Whois use and information
If you seek the registrant information of a Tucows registrant in connection with a civil legal matter, please attach the valid subpoena here. Valid subpoenas are those issued by (a) any Canadian federal, provincial, or municipal, (b) any Danish County or High Court, (c) any German federal or local court, (d) any U.S. federal, state, or county. Tucows will not respond to subpoenas or analogous discovery mechanisms issued by any other jurisdiction unless they are domesticated into one of the above-listed jurisdictions.
If you seek the registrant information of a Tucows registrant in connection with a criminal matter, please attach the valid warrant here. Valid warrants are those valid and issued in any Canadian, Danish, German, or U.S. jurisdiction. Tucows will not respond to warrants issued by any other jurisdiction unless they are domesticated into one of the above-listed jurisdictions.
Tucows reserves the right to request a copy of the complaint and any supporting documentation that demonstrates how the Tucows customer information is related to the pending litigation and the underlying subpoena.
Notice to Customer and Response Time
Upon the receipt of a valid civil subpoena issued by an appropriate court, Tucows may promptly notify the customer whose information is sought. If the circumstances do not amount to an emergency, Tucows may not immediately produce the customer information sought by the subpoena and may provide the customer with the opportunity, within the response time provided in the subpoena, to move to challenge the subpoena in court.
Fees for Subpoena/Warrant Response
Tucows may charge for costs associated with responding to subpoenas and/or warrants. An invoice will be included in our response and is payable within thirty (30) days. Cheques should be made out to “Tucows Inc.” Tucows subpoena compliance costs are as follows:
• Research – $150.00/hour
• Federal Express – Cost as Billed
• Copies – $.25/page
Policy Regarding E-mail or Other Electronic Communications
Except as required by a valid court order, Tucows will not produce the content of email or other electronic communications.
Reservation of Rights
Notwithstanding any of the above, Tucows reserves the right to challenge the validity of any subpoena or otherwise move to quash or take such other action to secure an order from the relevant court that Tucows is not required to respond to the subpoena.
Modification of Policy
Tucows reserves the right to modify this policy at any time in its sole discretion.
Tucows is the registrar of the domain name in dispute that is the subject of my complaint, do I need to name Tucows in the legal action I file?
No. It is not necessary to name Tucows in a legal dispute regarding a domain name registered at Tucows. Tucows will comply with any Order issued by a court of competent jurisdiction regarding the final disposition of the domain name at issue.
IIs it necessary to name Contact Privacy Inc, in a legal action I file if the domain name uses Contact Privacy Inc privacy service?
No. It is not necessary to name Contact Privacy Inc. in a legal dispute. Contact Privacy Inc. is a private registration service and has no control over the domain name or any associated website content. Like Tucows, Contact Privacy Inc. will comply with any Order issued by a court of competent jurisdiction.
What should be included in court orders sent to Tucows
Court orders should be as specific as possible, but at a minimum, must include:
• The affected domain name(s)
• The specific action that Tucows or the “registrar of record” is being requested to take regarding the domain name.
• If plaintiff is seeking control of a registrant’s domain name, the court order must specify the name of the domain name(s).
Can non-Canadian-based court documents be submitted?
Yes. Tucows will accept court documents from Canada, Denmark, Germany, and the U.S.A. If the documents are not in English, French, German, or Danish, we require the following:
• Original court-stamped copy, and
• A certified English translation of the court-stamped copy.
Are there additional requirements for Settlement Agreements?
Yes. In order for Tucows to implement terms associated with a settlement agreement, the settlement agreement must:
• Have notarized signatures from both parties;
• Specify the affected domain name(s); and
• Include a statement that the litigation will be dismissed.
Are there additional requirements for Receiverships?
Yes. All receivership orders must:
• Explicitly list the domain name(s) that are to be moved separately from other assets, and
• State that the Receiver is to manage and/or sell the domain name(s).
The Tiered Access Directory is Tucows’ “gated” version of the Whois directory. It allows accredited third parties, such as members of law enforcement, to view the contact data of domain registrants who use our platform.
Up until May 25, 2018, the registration data for all domain names was by default published in the public Whois directory, where it was visible to any party who performed a “Whois lookup” on a domain.
With the advent of the GDPR and other similar privacy laws, however, the public display of this personal data has become problematic. This lead Tucows to the decision to redact real contact data from the public Whois. Alongside this change, we implemented our gated Tiered Access Directory as a means for parties with a legitimate legal interest to access this personal data, while ensuring data is not unnecessarily exposed through display in the public directory.
The European Union’s General Data Protection Regulation (GDPR) lays out a new set of rules for how the personal data of people living within the European Union should be handled. That being said, it embodies some really great principles and concepts that we believe in here at Tucows, and we want to pass these protections and rights on to all registrants, regardless of where they happen to live.
Though it can be fairly complex and far-reaching, at a high level, the GDPR can be broken down into three main concepts:
- Consent and control
- The right to be forgotten
Consent and control
This can be brought down to the very simple idea that your personal information belongs to you and only you can decide where it gets used. In order to work with any of your data, we have to let you know what we need your information for and have a legal reason to use it. We have an obligation to only collect the minimum amount of information that we need to get the job done, and we can’t use the information we’ve already gathered for something else without asking you if that’s ok.
Transparency means that in the event of a security breach where your personal data may have been exposed, we have to let you know as soon as possible that it’s happened and tell you what happened, what we’re doing to fix it and what you should do protect yourself. This type of information empowers each person to respond in the way they think is best in each circumstance in order to protect their own privacy. The security of your personal data is our priority, and this is a part of the GDPR that we hope will never come into play.
The right to be forgotten
This is one of the most powerful tools that the GDPR gives people – a means to a fresh start. It gives you the ability to revoke your consent provider for a service to store and process your personal information. When a person invokes this right, Tucows will have to essentially erase all record of the individual, from our system. This requirement is not without consequences or limitations: some services can’t be provided without personal information, and sometimes personal information has to be kept for reasons of public interest or relating to legal claims. This right to erasure applies only to data that’s used because we have consent, and does not apply to data that’s used because it’s required as part of fulfilling a contract. Data processed as part of fulfilling our service contract will be kept for the lifetime of the service, plus up to 7 years after the service’s termination.
While the rules outlined in GDPR apply only to EU-local individuals, changes to how data is collected and handled will happen on a global scale as companies modify their existing practices to ensure they are compliant with these new regulations. While we will try our best to minimize any disruption to our domain management and registration processes for registrants, Tucows believes in the principles that the GDPR upholds, and we, along with other key players in our industry, feel that extending the benefits of the GDPR to registrants worldwide is simply the right thing to do.
What it means is that all these regulations around protecting personal information can’t just be afterthoughts, they need to be part of the system that’s on unless you turn it off. We’ll be empowering registrants to understand what information we hold and how it’s used, to give consent to us for that use, and to request erasure of data in cases where consent cannot be provided.
Article 17 of the GDPR outlines the data subject’s right to erasure, also known as the right to be forgotten. It gives each person the right to request that a controller, such as Tucows, erase their personal data. It also requires us to comply with any such request “without undue delay” as long as one of six specific legal grounds applies. On top of this, it states that in cases where the controller has made personal data public, they must reach out to any other controller who is processing the data and inform them about the request for erasure so that the appropriate steps can be taken. Finally, Article 17 lays out several exceptions where the right to erasure does not apply. These include instances when processing of data is necessary for “exercising the right of freedom of expression and information,” for “compliance with a legal obligation,” or for “the establishment, exercise or defense of legal claims.”
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
Examples of personal data: Name, surname, address, email address, IP, personal ID, cookie ID; firstname.lastname@example.org.
These are not considered personal data: email@example.com, company name, or legal entities.
Please contact your domain service provider to inquire about their refund policies surrounding service cancellation.
The order in which services are presented on the Data use consent settings page is prioritized so that any actionable or important items are seen first. This means services will be listed in the following order, as they apply to you:
- New, asynchronous products still requiring consent.
- New, synchronous products still requiring consent.
- Older, asynchronous products where the consent choice has been made.
- Older, synchronous products where the consent choice has been made.
To obtain the URL to your Data use consent settings page, please contact your domain provider. If your provider is uncooperative or unresponsive, please reach out to Tucows’ compliance team.
Yes, though this only poses an issue for registrants of asynchronous services. Ten days following the initial consent request, your consent status will default to “non-consent” if we haven’t received a response, and the order will be placed on hold and ultimately canceled.
Synchronous services will be unaffected by this, as Tucows will continue to use placeholders for any data elements that we process until consent is given. Pending orders for asynchronous services, however, will be canceled at this 10-day mark if we haven’t yet received a response from the registrant.