Data disclosure procedure

1. Data Disclosure according to NIS-2:

Requirements:

Pursuant to §§ 49 and 50 of the Act implementing the NIS-2 Directive and regulating essential elements of information security management in the federal administration (NIS-2 Implementation Act), Top Level Domain Registries and Domain Name Registry service providers are obliged to diligently collect and maintain accurate and complete domain name registration data in a dedicated database and to grant authorized access seekers access to the domain name registration data without delay, and in any case within 72 hours of receiving the request, upon reasoned request, demonstrating a legitimate interest and to the extent necessary for the fulfillment of their duties.

Procedure:

The disclosure procedure is exclusively available to "authorized access seekers." These are defined in accordance with § 2, 2. NIS-2 Implementation Act as:

• The Federal Office for Information Security
• The state authorities that the states have designated as competent authorities for the supervision of public administration entities at the regional level pursuant to Article 2(2)(f) point (ii) of the NIS-2 Directive
• Law enforcement authorities
• The federal and state police forces
• The federal and state intelligence services (Verfassungsschutzbehörden);

Authorized access seekers must submit their request via the designated email address for NIS-2 inquiries: nis2auskunft@internetx.com

The request must include a justification and demonstration of a legitimate interest and must be necessary for the fulfillment of the authorized access seeker's duties.

If the requirements are met, the information is provided without delay/within 72 hours of receipt of the application. If the requirements are not met, the application will be rejected with justification.

2. Data Disclosure according to ICANN:

Procedure:

Since May 25, 2018, the contact information of domain holders displayed within a public WHOIS has been severely restricted. There are still ways to contact the domain holder, e.g., via our web form.

In some cases, other parties may have legitimate reasons to request the domain holder's real information from InterNetX GmbH. This could include law enforcement agencies, security companies, or representatives of intellectual property owners. If you believe you have a legitimate reason to request information about the domain holder, please contact domain-abuse@internetx.com

Pursuant to Section 10.2 of the Registration Data Policy, all requests MUST contain the following information. Failure to provide this information will result in your request being rejected.

A. Identity of the applicant:

• Full contact details (name, email address, telephone number, postal address).
• Type/nature of the company or person making the request.

B. Authorization:

• If you are acting on behalf of another party, you must include a power of attorney or similar declaration proving the authorization.

C. Requested data:

• A specific list of the data elements you are requesting (e.g., registrant name, registrant email address).

D. Legal Basis:

• Information about your legal rights.
• The specific justification and basis for the request (Why do you need this data?).

E. Confirmations (mandatory):

• “I confirm that this request is made in good faith.”
• “I agree to process all data elements lawfully.”