Version 1.0, last revised on 23 May 2018.
Amsterdam Internet Exchange B.V. (AMS-IX) is committed to respecting and protecting all personal data it processes. This AMS-IX Privacy Statement gives an overview of the practical translation of this commitment into AMS-IX’s operations. It explains how AMS-IX collects, uses, shares, holds and retains personal data as required in the normal course and scope of AMS-IX’s business. Personal data is considered any information relating to an identified or identifiable natural person as defined by applicable privacy law1.
The AMS-IX Privacy Statement not only describes why AMS-IX processes personal data and how, but also how these data can be accessed, changed and deleted by data subjects.
For any questions, suggestions or concerns about or related to this document, please contact us by email or +31 20 305 89 99. Physical correspondence can be directed to the AMS-IX Office: AMS-IX B.V., Frederiksplein 42, 1017 XN, Amsterdam, The Netherlands.
The main reason that AMS-IX processes personal data is to support its role as an Internet Exchange Point (IXP)2. As an IXP, AMS-IX facilitates the interconnection of networks, so called Autonomous Systems3, so they can exchange IP-traffic between each other. This is the AMS-IX IXP service4.
Autonomous Systems who want to become AMS-IX customers enter into a contract, a Connection Agreement, for which AMS-IX needs to process personal data.
In addition to the establishing of the Connection Agreement, AMS-IX processes personal data to perform additional activities for the benefit of AMS-IX customers and to support the offering of the AMS-IX IXP service. We also process personal data of persons visiting our website.
2.1.1 Types of data collected from customers
In order to use the AMS-IX IXP service, Autonomous Systems become a customer of AMS-IX. The ordering of the AMS-IX IXP service5 requires the customer to fill in an online application form that amongst others specifies roles for a set of named individuals who can perform certain responsibilities on behalf of the customer when interacting with AMS-IX. This means that to provide customers with the IXP service, or to perform a function related to the IXP service, AMS-IX collects and processes data from and about these customers that include personal data relating to private individuals (i.e. managers and other employees).
The following types of data are included:
The collection of the included personal data is necessary for the performance of the Connection Agreement.
AMS-IX does not publish the personal contact details provided by customers. Only the generic peering-contact email-address provided is mentioned on the connected networks list on the AMS-IX website so Autonomous Systems can reach out to each other to negotiate peering relations6 . If a customer decides to use a personal contact-email address for this, AMS-IX considers the customer to have given consent for this information to be published.
2.1.2 How these data, including personal data, is collected
Besides the use of the online application that customers use to order the AMS-IX IXP service (see 2.1.1), AMS-IX collects data, which might include personal data, when customers interact directly with AMS-IX. For example, AMS-IX collects information when representatives from (prospect) customers provide information to AMS-IX or send emails to AMS-IX, or when customer details are entered on the AMS-IX website and/or customer-portal.
AMS-IX may receive and/or collect data, including personal data, from:
2.1.3 How AMS-IX uses these collected data
AMS-IX uses data collected to the extent necessary to provide customers with the AMS-IX IXP service as well as related support. In doing so, AMS-IX may use these data, which might include personal data, for related purposes as required in the normal course and scope of AMS-IX’s business, such as:
AMS-IX also processes personal data when sending mailings to customers, and to organise and host events and meetings. This is necessary for the purpose of the legitimate interests pursued by AMS-IX B.V.
Use of AMS-IX mailing lists
Lists include names and mail addresses of those subscribed, and messages sent include name, email address, date and the message content. Messages are archived, not publicly, and visible to others who are subscribed to the same list(s).
AMS-IX uses mailing lists for:
Event registration administration for meetings and other organised events
AMS-IX may also publish lists of registered attendees on a website, with their consent, as part of its commitment to openness and transparency. The publishing of these lists is a common industry tool for attendees to prepare themselves for the meeting and set-up meetings with and contact other attendees of interest. These lists contain the names of the attendees and their organisations, but no contact details or other personal details. Opting out of having one’s name and organisation published on the attendee-list is an option. If one’s name has been published on an AMS-IX website as part of a list of attendees of an event or meeting and one wish to be deleted from the list, please contact our Marketing team.
AMS-IX shares data with other organisations to the extent necessary for the delivery of the AMS-IX IXP service to customers, or when required by law.
AMS-IX will only share customer information for marketing purposes (limited to mailings and events) after consent has been given. In particular, AMS-IX may disclose data, including personal data, to:
AMS-IX will store personal data only as long as needed to satisfy the above purposes for which it was collected or as required by law.
AMS-IX retains customer correspondence until 18 months after the Connection Agreement has been terminated. The same applies to personal customer contact-details as retained in the AMS-IX customer portal my.ams-ix, i.e. after the Connection Agreement has terminated. The Connection Agreement itself is retained for two years after termination. Unless longer retention is required by law.
Registration data for events organised by AMS-IX as well as public attendee lists (see 2.2) are deleted six months after the event has taken place.
AMS-IX maintains strict procedures to authenticate people's identification and verify their right to authorise changes in the AMS-IX customer-portal my.ams-ix.net.
Personal data held in my.ams-ix.net is not publicly available and authorised customer representatives can only see their own organisation’s details after logging in, including the registered contacts for their organisation.
AMS-IX maintains a high level of physical security and protection for all its computer, storage and network facilities that are involved in the processing of personal data. AMS-IX is ISO27001:2013 certified.
When the AMS-IX website https://ams-ix.net/ is visited, small files are recorded on the visitor’s computer (or any other device that is used to visit the website) through the visitor’s web browser. These files, called ‘cookies’, help enable website features and functionality while browsing the website.
AMS-IX will use the above information only to the extent required for AMS-IX’s legitimate interests, or where this is necessary to help provide requested AMS-IX IXP service to member or customer.
AMS-IX uses Google Analytics for www.ams-ix.net . This tool helps us keep track of the use of the website: which pages are visited and how long do visitors stay there. This data helps us improve our website to offer visitors a better browsing experience. The cookies set by Google because of this do not contain or collect personal identifiable information7.
During a visit to the AMS-IX website, other third parties may also set cookies on a visitor’s device. These cookies are set when a page is visited which has content embedded from third party sites, such as YouTube.
One can disable cookies, or specifically third party cookies, by adjusting the web browser settings. Please check the “help” menu of the browser for information about how to change the cookie preferences. However, if all cookies are disabled, one may not be able to use all supported website features.
Data subjects have the right to ask AMS-IX to provide access to, rectify or delete any data relating to them or to restrict the processing of data relating to them. Furthermore, data subjects have the right to object against processing, and to request data in a standardized, machine-readable format (data portability).
In order to fulfil its obligations in this respect, AMS-IX may request data subjects to identify themselves.
AMS-IX customers have the possibility to access registered data via the AMS-IX customer portal. Persons registered as being authorised can access and change personal contact details using the customer portal on behalf of their organisation. AMS-IX will always help those who may have trouble modifying their own data.
Those subscribed to AMS-IX mailing lists, can unsubscribe at any time or change preferences by accessing this web page. Contact us for requests or in case there are questions or concerns about the accuracy or appropriateness of any other personal data held by AMS-IX. AMS-IX will respond and seek to correct any problems as soon as possible.
A complaint concerning the processing of personal data by AMS-IX can also be directed to the Dutch data protection authority, the Autoriteit Persoonsgegevens.
AMS-IX may change this privacy statement from time to time, either because of internal or regulatory changes, or following feedback received. The latest version of the privacy statement is available here. We will proactively notify our customers and suppliers on substantive or material changes to this privacy statement.
1 Art 4 (1) of the General Data Protection Directive (GDPR)
2 IXP definition
3 AS numbers
4 More info about AMS-IX
5 As described here
6 Connected networks
7 Our use of Google Analytics is configured in a privacy friendly way, in line with a recommendation of the Dutch Data Protection Authority
Trade register: 34128666