Name.com

Name.com is an ICANN accredited domain name registrar and web hosting company based in Denver, Colorado.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? Yes, within 72 hours

7/7

Decided May 22, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Citation

Where a breach occurs, Name.com shall, upon discovering such a breach, ensure that our obligations under applicable data privacy requirements, and with specific acknowledgement of Articles 33 and 34 of the GDPR, are complied with where applicable.

Note

Article 33 of the GDPR requires the DPA of this service to report a data breach within 72 hours of discovering said breach.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? No

0/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

This Privacy Policy may be revised periodically and this will be reflected by the date below. Please revisit this page to stay aware of any changes.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Last Updated: 03 February 2020

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 22, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input and the information we may send to our agents.

We have gone to great lengths to ensure your information is securely obtained and held in compliance with the Payment Card Industry Data Security Standard. For example, we encrypt your credit card number before it is stored in our database. This helps ensure that no one may access your credit card from our system.

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.

We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. To that extent, Name.com employs security measures that are deemed commensurate to the quality of data held, with due regard to the state of the art and cost of the available security measures, and the risk to the privacy rights of you, as data subject. We do not, nor can we, guarantee security. Neither people nor security systems are foolproof, including encryption systems.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

We use your registration data for the following purposes:

to register the domain name; to provide the applicable registry with authoritative data to ensure the ongoing continuity, stability and resiliency of the DNS; mitigation of DNS abuse, including but not limited to the investigation and mitigation of reported instances of abuse Name.com considers to be contrary to the terms of its Acceptable Use Policy; maintained integrity of the current dual failsafe system at the registrar and registry levels; verification of registrant eligibility, where applicable; and to update and improve our Services, systems and ability to provide you with a secure and stable Service experience. First and foremost, Name.com uses your Registration Data to arrange your registration and supported functionality of your domain(s) with the registry operator. Additionally, Name.com may use Registrant Data to (i) improve our Services, promotions and functionality, (ii) develop and collect aggregate statistics (ensuring appropriate anonymization) regarding our systems and Services,; and (iii) communicate with you regarding your registration or related Services. We collect and processes your Registrant Data to carry out the registration of your domain, to ensure that your registration functions as expected, and that registrations do not affect the security of our registrar. In order to enter your chosen domain name into our system, we are required to process your data in a manner obligated in our contracts with Internet Corporation for Assigned Names and Numbers (“ICANN”). In this respect, it is our understanding under applicable law that we act as a joint data controller of your Registrant Data, working in conjunction with the TLD registry and ICANN, as herein described.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

Name.com ordinarily requires you to provide us with that information that is required for the proper maintenance and administration of your user account with us.

Administrative Information

Information necessary for ensuring the proper administration of your account. (including contact details such as email and telephone number, for ease of contacting you in relation to your account and services)

Billing information / Payment Details

Information necessary for collecting payment for the services and products that you have purchased or obtained from us.

Data necessary for the specific Product/service obtained by you

Depending on the product or service you obtain, we may need additional information, or to use your data in another manner specific and necessary to that product or service. (See individual product/service sections below). [...] In order to provide you with domain name registration services, we typically require the following registrant data:

Domain Name (your choice of domain e.g. “example.ninja” ) Nameservers (your choice of hosting provider or equivalent) Registration Data (Data required to enter the domain into our registry) Registrant Name Registrant Organization (where applicable) Registrant Address Registrant Email Registrant Fax (where applicable) Registrant Phone number Administrative Contact Administrative Contact Organization (where applicable) Administrative Contact Address Administrative Contact Email Administrative Contact Fax (where applicable) Administrative Contact Telephone Number Technical Contact Technical Contact Organization (where applicable) Technical Contact Address Technical Contact Email Technical Contact Fax (where applicable) /li> Technical Contact Telephone Number Billing Contact Billing Contact Organization (where applicable) Billing Contact Address Billing Contact Email Billing Contact Fax (where applicable) Billing Contact Telephone Number

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? No

10/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

This service doesn't disclose that it collects data from third parties.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? No

0/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Note

There are no opt out mentions (nor opt-in) mentions in the policy

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? Yes

0/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the website.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

There are instances where Name.com may have to disclose your personal data. At all times however, such disclosure shall be limited and subject to the required safeguards. Name.com may continue disclose elements of this data, but will only do so in a manner as outlined under the Exceptions To Disclosure section below. It is important that you also review your registry operators’ individual WHOIS publication policy also prior to entering into a registration agreement to ensure you are aware of the extent to which your personal data may be subject to disclosure. We ordinarily require that third parties receiving data agree, by way of a written agreement, to process such information in compliance with this Privacy Policy. Name.com will use reasonable efforts to limit any third party’s use of such information in compliance with applicable data privacy laws. Name.com, as Registrar, is required by ICANN to provide a copy of all registration data (including PI and non PI) to a secure third party who shall hold the data securely in Escrow (“Escrow Provider”). Name.com utilizes the services of ‘Iron Mountain Inc.’, a US Corporation, with servers in the United States, as its Escrow Provider. Data held by the Escrow Provider can be used to restore a registry in the event of a catastrophic event, or a failure of the registry’s systems. In this case, the data may be securely transferred to another registry to ensure the ongoing security and stability of the DNS and to prevent any interruption to the proper functioning of registered domains. Name.com uses the third party services of Google Inc.’s G-Suite for both email and associated cloud services. Your data may be stored on Google’s servers, subject to industry standard encryption and security protections. Name.com uses the third party services to ensure the proper management of our client and customer service queries. Your data may be stored on each of our vendor’s servers; subject to industry standard encryption and security protections Name.com uses the third party services to track reports, and actions relating to abusive use of our domains or the detection and mitigation of fraudulent activity on our platforms. Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections. We may share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person. We partner with other parties to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. When you sign up for such a service, you must familiarize yourself with the privacy policy of that provider, and should you have any queries, please contact the relevant service provider, or Name.com, so that we may answer any queries you may have. We engage other companies and individuals to perform enhanced services on our behalf. In addition, certain of our enhanced services require that we contact Internet directories and various search engines on your behalf. Many of our service providers have access to personal information needed to perform their services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services. We engage other companies and individuals to perform functions on our behalf. Examples include processing credit card payments, providing marketing assistance, providing customer services, sending postal mail and email to you, removing repetitive information from customer lists, and analyzing data. These persons have access to personal information needed to perform their functions. These companies do not retain, share, store or use personally identifiable information that you provide to us for any secondary purposes. As we continue to develop our business, we might sell or buy businesses or their assets. In such transactions, customer information generally is one of the transferred business assets. Also, if we or all or substantially all of our assets were ever to be acquired, customer information will of course be one of the transferred assets. As part of the Donuts Inc. Family of Companies we may share information we have about you within the “Family of Companies”. Such sharing however shall be strictly limited in use. We will only share information about you to such members of the Family of Companies to facilitate, support and integrate their activities in a manner that is consistent with, and related to, the original stated use of the information, as explained to you upon collection, and to improve the provision of our services to you. The Family of Companies includes the following companies: Donuts Inc.; Dozen Donuts, LLC; Rightside Group, ltd; Nametrust, LLC;, Rightside Operating Co.; Domain Protection Services, Inc. Name.com, Inc.; Name.net, Inc.; Name104, Inc.; Name105, Inc.; Name106, Inc.; Name107, Inc.; Name108, Inc.; Name109, Inc.; Name110, Inc.; Name111, Inc.; Name112, Inc.; Name113, Inc.; Name114, Inc.; Name115, Inc.; Name116, Inc.; Name117; Name118, Inc.; Name119, Inc.; Name120, Inc.; Name121, Inc.; Name122, Inc.; Name123, Inc.; Name124, Inc.; Mobile Name Services Incorporated; Sipence, Incorporated; Vedacore.com, Inc.; Binky Moon, LLC; Corn Lake, LLC; Dog Beach, LLC; John Island, LLC; Pixie North, LLC; Blink Global LLC.

The Family of Companies also includes the following non-U.S. based companies: Donuts (HK) Limited; Capable Network Technology (Shanghai) Co., Ltd.; Rightside Domains Europe Limited; Name.com Canada Corp; Hot Media Inc, Acquire This Name, Inc.; Rightside Canada, Inc.; Rightside Canada Inc.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, using an automated mechanism

5/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

To access, update or delete your personal information, Name.com will provide you with access to certain information about you for the limited purpose of viewing and, in certain cases, updating that information. To view or change this information, log in to your account. When you update information, we usually keep a copy of the prior version for our records.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

Name.com will not disclose your personal information except as pursuant to the terms of this Privacy Policy. There are however times where we may have to disclose information. Such instances are limited to disclosures: [...] - as necessary to meet the requirements of requests, lawfully made by public authorities, including requests to meet national security or law enforcement requirements.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Name.com has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Name.com, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

5.4/10

How we calculate ratings →


Version Added

May 22, 2020

Ratings Updated

May 22, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions