Norid AS

Abels gt. 5, Teknobyen

Phone +47 73 55 73 55

Norid collects and processes various information about the domain registrations. This information is registered in Norid’s customer database. The database is continually updated by information being added about new domain subscriptions that are created, or by registered information being changed. Historical data is stored separately from the customer database, for research and statistical analysis.

Norwegian domain names are registered and maintained via registrars. Registrars are enterprises that have a contract with Norid to submit orders on behalf of the domain subscriber, and generally acts as an intermediary between Norid and the subscriber. In order to subscribe to a domain name, the subscriber must sign one contract with Norid and one with the registrar.

A domain name is created as soon as Norid allocates a subscription for the domain name to an organisation1or an individual. The subscriber is granted the right to use the domain name for as long as the subscription is valid, normally until the organisation or individual terminates it.

1. The purpose of processing customer data

The purpose of Norid’s processing of customer data is:

  1. To ensure that private individuals and organizations can register Norwegian domain names and maintain the subscription and transfer the domain name within the parameters set by the domain name policy for .no
  2. To manage the Norwegian top-level domain in a way that contributes to robust operation of the internet as an infrastructure

Some processes following from this purpose:

  • Processing subscription orders and associated activities
  • Inclusion of relevant data in the zone file
  • Making select data available through the registration directory service
  • Conveyance of complaints in the dispute resolution system for .no
  • Sharing of data with the registrars so that they can act on behalf of the domain name subscriber
  • Development of the registry service so that it is suited to the needs of society
  • Operation of the name service for .no in a way that secures stability and technical quality
  • Research and statistical analysis

2. Types of information

2.1 Information about the domain name subscription

Information collected from the subscriber via the registrar includes:

  • The domain name to which the subscription applies
  • Confirmation that the subscriber has submitted a applicant declaration2 (name, date, version)
  • Transfer code3
  • DNSSEC information4

In addition, the system creates information about the duration and status of the subscription:

  • When the subscription was created, last changed, and when it expires
  • Status of the subscription (being deleted, blocked for changes, cannot be transferred, etc.)

Each subscription has one domain subscriber, a minimum of one technical contact, a minimum of two name servers (which can have their own technical contacts), and one registrar. Norid records the time the data is registered in the database and when the information was last updated.

A subscriber may subscribe to several domain names. Similarly, a technical contact may be responsible for several subscriptions and name servers. All registrars are responsible for multiple subscriptions on behalf of one or more domain name subscribers.

2.2 Information about the domain name subscriber

The subscriber can be a private individual or an organization (legal person). When the subscriber is an organisation, we collect information about both the organisation and the name of their contact person. Norid collects the following information:

Information Data we collect
Unique identifierRegistered organization number or personal identifier5
OrganizationOrganisation name (if the domain holder is an organization)
Contact person's nameName of the domain holder (if they are a person) or name of the organization’s contact person
E-mail addressCan be generic, e.g.
Postal addressStreet, postal code and postal area
Country Norway6
(Telephone number)Optional

Use of unique identifier: The subscriber is identified to Norid by a unique identifier. For organizations, this is the organization number registered in the Brønnøysund Register Centre, while private individuals are identified by their national identity number. The unique identifier shows who has the right to use the domain.

Private individuals state their national identity number and the name with which they are registered in the National Registry to Norid, and we check the information against the National Registry. To restrict access to the holder’s national identity number, Norid then creates a unique identifier that the holder uses in our systems and towards the registrar. The combination of name, national identity number and personal identifier is stored by Norid in a specially secured database to which only authorized employees have access.

2.3 Information about technical contacts

Each subscription must have at least one technical contact that can be contacted if a technical error occurs with the domain, or if the domain is used in a way that threatens the functionality, security or stability of other domains or the internet as an infrastructure. The technical contacts are roles – for example an IT department or the internet service provider’s hostmaster.

Norid collects the following information about technical contacts:

InformationData we collect
Role descriptionFor example: hostmaster or technical department
Email addressShould be generic, e.g.
Postal addressStreet, postal code and postal area
CountryCountry name
(Telephone number)Optional

2.4 Information about name servers

Each domain must have a minimum of two name servers. These are machines that answer requests for addresses under the domain name. The name servers are essential for the domain functioning. Name servers may have a technical contact that can be contacted in the event of a fault with the service, but this is optional.

Norid collects the following information about technical contacts:

InformationData we collect

2.5 Information about registrars

All domain name subscriptions are linked to a registrar. Norid collects the following information about registrars in the customer database:

InformationData we collect
Organization name Organization name
Email address Email address
Postal addressStreet, postal code, postal area, country
(Telephone number)Optional

Norid also registers information about the registrars in dedicated business systems separate from the database. This includes the organization’s name and number, contact persons, status, breaches of contract, whether the registrar offers services to both private individuals and organizations, and whether they offer DNSSEC for the customer’s domains, etc.

3. More about processing of personal data

Some of the information we collect is information related to private individuals, and which is regarded as personal data as defined in Article 4, 1 (“Definitions”) of the General Data Protection Regulation (GDPR). For Norid this means all Norwegian domain names and much of the rest of our customer data. Domain name subscribers are either private individuals, identified to us via name and national ID number, or organisations (businesses, public entities and other organisations) where we have requested the name of a contact person in addition to the organisation's name and organisation number.

We follow the requirements in the GDPR and the national personal data law when we process such data.

Norid’s processing of personal data is necessary for:

  • the performance of a contract to which the domain name subscriber is party or to take steps at the request of the subscriber prior to entering into a contract (GDPR Article 6, 1b)
  • complying with a legal obligation to which Norid is subject (GDPR Article 6, 1c)
  • the purposes of the legitimate interests pursued by Norid or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the subscriber (GDPR Article 6, 1f)

With the exception of the status of the domain name subscription, as well as date of creation, change, and termination, Norid’s customer data is collected from the subscriber via a registrar.

The subscriber must enter into one agreement with Norid and one with the registrar, and Norid and the registrar must both process personal data in order to fulfill their agreement with the subscriber. Norid and the registrar are thus independent data controllers. The subscriber may exercise his right to access his own data by contacting his registrar or Norid.

4. Maintenance of customer data

The subscriber is responsible for ensuring that the contact information related to the domain is correct. In the event of an error, the subscriber must contact the relevant registrar so that the information can be updated. Norid processes orders of updates from the registrars in a quick and efficient manner. This means that data is continually updated.

A subscriber may ask to be removed from the database by contacting his registrar. However, this means that all subscriptions held by the subscriber must be deleted, and the associated domain names become available for others. Data that is not connected to an existing subscription is automatically removed from the customer database after a certain period.


  • 1. Registered in Norway’s Central Coordinating Register for Legal Entities [Enhetsregisteret].
  • 2. The subscriber accepts the terms and conditions for .no using an applicant declaration form
  • 3. The transfer code ensures that the domain name subscription cannot be transferred to a new registrar without the subscriber's consent
  • 4. Securing domains with DNSSEC is optional, but if the domain is secured, the subscriber has to submit DNSSEC keys and DS records
  • 5. Identifier generated by Norid’s systems and only used in connection with the domain name subscription
  • 6. All subscribers must have a Norwegian postal address
Published: 23 May 2018
Updated: 20 December 2022