Privacy policy

PRO ISP takes your privacy seriously. All personal data are collected, transferred and disposed of in accordance with the Norwegian Personal Data Act (Personopplysningsloven) and the European Union’s General Data Protection Regulation (GDPR). This Privacy Policy explains in detail how we process personal data.

Who we are:

The entity collecting and processing personal data (the data controller) is:
PRO ISP AS, Norwegian corporation with organizational number 896 907 662

How to contact us

Our contact information is available here:
Contact information PRO ISP

Personal data we collect from you

There are five categories of data we collect from you that contains personal data.
  1. Client data
    Information given to identify the client account and optional contact for invoice when ordering services from us. This includes name, address, phone number and email address.

  2. Domain contact data
    The information you provide us in order to register domains. This is used for registrant contact for the domain. This includes name, address, phone number and email address.

    Some TLD’s require additional informasjon in order to register a domain:
    • For Norwegian citizens registering .no domain, social security number is collected and stored at the registrar for .no, Norid and a PID-number is issued. PRO ISP processes the PID-number and not the social security number attached to the PID number.
    • When registering .fi.domain it is required a finish social security number if you are a finish citizen. You will also need to register your date of birth, finish citizen or not.
    • When registering .fr, .wf, .pm, .tf, .re domains, you are required to state your date of birth and the country you were born in.
    • When registering domain via Uniregistry it is required you create 3 questions and 3 answers.
    • When registering .se and .nu you are required to state your social security number and which country you are a citizen of.
    • When registering .es you are required to state your social security number or passport number and which country you are a citizen of.
    • When registering .it you are required to state social security number or passport number and nationality.
    • When registering .by you are required to state your social security number or passport number, as well as how issued the passport and date of issue.

  3. Contact data for SSL certificate
    The information you provide us in order to have a SSL certificate issued. This is used as contact information for the SSL certificate. This includes name, address, phone number and email address.

  4. Automatically collected data
    This is data you do not provide us directly but is collected automatically when you or any of your users of your hosting services communicate with our servers. This includes webserver logs, email server logs as well as other automatically generated server logs. This can contain timestamps, IP-addresses, email addresses, names, phone numbers and HTTP-headers which can contain type of web browser, last visited website and language settings.

    Our website uses cookies, which can be used to identify individuals. Why and how we use cookies is explained in detail here.

  5. Payment information
    Credit card information is not stored in our system, but with Adyen. For payments via PayPal, the email address attached to the PayPal account is stored. For payments via online bank name, address, date of payment and account number the payment was made from as well as KID/message.

Why do we collect personal data?

The purpose of collecting the personal data is:
  • To idenitfy you as a client of PRO ISP and a part of our Service agreement.
  • To identify the registrant for the domain name according to the terms for the TLD.
  • To identify the person ordering the SSL certificate.
If you do not wish to consent to collection of personal data, or you decide to withdraw your consent, we cannot fulfil our contractual commitments to you, the registrars or the certificate issuers, and we cannot therefore provide you services related to domains or SSL certificate.

How your personal data is used:

  1. Client data
    Contact information is used to send you invoices, renewal warnings, yearly reminders to keep your contact information up to date, which is necessary in order to fulfil our contractual agreement with you and registrars.

  2. Contact data for domain names
    Contact information is used by the registry unit to identify the registrant for domain names. The registry unit can publish contact information, partially or complete, in the WHOIS-database, depending on the terms for the domain in question. The reason for this is to be able to contact the person responsible for domain names. Examples of situations this would be important could be if there is a technical difficulty with the domain, the domain is being abused for spam or criminal activities or if there is a dispute regarding third party rights to the domain.

  3. Contact data for SSL certificates
    Contact information used by certificate issuer to identify person(s) connected to the application for the SSL certificate.

  4. Automatically collected data
    This data is used for maintenance, protect and improve our services to give you a better support experience. The data is also used to discover, prevent or in any other way address fraud, security- and technical issues.

  5. Payment information
    The payment information stored is used to identify who the payment is made for, as well as in connection to support related to payment of invoices or refunding payments.

How can you access your personal data

You can access and change your contact data for your account, as well as for your domains via the client portal. It is not possible to change the contact information for SSL certificate when it has been issued. If you wish to change this information a new certificate will need to be purchased. You can also choose how we send invoices to you as well as add your own invoice contact. Contact information which is optional can be removed from both the client account and for the domain.

How we share your personal data with others

For .no (and all subdomains of .no) and .se we share your domain name data with the registry for the TLD in question as far as its necessary to register or administrate the domain. For other TLD’s we share your domain name data to Realtime Register as far its necessary to register or administrate the domain. Realtime Register shares your domain name data to the registry unit for the TLD as far as its necessary to register or administrate the domain.

When we send in requests to issue SSL certificate we send your contact data for SSL certificate to Rapid Web Services, LLC as far as its necessary to issue the certificate. Rapid Web Services, LLC sends this to the certificate issuer you have ordered the certificate from for the same reason.

Trustpilot AS receives your email address when you complete an order on our website so that they can send an invitation for you to leave a review. You can unregister at any time. It is voluntary to supply them with further information.

We can give personal data to Norwegian law enforcement or other public authority if there is a court order or other legal demand for the information.

Transfer of personal data outside EU/EEA

Rapid Web Services, LLC resides in USA and fulfils the requirement to EU-US privacy-shield. All Information sent is secure and encrypted.

Automatic decisions based on personal data

Personal data you provide us with is sent through a series of automatic checks. Information that do not pass the checks can be rejected directly so you are instructed to insert the correct information or be subject to a manual inspection or follow up. For example, we check if name, address and other contains only accepted characters or if the postal number correlates with the postal city.

Data portability

You have the right to data portability. This means that you can take with you your personal data in a machine readable format.

All contact information attached to your domain is located in the registry units central database in a standardized format. If you decided to move your domain to a different supplier all the information will be automatically transferred to the new registrar using the EPP-protocol.

How long do we store your personal data

Personal data regarding invoices and payment are kept at least 5 years, as required by Norwegian law. Your personal data regarding client account is stored as long as you remain our client and at least 3 years after the services and client account is cancelled. Your personal data related to domain name will be stored as long as the domain is registered. Your personal data related to SSL certificate will be stored as long as the certificate is valid.

Processing personal data not covered by this privacy policy

Personal data you or your users send in, upload, transfer, store or process on hosting services provided by PRO ISP not covered by this privacy policy. This includes for example personal data you or your users store in databases, websites, files or emails. PRO ISP is not data controller for such information, only as data processor. You as data controller are responsible for handling such personal data in accordance with current privacy laws and regulations and, if needed create and publish your own privacy policy that covers the personal data that you exchange with the users of your website or with your email correspondents. See our Data controller policy for more information on how PRO ISP process and protect personal data for our hosting services.

Your right to complain

If you are a natural person residing in the European Union or European Economic Area and you believe that our use and processing of your personal data are not in compliance with the GDPR or any other applicable legislation, you have the right to complain to the Supervisory Authority in either Norway (Datatilsynet) or in your country of domicile.

Changes to the privacy policy

PRO ISP reserves the right to change the conditions of this privacy policy at any point in time. We will inform you here, by email or with a notice on our website at least thirty (30) days before any substantial changes to this privacy policy.