Norid AS

Abels gt. 5, Teknobyen

Phone +47 73 55 73 55

Norid collects and processes various information about the domain registrations. This information is registered in Norid’s customer database. The database is continually updated by information being added about new domain names that are registered, or by registered information being changed. Historical data is stored separately from the customer database, for research and statistical analysis.

Norwegian domain names are registered and maintained via registrars. Registrars are enterprises that have a contract with Norid to submit applications and updates on behalf of the domain holder, and generally acts as an intermediary between Norid and the holder. In order to register a domain, a holder must sign one contract with Norid and one with the registrar.

A domain is created as soon as Norid registers it to an organisation1or an individual. The domain holder is granted the right to use the domain name for as long as the registration is valid, normally until the organisation or individual terminates it. The holder may transfer the domain to others or request its deletion. After deletion, anyone can register the domain name anew.

1. The purpose of processing customer data

The purpose of Norid’s processing of customer data is:

  1. To ensure that private individuals and organizations can register Norwegian domain names and maintain and transfer the registration within the parameters set by the domain name policy for .no
  2. To manage the Norwegian top-level domain in a way that contributes to robust operation of the internet as an infrastructure

Some processes following from this purpose:

  • Processing of domain applications and associated activities
  • Inclusion of relevant data in the zone file
  • Making select data available through the registration directory service
  • Conveyance of domain complaints in the dispute resolution system for .no
  • Sharing of data with the registrars so that they can act on behalf of the domain holder
  • Development of the registry service so that it is suited to the needs of society
  • Operation of the name service for .no in a way that secures stability and technical quality
  • Research and statistical analysis

2. Types of information

2.1 Information about the registration

Information collected from the domain holder via the registrar includes:

  • The domain name to which the registration applies
  • Confirmation that the holder has submitted a applicant declaration2 (name, date, version)
  • Transfer code3
  • DNSSEC information4

In addition, the system creates information about the duration and status of the registration:

  • When the registration was created, last changed, and when it expires
  • Status of the registration (being deleted, blocked for changes, cannot be transferred, etc.)

Each registration has one domain holder, a minimum of one technical contact, a minimum of two name servers (which can have their own technical contacts), and one registrar. Norid records the time the data is registered in the database and when the information was last updated

A holder may register several domains. Similarly, a technical contact may be responsible for several domains and name servers. All registrars are responsible for multiple domains on behalf of one or more domain holders.

2.2 Information about the domain holder

The holder can be a private individual or an organization (legal person). Norid collects the following information about these:

Information Data we collect
Unique identifierRegistered organization number or personal identifier5
OrganizationOrganisation name (if the domain holder is an organization)
Contact personName of the domain holder (if they are a person) or name of the organization’s contact person
E-mail addressCan be generic, e.g.
Postal addressStreet, postal code and postal area
Country Norway6
(Telephone number)Optional

Use of unique identifier: The holder is identified to Norid by a unique identifier. For organizations, this is the organization number registered in the Brønnøysund Register Centre, while private individuals are identified by their national identity number. The unique identifier shows who has the right to use the domain.

Private individuals state their national identity number and the name with which they are registered in the National Registry to Norid, and we check the information against the National Registry. To restrict access to the holder’s national identity number, Norid then creates a unique identifier that the holder uses in our systems and towards the registrar. The combination of name, national identity number and personal identifier is stored by Norid in a specially secured database to which only authorized employees have access.

2.3 Information about technical contacts

Each registration must have at least one technical contact that can be contacted if a technical error occurs with the domain, or if the domain is used in a way that threatens the functionality, security or stability of other domains or the internet as an infrastructure. The technical contacts are roles – for example an IT department or the internet service provider’s hostmaster.

Norid collects the following information about technical contacts:

InformationData we collect
Role descriptionFor example: hostmaster or technical department
Email addressShould be generic, e.g.
Postal addressStreet, postal code and postal area
CountryCountry name
(Telephone number)Optional

2.4 Information about name servers

Each domain name must have a minimum of two name servers. These are machines that answer requests for addresses under the domain name. The name servers are essential for the domain functioning. Name servers may have a technical contact that can be contacted in the event of a fault with the service, but this is optional.

Norid collects the following information about technical contacts:

InformationData we collect

2.5 Information about registrars

All domain registrations are linked to a registrar. Norid collects the following information about registrars in the customer database:

InformationData we collect
Organization name Organization name
Email address Email address
Postal addressStreet, postal code, postal area, country
(Telephone number)Optional

Norid also registers information about the registrars in dedicated business systems separate from the database. This includes the organization’s name and number, contact persons, status, breaches of contract, whether the registrar offers services to both private individuals and organizations, and whether they offer DNSSEC for the customer’s domains, etc.

3. More about processing of personal data

Some of the information that is collected is information related to private individuals, and which is regarded as personal data as defined in Article 4, 1 (“Definitions”) of the General Data Protection Regulation (GDPR).

Norid’s processing of this data is necessary for:

  • the performance of a contract to which the domain holder is party or to take steps at the request of the holder prior to entering into a contract (GDPR Article 6, 1b)
  • complying with a legal obligation to which Norid is subject (GDPR Article 6, 1c)
  • the purposes of the legitimate interests pursued by Norid or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the holder (GDPR Article 6, 1f)

With the exception of the status of the domain registration, as well as date of creation, change, and termination, Norid’s customer data is collected in from the holder via a registrar.

The domain holder must enter into one agreement with Norid and one with the registrar, and Norid and the registrar must both process personal data in order to fulfill their agreement with the holder. Norid and the registrar are thus independent data controllers. The holder may exercise his right to access his own data by contacting his registrar or Norid.

4. Maintenance of customer data

The domain holder is responsible for ensuring that the contact information related to the domain is correct. In the event of an error, the holder must contact the relevant registrar so that the information can be updated. Norid processes notifications of change received via the registrars in a quick and efficient manner. This means that data is continually updated.

A domain holder may ask to be removed from the database by contacting his registrar. However, this means that all registrations held by the holder must be deleted, and the domains become available for others. Data that is not connected to an existing domain registration is automatically removed from the customer database after a certain period.


  • 1. Registered in Norway’s Central Coordinating Register for Legal Entities [Enhetsregisteret].
  • 2. The domain holder accepts the registration rules for .no using an applicant declaration form
  • 3. The transfer code ensures that the domain name cannot be transferred to a new registrar without the holder’s consent
  • 4. Securing domains with DNSSEC is optional, but if the domain is secured, the holder has to submit DNSSEC keys and DS records
  • 5. Identifier generated by Norid’s systems and only used in connection with the domain registration
  • 6. All holders must have a Norwegian postal address
Published: 23 May 2018
Updated: 6 May 2021