Categories
Changes on the LB platform NetEarth One

Further GDPR changes on the LB platform – PLEASE READ

Further to the previous blog posts on GDPR, there are now more points that have changed/updated with regards how LogicBoxes is handling this through the platform.  (a lot of the below is a cut/paste from LB information provided to NEO regarding platform changes, so we/us/our etc = LogicBoxes)

Previously LB was going to deploy TrustArc throughout the platform, this has now changed :

Applying TrustArc to SS, Partnersite:

We will not be deploying the TrustArc tool throughout the reseller chain. However, If you use cookies on your website, there are a variety of  open-source tools you may be able to utilise to obtain and manage cookie consent from your customers such as  

  1. Cookie Consent by Insites

  2. Tarteaucitron.js

  3. Cookie Consent

.ES domain registrations :

.ES domain registrations will be set to “do no sell” throughout the platform.  The reason for this is NIC.ES is not GDPR compliant, and therefore the “registrar”/Data Controller in this case, LB, would be liable for any fine.  You could argue that .ES is the entity that is creating the problem, but, as we have seen in the past with .ES they are not the fastest registry to fix things.

Webform for external contact to a domain contact: 

We will be launching a site within the next day or so to allow anyone to make contact to a domain contact as WHOIS will be anonymized for certain individuals.  More will come on this shortly.

SuperSite & PartnerSite
1. Data Transfer and Marketing Consent on SuperSite:
New Checkboxes have been introduced to the storefront that are shown to EU users. These will be shown when a new user selects a country from the European Economic Area and indicates that their account will be associated with that region. The other condition is when the user is an existing one and logs in to select an EEA country contact to associate with the domain name purchase; the checkbox will be shown before transaction completion.

 

Please find a brief understanding of these checkboxes below:
a. Your Terms of Service & acknowledgement of your Privacy Policy*
i. You are solely responsible for providing your customers with a Privacy Policy that accurately describes what data you collect from your customers and how you store, use and share or disclose such data and what choices your customers have with respect to such data.
b. Receiving marketing emails from you by providing your customers with the opportunity to opt-out of receiving such emails
i. If a customer opts-out of receiving marketing emails, that customer’s email preference will be sent to you in the customer sign up email. You must exclude all customers who opted-out from your marketing email campaigns.
ii. PLEASE NOTE: While we have currently provided you with the functionality to allow your customers to opt-out of receiving marketing emails, it is solely your responsibility to determine whether it is appropriate for you to rely on this opt-out solution or if you are required to obtain opt-in consent from your customers through alternative means.
c. For new sign-ups, the interfaces will collect consent from the customer to allow personal data transfers outside the EEA for processing because our platform servers are located in the USA.
d. If a customer selects an EU country during the purchase flow, an EU VAT ID box will be displayed to the customer.
e. For customized SuperSites, this code will be pushed into the site’s code bank, you will need to accept these code changes and check the integrity of your design and form changes. For your reference, here are the files that will be modified from our end:
i. misc/login/includes/customer_signup.html
ii. misc/signup/signup_form.html
iii. misc/login/includes/customer_signup.html
iv. legal/legal/legal.html
f. If you are using our API to send user sign up forms to the platform, please use the API methods here to send the consent you collect to OrderBox. You can also log this on a local DB to manage the opt in based marketing for new customers.
2. Consent on PartnerSite:
If a new reseller selects an EEA country from the country drop-down menu during sign up, three consent check boxes will be displayed to the reseller:
a. Agreeing to your Terms of Service & acknowledging the Privacy Policy
b. Receiving marketing emails from you
i. Your customer’s email preference will be sent to you in the Reseller sign up email. You must exclude these users from your marketing email campaigns
c. For customized PartnerSites, this code will be pushed into the site’s code bank, you will need to accept these code changes and check the integrity of your design and form changes. For your reference, here are the files that will be modified from our end:
i. legal/reseller_legal/reseller_legal.html
d. Consent from the customer to allow personal data transfers outside the EEA region for processing because the platform servers are located in USA
API changes to OrderBoxFor all LogicBoxes partners using the API, we will be making some changes to a few domain registration API calls which you will need to incorporate in your existing domain registration setup. We have documented these API changes in detail here.

Control Panel

 

1. Enabling/Disabling GDPR Protection:

 

Customers from all EEA countries using the OrderBox customer control panel will be given an option to enable or disable the GDPR Protection, which masks the customer’s WHOIS data to comply with the GDPR requirements, from their control panels. However, by default GDPR Protection for EEA customers will be enabled.
2. You will need to upload your GDPR compliant Privacy Policy:
We are introducing a new feature, which allows you to upload a privacy policy on SuperSites, PartnerSites and Control Panels. If the GDPR applies to you, it is your responsibility to ensure that you have a GDPR compliant Privacy Policy. As an organization and service provider, we have updated our Privacy Policy which you can find here.
a. There are a few tools available in the market that can help you draft a GDPR compliant Privacy Policy and make it GDPR compliant at a minimal cost
b. https://termsfeed.com/privacy-policy/generator is an example
c. Other such tools are listed here: https://digital.com/blog/best-privacy-policy-generators/
API changes to OrderBox

For all LogicBoxes partners using the API, we will be making some changes to a few domain registration API calls which you will need to incorporate in your existing domain registration setup. We have documented these API changes in detail here.