What is the GDPR?
The European Union’s General Data Protection Regulation (GDPR) lays out a new set of rules and regulations for how the personal data of people living within the European Union should be handled. This new set of regulations around data protection has defined new standards for how companies need to think about and protect the data that their customers have entrusted them with, and also the data that the companies themselves may have collected about their customers.
At Hover, we feel every one of our customers should be entitled to the same data protection, regardless of geographical location. GDPR embodies some really great principles and concepts and we want all of our customers to have the same protections and rights regarding their personal data. The GDPR policy comes into full effect on May 25, 2018.
While GDPR sounds rather complex at its core it can be simplified into three fundamental concepts.
Consent and control
Clear, informed consent and individual control over the use of personal data are basic rights in the GDPR. Any business collecting or processing personal data must not only obtain consent to do so but must also explain what they need the information for. What’s more, they’re only allowed to collect the minimum amount of information required to get the job done and can’t use the info for any purpose other than that to which the individual initially agreed. This puts the individual in charge of how their info is used from the very start.
The GDPR imposes requirements around how companies should address security breaches that expose sensitive personal information. In the event of a breach, anyone whose information may have been exposed must be notified as soon as possible, and that notice should include an explanation of what happened, what’s being done to fix it, and what those affected should do to protect themselves. This type of information empowers each person to respond in the way they think is best in each circumstance in order to protect their own privacy.
The right to be forgotten
Under these new rules, EU-local individuals have the right to revoke consent for a service provider to use their data. When this happens, the provider must essentially erase all record of the individual, giving them a fresh start. This requirement is not without consequences or limitations: some services can’t be provided without personal information, and sometimes personal information has to be kept for reasons of public interest or relating to legal claims.
Frequently asked questions about the GDPR
- What is the purpose of the GDPR?
- I’m not in the EU, why do I have to care about the GDPR?
- How will the GDPR affect me?
- How does the GDPR affect my Hover Registrant Agreement?
- What is considered personal data?
- How long do you keep personal data?
- How will Hover obtain my consent?
1. What is the purpose of the GDPR?
The GDPR helps protect privacy in the digital age. The European Union views the protection of personal data as nothing less than a fundamental human right, alongside other rights such as freedom of expression, freedom of thought, and the right to a fair trial. Although there are other existing privacy laws in effect already, the GDPR is different in its scope of applicability and because significant fines may be levied for non-compliance.
The GDPR replaces the 1995 EU Data Privacy Directive, harmonizing privacy laws across the EU. Once it comes into effect on May 25, 2018, it will be law in all EU member states.
2. I’m not in the EU, why do I have to care about the GDPR?
While the rules outlined in GDPR apply only to EU- local individuals, changes to how data is collected and handled will happen on a global scale as companies modify their existing practices to ensure they are compliant with these new regulations. While we will try our best to minimize any disruption to our domain management and registration processes for Hover customers, Hover believes in the principles that the GDPR upholds, and we, along with other key players in our industry, feel that extending the benefits of the GDPR to registrants worldwide is simply the right thing to do.
We made the decision very early on here at Hover that we would extend these new privacy protections to all of our customers and not just those in the EU. It just makes sense to provide equal protections to all customers regardless of where they happen to live. What it means is that all these regulations around protecting personal information can’t just be afterthoughts, they need to be part of the system that’s on unless you turn it off. We’ll be empowering our customers to understand what information we hold and how it’s used, to give consent to us for that use, and to request erasure of data in cases where consent cannot be provided.
3. How will the GDPR affect me?
These data privacy protections touch almost every aspect of the domain onboarding process and lifecycle. We’re keeping two things in mind:
- Our need to operate within the bounds of legal requirements
- Our commitment to keeping domain purchase and management as straightforward, simple, and instantaneous as possible for our customers.
We already store your data securely, but we’ve been doing some internal review to see how we can strengthen our protections to keep information safe. We want to make it clear that Hover does not share personal data beyond what’s needed to provide the service that you ordered. We’ve never sold our clients’ personal information, and we certainly aren’t going to start now.
4. How does the GDPR affect my Hover Registrant Agreement?
One of the main ways that we inform our clients about how their data is being used is through our contracts and end-user service agreements, which have been updated as part of our GDPR implementation efforts. Our registrant agreement outlines exactly how Hover handles customer information and protects customer privacy by complying with GDPR standards.
5. What is considered personal data?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
- Examples of personal data: Name, surname, address, email address, IP, personal ID, cookie ID; firstname.lastname@example.org
- These are not considered personal data: email@example.com, company name, or legal entities
6. How long do you keep personal data?
Data processed as part of fulfilling our service contract will be kept for the lifetime of the service, plus up to 7 years after the service’s termination.
Any data that we process under the legal basis of consent will be held by Hover for the same period as the contract-based data, unless that consent is withdrawn, in which case it would be erased at the time of withdrawal of consent.
7. How will Hover obtain my consent?
We plan on launching two new consent-related processes
- An initial consent request
We will send every domain owner a consent request as part of the domain registration, transfer, or owner update process, unless we already have consent on file for that consent group. In the consent request, we will disclose all the uses of your personal data that are required by a contract in order for us to provide the requested domain service. We will also request consent from you for those data uses where our legal basis is your consent. In cases where we do already have consent on file, we will process the new registration based on those existing consent choices.
- A method for you to update consent preferences and revoke consent
At Hover, a customer can manage their consent preferences via their privacy tab in their management account settings.
A Hover user will be able to provide or revoke consent to Hover support via their privacy settings as well as manage their consent options for associated third party services we utilise at Hover for account management.
These consent options will allow users to manage which third-parties Hover is allowed to share information with such as
- Mailchimp: We share your email address with MailChimp in order to send newsletters.
- Delighted: We share your email address with Delighted in order to send surveys.
- Twilio: We share your phone number with Twilio in order to send SMS text messages for Two Step Sign in.