The privacy and protection of our customer's data is of upmost important to us.
Recently the European Parliament implemented a new data privacy law called the General Data Protection Regulation (GDPR) which goes into effect on May 25, 2018.
The main purpose of the law is to support privacy as a fundamental human right, therefore giving EU residents right over how their personal data is processed or otherwise used.
Over the last several weeks we've had many questions in our helpdesk, on live chat, and on the phone with EU customers inquiring about our new policies.
To Whom Does The GDPR Apply?
The GDPR applies to any organization that processes and holds personal data of EU data subjects, regardless of whether or not the organization is a member of the 28 EU member states.
The GDPR also applies to both citizens of the 28 EU member states, as well as any individuals transmitting data outside of the EU while traveling within the EU member states.
What Are Your Rights Under GDPR?
For all of our customers in the EU, under the new GDPR, you have the following rights to exercise:
- Right of access: You, or your customer, can ask us what personal data is being processed (used), why and where.
- Right to rectification: If you, or your customer, want to correct, revise or remove any of the data we retain on you, you may do so at any time.
- Right to be forgotten: If you, or your customer, need to cancel your NameHero account at any time, we will permanently remove your account and all information associated with it.
- Right to restrict processing: If you, or your customer, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
- Right of portability: We provide you with the ability to move any of your account data to a third party at any time.
- Right to object: If you, or your customer, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized (targeted) marketing content at any time, you may contact us to request removal of this data.
What Is Considered Personal Data?
The GDPR defines personal data as '... any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
Additionally, the GDPR notes that online identifiers can constitute personal data. The GDPR explains, '... natural persons may be identified with online identifiers which are provided by:
- Protocols, such as IP (Internet Protocol) addresses
- Cookie identifiers (and similar web tracking technologies)
- Radio Frequency Identification (RFID) tags (the Internet of Things)
Are NameHero's Data Centers GDPR Compliant?
Yes. All of NameHero's data centers (located in both Lansing, Michigan and Phoenix, Arizona) are self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield.
This addresses the transfer of data from the EU and Switzerland to the US meeting data security requirement for our EU customers.
Consent Management Process Domain Registrations
Moving forward, we will be reaching out to end-users to request their consent to process certain piece of personal information in terms of domain registrations.
This "Consent Management" flow involved the sending of a request email which contains a link to the registrant's unique Data use content settings page.
This Data Use Consent Settings page serves as the registrant’s means to view their settings, manage their settings, and withdraw consent, should they choose to do so.
It also contains a link to the Data use information page, which provides more information about how personal data is processed.
Gated Whois System
Following May 28, 2018 we will be moving domain registrations of EU residents to a "gated" Whois system in order to comply with the new GDPR regulations.
Most public whois servers will cease the publication of personal data and providers will start offering a "gated" or "tiered access" Whois system.
No changes are necessary on your end, we'll take care of making sure the public Whois output is fully compliant with privacy regulations, so you're good to go.
Do I Have To Comply With Data Protection Laws?
When using NameHero’s services, the customer maintains ownership of the Customer Data and controls how such data is accessed and controlled. NameHero has no knowledge of the types of data that a customer stores in our hosting environment. Therefore, all customers are responsible for ensuring compliance with applicable laws and regulations to protect such information.