Privacy Policy

Gandi is attentive to the respect of your privacy and the protection of your personal data. In to be transparent with its customers, Gandi has adopted a "Privacy Policy" concerning the personal data collected or processed by Gandi on its various websites (hereinafter referred to as the "Websites").

Gandi has updated its Privacy Policy in accordance with applicable regulations, especially the Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the French Data Protection Act n°78-17 of 6 January 1978 as amended pertaining to data protection.

1. WHO IS THE DATA CONTROLLER?

In this Privacy Policy, "Gandi" refers to the companies of Gandi group as a whole, all of these entities being subject to the same level of data protection.

Gandi is the data controller as it processes your data on its own behalf. Gandi has designated the French data protection authority (CNIL) as the lead authority in terms of data protection. The contact details of the data controller are :

Gandi SAS
63-65 Boulevard Masséna, 75013 Paris

If you have any questions, you may contact Gandi’s Data Protection Officer, whose contact information is listed in section 7 below.

This Privacy Policy only applies to cases where Gandi acts as a data controller.

When Gandi is a processor of personal data, it processes the data in accordance with the instructions of the data controllers. Gandi may indeed process your data as a processor, when your data is processed by one of Gandi's client acting as a data controller. In this case, Gandi provides the data controllers with a data protection agreement in order to govern this processing.

2. WHAT DATA IS COLLECTED?

As a user, when you browse the Websites and/or use the services offered on the Websites, Gandi may collect the following personal data about you:

- Identification data: name, ID card and/or passport number and/or any other identification number or document, nationality, residence permit, place and date of birth, IP address and its location, user ID;

- Contact data: postal and email address, telephone number;

- Data related to the interactions between the customer and Gandi: cookies, hidden pixels, customer experience, payment methods used, e-mail exchanges, ;

- Data relative to user accounts on social networks;

- Data relative to the processing of emails and communications sent to you, such as timestamp and date.

Regardless of the method of collection, Gandi undertakes to inform its users of:

- The purpose of the processing carried out;

- The compulsory or optional nature of the information requested and the possible consequences of a lack of response

- The recipients of the data;

- The existence and the methods for exercising your rights (including in particular the rights of access, rectification, and opposition to the processing of your personal data).

3. WHAT USE IS MADE OF THE DATA COLLECTED?

Gandi may process your personal data, as the case may be, on the basis of a legal obligation, your consent, a contractual relationship with you, and/or for the pursuit of its legitimate interests.

Gandi may thus process your personal data for one of the following purposes:

- To provide the services offered online;

- To communicate with you during the course of the online services and technical support;

- To fight against fraud; when placing an order proof of identity may be requested in order to limit fraud. In any case, no decision is based exclusively on automatic processing. Each decision is taken by one of our agents on the basis of information provided by our fraud risk detection tool. You have the right to present your point of view and to contest the decision.

- To send invitations to events, satisfaction surveys, promotional offers and newsletters;

- To organize promotional events;

- To carry out statistical analysis for profiling and segmentation purposes for targeted marketing, audience measurement and performance measurement;

- To meet its legal or administrative obligations;

- To fulfill contractual obligations arising from our relationship with the Trustee Authorities and Registries and in particular the transmission of domain name information (including personal data associated with the various contacts of the domain name and any additional information required by the Registry) to the Registries;

In the event that your personal data is processed for other purposes, Gandi will inform you and, when required by law, will obtain your prior consent.

4. HOW IS YOUR DATA COLLECTED?

Gandi is likely to collect your data via:

Gandi's Websites (in particular when creating a customer account or subscribing to a service);
Specialized websites for job applications (for example: Welcome to the jungle or Monster, etc.);
Social networks: when you interact with Gandi on social networks, you accept that Gandi collects and processes this data for one of the purposes mentioned in article 3;
Exchanges with us, whether you are a customer or a third party;
Third parties, in particular in the context of the contractual relationship with our customers or resellers, or in the context of incoming transfers of domain names from other registrars;
The companies of the Gandi Group.

5. TRANSFER OF PERSONAL DATA

Gandi may transfer your personal data outside the European Union, to countries that do not ensure an adequate level of protection of personal data.

This is notably the case in the context of the 24-hour technical support provided by the various entities of the Gandi Group, or when a registry or a technical operator of the registry for a TLD (Top Level Domain) is established in a third country.

Data transfers may also take place within the framework of the aforementioned purposes in connection with service providers (for example: recruitment, fight against fraud, statistical analyses, data aggregation, Zendesk Chat module, etc.).

Gandi may also transfer your data to third parties, if this is required by legal or regulatory provisions or in the context of legitimate requests from third parties (for example: respect of intellectual property rights, etc.).

These transfers are governed either by standard contractual clauses or by data protection agreements (DPA) concluded with the parties concerned, or by the provisions of Article 49, 1, b) of the GDPR.

6. PERSONAL DATA RETENTION DURATION

Personal data are kept in accordance with legal and tax provisions for a period that does not exceed that which is necessary for the purposes for which data were collected and processed.

For each processing and purpose, Gandi has defined a maximum retention period for the data, proportionate to the purpose and objective pursued.

7. YOUR RIGHTS

You have the following rights with regards to the processing of your personal data:

- to request access to your personal data ;

- to obtain the rectification of inaccurate data;

- in certain specific cases, obtain the deletion of some of your data;

- in certain specific cases, obtain the limitation of the processing that Gandi carries out;

- to object to the processing of your data on grounds relating to your particular situation or, regardless of your particular situation, to the use of your data for canvassing purposes;

- to receive the data you have provided and/or to request that it be passed on to another data controller;

- if you reside in France, to determine the status of your data after your passing away.

You may at any time revoke your consent to the processing of your data when this has your consent as its legal basis (e.g. sending the newsletter, publishing your information in the whois of Gandi, etc.).

If you have any questions about your rights or wish to exercise them, you can contact our Data Protection Officer:

- By email at the following address: "dpo@gandi.net";

- Via the online form available at the following address: https://help.gandi.net/en/contact/my-rights;

- By post to the following address

Data Protection Officer
Gandi SAS
63-65 Boulevard Masséna
75013 Paris

You have the right to file a complaint with a supervisory authority. In France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).

CNIL’s contact information :

3 place de Fontenoy - TSA 80715
75334 Paris Cedex 07
Telephone: +33.1.53.73.22.22
Website: https://www.cnil.fr/

8. COOKIES AND OTHER TRACERS

Your browsing on Gandi's Websites may result in the use of "cookies".

Cookies are files that a website or app sends to a user's device. They allow us to collect and store information relative to your actions on our Websites and mobile applications.

These cookies serve several purposes, as detailed below.

The maximum storage period for cookies is 13 months from the day you gave your consent to the integration of the cookie. At the end of this period, your consent will again be required.

8.1 Cookies used on the Websites

Gandi uses two types of cookies:

- Session or preference cookies, which are essential to the navigation and proper functioning of the Websites,

- Audience measurement cookies and other tracers that can be used to establish audience statistics for our Websites, to improve the navigation on our Websites, and to offer you targeted promotional offers according to your browsing habits.

These cookies are configured according to the criteria for exemption from consent as defined by the CNIL.

Gandi's news website uses embedded Youtube videos. By default, your refusal to accept the use of a cookie is assumed and this cookie is not deposited. You can consent to the deposit of this cookie via a contextual consent request, before playing a video. If you agree, these third party cookies are deposited directly by this service. Through these cookies, this third party will also collect and use your browsing data on its own behalf to provide targeted advertising and content based on your browsing history. For more information, we encourage you to read their privacy policy.

Name	Category	Location	Description	Duration	Goal
STYXKEY-not_authenticated	Performance	.gandi.net	Cookie Varnish, used to manage the site's cache	< 1 mn	Allows to manage the cache and display the site more quickly
sharing_id	Performance	.gandi.net	Organization selected	1 year	Allows the user's default organisation to be stored
websession	Performance	.gandi.net	Session cookie NodeJS	1 day	Allows users to log in to the admin interface
sessions	Performance	.gandi.net	Session cookie Oauth2	Session	Allows users to log in to the admin interface
oauth.[uuid]	Performance	.gandi.net	SSO (connection via id.gandi.net to all Gandi's "connected" subdomains)	< 1mn	Allows users to log in to the admin interface
temporary_cart	Performance	*.gandi.net	Anonymous cart identifier	Session	Persistence of the cart between the shop and the administration interfaces
chat_open	User preferences	admin.gandi.net	Remember if the user is using the chat	1 day	Keep the chat open when in use even after navigating to another admin. Only installed if specifically authorised by the user.
hide_news	User preferences	admin.gandi.net	Remembering that the user has hidden a news item from the admin home screen	1 year	Allows not to redisplay news deleted by the user
pll_language	User preferences	.gandi.net	Language preferences	1 year	Allows the interface language to be stored for the user
locale	User preferences	.gandi.net	Language preferences	1 year	Allows the interface language to be stored for the user
atuserid	Analytics	*.gandi.net	AT Internet cookie Visitor ID for client-side cookie websites	13 months	Allows you to track the number of unique visitors (only used to get this number, not used to track user behaviour between browsing sessions)
atauthority	User preferences	*.gandi.net	AT Internet cookie	13 months	Allows the visitor privacy mode to be stored
device_token	Essential	id.gandi.net	Random identifier to store in the browser to identify this device for a given username.	400 days	Security feature that allows to know if this device has already been used to log in at Gandi.
_pk_ref	Analytics	*.gandi.net	Matomo cookie Referrer info	6 months	Allows to know where trafic comes from
_pk_id	Analytics	*.gandi.net	Matomo cookie User ID	13 months	Track the number of unique visitors
_pk_ses	Analytics	*.gandi.net	Matomo cookie Temporary information pertaining to current session	30 minutes	Used to temporarily store data for the visit
__zlcmid	User preferences	*.gandi.net	User ID for customer support chat	1 year	Necessary to use the chat tool with customer support. Only installed if specifically authorised by the user.
__zlcprivacy	User preferences	*.gandi.net	User ID for customer support chat.	1 year	Preserves the user's privacy preferences (allows not to set cookies if the user has not accepted them specifically for the chat)
_help_center_session	Essential	helpdesk.gandi.net	Help Center session	Session	Stores unique session key for Help Center Functionality.
cf_clearance	Essential	.helpdesk.gandi.net	Captcha clearance management	The storage duration is dependent on the End-User’s browser policy.	The purpose of the cookie is to ensure that Captcha or Javascript challenges are no longer issued if the challenge has already been passed. It is required in order to reach the origin server.
_cfruid	Essential	.helpdesk.gandi.net	Rate limit prevention	Session	Cloudflare cookie used in cases where multiple users are hidden behind the same client IP address. Each user will have a unique cookie to help prevent a case of rate limiting all users if one particular user hits the rate limit threshold.
_zendesk_cookie	Essential	helpdesk.gandi.net	Preference settings	1 year	Saves arbitrary preference settings. Two factor authentication features and device tracking will not work without it.
_zendesk_session	Essential	helpdesk.gandi.net	Account ID storage	8 hours	Stores account ID, route for internal service calls and the cross-site request forgery token.
_zendesk_authenticated	Essential	helpdesk.gandi.net	Authentication flag	Session	This is a flag set when a user is authenticated to display the most up to date content.
_zendesk_shared_session	Essential	helpdesk.gandi.net	Authentication cookies	8 hours.	Authentication cookie - set to be anonymous

Concerning audience measurement cookies (Matomo and AT Internet): these are configured according to the recommendations of the CNIL so as not to require the user's consent.

Nevertheless, you have the option of refusing the deposit of the AT Internet audience measurement cookies by clicking on the button below:

8.2 Other information stored on the user's terminal

8.2.1 Local storage and indexed databases.

Some of Gandi's Websites use the "local storage" and "Indexed DB" methods of the browser to store certain preference data that does not allow you to be identified. It is not technically possible to define an expiration date for this data, but you can delete it by deleting the data from the site in your browser.

Name	Category	Location	Description	Goal
preferences	User preferences	www.gandi.net	Price, country, currency, taxes and price list preferences	Allows the user's price options to be stored
preferences	User preferences	admin.gandi.net	Interface display preferences (navigation pane status, domain list display type)	Allows the user interface options to be stored
hiddenNews	User preferences	admin.gandi.net	List of ignored news	Allows not to redisplay news deleted by the user
__zlcstore	User preferences	shop.gandi.net Help.gandi.net	Customer support chat configuration	Required for using the chat tool with customer support. Only stored with specific permission from the user
temporary_cart	Performance	shop.gandi.net	Anonymous cart identifier	Persistence of an anonymous cart

8.2.2 pixel

Name	Category	Location	Description	Goal
Pixel	Audience measurement	Newsletter	The pixel is a tracking method integrated into the newsletter for tracking the opening of emails. It is not deposited on the user's terminal	Allows to measure the opening rate of newsletters and commercial e-mails

Pixel

Audience measurement

Newsletter

The pixel is a tracking method integrated into the newsletter for tracking the opening of emails.

It is not deposited on the user's terminal

Allows to measure the opening rate of newsletters and commercial e-mails

9. SECURITY

Gandi takes all the necessary precautions, as well as the appropriate technical and organizational measures, to preserve the security of your personal data and, in particular, to prevent it from being damaged or accessed by unauthorized third parties.

In the event of a data breach, Gandi has adopted mitigation and recovery procedures, as well as alerting the persons concerned and the authorities (notably the CNIL) if necessary.

10. LINKS TO OTHER WEBSITES

Gandi's Websites may contain links to third party websites such as Facebook, Twitter, LinkedIn, as well as to the websites of certain registries.

Gandi informs users that it has no control over the content of third-party websites or over the practices of these third parties in terms of protection of personal data that they may collect.

Consequently, Gandi declines all responsibility concerning the processing of your personal data by these third parties.