Privacy, Data Protection and GDPR
In the course of registering domain names we often store or process personal information. Personal data is defined as information that relates to an identified or identifiable individual.
In Europe storing and processing personal data, has, since 1984, been governed by laws. We have always maintained a strong privacy-oriented policy (particularly in relation to 'WHOIS' data). Relevant legislation is the Data Protection (Bailiwick of Guernsey) Law 2017 and equivalent laws in adjacent jurisdictions. From May 25th 2018 the General Data Protection Regulation (GDPR) comes into force throughout most of Europe, including the Channel Islands and the UK.
How do we deal with personal data? For example, if you make a payment to us using a credit or debit card, we need you to give us your name and some other identifying information in order that the bank may process the payment. If you are associated with a domain registration (whether as Registrant, or one of the people authorised to manage the registration), we need to collect some personal information about you, such as your name, address, telephone number and email address so that we can contact you about the domain name if we have to, and also to be able to verify your identity if you contact us.
You can ask us at any time to let you know whether we are processing personal information about you and request a copy. For security reasons, our practice is to send this by registered mail to a known address (although we might be able to send it to you electronically if we are sure of your identity).
You should also expect us to be able to tell you the purpose of the processing, the categories of personal data held, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the time period for which we expect to store the data and whether we take any decisions automatically on the basis of your personal data (we don't). You may request that we correct, erase or restrict processing or tell us that you object to it. You may also ask us to inform you about the source of the data, which will usually be from you yourself, your agent ("registrar") or your company (if listed as a contact person for them). If you remain dissatisfied with anything related to how we are holding or processing your personal data, you may lodge a complaint with the appropriate Data Protection Authority
For additional information about how we store and process personal information, you may consult our entry on the Guernsey Register of Data Controllers at dpr.gov.gg (registration number is 011044). You may also consult our entry on the UK's Register of Data Controllers at ico.gov.uk (registration number is Z2372188).
Further information about Data Protection and the GDPR may be found at dpr.gov.gg and ico.gov.uk