Request for Disclosure of Non-Public Registrant Data

---

For privacy reasons, personal information contained in registration data is no longer displayed in our public WHOIS. However, as an ICANN accredited registrar, NiceNIC is contractually mandated to permit third parties to request access to non-public registration data ("NPRD"). This policy sets forth the general guidelines for a third party to request access to NPRD on the basis of legitimate interest ("Legitimate Interest"). This policy does not jeopardize the fundamental interests, rights and freedoms of a data subject, consistent with the General Data Protection Regulation ("GDPR") or other similar privacy laws. Also, this policy is not a substitute for other less-intrusive mechanisms available (see Key Considerations, Section 2 below) and we expect these mechanisms to be exhausted prior to any request for NPRD, which should be an avenue of extreme measure and last resort given its potential impact to the data subject.

Key Considerations:

1.Legitimate Interest

You must demonstrate Legitimate Interest in the NPRD you seek in a manner that does not jeopardize the fundamental interests, rights and freedoms of the relevant data subject, consistent with GDPR or other applicable privacy laws, by conducting a 3-part balancing test ("Legitimate Interest Assessment" or "LIA") and submitting your results for review by NiceNIC. To learn more about LIA, please consult your legal advisors or review help articles at the UK Information Commission’s Office.

2.Less-Intrusive Mechanisms
NiceNIC offers numerous less-intrusive mechanisms to help address both abuse and infringement.

• Reporting abuse
• DBP claim (where applicable)
• UDRP, or court dispute
• Look up the domain in question on NiceNIC’s WHOIS, then scroll to the bottom of the results page and select Contact Domain Holder

The fundamental rights and freedoms of relevant data subjects outweigh the legitimate interest of a third party when other reasonable and less-intrusive mechanisms are available.

3.Data Protection

You must demonstrate that you have implemented appropriate technical and organizational measures to ensure that any NPRD received through this process will be performed in a manner compliant with GDPR or other applicable privacy laws. Additionally, NiceNIC, at its discretion but at your expense, may require an audit of your data processing practices to ensure such practices comply with GDPR or other applicable privacy laws.

4.Data Handling of NPRD
You will be responsible for properly disposing the NPRD within 30 days of receipt or when you can no longer rely on Legitimate Interest as the lawful basis of processing NPRD; whichever is sooner.

How to submit a request for NPRD

1.If you wish to submit a request for NPRD, please download and complete the NPRD Request Form, including all supporting documentation, and submit your completed file to abuse@nicenic.net.

• Law enforcement or government agency requests for NPRD will require additional verification. Please email abuse@nicenic.net for more information.

2.Upon receipt of your completed file, NiceNIC will initiate an investigation and respond to a request within 15 days of receipt.

• Requests must only be for current domain registrations. We do not provide historical or archived NPRD through this process.
• Requests must include the exact domain name under review. We do not fulfill partial match requests through this process.
• Requests are reviewed and fulfilled on a per-domain basis. We do not provide search results across multiple related domains or NPRD using this process.
• We will not provide any additional contact details aside from the following: registrant, admin or tech name and email address.

3.If NiceNIC concludes, at its sole discretion, that you have demonstrated a legitimate interest for the NPRD requested, we will send you a WHOIS Access Agreement to sign, and upon signature, provide you limited access to the requested NPRD.

• If we conclude you have not demonstrated a legitimate interest to NPRD, no information will be provided.