Effective March 2018
Netregistry respects your privacy and is committed to its protection. We are bound by the Australian Privacy Principals of the Privacy Act 1988(Cth).
Why and when Netregistry collects your information
Netregistry collects the information you give us either online or by email, post, facsimile, face to face, over the phone or through our partners. In most cases, the personal information Netregistry will collect from you is the personal information required in order to provide services to you, and also for ongoing management and support of those services. This information may include your full name, mailing address, phone number, email address, ABN, facsimile number and other relevant additional details. We also collect your payment details such as your credit card number or bank account details.
How Netregistry uses your information
We collect and use your personal information to deliver our services to you. This will include provision to you of sales and technical support, billing and credit control, renewal notices, maintenance notices, system changes and other functions relevant to your services with us.
As a domain name registrar, we are required by ICANN (the Internet Corporation for Assigned Names and Numbers) to make available the personal information we collect from you when you apply to register any generic top level domain names (eg., com, net, org, biz, info and name) to the public on a publicly accessible database known as the WHOIS database. This obligation also applies to some of the country code top level domains including the .au domains.
The public policy behind this requirement is that the personal details of domain name licence holders should be freely available to all other users of the Internet. This public policy is adopted by the domain name industry as a whole. The requirement means, however, that Netregistry will not be able to control how members of the public may use the information made available on these publicly accessible databases.
In addition, ICANN has another mandatory requirement that all its accredited registrars make the WHOIS database of personal information for com, net and org available for bulk downloads by third parties who have entered into a bulk access agreement with Netregistry.
We may use your information to measure your experiences of our products/services/website, improve or develop our products/services/website, perform research and analysis, and contact you for marketing purposes (including but not limited to new products, services, promotions, give-aways, via email, telephone and SMS). If you do not wish to receive any marketing communications from Netregistry, you may opt-out and stop the delivery of future promotional material from Netregistry by following the special instructions in the email you receive or manage your communication preferences. These instructions will tell you how to remove your name from our promotional list.
We may monitor telephone conversations with you in order to facilitate staff training and to maintain our high levels of customer service. We will always inform you prior to any telephone conversation which is monitored in this way to obtain your prior approval.
Where you purchase a digital certificate through us, we are required by the provider of those certificates to collect personal information from you to pass back to that provider (other than your payment details, which we hold internally).
Disclosure of your information to third parties
Netregistry is part of a wider group of companies which has offices in Melbourne, Sydney and Brisbane, as well as international subsidiary company offices operating in New Zealand and the USA. Any information which you supply to Netregistry or any of its related corporations will be shared within the internal company group to facilitate our provision of products and services to you. Each of our international subsidiary companies is committed to protecting your personal information.
We may supply your personal information to third parties to perform services on our behalf, such as:
- market research and distribution of marketing information to you (except where you have chosen to opt-out of receiving this information from us);
- the supply of web hosting, website design, SEO and other services;
- call centre sales and support services (provider in the Philippines).
Our relationships with such third party service providers are governed by our contracts with them. Those service contracts contain privacy and confidentiality provisions which are consistent with the Australian Privacy Law obligations.
Accuracy / Access
You may access and update the personal information we provide to the registries in respect of your domain name licence at any time. The procedure to do this is explained in this support article.
If you believe that Netregistry may hold other personal information about you that is inaccurate, or you wish to change or update any of the personal information you have provided, please email our Privacy Officer at firstname.lastname@example.org.
The transfer of information across any media may involve a certain degree of risk, and the Internet is no different. However, helping you to keep your information secure is very important to Netregistry.
At Netregistry we treat your data with the utmost security and use a range of technologies and policies including firewalls and access controls and restrictions to ensure that your data is secured not only from access and visibility but also from unauthorised alteration or erasure.
You can also use simple precautions to help protect your security, such as protecting against the unauthorised use of your username or password or other authentication ID.
Notifiable Data Breach
From 22 February 2018, a data breach that is likely to result in serious harm to individuals must be reported to those affected and also to the Office of the Australian Information Commissioner (OAIC). A data breach happens when personal information is accessed or released without authorisation, or is lost. Serious harm may include physical, financial, emotional, psychological or reputational harm. We have procedures in place to ensure that a data breach is properly identified, assessed, contained and reported if necessary.