Privacy Policy

Data responsibility

Punktum dk processes personal data in order to administer .dk domain names. This privacy policy provides information on how we process your data.

Punktum dk is the data controller and has the following contact details:

Punktum dk A/S, Ørestads Boulevard 108, 11th floor, 2300 Copenhagen S

VAT No.: 24210375

Tel.: +45 33 64 60 60

Write to us here

Website: www.punktum.dk

Collection and purpose

The collection and processing of personal data is necessary for the provision of services to Punktum dk’s customers, including the establishment of customer relationships with registrants, maintaining contact, providing services and support, invoicing etc. Punktum dk is also required by law to collect information for the purpose of maintaining the whois database. We only collect the minimum personal data required to meet our obligations as administrator of .dk domain names.

Types of information, that we use 

Punktum dk only collects personal data about registrants, a registrant’s proxy and billing contact (if applicable), and registrars. The personal data we collect and process consists primarily of contact information and information about the registration of a domain name, in the form of:

  • name,
  • address,
  • telephone number,
  • email,
  • user ID,
  • CPR number,
  • CVR number,
  • IP address,
  • domain name,
  • invoice numbers, and
  • credit note numbers.

In connection with submitting an application for a domain name to a registrar, you must also enter into an agreement with Punktum dk on the right of use of a .dk domain name. In this connection, information is transferred from the registrar to Punktum dk so that we can perform registration in the whois database and subsequently contact the registrant.

Punktum dk collects and processes information in connection with the use of Punktum dk’s self-service portal. In connection with the use of our registrar portal, the personal data also includes the registrar’s employees, who are registered in Punktum dk’s systems.

Punktum dk may also collect and process updated personal data in connection with checking the contact information and identity of registrants, as well as validation of contact information by searching for information registered under a CPR or CVR number, see more below. This is necessary to ensure that the personal data we process about you is accurate, as required by the Danish Domain Names Act. Therefore, it is also important that you always keep your own personal data in our systems up to date. When you visit our website, we use cookies for statistics and user surveys, if you have given your consent.

Checking registrants’ contact information and identity

NemID

All new registrants wishing to register a new .dk domain name, and who reside in Denmark, must complete an identity check with NemID of their contact information and identity. As part of this check, Punktum dk collects the CPR number to confirm the connection between the NemID used and a registrant who is a private individual. When Punktum dk has established this connection, the CPR number will be automatically deleted.

Similarly, all existing registrants will be met with a request for an identity check with NemID when accessing Punktum dk’s self-service portal.

Risk-based identity check

All new registrants wishing to register a new .dk domain name, and who reside outside Denmark, must complete a risk-based check of their contact information and identity. Punktum dk conducts a risk assessment of the information received from the registrar. If this assessment finds that there is a low or high probability of incorrect contact information or false identity, the new registrant must complete a documentation process, in which the applicant must submit documentation in addition to that listed in the previous section:

  • photo identification, name and address, and
  • a portrait photo.

 If the documentation is not approved, the application is denied and the domain name is deleted. 

Notification about information in whois

In accordance with the Administrative Order on the Internet domain .dk Punktum dk is obliged to investigate the accuracy of a registrant's identity information (name, address and telephone number) if Punktum dk receives a notification with a reasoned suspicion that the registrant's information is not correct. In connection with such an investigation, Punktum dk processes the registrant's personal data. The investigation may involve a documentation process as described above.

Fair and transparent processing of personal data

In connection with the collection of your personal data, we inform you of the data we process relating to you and the purpose of this processing. You will receive information about this at the time of collection of your personal data.

Information security

Security is a top priority for Punktum dk. We have a strong focus on the protection of our data, systems and services. The Punktum dk information security policy and our ISO 27001 certification form the foundation for our activities to secure systems and services, and protect our customers’ data. You can read more about this here.

As part of our high standards for information security, we protect our critical and sensitive information and information systems from being compromised or used without authorization. We protect your personal data from destruction by mistake, loss, alteration, unauthorized publication and disclosure to unauthorised parties.

Data processing agreement

We always enter into a data processing agreement with suppliers who process personal data on our behalf, and we ensure that our data processors comply with high standards of information security.

Deletion of personal data

  • We delete ordinary customer data, eg name, address and similar information about the contractual relationship between the customer and Punktum dk, which is stored in accordance with the Accounting Act for accounting purposes after the current year plus 5 years.  
  • We delete documentation sent in connection with ID verification no later than after one year, to ensure that Punktum dk can submit the documentation to the Complaints Board for Domain Names, in the event that an appeal is lodged against Punktum dk's decision.

We regularly review our need for information retention so that we do not store more than is absolutely necessary.

Release of information

Marketing or commercial use 

Punktum dk does not release personal data to any third party for marketing or other commercial purposes.

Whois information

It is important that internet users can identify the person or company that is the registrant of a given domain name. Therefore, the name, address and telephone number must generally be available to the public in our whois database. This is required by section 18(1) of the Danish Domain Names Act.

The Danish Domain Names Act allows registrants to keep their address and/or telephone number hidden if other legislation excludes this information from the public domain. In order for Punktum dk to accept a request for anonymity, you must either have name and address protection in the Danish civil registration system (CPR), or under the legislation of the country where your address is located.

The billing contact and the proxy will always be hidden from the public in the whois database, but not from the registrant’s self-service portal.

Punktum dk may release personal data to a third party on request. This includes personal data about registrants that is anonymous in the whois database. You can read more about the release of data here.

Punktum dk is entitled to release name and address data about all registrants (including registrants that are anonymous in the whois database) to Punktum dk’s auditor in connection with the auditing of Punktum dk’s financial statements.

Release of data according to law

According to administrative order on the .dk Internet domain, §7 (1), Punktum dk is obliged to conduct user surveys once a year to measure the satisfaction of registrants and registrars. In this connection, we share their contact information with a third party responsible for conducting the user survey.

In addition, Punktum dk is required by law to provide information on registrants of .dk domain names to public authorities on an ongoing basis.

Right of access

You are always entitled to access to the personal data we have registered about you. If you request access to your personal details, we will require evidence of your identity to ensure that the data is only released to the right person.

At your request, we can inform you of the data we process that relates to you. However, access to this information may be limited out of consideration for the privacy protection of other persons, trade secrets or intellectual property rights.

To request access to your personal data, write to us here.

Right to deletion or correction of your personal data

If you believe the personal data we are processing about you is inaccurate, you are entitled to correction of this data. You must contact us and inform us what the inaccuracies are and how they can be corrected.

In some cases, we will be obliged to delete your personal data. If you believe that your data is no longer necessary in relation to the purpose for which we obtained it, you can request deletion of the data. You can also contact us if you believe that your personal data is being processed in violation of the law or other legal obligations.

When you contact us to request the correction or deletion of your personal data, we will check whether the conditions for such correction or deletion have been met, and if this is the case we will perform the correction or deletion as quickly as possible.

Right of objection

You have the right to object to our processing of your personal data. If your objection is legitimate, we will discontinue processing of your personal data. However, please note that processing of your personal data is a requirement for having an agreement with Punktum dk on the right of use to a .dk domain name, as this data is necessary to administer the customer relationship.

Cookies

Visiting Punktum dk’s website

At punktum.dk we use cookies for statistics and user surveys. This gives us an overview of how many people visit the different parts of our website, as well as asking our users about their experience of punktum.dk. That way we can make the website as user-friendly as possible.

When you visit punktum.dk, you will see a banner with information about cookies for statistics. Clicking "Allow all cookies" sets session cookies and cookies to collect statistics and the banner disappears. The information in cookies is anonymous to us and will not be linked to the individual user.

Use of Punktum dk's self-service systems

If you log in to selvbetjening.punktum.dk, a cookie is placed on your computer, which is used exclusively as a key to the self-service portal. The cookie, named "DKHM_SB_SESSION", is only relevant as long as you are active in our self-service portal. The cookie remains in the browser until the browser is closed.

Complaints

Please direct complaints about Punktum dk’s processing of personal data to:

Danish Data Protection Agency, Borgergade 28, 5, DK-1300 Copenhagen K

Tel.: +45 3319 3200

Email: dt@datatilsynet.dk

24 April 2023, version 3.4