Privacy & Whois Policy

Schedule A

1. Preamble

This Privacy & Whois Policy is part of the Registry Policies, which form a cohesive framework and must be read in conjunction with one another, as well as with other applicable agreements, policies, laws, and regulations which, taken together, represent the entirety the obligations and responsibilities with regard to any domain name registration.

2. Objectives

The objectives of this Privacy & Whois Policy are:

  1. To disclose to the Registrant, and in doing so obtain the Registrant's consent to, the fact that certain Personal Information provided by the Registrant may be dealt with in the following manner by the Registry:

    1. Personal Information shall be collected and may be used, maintained, and/or corrected from time to time in accordance with this and/or other Registry Policies or practices;

    2. Personal Information shall be collected by the Registry through the Registrar for the purpose of the storage, maintenance, disclosure, and/or use of such Personal Information. The Registry may disclose or transfer such Personal Information to any third party (in addition to ICANN and the Registry Escrow Agent), under the circumstances detailed in the "Use and Disclosure" section of this Privacy & Whois Policy;

    3. All Personal Information about the Registrant which is supplied to the Registry, or a Registrar, may be available to third parties by way of a public "Whois" service, consistent with:

      1. Privacy principals of the Registry;

      2. The Registry Policies;

      3. ICANN Consensus Policies; and/or

      4. Applicable laws, rules and regulations.

  1. To outline the Registry's procedures for the appropriate collection, holding, use, correction, disclosure, and transfer of a Registrant's Personal Information by the Registry.

In order to provide Registry services in any TLD, the Registry is required by ICANN to collect and publish data pertaining to the identity of the Registrant of any domain name.

3. Definitions

In addition to definitions found in the Registry Policies "Policy Overview and Definitions" document, the following terms are used in this Privacy & Whois Policy as defined below.

  1. "Escrow Agent" means a third party contracted to perform data escrow services for the Registry. The data escrow agreement with the Escrow Agent ensures the transfer of all relevant DNS data and Registrant information, including Personal Information, to ICANN and an ICANN-mandated back-up registry operator ("EBERO" or Emergency Back End Registry Operator), and will ensure the safety and integrity of the Registry's TLD database. The Escrow Agent is prohibited from use or disclosure of the Registry's TLD data unless that use or disclosure is deemed essential to ensure the stability and integrity of the Registry's TLD.

  2. "Personal Information" means information about an individual person, including any Registrant, whose identity can reasonably be ascertained from such information, but does not include indexes or aggregations of Personal Information relating to more than one person, such as log files, DNS Zone Files, databases or backups. This information may include the name, address, telephone number, and email address of the Registrant. This may include the home address and personal email of the Registrant, if the Registrant uses those as their primary contact information for the domain name.

  3. The "Primary Purpose" of the collection of Personal Information is the storage and maintenance of such information in the Whois database (a copy of which ICANN requires is provided to the Escrow Agent) as required by ICANN, which is searchable and publicly available. No domain name can be registered without the Registry collecting such Personal Information and making it publicly available in the Whois database.

4. "Whois" Server Implications

The Registry will maintain a publicly accessible information service known as the Registry's "Whois" service, which service provides the following information pertaining to a domain name, pursuant to ICANN's Consensus Policies, which may be amended at any time and from time to time:

  1. Technical information on the DNS servers resolving a domain name;

  2. The date the domain name was inserted into the Registry's database;

  3. The date of last modification;

  4. The date of expiration;

  5. The current status of the domain name;

  6. The Registrar's contact details;

  7. The Registrant's name;

  8. The Registrant's physical address and/or alternate address;

  9. The Registrant's email and phone numbers and/or alternate address;

  10. The Registrant's state and/or alternate address;

  11. The Registrant's country and/or alternate address.

  12. Details of nominated administrative, technical and billing contacts.

It is not possible to entirely block third party access to Registrant Personal Information; it may however, be possible for Registrants to use the services of a third party to display "private" or "proxy" information in the publicly-available Whois.

5. Collection

  1. The Registry collects Personal Information for one or more of its functions and/or activities including, where required:

    1. To identify and maintain contact details of domain name Registrants and their duly appointed agents;

    2. To provide access to that data to the public and persons connected with Registrants;

    3. To provide services to Registrants and maintain its database;

    4. For the provision of Whois service;

    5. To contact the Registrant, including notifications in accordance with the Registry Polices; and/or,

    6. To provide law enforcement, government agencies, and relevant Internet security organisations with information required investigating or preventing an alleged crime.

  1. The Registry's website utilizes technology that collects user information and tracks usage (e.g., via "cookies"). The Registry's website may feature links to other third party websites but the Registry is not responsible for the content and privacy practices of any such third party websites.

6. Use and Disclosure

  1. The Registry may use or disclose Personal Information about a Registrant for a purpose other than the Primary Purpose of collection where:

    1. The Personal Information consists of the contact details of a person connected to a Registrar, Internet service provider, Internet service reseller, or persons connected thereto, such as directors, managers or other points of contact;

    2. The Registrant has consented to such use or disclosure; or

    3. The Registry believes in its sole judgment that the use or disclosure is necessary:

      1. To lessen or prevent a serious and imminent threat to an individual's life, health, or safety; or

      2. To lessen or prevent a serious threat to public health or public safety; or

      3. Because the Registry has reason to suspect that unlawful activity or a violation of the any of the Registry's Policies has been, is being, or may be engaged in, and uses or discloses the Personal Information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons (including parties affected by that violation) or authorities; or

      4. Because the use or disclosure is required or authorised by or under law, rule or regulation; or

      5. Because the Registry believes that the use or disclosure is necessary for one or more of the following, by or on behalf of an enforcement body:

        1. The prevention, detection, investigation, prosecution, or punishment of criminal offences, breaches of a law imposing a penalty or sanction, or breaches of a prescribed law;

        2. The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal; or

      1. As ordered by a dispute resolution provider in connection with a Uniform Domain Name Dispute Resolution Policy (UDRP) or Universal Rapid Suspension (URS) proceeding, as mandated by ICANN.

      2. As decided by parties resulting from a CRS dispute.

      3. For any other legal purpose, excluding marketing purposes.

  1. Nothing in this Section 6 "Use and Disclosure" requires the Registry to disclose any Personal Information; the Registry is always entitled not to disclose Personal Information in the absence of a legal obligation to disclose it.

  2. The Registry may also be subject to the requirements of present, and any future, policy dealing with cross-border data flows if it transfers Personal Information to a person or entity in a foreign country situated outside of the European Economic Association (EEA).

  3. The Registry maintains and uses servers in diverse locations internationally, necessitating transfer of data, including Personal Information, between servers and data networks.

7. Openness

This Privacy & Whois Policy sets out the Registry's policies concerning its management of Personal Information. The Registry shall make this document available to anyone who asks for it and on its website.

8. Access and Correction

  1. If the Registry holds Personal Information about a Registrant, it shall provide that Registrant with access to such information upon receipt of written request by the Registrant, except to the extent that the Registry believes in its sole discretion:

    1. In the case of Personal Information, providing access may pose a serious and imminent threat to the life or health of any individual; or

    2. Providing access may have an unreasonable impact upon the privacy of other individuals; or

    3. The request for access is frivolous or vexatious; or

    4. The information relates to existing or anticipated legal proceedings and the information would not be accessible by the process of discovery in those proceedings; or

    5. Providing access may be unlawful; or

    6. Denying access may be required or authorised by or under law, rule or regulation, including, but not limited to, the order of any court having appropriate jurisdiction; or

    7. Providing access may prejudice an investigation of possibly unlawful activity; or

    8. Providing access may prejudice:

      1. The prevention, detection, investigation, prosecution or punishment of criminal offences, or other breaches of law; or

      2. The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders; or

      3. A law enforcement body or relevant Internet security organisation performing a lawful security function requests that the Registry not provide access to the information on the basis that providing access would be likely to cause harm.

  1. The Registry shall not in any event be under any obligation to disclose DNS Zone Files, payment logs, email archives, or data backups to any party, except as required by ICANN, law, or court order.

  2. Where providing access would reveal evaluative information generated within the Registry in connection with a commercially sensitive decision-making process, the Registry may give the Registrant an explanation for the commercially sensitive decision rather than access to the information.

  3. If the Registry holds Personal Information about a Registrant and the Registrant is able to establish that the information is not accurate, complete, and up-to-date, upon notice of such fact from the Registrant, the Registry shall take reasonable steps to correct the information so that it is accurate, complete, and up-to-date as requested by the Registrant, except where the data is contained in an historical record or archive.

9. Review of Policy

The Registry reserves the right to review or revise this Privacy & Whois Policy at its sole discretion within one hundred (180) days prior written notice, including to maintain compliance with ICANN Consensus Policy or other applicable law or regulation; Registrants who have provided their Personal Information to the Registry are deemed to acknowledge and be bound by this Privacy & Whois Policy and any changes made to it.

The current version of the Privacy & Whois Policy will made available on the Registry website. It applies to any domain name registered in the TLD, no matter when or how registered, renewed, or transferred. Where a Registrant licenses or leases the domain name or any sub-domain names obtained under these Registry Policies, the Registry and the sponsoring Registrar shall hold the Registrant solely liable for activity in the domain name and in any sub-domain, if applicable.