SIDN handles sensitive data on a daily basis in connection with the registration and administration of .nl domain names. All such data are treated with great care. Information is given below about our privacy provisions, and about the bodies that we share data with when we are asked to do so.
Why is information about you given in the Whois?
Around the world, it is normal for certain information about a domain name to be available to the public. In the .nl domain, relatively little information is published about each domain name. The only information given about the registrant is their name and e-mail address. That information is published so that people can establish who owns the name and can get in touch if the need arises. Someone might need to contact you if there is a technical problem with your domain name, for example, or if they believe that your domain name or website infringes their rights. Sometimes, the police and other agencies need to be able to find out who controls a name.
We pay particular attention to the privacy issues associated with the retention of personal data in the register. Article 23 of SIDN’s General Terms and Conditions for .nl Registrants therefore contains a number of privacy-related provisions.
If you object to people being able to get information about your name or e-mail adress, SIDN can in exceptional circumstances withhold your personal details from the Whois. For that to be done, you need to submit an 'opt-out request' to SIDN. The page opt-out requests explains when you are allowed to opt out and how to submit an opt-out request.
Your contact details are not made public
Using the Whois, anyone may look up certain information about a registered domain name, such as the registrant's name. The registrant's contact details are also registered with SIDN, but not made public. SIDN has the following information:
- The registrant's address
- Name and phone number of the administrative contact for the domain name
- Name and phone number of the technical contact for the domain name
- In exceptional circumstances, at the registrant's request, SIDN does not publish any personal information about the registrant in the Whois. For more information, see 'opt-out requests'.
Tips for contacting registrants
SIDN recognises that the protection of registrants' personal details makes it more difficult for people to contact registrants. Therefore, if you need to get in touch with a registrant, we suggest that you consider the following:
- Visit the website associated with the domain name; websites often provide contact channels or information.
- Use the e-mail address of the administrative contact person listed in the Whois.
- Use Google or anther search engine to find the registrant named in the Whois, or look them up in the Trade Register.
- Contact the registrar named in the Whois. The registrar manages the domain name's registration and may be able to contact the registrant.
Although registrants' details are not made public, SIDN does share information with the following outside parties if they ask for it. We share information only where sharing is necessary to enable the parties in question to do their work.
Lawyers and bailiffs practising in the NetherlandsLawyers and bailiffs practising in the Netherlands are able to obtain a .nl registrant's full contact details if the information is needed in the context of legal proceedings. A special form is available for lawyers and bailiffs to request a .nl registrant's contact details.
Investigative and law enforcement agenciesInvestigative and law enforcement agencies sometimes need more information about a registrant than is available from the public Whois. Such bodies have the legal authority to instruct us to disclose all the information that we have about a registered domain name. We therefore enable them to look up such information using automated systems, under the terms of a special agreement. The following authorities are currently able to retrieve information:
- Consumer Authorithy
- Dutch Healthcare Authority
- Dutch Media Authority
- Financial Markets Authority
- Food and Consumer Product Safety Authority
- Gaming Authority
- Health Care Inspectorate
- Municipality of Apeldoorn (social security fraud investigation unit)
- Municipality of Helmond (social security fraud investigation unit)
- Municipality of Hengelo (social security fraud investigation unit)
- Municipality of Nijmegen (social security fraud investigation unit)
- Municipality of Wijchen (social security fraud investigation unit)
- National Cyber Security Centre(NCSC)
- Radiocommunications Agency
- Tax and Customs Administration
If you represent an investigative or law enforcement agency and you wish SIDN to provide your organisation with access to the full Whois data, you should complete the Non-public Whois Agreement Application Form.
Certification authoritiesCertification authorities (CAs) are bodies that issue so-called Secure Socket Layer (SSL) certificates to domain name registrants. Their standard certification procedures include checking whether the details provided by the certificate applicant are the same as the details that SIDN has on record for the relevant domain name. Since CAs make their enquiries at the request of the registrant, SIDN is willing to provide them with the information they require.
CAs are able to access the full Whois information using automated systems. However, their entitlement is explicitly restricted to situations where they are acting on behalf of the registrant whose details they are accessing.
SIDN has access agreements with the following CAs:
If you represent a certification authority and you wish SIDN to provide your organisation with access to the full Whois data, you should complete the Certification Authorities’ Whois Agreement Application Form.
Why can’t I consult the Whois more than fifteen times a day?
SIDN has limited the number of Whois queries that can be submitted from any one IP address to fifteen per day. This restriction has been imposed to prevent the Whois (and the personal data available via the Whois) being used for purposes other than those for which the service is intended.
Can the Whois tell me which domain names are registered to a particular person or organisation?
No, the Whois can be used only to find out who the registrant of a particular .nl domain name is.
I understand that SIDN withholds registrants’ postal addresses from the Whois for personal data protection reasons. So why has SIDN chosen to withhold all registrants’ addresses, not just those of private individuals?
If a registrant is a Dutch-registered business, the business’s Chamber of Commerce Trade Register details have to be published on its website. So the contact details are already available from another source. What’s more, a system based on distinction between corporate and private registrants would work only if registrants were all correctly classified – and it simply isn’t realistic to try and verify that everyone who says he or she is a private individual actually uses his/her registration only for private purposes.
SIDN's history is closely linked to that of .nl. And the history of .nl begins with Piet Beertema.
Reporting a security breach
If you have come across anything that you regard as a vulnerability in one of our technical systems, please let us know straight away.
CCWG Initial Report published for Public Comments
Why you should read and react to the CCWG Initial Report