Facbook Pixel

GDPR FAQ

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union law focused on data protection and privacy for all citizens and residents of the EU. GDPR regulates how companies - including ITEGY - can process personal data about individuals in the EU. GDPR goes into effect on May 25, 2018. For a full description of what GDPR is and how ITEGY is GDPR compliant, please review What is GDPR?

Who does this impact?

This impacts how ITEGY handles data for customers residing in the EU. In addition, users in certain countries are routed to the ITEGY website for another market because they mirror the same language and currency (e.g., customers in Morocco use the ITEGY website in France). These customers will be treated the same as EU customers, and thus their information will generally be handled under the same GDPR requirements. To see the list of countries impacted, please visit GDPR Affected Country List.

What is WHOIS?

WHOIS is an ICANN-mandated service that provides basic information about a registered domain, such as domain owner contact information, domain availability status and the company with which the domain is registered.

How is WHOIS data accessed?

WHOIS data is usually delivered to end users by dedicated web portals, or through an automated mechanism referred to as "Port 43 Access." While web portals, such as WHOIS, can protect against data harvesting using CAPTCHAs and other web-based authentication methods, Port 43 Access has no such protections and is susceptible to automated bulk harvesting of domain data, leading to SPAM and robocalls issues for our customers.

How does GDPR impact availability and access to WHOIS data?

To ensure our compliance with the GDPR and other applicable global privacy laws, ITEGY is required to restrict both the publication of and access to WHOIS data.

  • Port 43 Access
  • In addition to lacking adequate and necessary security protections, Port 43 fosters the ability to bulk harvest data without limitation and in excess of any legitimate use or purpose. For these reasons, ITEGY will limit the data published at the Port 43 Access point to include only domain technical information along with the State/Province and Country for the domain contacts.

  • ITEGY's WHOIS
  • For domains impacted by GDPR (see above for list), only domain technical information, the Registrant Country and State/Province, and the Registrant Organization will be returned. ITEGY will continue to publish full WHOIS data for domains for everyone else (unless they are using a proxy or privacy service to protect their personal data).

How can I contact Registrants whose data is not published in WHOIS?

ITEGY has created a web-based form as a mechanism to reach out to the registered name holder of a domain. When GDPR goes into effect on May 25, when a WHOIS search is done on WHOIS, there will be an option to contact the registrant via the web-based form, which will be delivered as an email to the registrant.

How can I gain access to WHOIS data in support of a Law Enforcement investigation?

For domains with WHOIS not impacted by GDPR, full contact data can be found by accessing WHOIS. If the WHOIS results show Domains By Proxy as the registrant, please visit Domain By Proxy Subpoena Policy on how to proceed. For domains with WHOIS records that do fall under GDPR rules, starting May 25, please contact whoisrequests@secureserver.net for inquiries.

How can I opt-out of the GDPR limited WHOIS?

Due to Port 43 lacking adequate and necessary security protections, we have decided to not allow customers to bypass our protections currently in place. For customers who want to opt-in to provide their full contact information through web-based WHOIS, we recommend they contact displaywhois@secureserver.net.

What if I live in a protected region and I just purchased Domains By Proxy?

If you purchased Domains By Proxy within 30 days of May 25, 2018, you are eligible for a full refund if you decide to cancel the service. If you elect to keep Domains By Proxy, you will receive an upgrade to an enhanced privacy and security product at no additional charge. An email will be sent on or about May 25 with further details.