Gandi

Gandi is a French company providing domain name registration, web hosting, and related services.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 17, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

No information is provided stating that they do alert users

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 17, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

The Sites and our business may change from time to time. As a result (and for other business and/or technological reasons), it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update, change, amend or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before You provide any Personal Information. If we make any material changes to this Privacy Policy (as determined by us), we will post a notice on the Sites notifying users of the changes and providing an opportunity for You to take action relative to those changes prior to their implementation. In some cases, we also may send a notice via the Gandi Account or by email notifying registered users of upcoming changes. This Privacy Policy was last updated on the date indicated above. Your continued use of the Sites after any changes or revisions to this Privacy Policy become effective shall indicate Your agreement with the terms of such revised and then-current Privacy Policy.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 17, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Last Update September 1, 2016 - Version 2.0

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 17, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We have implemented information security measures that contain administrative, technical and physical controls that are designed to reasonably safeguard Personal and Non-Personal Information. Even though We have taken and will continue to take significant steps to protect this information, no company, including us, can fully eliminate all security risks associated with Personal Information. We use various security measures, including Secure Socket Layer (SSL) encryption technology, to protect information collected, transferred and retained. If You elect to set up an account on the Sites, You will be asked to provide an email address and password. You must provide a valid email address and password in order to create and maintain an account, as well as to access account information. We recommend You select a password with at least 8 characters and consider adding numbers or special characters to further strengthen Your password. In order to help protect Your personal information, You should be careful about providing Your password to others and change it periodically. If You wish to update a password, or if You become aware of any loss, theft or unauthorized use of a password, please contact us at [email protected] Moreover, we strongly recommend You to active Our two-factor auth feature to enhance Your security. Please be aware that We may store Personal Information or such information may be included in databases owned and maintained by Our affiliates, agents or third party service providers. We take all commercially reasonable steps to protect the security and confidentiality of all Personal Information provided via the Sites from loss, misuse, unauthorized access, inadvertent disclosure, alteration and/or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Sites may not always be secure. Please keep this in mind when disclosing any Personal Information via the Internet or by email. We do not and will not, at any time, ask You to provide Your Personal Information in a non-secure or unsolicited email or telephone communication. Identity theft and the practice currently known as "phishing" are of great concern to us. Safeguarding information to help protect You from identity theft is one of Our priorities. If You receive such an email, please contact us to bring it to our attention. For more information about phishing, visit the Federal Trade Commission at http://www.consumer.ftc.gov/articles/0003-phishing.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 17, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

We may use Personal Information as necessary and to fulfill Your requests, including in the following ways: Access and Use: If You provide Personal Information in order to obtain access to or use of the Sites or any functionality thereof, We will use Your Personal Information to provide You with access to or use of the Sites or functionality and to monitor Your use of the Sites or specific functionalities. Internal Business Purposes: We may use Your Personal Information for internal business purposes including, without limitation, to help Us improve the content and functionality of the Sites, to better understand Our users, to improve the Sites (including their bêta versions), to protect against, identify or address fraudulent activities, to manage Your account and to provide You with customer service and to generally manage the Sites and Our business. Marketing: We may use Your Personal Information to contact You for certain marketing and advertising purposes, including, without limitation, to inform You about offers, contests or surveys which may be of interest to You and to display content and advertising on or off the Sites which may be of relevance to You. If You wish to change or update Your Personal Information or to change Your subscription preferences, You may do so as provided herein. Specific Reason: If You provide Personal Information for a certain reason, We may use the Personal Information in connection with the reason for which it was provided. For instance, if You contact Us by email, We will use the Personal Information You provide to answer Your question or to attempt to resolve Your issue and will respond to the email address from which the contact came. Aggregated Personal Information: In an ongoing effort to better understand and to serve the users of the Sites, we (either directly or working in concert with our marketing services providers) may conduct research on our customer demographics, interests and behavior based on Personal Information and other information that has been provided or received by Us. For example, we may combine information about visitors to the Sites to determine how best to target our marketing and the products and services that we offer in certain areas of the country. This research may be compiled and analyzed on an aggregate basis and this aggregate information does not identify You personally and is classified and treated as Non-Personal Information under this Privacy Policy

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 17, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

  1. Personal Information We may collect Personal Information from users of the Sites in several instances. Some examples are as follows: • We may collect Your name, billing address, shipping address, email address, telephone number. This information is used to provide the products and services that You have ordered or requested and order confirmations (or other transactional information) and/or to provide customer service. • We may collect information regarding the domain names that You own or have owned. This information is used to provide the services that You have requested and to suggest additional services that We believe You may be interested in via Domain Suggest for example. • We may collect Your name, email address, mailing address, zip code, and date of birth if You create a User Account and a Personal Organization and Legal Contacts. This information will be used to help You keep track of Your orders, to keep You updated about special offers, updates related to the Sites and any of the Gandi Contracts or other agreements which are applicable to the products or services You have purchased or to which You have subscribed, and to facilitate checkout during purchases. • We may collect Your IP address, Your status (natural person, legal person, association, public organization,...), the language of Your web browser and the keyword queried to suggest You additional domain names during the purchase, to propose alternatives if the domain queried is no longer available. • We may collect Your email address if You sign up to receive promotional emails from Us. This information may be used to contact You about sales, special offers and new features available through the Sites. • We may collect Your name, telephone number, mailing address, zip code, and email address if You contact Us with a question or request customer support from Us. This information may be used so that we can respond to Your question or contact You regarding Your request. 1/5 • We may collect Your name, email address, and other contact information if You participate in a promotion (e.g., contest, sweepstakes) that We sponsor. This information will be used to fulfill the terms of the promotion and to contact You regarding promotional and special offers, sales, and new features available through the Sites. It will also be subject to the terms accompanying such promotion. • We may collect Your name, age, zip code, purchasing habits, email address and/or mailing address if You choose to participate in one of our on-line surveys. This information will be used to help provide Us with relevant information about Our customers. • We may collect and maintain more extensive PII (including driver’s license numbers, passport numbers, identity card, etc.) if You are purchasing a Gandi SSL Certificate, as We are required to review proof of identification and related documentation to verify Your identity in order to issue You the Gandi SSL Certificate for which You are applying. • We may collect and maintain more extensive PII (including driver’s license numbers, passport numbers, etc.) if You are purchasing some extensions (domain names) which require supporting documentation. Of course, You can update Your information or change Your preferences regarding receiving announcements and other information from Us at any time by accessing Your account via the Sites. (For more information, see below section entitled How Can I Access, Correct and Update My Personal Information?). The above section provides examples of the Personal Information that We may collect through the Sites (including the bêta version of Our Sites) and the manners in which We may use such Personal Information. If You do not want Us to collect Your Personal Information, please do not provide it to Us.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? Yes

0/10

Decided May 17, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

We also may receive certain Non-Personal Information (including, without limitation, of the types set forth above) from various third parties. The Non-Personal Information We receive from third parties may be combined with the information We collect as specified herein, including Personal Information. If Non-Personal Information is combined with Personal Information, it may be viewed as Personal Information.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, but only for some non-critical data/uses

1.5/5

Decided May 17, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

Third Party Advertisers: We may use advertisers, third party ad networks, and other advertising companies, to serve advertisements on Our Sites and on third-party websites. Please be advised that such advertising companies may gather information about Your visit to Our Sites (such as through cookies, web beacons and other technologies) to enable such advertising companies to market products or services to You, to monitor which ads have been served to Your browser and which web pages You were viewing when such ads were delivered. If You would like more information about this practice and to know Your choices please visit: http://www.networkadvertising.org/managing/opt_out.asp or http://preferences.truste.com/truste/. PLEASE NOTE THAT THIS POLICY DOES NOT COVER THE COLLECTION AND USE OF INFORMATION BY SUCH ADVERTISING COMPANIES.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 17, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We are not in the business of selling Personal Information. We consider this information to be a vital part of Our relationship with You. We do not share with others, or sell or rent to others, any Personal Information provided to us through the Sites or through Our Customer Service Department, except with Your consent or as described in this Privacy Policy

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 17, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

Agents, Consultants and Related Third Parties: As noted above, We, like many businesses, sometimes engage other companies to perform certain business-related functions on Our behalf so that We can focus on Our core business. Examples of these services include, but are not limited to, payment processing and authorization, fraud protection and credit risk reduction, product customization, order fulfillment and shipping, marketing and promotional material distribution, website evaluation, data analysis and, where applicable, data cleansing.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? No

0/5

Decided May 17, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Note

No information is provided stating that you can do such, nor in their documentation (docs.gandi.net)

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 17, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

Legal Requirements: We may disclose Your Personal Information if required to do so by law (including, without limitation responding to a subpoena or request from law enforcement, court or government agency) or in the good faith belief that such action is necessary (i) to comply with a legal obligation, (ii) to protect or defend Our rights, interests or property or that of other customers or users, (iii) to act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (iv) to protect against legal liability or potential fraud, as determined in Our sole discretion.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Gandi has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Gandi, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

4.8/10

How we calculate ratings →


Version Added

May 17, 2020

Ratings Updated

May 17, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions