocking and deletion of data

Backup copies in our backup systems are deleted automatically after a defined period of time.

Upon cessation of the contract, we delete the data stored in the service variants.

Contractual data are blocked upon cessation of the contract and are deleted upon expiry of the statutory period of retention.

5. Security

We accord security prime importance. We have taken extensive technical and organisational security measures to ensure the availability and security of your data. These are regularly reviewed and adapted in accordance with technological advancements.

Computing centres: Our computing centres are certified by TÜV SÜD in accordance with ISO 27001. This certification encompasses a systematic security concept, as well as numerous security measures in the IT infrastructure itself, in secondary technology and in the process chain. The security concept is aligned with defined standards and is regularly reviewed. Our security measures include data mirroring between both computing centres, battery-assisted, uninterruptible power supply, stand-by diesel for up to four weeks of continuously autonomous operation, laser fire alarms and extinguishing gas, rules for admission and access, staff undertakings and training, as well as regular analyses of new security requirements.

6. Your statutory rights

Upon request, we shall be happy to inform you in writing whether we have stored data pertaining to you and, if so, to specify such data. Should you wish to assert your statutory rights to the provision of information about your data, or the correction, deletion or blocking of your data, please contact Cronon AG’s in-house Data Protection Officer.

The Data Protection Officer
Cronon AG
Pascalstrasse 10
10587 Berlin

7. Queries

We shall be pleased to answer queries about data protection. Simply send us an e-mail.