Regulation (GDPR) as implemented in the Isle of Man by the Data Protection (Application of GDPR) Order 2018.
The IM Registry (NIC.IM) has a legitimate right to collect information that is required for the proper maintenance and
administration of user accounts and domain name registrations. This will include personal data.
The IM Registry does not process account or domain name registration information for any other reason and will never send
unsolicited marketing correspondence.
This is information necessary for ensuring the proper administration of user accounts.
Minimum data required includes name, address and email. This will enable communication in relation to account management and
domain name registrations.
Domain Registration Data
The IM Registry is required to collect data relating to the registration of domain names (“Registration Data”).
In order to provide domain name registration services, The IM Registry typically requires the following registrant data:
Registration Data (Data required to enter the domain into our registry)
Registrant Organisation (where applicable)
Registrant Fax (where applicable)
Registrant Phone number
Administrative Contact Organisation (where applicable)
Administrative Contact Address
Administrative Contact Email
Administrative Contact Fax (where applicable)
Administrative Contact Telephone Number
Technical Contact Organisation (where applicable)
Technical Contact Address
Technical Contact Email
Technical Contact Fax (where applicable)
Technical Contact Telephone Number
Billing Contact Organisation (where applicable)
Billing Contact Address
Billing Contact Email
Billing Contact Fax (where applicable)
Billing Contact Telephone Number
The IM Registry does not disclose or share any data with third parties.
All IM Registry registrant information is redacted within WHOIS lookups in order to comply with the data protection regulations.
In exceptional circumstances, the data protection regulations will allow account and registrant information to be disclosed to law
enforcement and regulatory agencies. Under these circumstances, the IM Registry will only disclose the requested information after
confirming the request is legitimate and lawful.
The IM Registry is ISO 27001 Information Security accredited. As such, it has appropriate security measures
to prevent registrant information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
The IM Registry has a data destruction policy and will automatically enforce the right to be forgotten upon the cessation
of a domain name registration. This will be performed in line with the data retention policies required by law.
The regulations provide individuals a number of data protection rights. The following rights are
those that are relevant in the context of domain name registration:
The right to be informed:
The right of access:
individuals have the right to obtain copies of their personal data.
The right to rectification:
individuals have the right to have incorrect or incomplete personal data corrected.
The right to erasure:
individuals can request that their data be erased when no longer required.
Individuals can contact the IM Registry at email@example.com to exercise these rights at any time.
Individuals have the right to lodge a complaint with the Isle of Man Information Commissioner if they feel that their
data has not been handled correctly, or are unhappy with the IM Registry response to any requests they made regarding the
use of their personal data.
Further details of GDPR and its implementation in the Isle of Man can be found on the Isle of Man Information
Commissioner’s website at www.inforights.im
This website may contain links to other websites. The IM Registry are not responsible for the content or privacy practices