Controller/Processor
In the field of thedomain name registration process, the GDPR reinforces as well the rights to privacy and the protection of personal data of the related parties, like domain owners, registrars or managing entities. It is under this framework, and in the scope of privacy and data protection, that will also be regulated the registry/registrar relation.
Therefore, it isunderstood that, for the purposes of the GDPR, the .PT is the controller and it is responsible for determining the purposes and means of processing the personal data collected by registrars, in the process of registering and maintaining a .pt domain. Registrars, processing such personal data on behalf of the registry, assume the status of processors.
The obligations and responsibilities that result from the qualification of the data controller and processor will be formalized in an Addendum to the Registry/Registrar Agreement.