This article contains Frequently Asked Questions about GDPR:
GDPR stands for General Data Protection Regulation. This is a new regulation which will govern the data privacy of EU residents by:
- Harmonizing data protection across EU member states
- Requiring clear and conspicuous Consent
- Providing Data Subjects with more powerful rights to their data and imposes tighter limits on the use of personal data
- Placing more responsibility on companies Processing those individuals’ Personal Data
The GDPR aims to protect all residents of the EU. The GDPR is applicable to nearly all EU organizations and non-EU organizations if they:
- Offer goods or services to EU residents, and/or
- Monitor the behavior of EU residents
That depends on the service that Web.com is offering to its customers. Please click here to see Article 4 of the GDPR which defines the different roles and responsibilities for both Data Controllers and Data Processors.
As part of our compliance efforts, Web.com has established a GDPR task force. If you are a business which resells Web.com services, you may determine it is beneficial to establish your own internal team to review and ensure compliance with the GDPR obligations.
The GDPR will be effective May 25, 2018.
Please click here to read the full text of the regulation. We recommend you review the regulation and any responsibilities you may have, which will differ depending on your business or organizations activities and practices. As Web.com progresses its compliance efforts, we may reach out to you with more information, relevant to our relationship with you.
- We are taking a global approach to compliance and driving a centralized data privacy program with privacy by design at its core.
- We have established an internal GDPR task force made up of key members from all major departments throughout the company.
- We are engaging top of the line privacy management software and consulting with international firms and privacy experts.
- Additionally, Web.com is already one of only approximately 2,600 companies to be Privacy Shield certified.
- We are continuously educating, supporting and guiding our stakeholders with training, FAQs, and online resources.
Please email firstname.lastname@example.org.
Here is a list of terms and their corresponding definitions, common to the GDPR regulation, as referenced in this article:
Yes. In addition to GDPR, Web.com, as a publicly traded company, complies with a number of regulations that include financial and data retention obligations. These include, but are not limited to, Securities and Exchange Commission (SEC) regulations, Sarbanes-Oxley Act (SOX), Health Insurance Portability & Accountability Act (HIPAA), and The Payment Card Industry Data Security Standard (PCI DSS).
When personal data is no longer needed by Web.com for processing, accounting, or other legal reasons, will it systematically be deleted?
Yes, in accordance with our data retention policy, personal data will systematically be deleted when it is no longer needed for processing, accounting, or other legal reasons.
Web.com has created a DSAR portal located here which can be utilized by its EU customers to submit DSAR requests. This portal is reserved for Web.com EU customers only.
How will Web.com manage DSARs (Data Subject Access Requests) from Resellers, Affiliates, and Private Label Partners?
Web.com has created a DSAR portal located here which can be utilized by resellers, affiliates, and private label partners to submit DSAR requests on behalf of their EU customers. This portal is reserved for partner use only. We will only process requests submitted by a partner on behalf of their EU customers. Direct customer requests will not be processed through this portal.
Please note that under GDPR, Resellers, Affiliates, and Private Label partners serve as the Data Controller. As such they are responsible for implementing their own customer facing solutions and policies in order to comply with GDPR.
As per the GDPR, a DSAR will typically be handled within thirty (30) days but under extenuating circumstances may be processed within sixty (60) days.
Yes. Data subjects have the right to request the erasure of personal data under specific conditions. However, a number of our services, including but not limited to domain registration services, will be assessed to determine if we still need to retain the data for processing purposes. For example, we cannot remove data we retain for an active domain name holder because the data is still relevant for registration purposes. In addition, as an accredited ICANN registrar we are contractually obligated to keep certain data regarding registered name holders for the life of the domain name plus two (2) years.
In order to comply with GDPR, and protect personally identifiable information (PII), Web.com will mask certain fields in the WHOIS output for EU residents. A sample of this output is detailed below:
Domain Name: sampledomain.com
Registry Domain ID: 142700135_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2017-12-04T08:00:03Z
Creation Date: 2005-02-16T23:28:11Z
Registrar Registration Expiration Date: 2019-02-16T23:28:11Z
Registrar: Register.com, Inc.
Registrar IANA ID: 9
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Statutory Masking Enabled
Registrant Name: Statutory Masking Enabled
Registrant Organization: Statutory Masking Enabled
Registrant Street: Statutory Masking Enabled
Registrant City: Statutory Masking Enabled
Registrant Postal Code: Statutory Masking Enabled
Registrant Country: BE
Registrant Phone: Statutory Masking Enabled
Registrant Phone Ext.: Statutory Masking Enabled
Registrant Fax: Statutory Masking Enabled
Registrant Fax Ext.: Statutory Masking Enabled
Registrant Email: email@example.com
Registry Admin ID:
Admin Name: Statutory Masking Enabled
Admin Organization: Statutory Masking Enabled
Admin Street: Statutory Masking Enabled
Admin City: Statutory Masking Enabled
Admin State/Province: Statutory Masking Enabled
Admin Postal Code: Statutory Masking Enabled
Admin Country: Statutory Masking Enabled
Admin Phone: Statutory Masking Enabled
Admin Phone Ext.: Statutory Masking Enabled
Admin Fax: Statutory Masking Enabled
Admin Fax Ext.: Statutory Masking Enabled
Admin Email: Statutory Masking Enabled
Registry Tech ID:
Tech Name: Statutory Masking Enabled
Tech Organization: Statutory Masking Enabled
Tech Street: Statutory Masking Enabled
Tech City: Statutory Masking Enabled
At this time, Web.com does not plan to implement tiered access for its WHOIS database. However, ICANN and its Stakeholders are actively working toward a uniform solution which will help meet the needs of the broader global community.
Web.com will comply with its obligations under the ICANN 2013 RAA (Registrar Accreditation Agreement) with regard to intra-registrar transfers as well as the Temporary Specification for gTLD Registration Data which can be found at this page.
The information contained herein in no way constitutes legal advice. Any person who intends to rely upon or use this information in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required.