Hello, I would like to talk about personal data protection. After the audit process, NCC demands that we send them, together with the contract, the ID of person who signs the End User assignment contract (even if the contract is signed by a person on behalf of company). It seems strange: the CEO of company that wants IP resources signs the contract, probably stamps it and suddenly (!) RIPE NCC asks for the ID of CEO. We (LIR) have no choice on such operations - we should request ID or RIPE NCC will not assign resources for our customers. Even more, RIPE NCC requires scans of ID, and this action violates local laws in some countries (for example, CZ or RU). In Russia, personal data can be processed only after a special agreement (except some cases mentioned in the law), but we will send the ID images without any special agreements to the NCC. I tried to find some statements on data protection in the RIPE NCC or on any guarantee of confidentiality, but no such information found in the standard service agreement or any policy documents. On these grounds, I would like to initiate a change. RIPE NCC should have data protection procedures or RIPE NCC should not request personal IDs of third parties. -- Sergey