What is the GDPR?`The General Data Protection Regulation (GDPR) is a new European privacy law becomes enforceable on May 25, 2018.
Who does the GDPR apply to?The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
What is a controller, and what is a processor?According to article 4 of the EU GDPR Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” What is Our role under GDPR, controller or processor?
We combine data processor and a data controller roles:
When you use Our products and services to process EU personal data, We act as a data processor. We act as a data controller for the EU customer information We collect to provide Our products and services and to provide timely customer support.
What personal data do We collect and store from you?We store data that you have given us voluntarily. You decide what personal data, if any, is uploaded to Our products and services.
The list of Personal Data We collect:
- contact data – such as personal name, private address, phone number, private email;
- other data collected that could directly or indirectly identify you;
- account information – information about the products or services that you purchase or consider purchasing from Us, domain name registration information, IP addresses assigned by Us, your ID or any other information related to your account;
- information on communications with Us - information about enquiries made to Us to resolve a technical or administrative query, information about a chat session with Us, an e-mail or letter sent to Us or other of any contact or communication with Us;
What are purposes of personal data collected?We collect the personal data for:
- performing a contract with you, processing of orders and provision of products and services;
- allowing the technical support personnel to provide assistance to you if needed;
- communicating with you, including providing information about Our services, offers, orders, provision of services, order status and payment and/or to answer questions from you;
- improving the quality of Our website and Our products and services;
- performing financial process, including calculating, invoicing and collecting of service charges and processing financial transaction regarding the acceptance of orders;
- performing statistical analysis of the usage of Our website or applications or tools that are accessed via the website, marketing activities (including through email, newsletter), conducting sales activities (including analyzing Data and the use of Our services for marketing offers) investigating and processing suspected violations of Our Acceptable Use Policy;
- to ensure security of persons and find and prevent fraud, to detect or prevent illegal activities;
- for law compliance purposes.
What personal data We collect for payment processing?We may provide paid products and/or services within the Service. In that case, We use third-party services for payment processing (e.g. payment processors).
These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
How long We retain your personal data?We retain Personal Data We collect from you where We have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When We have no ongoing legitimate and business need to process your Personal Data, We will delete your Personal Data.
We may share Data about you with:
- partners or agents involved in delivering/purchasing the services you’ve ordered with Us;
- fraud prevention agencies;
- We will also share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations and policies when you register a domain name with Us.
- law enforcement agencies, regulatory organizations, courts or other public authorities to the extent required by law;
What are the secure options used?According to the GDPR, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
We are constantly reviewing and enhancing its technical, physical and managerial procedures and rules to protect your personal data from unauthorized access, accidental loss and/or destruction. We use industry standard TLS certificates to provide encryption of data in transit, for example, all access to Our websites and management portals is covered by HTTPS protocol.
What is changing with WHOIS privacy?Also, from May 25th, We will not publish the personal data of domain name registrants located in the EU in the WHOIS. This is to ensure Our WHOIS output is compliant with the GDPR.
However, access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.