Privacy Policy

Updated May 15, 2018

This is Rebel.com Corp.’s Privacy Policy. Rebel.com Corp. (“We”, “our”, or "Rebel") is a Canadian corporation and owns and operates Rebel.com, which mainly caters to users in Canada. Rebel respects your privacy and that is why we have adopted this Privacy Policy, which embodies our commitment to the protection of your privacy through adherence to fair electronic information practices. This Privacy Policy sets out how we obtain and use the “Personal Information” which you provide us. Personal Information may include your name, address, telephone number, email address, date of birth, and other data which may directly or indirectly identify you.

Contents

What information we collect about you

We may collect your Personal Information when you provide it to us by using our services, which include but are not limited to; domain name registration services, email services, domain name account management services, website development and hosting services, and security certification services (“Service(s)”). We may also collect your Personal Information when other sources provide it to us, as further described below. By requesting or using our Services, you may be asked to consent to our collection and use of your Personal Information in connection with our provision of the Services, in accordance with this Privacy Policy.

Information you provide to us

General: We may collect information about you, including but not limited to Personal Information, when you provide it to us in the course of requesting, purchasing, registering for, and/or viewing the Services on our website or otherwise provide it directly to us.

Account and Profile Information: We may collect information about you when you register for an account, register a domain name, create or modify your profile, set preferences, or make purchases.

Content you provide through our Services: When you use our Services, you may be providing us with personal information. For example when you send or receive email or when you upload content to your website or onto our services, we may collect and store this personal data in the course of providing you with the Services.

Personal information which you disclose in an online public space provide by us, including on any blog, or website that We may host for you as part of your Rebel Services, is available to anyone else who visits that space. We cannot safeguard your privacy in respect of any information which you publically disclose in such online locations.

Domain Registration:  In certain jurisdictions or pursuant to certain third party registry policies, personal information provided in the course of registering and/or maintaining a domain name registration domain name, may be or may be required to be, made available to the public. Where such domain name registration information is available to the public, anyone can access it through “WHOIS” database searches or similar searches conducted online through search engines. Where a WHOIS database is public in whole or in part, such publically available personal information that may have been provided by you in the course of registering a domain name, is a publicly accessible database that may lists your personal information, including the domain name and contact information of the registrant and administrative and technical contacts for the domain name, the name server(s), and the domain name’s creation and expiration date among other possible data. The domain name registration information which you provide may be hosted by us and provided to the public in accordance with all applicable registry policies, which may vary by domain name, registrant type, and jurisdiction.

At times, users of Rebel may receive third party solicitations or unwanted third party emails (“Spam”) that may have resulted from searches of a publicly available WHOIS database or similar search conducted by other companies or individuals. However, such third party solicitations and/or SPAM does not come from Rebel and Rebel does not control the use of WHOIS information by third parties to the extent that such WHOIS information is publically available.

As an ICANN-accredited registrar, we are required to comply with all ICANN policies, regulations, agreements, and rules, including but not limited to ICANN’s registrar compliance framework for GDPR, as may be enacted from time to time.

Furthermore, in accordance with ICANN policies, regulations, agreements, and rules, Rebel may be required to deposit your domain name registration information which may contain Personal Information, with a third-party escrow provider in order to comply with ICANN requirements.

When registering a domain you may be exposing your name, personal address, email & phone numbers to spammers, marketers and hackers. Our Privacy Protection Product may be used to hide your personal information in a public WHOIS directory; it can be used to prevent spammers and marketers from contacting you and, it may assist in avoiding unauthorized access to your Rebel account.  You can read more on our Privacy Protection product page.

Information you provide through our support channels: The Services may also include our customer support, where you may choose to submit information regarding an issue which you are experiencing with a Service or where you may ask a question in connection with the Services.  Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you may be asked to provide Personal Information, such as contact information, a summary of the problem or issue which you are experiencing, and/or documentation, screenshots or information that would be helpful in resolving the issue.

Payment Information: You might provide payment information, such as payment card details, which we collect via secure payment processing services.

Information we collect automatically when you use the Services

We collect certain information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Your use of the Services: We may keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; and, frequently used search terms.

Device and Connection Information: We may collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.

Cookies and Other Tracking Technologies: We may use cookie files to make it easier for users to access our website or Services. A cookie file is a small data file that certain Web sites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you've visited. But the only Personal Information a cookie generally contains is information which you indirectly supply yourself. A cookie can't generally read data off your hard disk or read cookie files created by other sites. We use cookies to track user traffic patterns. We may also use a cookie to store a unique, random user ID. We may use this ID to identify you anonymously in our database and to track the pages you visit on our site. This type of temporary cookie lasts only for your current session on our web page and is not used after your session expires. We use it primarily to keep track of information during your session, such as what domain you have selected to register as you step through the various registration forms.

Website analytics: We use multiple web analytics tools provided by service partners such as Google Analytics, and MixPanel to collect information about how you interact with our website, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. These analytics technologies store this information on our behalf in a pseudonymized user profile. The web analytics tools are contractually forbidden to sell any of the data collected on their behalf. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies. You can control the technologies by utilizing settings in your browser or third-party tools, such as Disconnect, Ghostery and others.

If you've set your browser to warn you before accepting cookies, you will generally receive a warning message with each cookie. You may refuse cookies by turning them off in your browser; however, some of our website functions may require a cookie for access.

How we use your Personal Information

We may share certain information about you with those of our vendors who are responsible for performing other necessary services that you require as part of the provision of our Services.

Delivering, improving, updating and enhancing the Services we provide to you: We use information about you for purposes of monitoring and improving our internal operations, as well as to ensure that we properly perform the services you have requested.

We also use the information we collect to monitor and improve our internal operations, as well as to improve the experience of users on our websites. For example, we may correlate Web site traffic information with data about individual users. We may also break down overall usage statistics according to customers' domain names, browser types, and MIME types by reading this information from the browser string (information contained in every user's browser).

Compliance with legal, regulatory and law enforcement requests: We will not share such information with other third parties, except in response to formal requests (e.g., subpoena, court order, or other statutory or law enforcement requests) made in connection with disputes, litigation, arbitration, or criminal proceedings or investigations, relating to a domain name registration or the Services which we provide.

Sharing with trusted third parties: In the event that certain Services provided to you by or through Rebel are to be provided to you by a substitute or third party service provider, your information may be transferred to the substitute/third party service provider, provided that such entity agrees to be bound by the terms of this Privacy Policy in effect at the time of performance of the Services.

We may also share your Personal Information with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:

  • Processing credit card payments
  • Serving advertisements
  • Conducting contests or surveys
  • Performing analysis of our Services and customers demographics
  • Communicating with you, such as by way email or survey delivery
  • Customer relationship management.

Such third parties may include those who extend or enhance our Services, such as:

  • Weebly providing website builder technology
  • Plesk providing hosting control panel software

We only share your Personal Information as necessary with any third party to provide the Services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to data processing terms and conditions and are prohibited from utilizing, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for by us in accordance with this Privacy Policy.

Communicating with you: We may contact you directly or through a third party service provider regarding products or Services you have signed up for or purchased from us, as necessary to deliver transactional or Service related communications. We may also contact you with offers for additional services we think you’ll find valuable pursuant to your consent which may have been provided as part of the registration or sign-up process, or where otherwise permitted. These contacts may include email and telephone calls.

You may also update your subscription preferences with respect to receiving communications from us and/or our partners by signing into your account and visiting the “Account Settings” page.

You may opt out of receiving information from us simply by notifying us of your desire in accordance with the opt-out instructions contained in any information message you receive from us. Note, however, that in order to fulfill our service obligations to you, we must continue sending you notices and other important information affecting your account or services.

Transfer of Personal Information abroad:  If you utilize our Services from a country other than the country where our servers are located, your communications with us may result in transferring your Personal Information across international borders.

Targeted advertisements. Targeted ads or interest-based offers may be presented to you based on your activities on our webpages, and other websites, and based on the Services you currently use.  These offers may display as varying product banners presented to you while browsing. We also may partner with third parties to manage our advertising on our webpages and other websites.  Our third party partners may use technologies such as cookies to gather information about such activities in order to provide you with advertising based upon your browsing activities and interests, and to measure advertising effectiveness.

How you can access, control, and correct your Personal Information

You have the right to access, update, and correct any inaccuracies in your Personal Information that we control.

To ensure you receive the information you need and that your privacy is protected, please be sure to regularly update your contact and billing information. You can update all account-related information through the Rebel website.

To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please sign into your Account and visit “Account Settings.” It is important to always keep your contact information up to date, both to comply with ICANN regulations and to make certain you’re receiving correspondence at the correct email address.

How we store and secure information we collect

We follow generally accepted standards to store and protect the Personal Information and data which we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.

We sell security products such as SSL, Privacy Protection, Expiry Protection and Ownership Protection that help you protect your assets, personal information and Services.   To supplement our services, we frequently publish blog articles or support centre articles on data protection and security.

We retain Personal Information only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • mandated by law, contract or similar obligations applicable to our business operations;
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or
  • needed to maintain adequate and accurate business and financial records.

Account Closure and Data Deletion

You may request that your account be closed. All products and Services must be cancelled prior to closure. If there are any active products or Services in the account, the account cannot be closed. You will no longer be able to log into your account after it is closed.

Upon closing your account, you may request that your Personal Information be deleted. It may take up to 30 days for account data to be deleted. After deletion, your account will be unrecoverable. We may however retain records of your Personal Information in our own records for business and legal purposes, to the extent permitted by applicable law.

With respect to Personal Information associated with a domain name registration, ICANN mandates that information is kept for 2 years prior to a domain removal for audit and investigation proposes.

Changes to this Policy

Rebel will occasionally update this Privacy Policy to reflect company and customer feedback, as well as legal requirements. Rebel encourages you to provide feedback and to periodically review this Privacy Policy to stay informed of how Rebel handles your Personal Information.

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are an individual resident of the European Economic Area (EEA), you may have the following data protection rights:

  • If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing privacy@rebel.com.
  • In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing privacy@rebel.com.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing privacy@rebel.com.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You may be required to identify yourself as a person to which the GDPR is applicable in order for us to extend GDPR-mandated privacy requirements to you, and Rebel reserves it rights to deny provision of the Services to you if we in our sole discretion determine that we want to provide the Services only to persons resident in Canada. If you are a resident of the EEA and believe we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may find out more information, including about the complaint procedure, here; https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en.

Cloud Watch

Meet is an open source video conferencing tool that allows users easily to set up and join video or audio conferences. It also enables users to invite others to video conferences.

List of parties

Processor(s):

Name: Open-Xchange

Address: Hohenzollernring 72, 50672 Köln

Description of the processing

Categories of data subjects whose personal data is processed.

Users of integrated video conferencing in the OX App Suite. OX App Suite is the product of Open-Xchange.

Purpose(s) for which the personal data is processed on behalf of the processor

Provision and operation of an online video conference for Open-Xchange with invitation function for participants

Categories of personal data processed

  • Content Data: Video Chat Stream
  • Contact Data: Video Chat User Name
  • Traffic Data: IP Addresses
  • Meeting Link ID

Nature of the processing

Transmit and Store

Duration of the processing

Content and Contact Data for the duration of the meeting. Traffic Data is deleted after 7 days.

Meeting Link IDs are given a validity date by the processor and are deleted after expiry of validity period by the sub-processor.

Data Storage Center

Data center is located at Gutleutstraße 310, 60327 Frankfurt am Main and the following certificates/standards are available at this location:

SOC 1 Type II, SOC 2 Type II, ISO 27001, PCI DSS, ISO 45001, ISO 9001:2015, ISO 22301,ISO 14001 and ISO 50001

Contact us

Further information on privacy and your rights in regard to your Personal Information, may be found on the website of the Privacy Commissioner of Canada at www.priv.gc.ca.

If you have any questions, concerns, or complaints about our Privacy Policy, you may contact us by email at privacy@rebel.com.

As an alternative, you may contact us by either of the following means:

By Mail: Neptune Court, Suite 204, Allegro Rd, Grace Bay, Providenciales, TKCA 1ZZ

By Phone: 1-866-497-3235

We will respond to all requests, inquiries or concerns within thirty (30) days.

Revised: 2020-05-18