Dreamhost

DreamHost is a Los Angeles-based web hosting provider and domain name registrar.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

There is no notice of breach required per the policy

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

We may change this Privacy Policy from time to time to reflect changes in our practices or in the applicable law. You will be able to tell when the policy was last updated as we will revise the date at the top of the Policy. In some cases, we may provide you with additional notice (such as adding a statement to the website, via the newsletter, or sending you a notification). By continuing to access or use the Services after changes become effective, you agree to be bound by the revised Privacy Policy.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Last Updated: January 1, 2020

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include reducing log retention where possible to the minimum level required to enable our systems administration and security staff to ensure services are running smoothly.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

5.1 To the extent that we are a data controller, we use the information collected through your use of our Services for the following purposes:

(a) to improve and optimize the operation and performance of our Services to you, and for the Website; (b) to carry out obligations arising under agreements entered into between you and DreamHost; (c) to diagnose problems and identify security risks, errors or needed enhancements to the Services; (d) for research regarding the effectiveness of our Services, the Website and related marketing, advertising and sales efforts; (e) to respond to your support requests, and to communicate with you though email, via the website and livechat, text messages, telephone calls or automated phone calls or text messages; (f) to provide you with information about our products and services; and (g) to investigate, prevent or act regarding illegal activities, suspected fraud or otherwise as required by law. 5.2 Often, much of the data is aggregated or statistical data about how people use our Services or Website and is not linked to any personal data. To the extent that this data is itself personal data, or is linked to personal data, we treat it accordingly.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

2.2.1 The personal information we collect from you when we provide you with Services will depend on the type of service or support you require.

2.2.2 Some personal information is collected directly from you when you:

(a) create an account or purchase any of our Services (for example, billing information, contact information, credit card number and in certain circumstances, government identification); (b) request assistance from our technical support team (for example, your phone number or email address); (c) log in to your account, such as your log-in credentials (for example, your username and password); (d) complete contact forms or request newsletters or other information from us (for example, your email address); or (e) participate in surveys or contests or participate in activities we promote which might require information from you. 2.2.3 We will also collect and process other data that might be less obvious to you. For example, account-related information is collected in association with your use of the Services (like the types of services you have used, your payment history, the amount of your payments, your domain name, information about when products renew or expire, customer service requests, information requests, etc.).

2.2.4 Some of this data may be personal data. We may use this information to contact you from time to time about our products, promotions and other services that relate to your account. You can manage and choose the information you want to receive. Please see Section 11 for more information.

2.2.5 Most of the personal information that we collect is necessary to keep all of our Services functional and accessible by you. If we’re asking for personal information beyond this scope, we’ll make sure to clearly let you know why we need it (and what the effects of not providing it may be).

2.3 Information we collect automatically

2.3.1 When you use our Hosting Services, we may collect certain information automatically from your device. This may include information like your IP address, your device type, any unique device identification numbers, browser types, information about your broad geographic location (for example, country or city level location) and other technical information that may identify you.

2.3.2 By way of example, data about usage of services is automatically collected when you use and interact with our Services, including metadata, log files and cookie/device IDs. This information includes specific data about your interactions with the features, content and links (including those of third parties, such as social media plugins) contained within the Services as well as the information listed in the previous paragraph. [...] 2.4.1 In our capacity as a data controller, we may collect information from third parties. This may include information from partners in order to maintain functionality of your Services (such as domain name registrations and third-party email suites). We may combine this data with information we already have so that we can properly update, analyze, and expand our Services. This information will only be used for the specific reason for which it was provided to us.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? Yes

0/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

2.4.1 In our capacity as a data controller, we may collect information from third parties. This may include information from partners in order to maintain functionality of your Services (such as domain name registrations and third-party email suites). We may combine this data with information we already have so that we can properly update, analyze, and expand our Services. This information will only be used for the specific reason for which it was provided to us.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, but only for some non-critical data/uses

1.5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

9.2 Web-based advertisements: DreamHost and its advertising partners comply with “opt out” signals provided either by a user's web browser automatically, by a user manually opting-out of web-based advertisements at http://www.networkadvertising.org/choices/.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? Yes, but you can opt-out

3.5/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

5.1 To the extent that we are a data controller, we use the information collected through your use of our Services for the following purposes: [...] (d) for research regarding the effectiveness of our Services, the Website and related marketing, advertising and sales efforts; [...] 9.2 Web-based advertisements: DreamHost and its advertising partners comply with “opt out” signals provided either by a user's web browser automatically, by a user manually opting-out of web-based advertisements at http://www.networkadvertising.org/choices/.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

7.1 With the exception of trusted business affiliates and/or associates who work on behalf of or in connection with us, we will not provide to or sell to any third party your personal information and will keep all such data confidential. For example, we share information with third parties where the functionality and maintenance of our Services depends on it (such as sharing data with domain registries in order to maintain your Services or domain registrations).

Third parties and trusted affiliates or associates

7.2 We may contract with third parties to assist us in optimizing our Services, including assistance related to the authorization and processing of payments, fulfilment of service requests, and requests for assistance.

7.3 We may utilize third-party platforms to provide web-based and email-based advertisements for our Services after you have visited and left our Website.

7.4 We also use web analytics services to improve the usability of our customer experience. These services may record anonymous data such as mouse clicks, movement, and scrolling activity, but we'll never use them to collect personal data from you. We only use this data internally to help us understand and enhance your DreamHost experience.

Law enforcement

7.5 DreamHost's primary business operations are located in California in the United States and we are subject to the laws and regulations in that jurisdiction. We may be called upon by various law enforcement agencies to comply with ongoing investigations. Compliance may include the secure handover of client data to a legally-authorized government agency.

7.6 Outside the United States, DreamHost may also be required to disclose personal information to other law enforcement bodies, regulatory, government agency, court or other third party in compliance with applicable laws or regulation to which DreamHost may be subject.

7.7 We will only disclose this information where we believe disclosure is necessary (i) as a matter if applicable law or regulation (ii) to exercise or defend our legal rights or (iii) to protect your vital interests or those of any other person.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, using an automated mechanism

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

Law enforcement

7.5 DreamHost's primary business operations are located in California in the United States and we are subject to the laws and regulations in that jurisdiction. We may be called upon by various law enforcement agencies to comply with ongoing investigations. Compliance may include the secure handover of client data to a legally-authorized government agency.

7.6 Outside the United States, DreamHost may also be required to disclose personal information to other law enforcement bodies, regulatory, government agency, court or other third party in compliance with applicable laws or regulation to which DreamHost may be subject.

7.7 We will only disclose this information where we believe disclosure is necessary (i) as a matter if applicable law or regulation (ii) to exercise or defend our legal rights or (iii) to protect your vital interests or those of any other person.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Dreamhost has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Dreamhost, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

4.6/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions