GDPR for HEXONET Customers
The General Data Protection Regulation, GDPR, is a European legislation to protect the privacy and personal information of individuals living in the European Union. The purpose of the Regulation is to regulate data protection in a uniform manner throughout the EU, to give EU citizens better control over their personal data and regulate how controllers (companies and organizations) may use personal data. In a nutshell, its the most extensive and strongest privacy regulation for individuals anywhere and is fully supported by HEXONET by applying the regulation to all our customers worldwide, not just our European clients.
My personal data is protected, now what?
The good part for consumers and customers is that all the work and overhead of the GDPR legislation is on companies, businesses, and organizations. However, the more that you know about this legislation, the better you can control and manage the personal data being collected and used by third parties. The highlights for consumers:
- Data collected must be for a specific, explicit and legitimate purpose and not used or process beyond the original intent (no more indiscriminate collection, use, sale and sharing).
- The data collected can only be kept only as long as to serve the original legitimate purpose and then be permanently deleted.
- The data must be secured and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures - any breach must be reported to you within 24 hours.
- The data must be kept confidential for most purposes.
- You have the right of access meaning you can request a copy of all your personal data.
- You have the right to request erasure (right to be forgotten) of your personal data.
What data does HEXONET collect and use?
As a customer of HEXONET, you can be assured we are GDPR compliant. The information we collect on you and your account is available on our GDPR pages here.
Does GDPR affect the domain names I register?
A. Possibly a reduction of the data to register certain domain names
For the registration of gTLDs starting May 25th, 2018, nothing changes and the Registrant, Administrative, and Technical contact data are still required (might change in the near future). For ccTLDs, you must provide all the data fields required by the registry. However, some ccTLD registries are in the middle of transitioning to smaller data contact requirements in the near future. When these changes coming into effect we will let you know in advance.
B. WHOIS Output - Privacy of personal data
The WHOIS output is changing, but the results depend on the type of underlying registry.
- ccTLD registries in the European Union (respective registry controls its own WHOIS). Most EU based registries, even now, either completely or partially do not publish registrant data for individuals. Please be aware that WHOIS output is not consistent across countries, for instance, it is required by local danish law that .DK domain name show registrant information irregardless of GDPR.
- ccTLD registries rest of the World (respective registry controls its own WHOIS). Most registries outside of the EU are not changing their WHOIS and many do not hide the registrant data. If you register one of these domain names your personal data may be exposure through the respective registry's WHOIS.
- gTLD registries (registrar is joint controller of the WHOIS). HEXONET will redacting all personal data elements in the WHOIS output. For the registrant email, a link shall be provided to a web form for third parties to contact you without knowing your email address.
C. WHOIS Output - Opt-in to make public personal data
Some registrants may wish to have parts or in full their person data publicly displayed in the WHOIS. Registrants can turn on this feature in the Control Panel by consenting and agreeing to the terms of publication. This feature will only apply to gTLD domain names.
D. WHOIS Output - Disclosure exceptions for legal and abuse
Though generally your personal information for a domain registration may be hidden (protected) some entities like law enforcement, consumer protection, quasi-governmental or other similar authorities may need disclosure of your registrant data. Additionally, commercial law firms and attorneys may require contact information for issues of trademark, copyright and the like.
E. Form of authorization not required for incoming transfers for gTLDs
If you transfer in a gTLD domain name to HEXONET, we will no longer obtain express authorization from either the Registered Name Holder or the Administrative Contact through the Standardized Form of Authorization (FOA). We will only need a valid authorization code to process the transfer. Please note that once the transfer has completed, the registrant, administrative, technical and billing contacts will be empty. You will want to re-enter all the proper and true contact data again. Failure to do re-enter the contact data increases your risk of losing the domain name.