This policy outlines the rights that data subjects have, under the General Data Protection Regulation (GDPR), in relation to the data about them that we hold. Data subjects, for the purposes of this policy, includes current customers of Blacknight with a valid account ID on cp.blacknight.com, subscribers to Blacknight mailing lists (past and current subscribers), domain registrants whose information may be stored in Blacknight WHOIS service database.
In order to keep you informed about how we use your data, we have a privacy notice on our website. You can obtain a copy of the privacy notice from https://www.blacknight.com/data-protection-statement/
Our privacy notices set out:
You have the right to access your personal data which is held by us. You can find out more about how to request access to your data by reading our Subject Access Request policy. See Annex A for details on making a Subject Access Request
If you discover that the data we hold about you is incorrect or incomplete, you have the right to have the data corrected. If you wish to have your data corrected, you should submit this request by email to email@example.com
Usually, we will comply with a request to rectify data within one month unless the request is particularly complex in which case we may write to you to inform you we require an extension to the normal timescale. The maximum extension period is two months.
You will be informed if we decide not to take any action as a result of the request. In these circumstances, you are able to complain to the Data Protection Commission and have access to a judicial remedy.
Third parties to whom the data was disclosed will be informed of the rectification.
In certain circumstances, we are required to delete the data we hold on you. Those circumstances are:
If you wish to make a request for data deletion, you should submit this request by email to firstname.lastname@example.org
We will consider each request individually, however, you must be aware that processing may continue under one of the permissible reasons. Where this happens, you will be informed of the continued use of your data and the reason for this.
Third parties to whom the data was disclosed will be informed of the erasure where possible unless to do so will cause a disproportionate effect on us.
You have the right to restrict the processing of your data in certain circumstances.
We will be required to restrict the processing of your personal data in the following circumstances:
If you wish to make a request for data restriction you should submit this request by email to email@example.com
Where data processing is restricted, we will continue to hold the data but will not process it further unless you consent to the processing or processing is required in relation to a legal claim.
Where the data to be restricted has been shared with third parties, we will inform those third parties of the restriction where possible unless to do so will cause a disproportionate effect on us.
You will be informed before any restriction is lifted.
You have the right to obtain the personal data that we collect and process on you and transfer it to another party. Where our technology permits, we will transfer the data directly to the other party on your instruction. This would generally apply to your account information or domain registration details NOT the website content or other associated services, and any existing transfer procedures will remain in place.
Data which may be transferred is data which:
If you wish to exercise this right, please email firstname.lastname@example.org
We will respond to a portability request without undue delay, and within one month at the latest unless the request is complex or we receive a number of requests in which case we may write to you to inform you that we require an extension and reasons for this. The maximum extension period is two months.
You will be informed if we decide not to take any action as a result of the request, for example, because the data you wish to transfer does not meet the above criteria. In these circumstances, you are within your rights to complain to the Data Protection Commission and have access to a judicial remedy.
The right to data portability relates only to data defined as above. You should be aware that this differs from the data which is accessible via a Subject Access Request.
You have a right to require us to stop processing your data; this is known as data objection.
You may object to processing where it is carried out:
If you wish to object, you should submit this request in writing to email@example.com
In some circumstances we will continue to process the data you have objected to. This may occur when:
If the response to your request is that we will take no action, you will be informed of the reasons.
You have the right not to have decisions made about you solely on the basis of automated decision-making processes where there is no human intervention, where such decisions will have a significant effect on you.
However, the Company does not currently make any decisions based on such processes.
In circumstances if/where we use special category data, for example, data about your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership the Company will ensure that one of the following applies to the processing:
ANNEX A – Making a Subject Access Request (SAR)
All SAR should be emailed to GDPR@BLACKNIGHT.COM
The email will generate a support ticket directed to our privacy office and the email will be acknowledged within one (1) working day (excl. weekends /bank holidays etc.) Requests that are made directly by you should be accompanied by evidence of your identity a valid account ID and the email should originate from the authorised email account registered in the control panel. If this is not provided, we may contact you to ask that such evidence be forwarded before we comply with the request. In some cases we may require further proof of ID such as drivers licence, passport etc. Once the identity has been validated we will purge any such additional documentation.
Usually, we will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.
We will normally comply with your request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact you requesting a fee. This fee must be paid in order for us to comply with the request. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances.
When you make a subject access request, you will be informed of:
We may refuse to deal with your subject access request if it is manifestly unfounded or excessive, or if it is repetitive. Where it is our decision to refuse your request, we will contact you without undue delay, and at the latest within one month of receipt, to inform you of this and to provide an explanation. You will be informed of your right to complain to our appointed compliance officer and to a judicial remedy. If you are not satisfied, you can escalate your complaint to the Office of the Data Protection Commissioner.
We may also refuse to deal with your request, or part of it, because of the types of information requested. For example, information which is subject to legal privilege or relates to management planning is not required to be disclosed. Where this is the case, we will inform you that your request cannot be complied with and an explanation of the reason will be provided.