Privacy is on everyone’s mind and in everyone’s inbox thanks to GDPR going into effect this month. Over the last few weeks, you’ve no doubt been getting a myriad of spam from anyone who’s ever collected your personal information trumpeting their new privacy policies.
We’ve also taken steps to improve our data processes and other controls we provide to safeguard your data and protect your privacy. With this post, we want to make sure you wouldn’t be surprised by these changes and reassure you that none of this will impact our principles and the way we’ve been operating so far.
Even though the General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area, we believe that GDPR represents an advance in the rights of all Internet users, and we are applying all of these changes to our entire client user base, regardless of their citizenship or location — not just those users located in the European Union.
Recital 2 states:
“The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular, their right to the protection of personal data. […]”
– and this is, after all, a human right.
We’ve released a full privacy transparency report which outlines what data we collect from customers, and if that data is shared with any third parties. Of course, we also now adhere to the regulations within GDPR. We did this happily, willingly, and with the utmost respect for your personal data.
When you visit our website, the web server passes on a cookie i.e., a string of text, to the web browser. These cookies enable our website to work or work more efficiently, as well as provide information and additional services. Cookies are used for purposes of marketing, analytics or are essential for site functionality and making experiences better. You can also access your Cookie Settings and opt-out of specific tracking options.
NEW: Privacy Settings Center
All current FastComet users now have access to a new section of their Client area that we’re calling the Privacy Settings Center. It will give you, even more, control over cookies, tracking scripts, communication preferences, and the users of your personal data. You can edit this data, download it and request profile deletion right within your Client area. This centralized location was specifically built in order for you to manage and change, at any time, all of your privacy preferences.
Personal Data Management
You are fully in control of your personal data with new options to update, manage, and export your data. FastComet supports data portability and allows you to access and download your data. We offer several options including taking a local backup. We’ve also created a self-service Subject Access Request (SAR) tool to offer our clients the opportunity to request the export of the personal data that we hold within their client profile.
Customers can remove all information they have uploaded to our products (such as servers) and services. Similarly, they may initiate a cancellation request for their account and request that all their personal data we have collected or stored be deleted.
If you wish to have your personal data removed, you can easily proceed with the Request to be forgotten option located in the Privacy setting section of your Client area with the request to delete your personal data. Once that is approved, our support team will delete or anonymize all of your personal data completely.
Please note, we may retain your personal information to comply with the law, prevent fraud, invoice customers, resolve disputes, provide assistance to legal investigations and enforce the FastComet Terms of Service. When this information is no longer required, FastComet will permanently delete it.
You are in control! Now, you’ll be able to use the Privacy Settings to set your FastComet email contact preferences. We’re working to add even more functionality to it in the future – not strictly required by the GDPR – allowing you to specify your preferences for even more control of your personal information.
So, if you want us to keep in touch, please update your email options and subscribe to our monthly newsletter.
Data Processing Agreement (DPA)
It is important to note that the DPA does not make sites hosted by us GDPR compliant on its own. As a FastComet customer, who processes and collects EU personal information or employs/uses services/platforms/vendors that process and collects EU personal information, you are referred to as a data controller. This means you are solely responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. However, even if you have done your part on making your website GDPR compliant, it will not be fully there, unless your hosting provider has a DPA.
It is meant to provide you with a contractual assurance that we have robust mechanisms to ensure the transfer of Your Data, including transfers of Your Data from the EEA to the Services, meets with compliance under applicable data privacy laws. By accepting our Terms of Service at the time of purchase of Services will also be treated as your acknowledgment and acceptance of the DPA and its appendices (including the Standard Contractual Clauses and its appendices, as applicable).
To sum it up, you don’t need to sign the DPA as we already are providing you with the contractual assurance through our ToS. If you however still wish to read, print, sign and return a physical copy of the DPA, please send an email request to firstname.lastname@example.org. We’ll comply with the request by sending you the signed DPA version and keep a signed copy you send back on file associated with your account.
GDPR Whois Protection
In our previous blog post, we explained how we intend to comply with the GDPR in terms of our WHOIS output. After 25th May 2018, we can confirm that no personal data of EU residents exist in the WHOIS for domains registered with FastComet. These are welcomed news for domain owners, particularly for those customers who register generic domains, such as .com, which are under ICANN’s authority, where email addresses and phone numbers were included, which often resulted in spam emails and calls.
The brand new GDPR Whois Protection service is masking some of your contact details through automated access points. This service is limiting a potential spammer’s ability to access your first name, last name, email and phone number through automated means (also known as Port 43 access). Our domain name registry is already showing limited data for Whois records for newly registered domain names.
For all existing domain names, if either of the Registrant, Admin, Tech and/or Billing contacts are identified as being from the EU, we will mask the WHOIS output for that domain name with placeholder details in place of the users’ personal information (this service will be referred to as “GDPR WHOIS Protection”) within the following week.
Customers from all EEA countries(European Economic Area) will be given an option to enable or disable the GDPR Protection, which masks the customer’s WhoIs data to comply with the GDPR requirements, from their Customer Area. However, by default GDPR Protection for EEA customers will be enabled.
Some TLD Registries may display customer WHOIS information, though. GDPR Protection will not be available for new and existing registrations for certain TLDs. As of May 17, 2017, these TLDs are : .AU, .BR, .CA, .CN (2nd and 3rd level), .DE (2nd and 3rd level), .EC (2nd and 3rd level), .EU, .RU (2nd and 3rd level), .UK (2nd and 3rd level), .US, .ECO, .JOBS, .NGO/.ONG, .NYC and .TEL.
Sale of .ES domain Names after 25th May
The .ES registry is an exception to the list mentioned above. Currently, the .ES registry does not accept masked data and has not committed to masking personal data. The .ES registry also places a restriction on registrants modifying their contact details or selecting a different contact as the registrant contact for a registered .ES domain name.
In light of this restriction, effective May 25, 2018, we have stopped new registrations of .ES domains on the FastComet domain portal order. Please note, however, domains already purchased will continue to remain un-masked in WHOIS searches.
How does GDPR Protection differ from Domain privacy?
By default, personal data of EEA customers will be masked under “GDPR Protection.” However, Domain privacy (ID Protect) is remaining as an optional purchase for EEA registrants. GDPR Protection will only mask an EEA registrant’s data, it will not forward any emails to the registrant.
Domain privacy (ID Protect) is still beneficial for customers interested in having emails forwarded to them (e.g., for customers who are interested in sales opportunities for their domains, transfer requests, and fielding other communications) without publicly displaying their personal data.
We’ve also taken all the needed steps to improve our data processes and other controls we provide to safeguard your data and protect your privacy. Security features and encryptions are built into all of our products, services, and infrastructure to keep data protected at every point. We invest in teams and technology to continually improve that security, protecting not only our operations but your data as well. Your data is in safe hands and well protected. For any additional questions that we did not cover here, contact us at email@example.com.
At FastComet, we strongly believe in privacy, security, freedom and the equal treatment for all Internet users. And we believe that your information should be protected regardless of what is legally required.