Privacy Policy

Last updated: 11 May 2026

This Privacy Policy explains how Own Identity, Inc., c/o INCUBATEC Srl, Pontives 17, 39040 Laion BZ, Italy (“Own Identity”, “we”, “us”) collects, uses, and protects information when you visit www.ownidentity.com (the “Site”), use our marketplace, or register a domain through us as an ICANN-accredited or ICANN-affiliated registrar.

We apply this policy worldwide and align our practices with the EU General Data Protection Regulation (GDPR) as our baseline standard, regardless of where you are located.

1. Data Controller

The data controller responsible for processing your personal data is:

Own Identity, Inc.
c/o INCUBATEC Srl
Pontives 17
39040 Laion BZ
Italy
Email: [email protected]

2. Information We Collect

2.1 Information you provide via forms

When you submit a contact, sign-up, or support form on the Site, we collect the information you provide, which may include your name, email address, organisation, message content, and any attachments.

2.2 Marketplace accounts

If you create an account on the Own Identity Marketplace, we process your account credentials (email, hashed password), profile data, listings, bids, transaction history, and communications with other users or with our support team. Where applicable, we also process billing data necessary to complete a transaction.

2.3 Domain registration data (ICANN)

When you register, transfer, renew, or manage a domain name through us, we collect and process the data required by the Internet Corporation for Assigned Names and Numbers (ICANN), the relevant registry, and applicable registrar agreements. This typically includes:

  • Registrant, administrative, technical, and billing contact details (name, organisation, postal address, email, phone)
  • Domain names registered and associated nameservers
  • Registration, renewal, transfer, and expiry dates
  • DNSSEC and authorisation codes

This data is shared with the relevant registry operator and, where required, published in WHOIS / RDAP directories in accordance with ICANN policy and the ICANN Registration Data Policy. We apply redaction of personal data in public WHOIS / RDAP responses to the extent permitted by ICANN policy and required by GDPR.

2.4 Cookies and similar technologies

We use a limited set of cookies:

  • Strictly necessary cookies — required to operate the Site, authenticate marketplace sessions, and remember your cookie preferences. These are set without consent on the legal basis of legitimate interest / contractual necessity.
  • Functional cookies — remember preferences such as language. Set only with your consent where required.
  • Analytics cookies — used by our self-hosted analytics (see Section 2.5). Set only with your consent where required.

You can manage or withdraw consent at any time through the cookie banner or your browser settings.

2.5 Self-hosted analytics

We operate analytics on our own infrastructure and do not share analytics data with third-party advertising or tracking networks. We collect aggregated, privacy-respecting metrics such as pages viewed, referrer, approximate region (derived from IP and not stored in raw form beyond the session), browser type, and device category. IP addresses are truncated or hashed before storage where technically feasible.

2.6 Server logs

Our web servers automatically record technical information (IP address, timestamp, requested URL, user agent, response status) for security, abuse prevention, and troubleshooting. Logs are retained for a limited period and then deleted or anonymised.

3. Purposes and Legal Bases for Processing

  • To provide the Site and the Marketplace — performance of a contract (Art. 6(1)(b) GDPR).
  • To register and manage domain names on your behalf — performance of a contract and compliance with ICANN, registry, and legal obligations (Art. 6(1)(b) and (c) GDPR).
  • To respond to enquiries submitted via forms — performance of a contract or our legitimate interest in handling your request (Art. 6(1)(b) and (f) GDPR).
  • To secure our services and prevent abuse — legitimate interest (Art. 6(1)(f) GDPR).
  • To run analytics and improve the Site — consent where required (Art. 6(1)(a) GDPR), otherwise legitimate interest.
  • To comply with legal obligations (tax, accounting, lawful requests) — Art. 6(1)(c) GDPR.

4. Recipients and Disclosure

We share personal data only with:

  • Domain name registries, ICANN, and registry escrow providers, as required by domain registration policy;
  • Service providers acting as processors under written agreements (hosting, email delivery, payment processing);
  • Professional advisers (legal, accounting, audit) under confidentiality;
  • Public authorities where required by law or valid legal process.

We do not sell personal data.

5. International Transfers

Because Own Identity, Inc. operates internationally and certain registry operators are located outside the European Economic Area (EEA), personal data may be transferred to countries outside the EEA. Where this occurs, we rely on appropriate safeguards under Chapter V GDPR, such as Standard Contractual Clauses, adequacy decisions, or contractual provisions mandated by ICANN policy.

6. Retention

  • Form submissions: up to 24 months from last contact, unless a longer period is required.
  • Marketplace account data: for the life of the account and up to 24 months after closure, plus statutory retention for transactional records (typically 10 years under Italian tax law).
  • Domain registration data: for the duration of the registration plus periods required by ICANN, registry contracts, and the Registration Data Policy (typically up to 2 years after expiry/transfer, with extended retention via the Registry Data Escrow service).
  • Analytics: aggregated data is retained indefinitely; raw event data is deleted or anonymised within 14 months.
  • Server logs: typically 30–90 days.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Request rectification of inaccurate data;
  • Request erasure (“right to be forgotten”), subject to overriding legal obligations (notably ICANN data retention requirements for active domain registrations);
  • Restrict or object to processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time without affecting the lawfulness of prior processing;
  • Lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.gpdp.it).

To exercise any right, contact us at [email protected]. We will respond within one month.

8. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS), encryption at rest where appropriate, access controls, logging, and regular review. No system is perfectly secure; we will notify affected users and competent authorities of personal data breaches as required by law.

9. Children

The Site and Marketplace are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this Policy

We may update this policy from time to time. Material changes will be announced on the Site. The “Last updated” date at the top reflects the current version.

11. Contact

For any privacy-related question, write to [email protected] or to the postal address in Section 1.