GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation (GDPR)

GDPR Compliant
Data Protection
EU Standards
Legal Compliance

GDPR Compliant Since: May 25, 2018

Last Updated: January 10, 2026 | Version 2.3

At HWD (Historical WHOIS Database), we are fully committed to compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This regulation enhances data protection for individuals within the European Union and affects how organizations worldwide handle EU citizens' data.

This page outlines our GDPR compliance measures, data protection practices, and how we uphold the rights of data subjects.

Our Commitment

We have implemented comprehensive measures to ensure GDPR compliance across all our services. Our commitment includes data protection by design and by default, transparent data processing, and robust security measures.

1. Understanding GDPR

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It provides individuals with greater control over their personal data and imposes strict rules on organizations that collect, process, or store personal data of EU citizens.

Key GDPR Principles We Follow:

Lawfulness & Transparency

We process personal data lawfully, fairly, and transparently. Clear privacy notices explain our data practices.

Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not process it further in incompatible ways.

Data Minimization

We collect only data that is adequate, relevant, and limited to what is necessary for processing purposes.

Accuracy

We take reasonable steps to ensure personal data remains accurate and up-to-date.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected.

Integrity & Confidentiality

We implement appropriate security measures to protect personal data against unauthorized access or processing.

Accountability

We maintain documentation of our data processing activities and can demonstrate GDPR compliance.

2. Data Controller & Processor Roles

Under GDPR, organizations can act as either Data Controllers or Data Processors (or both). Here's how HWD fulfills these roles:

HWD as Data Controller

When we collect and process personal data of our customers (e.g., account information, payment details), we act as a Data Controller. We determine the purposes and means of processing this data.

  • We establish transparent data processing purposes
  • We obtain valid consent when required
  • We implement appropriate security measures
  • We respond to data subject requests

HWD as Data Processor

When our customers use our historical WHOIS database services to process personal data, we act as a Data Processor on behalf of our customers (who are Data Controllers).

  • We process data only per customer instructions
  • We implement stringent security measures
  • We assist customers with GDPR compliance
  • We maintain processing records

3. Data Subject Rights

GDPR grants individuals (data subjects) specific rights regarding their personal data. We fully support and facilitate the exercise of these rights:

Right Description How We Support It
Right to Access Individuals can request confirmation of whether their data is being processed and access to that data. We provide data access through account portals and formal request processes.
Right to Rectification Individuals can request correction of inaccurate or incomplete personal data. Users can update their account information directly or submit correction requests.
Right to Erasure Individuals can request deletion of their personal data under certain circumstances. We honor deletion requests unless legal obligations require data retention.
Right to Restriction Individuals can request restriction of processing in specific situations. We can temporarily restrict processing while verifying requests or addressing concerns.
Right to Data Portability Individuals can receive their data in a structured, commonly used format. We provide data exports in CSV, JSON, and other standard formats.
Right to Object Individuals can object to processing based on legitimate interests or direct marketing. We respect objection requests and provide opt-out mechanisms for marketing.
Rights Related to Automated Decision-Making Individuals have rights regarding automated processing and profiling. We minimize automated decision-making and provide human review options.

Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer at dpo@historicalwhoisdatabase.com. We respond to all valid requests within 30 days.

We may need to verify your identity before processing certain requests to protect your data security.

4. Security Measures

We implement comprehensive technical and organizational security measures to protect personal data:

Technical Security Measures:

  • Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access controls, multi-factor authentication
  • Network Security: Firewalls, intrusion detection systems, DDoS protection
  • Regular Audits: Security assessments, vulnerability scanning, penetration testing
  • Data Backup: Regular encrypted backups with disaster recovery procedures
  • Incident Response: Documented procedures for security incident handling

Organizational Security Measures:

  • Data Protection Training: Regular GDPR and security training for all employees
  • Privacy by Design: GDPR considerations integrated into all product development
  • Data Processing Agreements: GDPR-compliant agreements with all processors
  • Record Keeping: Comprehensive records of data processing activities
  • Vendor Management: Strict due diligence for third-party service providers

5. International Data Transfers

As a global service provider, we may transfer personal data to countries outside the European Economic Area (EEA). All such transfers comply with GDPR requirements:

  • Adequacy Decisions: We transfer data to countries with EU adequacy decisions where applicable
  • Standard Contractual Clauses: We use EU-approved SCCs for transfers to non-adequate countries
  • Binding Corporate Rules: For intra-organizational transfers within our corporate group
  • Derogations: In specific cases, we rely on GDPR derogations with appropriate safeguards

Data Processing Addendum (DPA)

We offer a GDPR-compliant Data Processing Addendum to all customers who require it. Our DPA includes Standard Contractual Clauses for international data transfers.

To request our DPA, please contact legal@historicalwhoisdatabase.com.

6. Data Breach Notification

We have established procedures for detecting, reporting, and investigating personal data breaches in compliance with GDPR Article 33:

  • Detection & Assessment: 24/7 monitoring systems and rapid assessment procedures
  • Notification Timeline: We notify supervisory authorities within 72 hours of becoming aware of a breach
  • Data Subject Notification: We inform affected individuals without undue delay when the breach poses high risk to their rights
  • Documentation: We maintain records of all data breaches, including effects and remedial actions
  • Cooperation: We fully cooperate with supervisory authorities in breach investigations

GDPR Certifications & Compliance

We maintain ongoing GDPR compliance through regular assessments and adherence to industry best practices:

GDPR Ready

Since 2018

Security Audits

Annual Assessments

Staff Training

Quarterly Updates

7. Contact & Resources

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and address data protection matters:

Email: dpo@historicalwhoisdatabase.com

Response Time: Within 48 hours for urgent matters

GDPR Documentation

We maintain comprehensive GDPR documentation, including:

  • Data Protection Impact Assessments (DPIAs)
  • Records of Processing Activities (ROPAs)
  • Data Processing Agreements (DPAs)
  • Security Policies & Procedures

This GDPR Compliance Statement was last updated on January 10, 2026.

We regularly review and update our GDPR compliance measures to ensure ongoing adherence to regulatory requirements.

Exercise Your GDPR Rights

If you wish to exercise any of your GDPR rights or have questions about our data protection practices, please contact our Data Protection Officer.

Contact DPO Privacy Policy General Contact

ArchiveWHOIS Support

Typically replies within 1 hour

👋 Hi! I'm your support assistant. How can I help you with WHOIS database queries today?