Interpreting general data protection regulation principles (GDPR)

As part of our ongoing efforts to improve privacy and security, Hover has changed how your data is protectedGeneral data protection regulation (GDPR) lays out a set of rules and regulations for handling the personal data of people living within the European Union. This policy came into effect on May 25, 2018.

This set of regulations around data protection has defined standards for how companies need to think about and protect the data their customers have entrusted them with and the data that the companies themselves may have collected about their customers.

The three concepts of the GDPR

At Hover, we feel that all our customers should be entitled to the same data protection, regardless of geographical location.

GDPR embodies some great principles and concepts, and we want all of our customers to have the same protections and rights regarding their data.

While GDPR sounds rather complex at its core, it can be simplified into three fundamental concepts; consent and control, transparency, and the right to be forgotten. 

Consent and control

Explicit, informed consent and individual control over the use of personal data are fundamental rights in the GDPR. Any business collecting or processing personal data must obtain consent to do so and explain what the information is needed for.

Only the minimum amount of information necessary to get the job done should be collected, and it cannot be used for any other purpose than was originally agreed. Doing so puts the individual in charge of how their info is used from the very start.


The GDPR imposes requirements on how companies address security breaches that expose sensitive personal information. In the event of a breach, anyone whose information may have been disclosed must be notified as soon as possible.

The notice should explain what happened, what's being done to fix it, and what those affected should do to protect themselves.

This type of information empowers each person to respond in the way they think is best in each circumstance to protect their privacy.

The right to be forgotten

Under the GDPR, individuals have the right to revoke previously given consent to use their data.

When this happens, the provider must essentially erase all records of the individual.

This requirement is not without consequences or limitations, though. Some services can't be provided without personal information, and sometimes confidential information has to be kept for public interest or relating to legal claims.

GDPR principles and how they affect you

The GDPR helps protect privacy in the digital age. The European Union views personal data protection as nothing less than a fundamental human right, alongside other rights such as freedom of expression, freedom of thought, and the right to a fair trial. 

Seven fundamental GDPR principles lie at the heart of Tucows approach to processing personal data.

  • Lawfulness, fairness, and transparency.
  • Purpose limitation.
  • Data minimization.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security).
  • Accountability.

Tucows' compliance with the spirit of the GDPR key principles is a fundamental building block for good data protection practice. Therefore, we're extending the protection principles under the GDPR to all customers, regardless of location.

Hover never sells our customer's personal information, and we do not share personal data beyond what's needed to provide the service you've subscribed to. 

These data privacy protections touch almost every aspect of the domain registration process and lifecycle. At Hover, we're keeping two things in mind as we work to support you.

  1. We commit to operating within the bounds of legal requirements set by the GDPR.
  2. We commit to keeping domain purchases and management as straightforward, simple, and seamless as possible for our customers.

GDPR and personal data

Personal data is any data that can be traced back to a single person and used to identify the individual. Different pieces of information, which are collected together can also lead to the identification of a particular person and would also constitute personal data

Personal dataNot personal data

Basic personal information such as:
First and last name, home address, phone numbers.

Company registration number or VAT ID.

A unique email address, such as

A general company email address, such as

Location data such as IP addresses.

Anonymized data (redacted). 

Order numbers.


Credit card numbers.


One of the main ways we inform our clients about how their data is being used is through our terms of service agreements. These terms outline how Hover handles customer information and protects customer privacy by complying with GDPR standards.

Hover support cannot view your personal information without verifying your account. This includes information such as your name and account email address. Support cannot sign into or view the contents of your Hover account without your account being fully verified.

Data processed as part of fulfilling our service contract will be kept for the lifetime of the service, plus up to seven years post-service termination. 

Back to top

Was this article helpful? If not please submit a request here

How helpful was this article?