1. Purpose of this policy
Maintaining accurate and reliable registration data is essential for integrity of the DNS system as well as for the documentation of ownership of and rights in domain name registrations. All registration data we collect from our customers is stored in a dedicated database in accordance with all applicable data protection and cybersecurity laws. The collection, validation and verification of registration data is performed to the extent required by applicable laws such as Art. 28 of NIS2, as well as by ICANN and/or registry policies. This also applies to the disclosure of the data to third parties. This policy serves to document our processes for registration data accuracy, including validation and verification processes, as well as circumstances under which registration data may be disclosed to third parties. We may modify this Policy at any time, in which case the modified Policy becomes effective upon publication on our public website
2. Scope
This policy applies to all domain name registrations managed by Key-Systems.GmbH, including generic top-level domain (gTLDs) and country-code top-level domain (ccTLDs) registrations and is subject to applicable registry and regulatory requirements. Our database includes, at a minimum, the data necessary to identify and contact domain holders and the point of contact administering the domain: (a) the domain name; (b) the date of registration; (c) the registrant’s personal name and/or organization name and type, his mailing address, contact email address and telephone number; (d) the contact email address and telephone number of the point of contact administering the domain name if they are different from those of the registrant; and (e) the domain name servers. Depending on the requirements of the TLD operators relevant for a registration, we may also collect (f) the name, postal address, e-mail address, telephone number of the point of contact administering the domain, the technical contact and the billing contact as well as other details necessary for the verification of the data provided by the registrant. We maintain detailed logs documenting each verification and validation process regarding each registration.
3. Registrant Obligations
As a domain name registrant, you are responsible for:
- Providing complete, accurate, and up-to-date registration details.
- Ensuring that your contact information remains valid throughout the domains registration period and is corrected where necessary.
- Responding to any validation or verification requests from [Registrar Name] in a timely manner.
- Cooperate with any reasonable verification request.
Failure to follow these obligations may result in suspension or cancellation of your domain name(s). Please see our Registration Agreement for further details.
4. Data Validation and Verification
4.1 Validation Requirements
Before completing or after initiating a transfer of a domain name registration, we will perform syntactic validation of certain fields of the registration data to ensure they meet standard format and structure requirements, including:
- Email address: Must be properly formatted (RFC 5322, e.g., [email protected]).
- Phone number: Must include a valid country code and conform to applicable formatting standards (ITU-T E.164, e.g, +X.XXXXXXXX)
- Postal address: Must be complete and structured according to local postal standards UPU S42.
4.2 Verification Requirements
For certain data elements, we will conduct a verification of the accuracy of the Registration Data. This includes:
- Email Verification: A verification email will be sent upon registration, transfer to one of our accreditations, and upon updates of Registration Data, requiring the registrant to confirm their address by clicking a link or providing a response. Additional confirmation methods may be implemented, including one‑time codes or structured validation responses, where supported by applicable registry policies or required due to elevated risk indicators.
- Phone Verification: When notified about an alleged inaccuracy of the telephone number of a domain registrant, we may verify the accuracy of the telephone number by either verifying that the number exists and is connected, sending a message requiring a response, or calling the number to verify it belongs to the registrant. Depending on relevant TLD rules or accuracy requirements, we may also use additional telecommunication checks, such as automated signaling tests, SMS‑based confirmation codes, or interactive validation prompts to confirm registrant control over the number.
- Identity or Address Verification: In certain cases and where required by TLD policy (see TLD Policies below) we may request supporting documentation (e.g., government‑issued ID, ID numbers, business registration numbers, utility bills) to confirm registrant identity or address. Depending on the eligibility or accuracy requirements applicable to a particular TLD, this may also include: o verification of national identification or tax identification numbers; o verification of citizenship, residency, or local‑presence eligibility; o recent official documents (e.g., utility bills, bank or tax statements, governmental certificates) confirming physical address or domicile; o electronic identity verification (eID) using government‑recognised or industry‑standard digital identity systems; o verification of corporate existence and authority of representatives (e.g., commercial register extracts, articles of association, trade licences, corporate identification numbers); o evidence of rights or qualifications where the TLD imposes use‑based or sector‑based eligibility requirements.
- Document Review and Third‑Party Verification: We may request verification through a third‑party verification service provider. Where the registry operator conducts its own verification or audit processes, we may be required to collect, submit, or validate additional documentary evidence (e.g., identity documents, business registration certificates, and/or confirmation of residency). These processes may run in parallel to our own and may require registrants to participate in registry‑operated verification procedures. Failure to participate in such processes and provide requested details may result in the suspension or deletion of domain names.
- Technical or Operational Verification: Where mandated by registry policy or required due to risk‑based considerations, we may also conduct verification of technical data associated with the domain name registration. Such verification may include confirmation of nameserver configuration, DNSSEC parameters, IP‑address eligibility, or validation of network‑resource assignments associated with the registration.
- Risk‑Based or Triggered Verification: Additional verification steps may be applied upon receipt of substantiated inaccuracy complaints, where data elements appear incomplete or contradictory, or where heightened risk indicators—such as potential fraud signals, suspicious or high‑risk domain‑registration patterns, or other objectively identified risk factors— are present. Such additional steps may include renewed identity checks, updated documentary evidence, additional communication‑channel verification, or enhanced verification by trusted third‑party providers.
4.3 No re-verification and avoiding duplication
Where possible, previously verified information will not be re‑verified unless required by applicable law, by relevant TLD policy, in response to an inaccuracy complaint, or due to heightened risk indicators. Where possible, we will apply results by previous verifications by ourselves or trusted third parties to avoid duplication of verification. In case Registration Data is updated, such updated data must be verified and validated again.
4.4 Correcting and reporting inaccurate data
We will send annual email reminders of the registration data currently on file to domain owners, either directly or through our resellers. If you want to correct any inaccuracies, please use the functionalities in your domain management admin panel or contact us or your direct provider through the support function of the platform you use. Third parties wishing to report inaccurate information should use the webform on our reporting website.
5. Timeframes for Compliance
Registrants must complete any required verification according to the timelines specified within our registration agreement (or as specified by registry or regulatory requirements). For urgent cases, we may request a shorter response timeline in the verification request. Failure to respond to or complete a verification request may result in:
- The suspension of the domain name, preventing it from resolving or being used for associated services.
- The cancellation of the domain registration.
6. Data Disclosure Framework
We are committed to protecting the privacy of registrants by safeguarding registration data containing personal information. However, there are circumstances under which registrant information may be disclosed to third parties or published, as below:
6.1 When Disclosure May Occur
Registration data may be disclosed where supported by applicable legal basis under applicable data protection legislation to:
- Registries: As required for the management and administration of the domain name registration in accordance with the policies and regulations of the registry operator.
- Regulatory Authorities and law enforcement: Upon receipt of a lawful and binding request from an empowered public authority, if required by applicable laws or regulations.
- Dispute Resolution Providers: To third parties providing official domain name dispute resolution services in case a dispute is raised over a domain name using the registration data.
- Registration Service Providers: When necessary to provide domain registration services, subject to confidentiality and data protection obligations.
- Court Orders or Legal Requirements: If required by a valid court order, subpoena, or applicable law.
- Legitimate access seekers: Third parties making lawful and duly substantiated requests with demonstrable legitimate interest or when required by law.
- Data Subjects: To the data subjects reflected in the registration data themselves, upon their request or as part of our data accuracy reminder process.
- Agents and Resellers: To any properly authorized agents or resellers employed by registrants in the process of registering or managing their domain names.
- Other Parties: Other third-party requestors other than the above, where required by applicable law.
- Non-personal information: Data clearly identifiable as belonging to legal entities and not containing personal information will be made publicly available in our registration data access service without undue delay after the domain registration and/or disclosed upon request.
6.2 Safeguards for Registration data disclosures
Where disclosure is required, we will follow these safeguards:
- We limit the data shared to the minimum data necessary for the stated purpose as legally required.
- We require third parties requesting the data to comply with applicable privacy and security standards.
- We conduct a case-by-case balancing test against presumed interest of the registrant in case of legitimate interest disclosure requests.
- We reject anonymous, overly broad, repetitive, abusive or bad faith requests.
- We will log all requests and responses and document the legal basis of each disclosure.
- We do not disclose redacted personal data unless all legal criteria are met.
6.3 Disclosure process
Request intake. All disclosure requests must be submitted via our Disclosure Request Form and include: requester identity and contact details; lawful basis; the specific domain(s); the specific registration data requested; the purpose; and a proportionality statement. Assessment. We authenticate the requester and assess the request’s lawfulness and substantiation, applying data‑protection safeguards (minimum necessary; security and confidentiality commitments). Response time. We will reply to acknowledge your request without undue delay and, in any event, will aim for a response within 72 hours of receipt of the request, either granting access to the minimum necessary data or issuing a reasoned, justified denial. Auditing. We log all requests and outcomes and retain records in accordance with our internal retention policies and legal obligations. Recourse. Requestors may resubmit their request with additional substantiation if a request is denied; repetitive or insufficiently supported appeals may be rejected.
7. TLD Policies
Certain TLDs may require us to perform additional verification steps, alternative processes, or will conduct their own verification of registration data. These steps may require provision of personal or corporate ID number, eID verification, review of government-issued photo ID. Please note that these processes may achange from time to time and are separate from our own verification processes.
8. Other entities providing registration services
Where a domain registration is submitted through resellers, wholesale customers, proxy registration services and other entities providing domain name registration services (“Registration Providers”), we may outsource some or all verification and validation processes to such a Registration Provider. Registration Providers are required to ensure that they will only provide complete and accurate for inclusion in our registration database and they may therefore impose additional or alternative verification processes under their own terms and conditions. Their policies and procedures to ensure the accuracy and completeness of the registration information are published on their own websites and do not constitute part of our verification policy. Where Registration Providers using our services already employ effective processes to ensure the accuracy of the registration information, we may in our sole discretion waive any or all our verification processes for such registrations to avoid duplication of efforts. The same applies where a Registry maintains a sufficient verification process. Please review the published registration verification policies of your direct Registration Provider and/or the registry operator for further information on their processes on their respective websites
9. Contact and Support
For questions regarding data accuracy, verification requirements, or data disclosures, please contact our support team at https://www.key-systems.net/en/contact/support/ or visit our FAQ at https://www.key-systems.net/en/contact/support/. If you are a legitimate access seeker under the laws of Germany, want to make a disclosure request, and have a legitimate interest in such a disclosure, please contact us through our disclosure request contact form at http://www.domain-contact.org Please note that this service is not available for support requests, abuse reports or other inquiries. Any non-disclosure requests or elements of any notifications that do not constitute part of the actual disclosure request sent to our disclosure request contact address will be disregarded.
10. LINKS FOR FURTHER INFORMATION:
https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whoisaccuracy