Privacy Policy - Domain Name Registration

UBILIBET SL, with registered office at Carrer d’ Ulldecona 21, Barcelona, (hereinafter, the ” Data Controller ” or ” UBILIBET ” ) is constantly committed to protecting the privacy of its users. This document contains information about our privacy policies, so that the customer understands how their Personal Data is processed in connection with domain name registration and management activities.

 

In accordance with the provisions of Regulation (EU) 2016/679 (the ” GDPR ” ) and Organic Law 3/2018, the processing carried out by Register is based on the principles of lawfulness, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.

 

UBILIBET’s corporate structure includes a Data Protection Officer ( DPO ). The DPO is available to provide any information regarding the processing of personal data by UBILIBET. You can contact the DPO by writing to dpo@ubilibet.legal .

 

  1. Roles and responsibilities in the processing of domain name registration data

To register a domain name, the registrant/interested party must provide certain personal information:

  • Contact information: Registrant’s name, postal address, telephone number, and email address.
  • Identity Verification: Some Registries may also require the registrant to provide additional documentation to verify their identity, such as a state-issued ID card or passport.
  • Additional Point of Contact: Some Registries may require the registrant to provide one or more additional points of contact, who will be responsible for, for example, administrative or technical aspects of domain registration.
  • The registrant’s personal data will be used for the following purposes:
  1. Verify the registrant’s identity and contact information.
  2. Billing and collection of domain registration fees.
  3. Provide customer service and assistance.
  4. Communicate important information about domain registration and renewal.
    • The Domain Registrar, as the entity responsible for managing domain name registration, is responsible for collecting and storing registrant personal data in accordance with applicable laws and regulations, and may share registrant data with other Registrars to register a domain.
    • The Domain Registry, as the entity responsible for maintaining the database of registered domain names, will receive the registrant’s personal data from the Registrar. The Registry uses this information to maintain accurate and up-to-date records of registered domain names and to ensure compliance with relevant laws and regulations.
    • Registrars and Registry may also be required to share personal data with ICANN (the Internet Corporation for Assigned Names and Numbers) as part of the process of complying with ICANN policies.

 A domain name (often simply referred to as a ” domain ” ) is a name associated with an IP address on the Internet.

 

A domain is made up of several parts, one of which is the extension, also called the top-level domain (” TLD ” ), which is the part of the domain that follows the dot.

There are two categories of TLDs:

  • Generic TLDs ( generic top-level domains or ” gTLDs ” ): for example . com , . org , . info , . biz , etc., which have international distribution;
  • country code top -level domains or ccTLDs ) : These are domains that refer to a country. For example, the ccTLD for Spain is .es .

In the process of registering a domain name, three different subjects are involved: Registry , Registrar and Owner .

 

The term ” Registry ” refers to a national or international body responsible for establishing the rules and procedures for the allocation of domain names, the management of registries and the primary name servers for the various TLDs.

For example, in Spain, the ccTLD “.es” is maintained by RED.es ( https://www.red.es/es ).

The full list of Registries and related policies can be found at this link: https://www.iana.org/domains/root/db, and on the UBILIBET website at this link: https://www.ubilibet.com/es/legal/

 

The term “Registrar ” refers to an organization authorized by UBILIBET to conduct operations on the domains of the TLD for which it is accredited. The Registrar of a gTLD domain name can be verified by accessing the ICANN service available at this page: https://lookup.icann.org/. To check the Registrar of a ccTLD domain , the web address of the corresponding Registry of interest can be found at https://www.iana.org/domains/root/db , which provides the Whois/RDAP Individual Registry Lookup service.

 

Finally, the term “ Registrant ” or “ Holder ” refers to the natural or legal person who registers a domain name.

 

In practice, to register a domain name, the Registrant submits an application to the Registrar, who then forwards the application to the appropriate Registry, which determines whether the conditions for registration are met. If the evaluation is satisfactory, the domain name will be registered in the Registrant’s name, who will become the assignee and, therefore, may claim rights in accordance with applicable law, during the periods specified in the relevant service contract.

Following registration of a gTLD domain name , Personal Data relating to the beneficiary and Registrant of the domain name in question will normally be published, and therefore disseminated, in the public WHOIS/RDAP database and may be consulted using the data lookup tool (https://lookup.icann.org/en) made available by ICANN for gTLD domain names .

 

Domain names with ccTLD extensions may be published in the WHOIS databases managed by the corresponding Registries, in accordance with each Registry’s policies.

UBILIBET typically acts as the Data Controller for data processing related to the registration and management of domain names.

However, UBILIBET’s privacy role as Registrar is decided on a case-by-case basis by the Registry responsible for the gTLD or ccTLD for which registration is requested. Should UBILIBET be appointed as Data Processor by the competent Registry, based on non-negotiable provisions of the contract concluded between UBILIBET and said Registry, in relation to the processing activities associated with the management of such specific domain extensions, information regarding the processing and requests to exercise Data Subject rights (see section 8 hereof) should be addressed to the Registry responsible for the domain extension to be registered.

Furthermore, if additional Personal Data from third parties is required to register a domain name (such as, but not limited to, the contact details of the Administrator – or ” Admin – C ” – and the Technical Manager – or ” Tech -C ” – of a given domain name), the Registrar typically acts as the Data Processor with respect to that Personal Data. In this case, you – UBILIBET’s Customer – act as the sole Data Controller, assuming all legal obligations and responsibilities. This way, you provide the broadest possible indemnity against any objection, claim, request for compensation for damages due to the processing, etc., that UBILIBET may face from said third parties if your data has been processed in violation of applicable Personal Data protection regulations. In any case, if you provide the Personal Data of third parties as part of the registration of a domain name, you must guarantee from that moment on – assuming all related responsibility – that this specific processing activity is based on an adequate legal basis in accordance with Articles 6 or 49 (c) GDPR, which legal basis legitimizes the processing of the Data in question.

  1. The Personal Data subject to processing

Regarding the processing of personal data carried out as part of the domain name registration service, it should be noted that UBILIBET will only carry out the processing strictly necessary to provide the service and for the management of the billing and accounting of the domain name, unless additional processing is carried out on the basis of an adequate legal basis pursuant to Article 6 of the GDPR (consent, for example), which legitimizes the processing of the data in question.

The data collected by UBILIBET as part of a domain name registration application includes only the data strictly necessary to provide the service that the Data Owner provides in the domain name registration phase, and which are listed in the Service Order available at these links:

https://www.ubilibet.com/es/legal/general-service-conditions/

https://www.ubilibet.com/es/legal/particular-conditions-tld-y-gtld/

 

In some specific cases, UBILIBET may request a copy of an identity document for particularly sensitive transactions, such as requests to delete a domain name or requests to change the assignee.

Providing such data is in itself optional; however, without it, UBILIBET will not be able to provide the requested service.

  1. Purpose of the treatment

The processing carried out by UBILIBET is based on the principles of fairness, legality, transparency, and protection of the data subject’s privacy.

The information and data that you (Client) provide are used exclusively:

  • for the purposes of domain name registration and management, which involves the verification of the data provided for registration, billing and accounting management of the domain name, assistance and support in its management, auxiliary operations such as deletion, transfer or change of ownership requests, as well as the communication of important information regarding the renewal of the domain (” Provision of the Service ” );
  • for security and fraud prevention purposes (” Fraud and Abuse Prevention ” );
  • to comply with legal obligations, in particular those arising from current legislation on domain name registration (” Compliance ” )
  • communicate the data necessary for registration to independent third-party controllers , such as the competent Registries, as the case may be, for the domain extension to be registered (” Communication of data to independent third-party controllers ” );
  • to protect the industrial property rights of third parties, or to verify reports of abuses allegedly committed by you against third parties, for example, for the protection of industrial property rights (” Protection of the legitimate interests of third parties”).

For security, fraud detection, and prevention purposes only, UBILIBET installs an automatic monitoring system to track and analyze user behavior on the Website, associated with the processing of personal data such as IP addresses. The consequence of this processing is that if someone attempts to engage in fraudulent behavior on the UBILIBET Website, for example, to benefit from the same promotion multiple times without being entitled to do so, UBILIBET reserves the right to exclude such person from the promotion or take any other appropriate measures for its own protection.

 

As part of our marketing initiatives and in UBILIBET’s legitimate interest, we may send marketing emails or text messages promoting products or services similar to those already purchased by our customers, in accordance with the implied consent exemption. This exemption allows us to contact our current customers to offer them products or services similar to those they have previously purchased from us, unless the Customer has objected to this initially or in subsequent communications.

 

UBILIBET also has a legitimate interest in conducting analytical activities through tracking via the use of cookies and similar technologies, aimed at verifying and measuring the quality and effectiveness of UBILIBET’s online advertising campaigns, in order to improve the performance of such campaigns, as well as the services offered by UBILIBET.

 

  1. Legal basis for the processing and provision of personal data

Processing for the purpose of providing the service and communicating data to independent third-party controllers is necessary to execute the service contract between you and UBILIBET, in accordance with Art. 6 (1) (b) GDPR. Providing such data is in itself optional; however, in its absence, UBILIBET will not be able to provide the requested service.

 

Processing for the purposes of fraud and abuse prevention is based on UBILIBET’s legitimate interest in preventing fraud and scams committed against it or its customers or third parties, in accordance with Article 6(1)(f) of the GDPR and on the basis of Recital 47 of the GDPR.

 

Processing for the protection of the legitimate interests of third parties is based on the legitimate interest of those third parties in protecting their rights, such as industrial property rights, or in the event of alleged misuse by you to the detriment of those third parties. This processing activity is legitimate pursuant to Art. 6 (1) (f) GDPR.

 

Processing for compliance purposes is legitimate pursuant to Art. 6 (1) (c) GDPR. Once Personal Data has been provided, further processing may be required to comply with certain legal obligations to which the Registry is subject. This type of processing cannot be objected to, as it is based on legal obligations.

  1. Recipients of personal data

For purposes strictly related to the provision of the service, the Personal Data of the domain name holder (as well as third parties such as Admin -C and Tech -C , if necessary to register the specific domain name with the competent Registry) may be communicated to third parties acting as independent Data Controllers.

Specifically, this data will be communicated to the national and international Registries to which UBILIBET must send the technical and administrative documentation required by sectoral legislation, as well as to any other entities accredited for the registration of domain names with extensions for which the Registry is not accredited. These latter entities generally act as Data Processors on behalf of UBILIBET.

The sharing of data with independent third-party data controllers is necessary for the provision of the Service and is based on Art. 6 (1) (b) GDPR.

 

Registries will process Registrant data to keep the domain name registry up-to-date and ensure compliance with applicable laws and policies. We encourage you to review the privacy notices published by the relevant Registry from time to time.

UBILIBET may be required to communicate your personal data to the Internet Corporation for Assigned Names and Numbers (“Internet Corporation”) . for Assigned Names and Numbers ”hereinafter, “ ICANN ” ), in order to comply with ICANN policies and procedures.

 

ICANN also requires UBILIBET, in its capacity as Registrar, to deposit a copy of the data necessary for the management of domain names in escrow with an Escrow Agent . Agent ”) accredited.

 

For this service, UBILIBET uses the company DENIC Services GmbH & Co. KG (hereinafter referred to as “ DENIC ” ), located in Germany (Heinrich-Hertz-Str. 6, 64295 Darmstadt, Germany, info@denic-services.de ) and designated by ICANN.

 

Please note that for gTLD extensions, and in some cases also for ccTLD extensions if permitted or required by the relevant Registry, UBILIBET may be required to disclose your data to third parties for the purposes of Fraud and Abuse Prevention , based on Article 4 of the ICANN Temporary Specification for gTLD Registry Data , available at this link:

 https://www.icann.org/en/system/files/files/gtld-registration-data-temp-spec-17may18-es.pdf  

or for ccTLDs , based on the policies published from time to time by the competent Registry.

Upon explicit and detailed request, UBILIBET may also communicate the Personal Data of a domain name to third parties, based on its own legitimate interest, in order to protect its rights (including industrial property rights), and the protection of the legitimate interests of third parties .

  1. Transfer of personal data

As part of the domain name registration services, data is communicated to the subjects listed in Section 4 of this Privacy Policy, which may be located outside the European Economic Area (the ” EEA ” ), such as ICANN and DENIC, or the Registry of the country of interest where the ccTLD or gTLD is to be registered .

UBILIBET guarantees that the processing of your Personal Data by these Recipients is carried out in accordance with the GDPR.

 

The legal basis for the aforementioned transfers to the competent Registries, as the case may be, is Article 49 (1) (b) GDPR and Article 49 (1) (c) GDPR, where the transfer outside the EEA is necessary for the performance of the contract between the Data Subject and the Data Controller, or between the Data Controller and a third party acting on behalf of the Data Subject.

Regarding the transfer of data to DENIC within the scope of gTLD registries , or if the Registry uses third-party registrars for the registration of certain gTLD extensions , transfers are carried out on the basis of the EU Commission’s Standard Contractual Clauses, in accordance with Art. 46 GDPR. In such cases, a copy of the clauses may be requested, after redaction of the sections containing personal data.

UBILIBET is part of the team.blue group and is jointly controlled by team.blue NV. The team.blue group , led by team.blue NV, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This enables more efficient collaboration on improving products, campaigns, and customer service. Customer personal data, such as contact, user, billing, and purchase information, may be shared between the Team Blue Group and team.blue NV for statistical, marketing, internal administrative, and reporting purposes, but only to the extent necessary for the intended use and with appropriate safeguards to prevent unauthorized access or disclosure.

 

For more information, please write to dpo@ubilibet.legal

  1. Data retention

The Personal Data processed for the purposes of providing the Service and communicating data to independent third-party controllers will be retained for the time strictly necessary to achieve the stated purposes. Furthermore, since this processing is carried out for the provision of the domain name registration and management service, UBILIBET will process the Personal Data for the period permitted by Spanish law to protect its interests. Specifically, it will retain the data necessary to provide evidence of proper compliance with its contractual obligations for the period required by law, which generally corresponds to the general statutory limitation period for proceedings (Article 1964.2 of the Civil Code).

 

For Compliance purposes , Personal Data will instead be retained for the period required by the specific obligation or applicable law.

 

For the purposes of Fraud and Abuse Prevention and the Protection of the legitimate interests of third parties, Personal Data will be retained for the period required by the Registry to prevent and combat fraudulent conduct and to protect the legitimate interests of third parties, i.e., for 10 years.

You can obtain further information about the retention periods for Personal Data and the criteria used to determine these periods by writing to the Data Controller or the DPO.

  1. Rights of the Holder / Interested Party

Without prejudice to the obligations or powers to retain Personal Data established in section 6, you have the right to request from UBILIBET, at any time, access to your Personal Data, its rectification, deletion or restriction of processing in the cases contemplated in art. 18 GDPR, as well as to obtain the data that concerns you in a structured, commonly used and machine-readable format (portability), in the cases contemplated in art. 20 GDPR, for the purposes of providing the Service .

 

You have the right to object to the processing of your personal data for the purposes of preventing abuse and fraud , in the cases provided for in Article 21 of the GDPR.

 

Such requests can be made by writing to dpo@ubilibet.legal

To exercise your right to data portability and obtain more information about your content, please also contact dpo@ubilibet.legal . You can also find information about this in our Privacy Policy, available at:

https://www.ubilibet.com/es/legal/politica-de-privacidad/

 

In all cases, you always have the right to lodge a complaint with the competent Supervisory Authority (Personal Data Protection Authority) pursuant to Article 77 GDPR if you believe that the processing of your data violates applicable law, or to seek legal redress in court (Article 79 GDPR).

  1. Modifications

This Privacy Policy is effective as of the date indicated below. UBILIBET reserves the right to modify or update the content of this Policy, in whole or in part, also in the event of changes in applicable legislation. If modifications to this Policy imply substantial changes to data processing or have a significant impact on Data Subjects/Data Subjects, UBILIBET will take appropriate measures to notify them.

© UBILIBET SL (March 2025)

Scroll to Top