The General Data Protection Regulation (GDPR) has significant implications for domain data and ID protection, particularly for personal information associated with domain registration. The following is how GDPR affects domain data and ID protection: • Domain registrants and registrars: Individuals who register domains are considered data subjects under the GDPR. Your personal information, such as name, email, phone, and address, may be collected, stored, or processed by Z.com. Under the General Data Protection Regulation (GDPR), Z.com must protect your data and ensure it is processed securely and transparently. • WHOIS database: Traditionally, domain registrants’ personal information, including name, address, phone number, and email, has been publicly accessible through the WHOIS database. However, GDPR has made certain changes, as this data is considered personal and must be protected. • Redaction of personal data: Due to GDPR, domain registrars now redact or mask personal information in WHOIS records for individuals (and some businesses) in the European Economic Area (EEA). This means that only limited information (e.g., registrar contact information) may be publicly available rather than the full personal details of the domain owner.

Note: Under GDPR, even if you turn off ID protection, your full personal data will not be publicly disclosed, ensuring your privacy remains protected.

• ID protection: Many domain registrars, including Z.com, offer privacy or ID protection services that mask the domain owner’s personal details in WHOIS records by replacing them with Z.com’s information. These services have become even more important post-GDPR, allowing individuals to protect their privacy while complying with domain registration requirements. *You may click here for more information regarding Z.com WHOIS privacy protection. • Transfer of personal data: When transferring a domain to a new registrar, GDPR requires that the personal data of the domain registrant be transferred securely and in compliance with GDPR principles. This ensures that personal information is protected during the transfer process.

The General Data Protection Regulation (GDPR) is a comprehensive privacy law from the European Union (EU) enacted on May 25, 2018. It establishes strict rules for collecting, processing, storing, and sharing personal data, particularly for individuals in the EU. • Protecting your information: Organizations must handle your personal data (e.g., name, email, address) responsibly. • Your rights: You have rights like accessing your data, correcting it, or asking for it to be deleted. • Privacy by default: Your data is kept private unless you choose to share it. • Fines for non-compliance: Companies can face penalties if they do not follow GDPR rules. For domain name services, this means we must comply with GDPR requirements to protect your information, especially if you are based in the EU or registering a domain involving EU citizens. The GDPR aims to give individuals greater control over their data while ensuring organisations prioritise privacy and security. Under GDPR, your privacy is a top priority. For example, certain personal details that were previously displayed publicly in the WHOIS database are now protected. These details will only be shared with your consent or when legally required. Additionally, you have specific rights, like accessing your data or requesting it be deleted under certain conditions. The official webpage concerning GDPR rules can be found at this link.

When registering a domain, ICANN requires that domain contact information such as address, phone number, and email address of all domains be publicly available through the WHOIS database. However, this policy increases spammers, email marketers, and identity theft to hold personal information through WHOIS queries. With the free domain WHOIS privacy protection risk, customer privacy has been drastically protected from the public. This helps the ICANN board to regulate domain registration and ownership. All domain registrations with us can take advantage of our WHOIS privacy protection. However, some domains may not be eligible for WHOIS protection due to registrar regulatory restrictions. When WHOIS privacy protection is disabled, your domain’s privacy is active, meaning the domain owner's contact information is not viewable online and will remain with us privately. Please check below example: GMO-Z.com WHOIS Privacy Protection sample: Registrant Name: Whois Privacy Protection Service by onamae.com Registrant Organization: Whois Privacy Protection Service by onamae.com Registrant Street: 26-1 Sakuragaoka-cho Registrant Street: Cerulean Tower 11F Registrant City: Shibuya-ku Registrant State/Province: Tokyo Registrant Postal Code: 150-8512 Registrant Country: JP Registrant Phone: +81.354562560 Registrant Email: proxy@whoisprotectservice.com

When registering a domain with Z.com, our free WHOIS privacy service protects your personal contact information, which replaces your details with anonymous information, ensuring your privacy remains intact. You may refer here to learn what WHOIS privacy protection is about. You can Enable or Disable your existing active domain WHOIS privacy protection anytime directly from the Z.com Client Area. 1. Go to our Sign-in page. 2. Enter your Email Address and Password, and proceed to log in. 3. From the top navigation bar, click My Domains under the Domains drop-down menu or click DOMAINS on your dashboard. 4. Click on the settings icon on the right side of your domain. 5. Click Addons on the left side of the navigation under Manage. 6. ID protection is set to Disable status by default. This means WHOIS privacy is active, and your information is not available online. To Disable means to turn off domain privacy and disable the WHOIS proxy. Your information will be displayed at any online WHOIS query. Click Disable and then Confirm Cancellation. 7. To enable your domain's WHOIS privacy protection, go back to the Addons section on the left-hand navigation under Manage. Click Buy Now to turn on the domain’s ID protection.

Note: Domain privacy or WHOIS privacy is a service we offer for free. When active, the system replaces the registrant information in the WHOIS database with GMO Z.com information. Customers can enable or disable the service anytime from their Z.com Client Area.