GDPR (General Data Protection Regulation)

Last Update: May 2018

Please click here for our regular Privacy Policy.

The GDPR, which becomes enforceable on 25.05.2018, is a data protection law by the EU that seeks to strengthen the security and protection of personal data. We support the idea behind this law to protect our customers data as much as possible while being absolutely transparent in regard to what happens when you provide Nodion with your personal details.

Where is my data stored?

All data that you provide us with is stored in two locations, those locations are also the base for all of our services that we offer to our customers. Those locations are:

The Nodion control panel is completely developed inhouse to have full control of everything we provide. We utilise well known open source projects like Ruby on Rails, or PostgreSQL to store your data. We use industry standards for important features like authentication, for example instead of building an own, unsecure authentication workflow, we use Devise, which is proven and adopted widely, also by very known sites.

How long is my data stored?

The below data is stored for the mandatory 10 years required by the finance/tax authority in the event of an account audit: (10 year countdown timer starts from when you no longer have any active services and have opted to close your account)

All other data is stored for 6 months before being purged from our databases, this includes, but is not limited to:

It's your data all along

You want to switch providers and take your data with you? Not a problem, please contact us and we will provide you with all your details as a .json dump, which is a format that can be used by your new provider programmatically while being readable by you.

You also have the right to be forgotten, that means you can contact us to delete the data we have stored about you. Please note that we need to store some of your data (see above) by other laws, that means it can take some time until we fully remove your data from our archives.

Who else has access to my data?

We use several services for different purpose, below you will find a list which services we use and which of your data is shared with them. If you have any additional questions please don't hesitate to contact us, we will provide you all the details you want to know.

When signing up, we will verify your account. That happens either via a simple text (SMS) or a call. These are both automated and handled by MessageBird. We share the phone number you provided us with them, but without additional details, only the number to make sure it's valid.

Your payment data is never stored on our servers, it's all handled by Braintree, a PayPal company. We only store the necessary data to visualize with which payment method you are paying (for example the last 4 digits of your card) and a internal token to communicate with Braintree.

We offer domain name registration services, for that we need to share your personal data with 3rd parties. For example Denic, the domain name provider behind the .de domain, requires you to share your personal data and make it public, so that one knows who owns a specific domain. We only share this data if you actually register a domain name with us. We are a domain name reseller of UD Reselling.