Since our last post about the General Data Protection Regulation (GDPR), we’ve been really busy making sure we comply with the new regulations when they come into force on Friday 25th May 2018.

The changes to how we handle our data will take effect from Thursday 17th May 2018. We’ve always taken data protection seriously but here is a summary of how we look after your Personal Data in the context of GDPR principles:

Your right of access & rectification

Customers have always been able to log in directly to our Online Control Panel and navigate to the Account Details section where personal data can be updated at any time.  You can always get in touch with us to make changes to personal data and to fix any problems with incorrect details provided.

Your right to be informed

To make things as clear as possible, on the 27th April we posted a notice of our updated Privacy Policy. It provides all the details about how we process your data, where it’s stored and how it will be used to fulfil your services.  This Policy is also supported by a more detailed Cookie Policy that has been re-organised to help make it clearer.

Your right to erasure

If you want us to delete your personal details, please get in touch by raising a support ticket in your online Control Panel and where we can, we’ll make sure your details are deleted within 30 days of the request being received.

Please be aware that products and services must be cancelled prior to closure. If there are any active products or services in the account, the account cannot be closed because we remain under contract to provide services to you. This means we need to continue processing your Personal Data.

We will retain your information for as long as needed to provide you with the Services or as long as needed to fulfil the purpose for which the Personal Data was originally collected.  We may also be required to retain certain information by law and/or for legitimate business purposes (for example, VAT records).

Your right to object

We’ve changed the way that email marketing permissions are stored.  Customers have always had the ability to log into their Online Control Panel and change communication preferences for both renewal notifications and marketing.  Now, we’ve made it even easier for you to opt out of receiving telephone calls from us about your account performance.

Please be aware, if we deem it absolutely necessary to contact you by email or telephone (perhaps for example, if we identify that your website has serious performance issues impacting your business), we will always get in touch with you.

Your right to restrict processing

We manage a ‘need to know’ access system within our business and we use password permissions to control who can view customer Personal Data – so not everyone in our business can view your details.

In addition, if you have requested an account closure, but we are required to retain your personal details for legitimate purposes (for example, a requirement to retain invoices for VAT records), then we will ensure that even more restrictions are put in place internally.

Automated decisions & profile data

We use lots of automated processes and systems in our business so that everything operates as efficiently as possible, however when it comes to key decisions that impact customers and your Personal Data, we always ask people to review data and make final conclusions.  This means that important decisions are always reviewed by a person such as accepting customer account applications, or declining transactions due to concerns about fraudulent activity.  If there is a problem with your account, we will always try to contact you in the first instance.

If you have opted into marketing services, please be aware that we only use the data you provide and the information we collect about your services with names.co.uk, to determine the best way to communicate offers to you.

Domain names & the public WHOIS directory

With so many late changes across the domain industry, providers are choosing to manage data in the public WHOIS in a lot of different ways. We are taking a very cautious approach and have chosen to redact your personal data when we are in control of what is made public for domain registrations.

In order to provide you with certain domain extensions, we are required to send your personal data to the Registry responsible for that domain extension (e.g. IEDR is the Registry for all domains ending in .ie). The Registry or Registrar (the business who re-sells domains) who we contract with to register your domains, may publish your personal data in the online WHOIS directory, unless you have previously purchased a domain privacy service from us.

For all IEDR domain registrations (.ie) your personal data will not be published to the public WHOIS from 11 May 2018. For all Nominet domain registrations (.co.uk, .uk, org.uk, .me.uk) your personal data will not be published to the WHOIS from 22 May 2018.

For domains ending in .com .net and .org we will not publish your personal data in the online public WHOIS from 25 May 2018 and will automatically apply our Domain Privacy product for free to domains registered week commencing 21 May 2018. This means your data will still be protected by a privacy product if ICANN’s guidelines around publishing personal data should change in the future.

As an ICANN accredited Registrar, we are required to adhere to the WHOIS policy set by ICANN. If ICANN enforce the publishing of your personal information to the public WHOIS or if the IEDR or Nominet change their policy in future, we will advise you by updating our Privacy Policy.

Staying safe & secure:
Account access

Before we enable customer account access via the Online Control Panel, unique usernames and passwords need to meet our minimum security requirements.

Account access is also limited by IP range/country and login frequency, which can be managed in the Security Settings section of your Online Control Panel.

If you upload using FTP, you can also control access via IP and set time limits via your Online Control Panel.

Data storage & access

Your personal data is physically stored in our data centre where we have security staff 24/7/365 and strict building access controls including biometric scanners. Only authorised staff have access to locked racks where data is physically stored. Virtual access is controlled using various authentication systems, including cryptographic keys.  When your data must leave the EEA, we ensure that the appropriate safeguards are in place to protect you.

If you have any questions at all, please don’t hesitate to contact Customer Care on 01 5255768 or raise a ticket in your Online Control Panel.