Effective May 2018
Netregistry respects your privacy and is committed to its protection.
Why and when Netregistry collects your information
Netregistry collects the information you give us either online or by email, post, facsimile, face to face, over the phone or through our partners. In most cases, the personal information Netregistry will collect from you is the personal information required in order to provide services to you, and also for ongoing management and support of those services. This information may include your full name, mailing address, phone number, email address, ABN, facsimile number and other relevant additional details. We also collect your payment details such as your credit card number or bank account details.
If you are a domain name registrant, when you register or renew a domain name, we will collect data from you in order to satisfy the requirements of ICANN (the Internet Corporation for Assigned Names and Numbers), auDA (.au Domain Authority) or other gTLD (generic top level domain) or ccTLD (country code top level domain) policies. We only collect data that is obligatory. The collection of this data is required in order to ensure a coordinated, stable and secure operation of the Internet’s unique identifier system.
How Netregistry uses your information
We collect and use your personal information to deliver our services to you. This will include provision to you of sales and technical support, billing and credit control, renewal notices, maintenance notices, system changes and other functions relevant to your services with us.
As a domain name registrar, we are required by ICANN to make available certain personal information we collect from you when you apply to register any generic top level domain names (eg., com, net, org, biz, info and name) to the public on a publicly accessible database known as the WHOIS database. This obligation also applies to some of the country code top level domains including the .au domains.
The public policy behind this requirement is that the personal details of domain name licence holders should be freely available to all other users of the Internet. This public policy has been adopted by the domain name industry as a whole. The requirement means, however, that Netregistry will not be able to control how members of the public may use the information made available on these publicly accessible databases.
On 17 May 2018, the ICANN Board adopted a Temporary Specification modifying the WHOIS specification. It defines requirements for processing personal data which is subject to the GDPR. That personal data will be redacted from the WHOIS query, however, we will still need to provide reasonable access to that personal data to third parties on the basis of legitimate interests.
In addition, ICANN has another mandatory requirement that all its accredited registrars make the WHOIS database of personal information for com, net and org available for bulk downloads by third parties who have entered into a bulk access agreement with Netregistry.
We may use your information to measure your experiences of our services, improve existing services, develop new services, perform research and analysis associated with your services. We also use the information to provide you with special offers, promotions, newsletters or invitations to events. All our marketing communications will contain an unsubscribe function. You can use that function to opt-out of our marketing at any time.
We may monitor telephone conversations with you in order to facilitate staff training and to maintain our high levels of customer service. We will always inform you prior to any telephone conversation which is monitored in this way to obtain your prior approval.
Where you purchase a digital certificate through us, we are required by the provider of those certificates to collect personal information from you to pass back to that provider (other than your payment details, which we hold internally).
Disclosure of your information to third parties
We operate under a number of different subsidiaries. Your information may be shared within the internal company group but you can be confident that each member of the group has the same commitment to protect your personal information.
We may supply your personal information to third parties to perform services on our behalf, such as:
- If you are a domain name registrant, we will have to provide your data to the registry operator, or in respect of certain new gTLDs and ccTLDs, to the back-end Registrar. Under ICANN policy, we are also required to transfer your data to a data escrow agent. In response to ICANN contractual compliance requests, we may be required to provide your data to ICANN;
- Market research and distribution of marketing information to you (except where you have chosen to opt-out of receiving this information from us);
- The supply of web hosting, website design, SEO and other services;
- Call centre sales and support services (provider in the Philippines).
Our relationships with such third party service providers are governed by our contracts with them. Those service contracts contain privacy and confidentiality provisions which are consistent with the Australian Privacy Law obligations.
Accuracy / Access
If you’ve moved, changed phone numbers or email address, please let us know. We can’t help you if we can’t contact you. If you want to know what information we hold of yours, if you believe that we may hold other personal information about you which is inaccurate, if you wish to change or update any of the personal information you have provided, you can always ask us. Subject to our obligation to retain your personal information for the purposes of providing services to you, you may also contact us to request erasure of your personal data. You may access and update the personal information we provide to the registries in respect of your domain name licence at any time. The procedure to do this is explained in this support article.
The transfer of information across any media may involve a certain degree of risk, and the Internet is no different. However, helping you to keep your information secure is very important to Netregistry.
At Netregistry we treat your data with the utmost security and use a range of technologies and policies including firewalls and access controls and restrictions to ensure that your data is secured not only from access and visibility but also from unauthorised alteration or erasure.
You can also use simple precautions to help protect your security, such as protecting against the unauthorised use of your username or password or other authentication ID.
Retention of Data
We will only retain your personal data for as long as is necessary. We will need to retain your data for as long as you have an account with us and will keep your data while your account is active and for a reasonable period afterwards to ensure we are able to properly deal with any enquiries. We will also need to retain data in order to comply with our legal obligations such as compliance with tax laws.
Notifiable Data Breach
From 22 February 2018, a data breach that is likely to result in serious harm to individuals must be reported to those affected and also to the Office of the Australian Information Commissioner (OAIC). A data breach happens when personal information is accessed or released without authorisation, or is lost. Serious harm may include physical, financial, emotional, psychological or reputational harm. We have procedures in place to ensure that a data breach is properly identified, assessed, contained and reported if necessary.