Logo
IQ
Login Sign Up
Register Domain

Registered Domain Names Data Protection Policy

Policy governing the protection of personal data collected during domain name registration, including WHOIS privacy and data subject rights.

Effective: Jan 01, 2025 Version 1.0 IQ Department

Registered Domain Names Data Protection Policy

Policy Information

  • Entity: IQ Department
  • Version: 1.0
  • Effective Date: 1100
  • Issue Date: 13/06/2023
  • Email: iq@cmc.iq
  • Website: www.cmc.iq

1. Introduction

This policy defines the guidelines and procedures related to the protection of personal data associated with domain name registration under the .IQ ccTLD in accordance with the laws of the Republic of Iraq and WHOIS usage.

2. Scope and Definitions

2.1 This policy applies to the registry, accredited registrars, and registrants under .iq.

2.2 “Personal Data” means any information relating to an identified or identifiable natural person.

3. Accredited Registrar Responsibilities

  • 3.1 Comply with all applicable data protection laws.
  • 3.2 Inform registrants of purposes and legal bases of processing.
  • 3.3 Implement appropriate technical and organizational measures.
  • 3.4 Retain data only as long as necessary.
  • 3.5 Registrars outside Iraq must comply with GDPR where applicable.
  • 4.1 The registrant consents to data collection during domain registration.
  • 4.2 Clear information must be provided about processing purposes.
  • 4.3 Registrants may withdraw consent subject to legal obligations.

5. WHOIS Information and Privacy

  • 5.1 WHOIS data must be processed in compliance with data protection laws.
  • 5.2 WHOIS data must be minimized to what is necessary.
  • 5.3 Personal data of natural persons must not be publicly disclosed without explicit consent.

6. Data Subject Rights

  • 6.1 Right of Access
  • 6.2 Right to Rectification
  • 6.3 Right to Erasure
  • 6.4 Right to Data Portability
  • 6.5 Right to Object

7. Data Breach Notification

Data breaches must be reported promptly with clear information about risks and mitigation.

8. Data Protection Officer

The authority shall appoint a contact point responsible for monitoring compliance.

9. Policy Review and Updates

This policy shall be reviewed periodically and may be updated with notice.

10. Governing Law and Jurisdiction

This policy is governed by the laws of the Republic of Iraq (Order No. 65 of 2004).

Chat with us