About Us

Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and award-winning mobile Web services.

Afilias Inc. Privacy Policy

Afilias Inc. Privacy Policy

Last Updated: June 23, 2021

Afilias (together with its subsidiaries and affiliate entities known as “Afilias,” “us” or “we”) recognizes that you, as a user of our website (“Website”) or a Afilias service (“Service”), value your privacy.  This Privacy Policy explains how and why we collect and use the personal information you provide to Afilias.  Personal information includes data such as your name, address, telephone number, email address, and other data collected that could directly, or indirectly, identify you (“Personal Information”). For ease of reference, this Privacy Policy is arranged as follows:

An outline of the material below is:

  1. I.Website Users
  2. II.Domain Name Registration
  3. III.Data Controller Roles
  4. IV.Domains Protected Marks List (“DPML”)
  5. V.General Privacy Conditions – All Users
  6. VI.Exceptions to Disclosure Limitations
  7. VII.Family of Companies
  8. VIII.Information Security
  9. IX.Data Breaches
  10. X.Retention of Data
  11. XI.Note Regarding Sensitive Personal Information
  12. XII.Note Regarding Children (under 18 years of age)
  13. XIII.Data Subject Rights
  14. XIV.Rectification
  15. XV.Deletion / Erasure
  16. XVI.Right to Erase Data
  17. XVII.Data Portability
  18. XVIII.For European Union, Swiss & United Kingdom Citizens
  19. XIX.Privacy Shield Frameworks
  20. XX.Information for California Residents
  21. XXI.Information for Residents of Australia
  22. XXII.Changes and Updates to this Privacy Policy
  23. XXIII.Contact Us

Each section details important information regarding the use and disclosure of your Personal Information in conjunction with the Service you have chosen to use, as well as options we make available to you to; update, access, or otherwise take control of the Personal Information you provide to Afilias. If, at any time, you have any questions about this Privacy Policy, or you wish to discuss your rights as described herein, please reach out to us at  (privacy@afilias.info) .  Our dedicated team will be happy to provide you with support.

  1. I. WEBSITE USERS

    1. INFORMATION WE COLLECT.
      1. User Provided Information:   We collect relevant and necessary information you provide to Afilias when choosing to participate in various activities on the Website.  Such information may include Personal Information.

      1. Cookies Information:   When you visit the Website we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser.  Afilias may use session cookies.  A session cookie is temporary and disappears after you close your browser.  You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent.  Afilias has a legitimate interest in using such cookies, as some features of the Website may not function properly if the ability to accept cookies is disabled.  Please note that this information applies to the use of cookies by Afilias and does not cover the use of cookies or other tracking technology by any third parties.

        For a list of the cookies we currently use, please visit https://afilias.info/cookies

      1. Log File Information:   When you use the Website, our servers automatically record certain information that your web browser sends whenever you visit any website.  These server logs may include information such as your; web request, Internet Protocol (“IP”) address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, and one or more cookies that may uniquely identify your browser. 

      1. Third-Party Links:  The Website may contain links to other sites.  We are not responsible for the privacy practices of such other sites.  We encourage you to be aware when you leave our Website and to read the privacy statements of every website that collects your personal information.  This Privacy Policy applies only to information collected by us. 

      1. Analytics:  We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.

    1. THE WAYS WE USE INFORMATION.
      1. WEBSITE USERS INFORMATION: If you submit Personal Information to us through the Website, then we may use it to operate, maintain, and provide to you the features and functionality of the Website, including, when applicable, sending you information. Personal Information or other content that you voluntarily disclose online (on discussion boards, in messages and chat areas) may become publicly available and can be collected and used by others, including Afilias, without any additional permission.  We may use your email address to send commercial, marketing, or other messages regarding the Website or our Services without additional consent.  We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.

      1. WEBSITE:  We may disclose Personal Information and/or non-personally-identifiable information if required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or respond to a court order, subpoena, or search warrant.  Afilias reserves the right to disclose Personal Information and/or non-personally-identifiable information that Afilias believes, in good faith, is appropriate or necessary to take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our Website, and to protect the rights, property, or personal safety of Afilias, our users or others.

    1. COOKIES / LOG FILES. We may use both your Personal Information and certain non-personally-identifiable information (such as anonymous user usage data, cookies, IP addresses, browser type, click stream data, etc.) to improve the quality and design of the Website and to create new features, promotions, functionality, and Services by; storing, tracking, and analyzing user preferences and trends.  We may use and disclose to trusted third parties cookies and log file information to: (a) monitor the effectiveness of our marketing campaigns; and (b) monitor aggregate metrics such as total number of visitors, pages viewed, etc.

    1. CHANGES AND UPDATES TO THIS PRIVACY POLICY. Your use of the Website constitutes your agreement to this Privacy Policy and any future revisions.

    1. DATA SUBJECT REQUESTS. Should you, as a Website user, believe the data provided through the Website, and held by us, is inaccurate and requires rectification, Afilias will, when notified, endeavour to make all necessary and timely attempts to update and correct such an identified inaccuracy.

    1. MANAGING COOKIES. Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you, and so we provide links below to popular manufacturers’ instructions on how you can do this. Generally, your browser will offer you the choice to; accept, refuse or delete cookies at all times, or those from providers that website owners use (“third-party cookies”), or those from specific websites.

  1. II. DOMAIN NAME REGISTRATION

    Before registering a domain name in an Afilias operated top-level domain (“TLD”) through your chosen registrar (see our ), you must familiarize yourself with this Privacy Policy and we request that you contact us directly if you have any queries with us prior to proceeding with your registration(s). 

    Any information collected or handled by us as Registry Operator in the fulfilment of our role as registry operator, is provided to us by your chosen Registrar who solely controls the collection of such data. We do not have a direct relationship with the end users of our customers (registrant/service recipients), therefore end users should primarily and ordinarily direct all privacy enquiries, such as any requests to; access, correct, amend or delete personal information, relating to products and services obtained via a registrar, to the sponsoring Registrar prior to escalating to Afilias. We are not responsible for the privacy or security practices of Registrars.

    1. DOMAIN REGISTRATION DATA. Afilias is required to collect data relating to the registration of domain names in our TLDs from our registrar partners (“Registration Data”) as required by each TLD’s Registry Agreement with ICANN to effect the proper registration of your domain name.  Afilias does not collect Registration Data from you, rather it is disclosed to us by your registrar of choice.

    1. REGISTRATION DATA WE COLLECT AND PROCESS:
      1. Domain Name
      2. Nameservers
      3. Registration Data
      4. Registrant Name
      5. Registrant Organization (where applicable)
      6. Registrant Address
      7. Registrant Email
      8. Registrant Fax (where applicable)
      9. Registrant Phone number
      10. Administrative Contact
      11. Administrative Contact Organization (where applicable)
      12. Administrative Contact Address
      13. Administrative Contact Email
      14. Administrative Contact Fax (where applicable)
      15. Administrative Contact Telephone Number
      16. Technical Contact
      17. Technical Contact Organization (where applicable)
      18. Technical Contact Address
      19. Technical Contact Email
      20. Technical Contact Fax (where applicable)
      21. Technical Contact Telephone Number
      22. Billing Contact
      23. Billing Contact Organization (where applicable)
      24. Billing Contact Address
      25. Billing Contact Email
      26. Billing Contact Fax (where applicable)
      27. Billing Contact Telephone Number
    1. PURPOSE / LEGAL BASIS FOR PROCESSING. We use the Registration Data disclosed to us by your registrar for the following purposes:

      1. mitigation of DNS abuse, including but not limited to the investigation and mitigation of reported instances of abuse Afilias considers to be contrary to the terms of its  Acceptable Use Policy ;

      2. centralization of authoritative Registrant Data at the registry level to ensure the ongoing; continuity, security, stability and resiliency of the DNS;

      3. maintained integrity of the current dual failsafe system at the registrar and registry levels;

      4. verification of registrant eligibility, where applicable; and

      5. to update and improve our Services, systems and ability to provide you with a secure and stable Service experience.

    1. OTHER WAYS WE USE YOUR INFORMATION. First and foremost, Afilias uses your Registration Data to carry out the registration and supported functionality of your domain(s) at your registrar’s request.  Additionally, Afilias may use Registrant Data to (i) improve our Services, promotions and functionality, (ii) develop and collect aggregate statistics (ensuring appropriate anonymization) regarding our systems and Services, and (iii) communicate with you regarding your registration or related Services.

  1. III. DATA CONTROLLER ROLES

    Afilias collects and processes your Registrant Data to carry out the registration of your domain, to ensure that your registration functions as expected, and those registrations do not affect the security of our registry.  In order to enter your chosen domain name into our registry system, we are required to process your data in a manner obligated in our contracts with Internet Corporation for Assigned Names and Numbers (“ICANN”).  In this respect, it is our understanding under applicable law that each of our registries acts as a joint data controller of your data, working in conjunction with your registrar and ICANN, as herein described.

    1. REGISTRY. The registry’s joint controllership and our responsibility for your data is limited to only that data and the use of such data, which is necessary for the registration of domains within one of our TLDs.

    1. REGISTRY SERVICE PROVIDER. Where we provide services to third party Registry Service Providers, (‘RSP’), we act in the role as Data Processor. As Data Processor, we ensure that a Data Protection Agreements as appropriate, are in place with the RSP as the Data Controller. We shall process the RSP Personal Data in accordance with the requirements of applicable Data Protection Laws.

    1. REGISTRARS. With specific reference to the registration of a domain name, your registrar is responsible for:

      1. collection of registration data;

      2. providing you notice and an opportunity to review both the registrar’s privacy policy and our Privacy Policy (where we are the relevant registry); and

      3. providing you with adequate information and a means by which you may exercise your individual privacy rights per applicable legislation and requirements, to requests, including but not limited to; data access, deletion, and rectification.

    1. CHOICE OF REGISTRAR. You should only choose a registrar with whom you feel comfortable sharing your information.  To that extent, the choice of registrar is solely a matter for you, as registrant. It is important that you familiarize yourself with and understand the individual and specific privacy policy of your registrar of choice.  If you do not understand such policies, or you have questions regarding any of these policies, you should discuss this with your registrar prior to registration.

    1. ICANN. ICANN is the private-sector body responsible for coordinating the global Internet’s systems of unique identifiers. The mission of ICANN is to coordinate the stable operation of the Internet’s unique identifier systems.  More information about ICANN can be found here: www.icann.org .  ICANN is responsible for identifying and requiring, by contract, both registry operators and registrars to provide to them registration data.  Registrant Data we collect and process is data which ICANN deems necessary to ensure the ongoing security and stability of the DNS.

  1. IV. DOMAINS PROTECTED MARKS LIST (“DPML”)

    1. INFORMATION WE COLLECT FOR DPML. In order to provide the DPML service, Afilias must receive the following information from your registrar:

      • Signed Mark Data File obtained from the Trademark Clearinghouse

      • DPML Block String

      • DPML Block Holder Name

      • DPML Block Holder Address

      • DPML Block Holder Contact Details (email / phone)

      • DPML Block Administrative Contact Name

      • DPML Block Administrative Contact Address

      • DPML Block Administrative Contact Details (email / phone)

      • DPML Block Technical Contact Name

      • DPML Block Technical Contact Address

      • DPML Block Technical Contact Details (email / phone)

    1. THE WAYS WE USE DPML INFORMATION. Afilias uses DPML data you provide to enable a DPML block across our TLDs at your registrar’s request.  Additionally, Afilias may use DPML data provided to: (i) improve our DPML product; (ii) develop and collect aggregate statistics regarding our systems and Services; and (iii) communicate with you regarding your use of our DPML services.

    1. DPML DATA CONTROLLER. For the purposes of our DPML product, Afilias is the data controller.  Our registrar partners, acting as data processors on our behalf, collect information directly from DPML customers.

  1. V. GENERAL PRIVACY CONDITIONS – ALL USERS

    1. DISCLOSURE OF DATA. There are instances where Afilias may have to disclose your Personal Information.  At all times, however, such disclosure will be; necessary, limited and subject to the required safeguards.

    1. WHOIS. All non-Personal Information, as required by our contracts with ICANN, may be made available to the public via an interactive webpage http://whois.afilias.net/ and via a “port 43” WHOIS service.  Afilias also maintains a non-public WHOIS database that contains all Registration Data – including Personal Information – as received from your registrar.  Personal Information contained in the non-public WHOIS database may be disclosed to third parties pursuant to the Exceptions to Disclosure Limitations section below.

    1. THIRD PARTIES PROCESSING DATA ON OUR BEHALF. We ordinarily require that third parties receiving data agree, by way of a written agreement, to process such information in compliance with this Privacy Policy.  Afilias will use reasonable efforts to limit any third party’s use of such information in compliance with applicable data privacy laws.

    1. DATA ESCROW (domain name registrations only). Afilias is required by ICANN to provide a copy of all Registration Data to a secure third party who will hold such data securely in escrow (“Escrow Provider”).  Afilias currently utilizes the services of NCC Group, as its Escrow Provider.  Data held by the Escrow Provider can be used to restore a registry in the event of a catastrophic event, or a failure of the registry’s systems.  In this case, the data may be securely transferred to another registry to ensure the ongoing security and stability of the DNS and to prevent any interruption to the proper functioning of registered domains.

    1. DNS ABUSE MANAGEMENT (domain name registrations only). Afilias uses third-party services to track reports and actions relating to abusive use of our domains and of RSP’s.  Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections.

    1. EMAIL PROVIDER / CLOUD STORAGE. Afilias uses the third-party services of Google Inc.’s G-Suite for both email and associated cloud services.  Your data may be stored on Google’s servers, subject to industry standard encryption and security protections.

    1. CLIENT RELATIONSHIP MANAGEMENT SYSTEM. Afilias uses third-party services to ensure the proper management of our client and customer service queries. Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections.

  1. VI. EXCEPTIONS TO DISCLOSURE LIMITATIONS

    Afilias will always limit its disclosure of your Personal Information to the terms of this Privacy Policy.  There are, however, times where we may disclose information.  Such instances are limited to the following permitted disclosures:

    1. necessary to fulfill a transaction, or provide information you have requested;

    2. in your vital interests or in the vital interests of another person, including events of an emergency that pose a threat to your safety;

    3. required by ICANN;

    4. required by law or necessary to respond to legal process;

    5. in circumstances in which Afilias or its parent company, Donuts Inc., believes that its registry, websites, domain names, or Services are being used in the commission of a crime or any illegal act;

    6. necessary to enforce our Acceptable Use Policy, and to protect the security or integrity of the DNS or our Website;

    7. as necessary to; establish, assert, defend, or protect our rights or property; or

    8. as necessary to meet the requirements of requests lawfully made by public authorities, including requests to meet national security or law enforcement requirements.

  1. VII. FAMILY OF COMPANIES

    Afilias Inc. is part of the Donuts family of companies (the “Family of Companies”). As part of the Family of Companies, we may share information we have about you within the Family of Companies. Such sharing, however, will be strictly limited in use. We will only share information about you to such members of the Family of Companies to facilitate, support and integrate their activities in a manner that is consistent with, and related to, the original stated use of the information, as explained to you upon collection, and to improve the provision of our services to you. The Family of Companies includes the following companies: DTLD Holdings, LLC, DTLD Parent, Inc., Covered TLD, LLC., Domainsite, Inc. Donuts Inc., Dozen Donuts, LLC; Rightside Group, Ltd.; Nametrust, LLC; Rightside Operating Co.; Domain Protection Services, Inc.; Name.com, Inc.; Name.net, Inc.; Name104, Inc.; Name105, Inc.; Name106, Inc.; Name107, Inc.; Name108, Inc.; Name109, Inc.; Name110, Inc.; Name111, Inc.; Name112, Inc.; Name113, Inc.; Name114, Inc.; Name115, Inc.; Name116, Inc.; Name117, Inc.; Name118, Inc.; Name119, Inc.; Name120, Inc.; Binky Moon, LLC; Corn Lake, LLC; Dog Beach, LLC; John Island, LLC; Pixie North, LLC, Baxter Pike, LLC, Baxter Sunset, LLC, Cotton Fields, LLC, Foggy North, LLC, Foggy Sunset, LLC,Little Birch, LLC, Ruby Glen, LLC, Spring Mccook, LLC, Trixy Canyon, LLC, Victor Cross, LLC, Victor Dale, LLC, Afilias Inc., Afilias USA, Inc., Monolith Registry, LLC. The Family of Companies also includes the following non-U.S. based companies: Donuts (HK) Limited; Capable Network Technology (Shanghai) Co., Ltd.; Rightside Domains Europe Limited; Name.com Canada Corp.; Hot Media Inc.; Rightside Canada Inc., Afilias Limited, Afilias Canada Corp., Afilias Resolution Services Ltd., Afilias India Pvt. Ltd., Afilias (Shanghai) Information Technology Co., Ltd., Afilias (Beijing) Information Technology Co. Ltd., Domain Registry Services Ltd., Internet Computer Bureau Ltd., Afilias Australia Pty Ltd., Dot Global Domain Registry Ltd., HOTEL Top-Level-Domain S.a.r.l., Global Website Asia Ltd., and Global Website TLD Asia Ltd.

    The collection and use of customer data by Name.com and its affiliated registrars is governed in accordance with Name.com’s separate privacy policy .

    The collection and use of customer data by Donuts Registries Inc.is governed in accordance with Donuts’ separate  privacy policy

    The collection and use of customer data for those customers located in Australia, it is considered separately to the above for the purpose of data sharing, and we confirm Afilias Australia Pty Ltd is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). For specific information please see section XXI.

  1. VII. INFORMATION SECURITY

    Afilias has physical, electronic, and managerial procedures to help; safeguard, prevent unauthorized access, maintain data security, and correctly use your Personal and non-personal information.  To that extent, we employ security measures that are deemed commensurate to the quality of data held, with due regard to the state of the art and cost of the available security measures, and the risk to the privacy rights of you, as data subject.  We do not, nor can we, guarantee security.  Neither people nor security systems are foolproof, including encryption systems.

  1. IX. DATA BREACHES

    Where a breach occurs, Afilias will, upon discovering such a breach, ensure that our obligations are met under applicable data privacy requirements, and with specific acknowledgement of Articles 33 and 34 of the GDPR and to other relevant legislation, where applicable.

  1. X. RETENTION OF DATA

    Afilias does not retain any Personal Information for longer than is necessary.

    1. CLIENT / ACCOUNT DATA. Data provided to Afilias, or its subsidiaries, in the context of the provision of a product or service (other than domain name registration or DPML), will ordinarily be retained until such a time that such data is deemed no longer necessary to defend against current or possible future litigation. This period depends on limitation periods applicable, however should ordinarily be no longer than six (6) years.

    2. CONTACT IDs. A Contact ID is a file that contains the registration data of a particular registration, or multiple registrations, within our registry system.  This data is retained for the duration of the life of any registrations associated with that Contact ID. Orphaned Contact IDs (Contact IDs that have no registrations associated with them) will be periodically identified and purged within a period of no more than ninety (90) days.

    3. REGISTRANT DATA. Where the registry is investigating or has taken action relating to a specific domain or domains, which have been flagged or confirmed as engaged in abusive behaviors (as per Afilias  Acceptable Use Policy we will ordinarily retain such data until such a time that such data is no longer necessary to defend against current or possible future litigation.  This period depends on limitation periods applicable, however should ordinarily be no longer than six (6) years.

    4. COOKIE DATA. See Section on Website Users.

  1. XI. NOTE REGARDING SENSITIVE PERSONAL INFORMATION

    “Sensitive Personal Information” refers to personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sex life of the individual. Afilias does not ordinarily or knowingly require or collect Sensitive Personal information. As such, we will not knowingly use or disclose such information with third parties without your explicit consent.

  1. XII. NOTE REGARDING CHILDREN (under 18 years of age)

    Please note that we do not knowingly permit or solicit information from individuals under eighteen (18) years of age. In addition, we do not knowingly market our products or services to individuals under eighteen (18) years of age.

  1. XIII. DATA SUBJECT RIGHTS

    ACCESS TO PERSONAL INFORMATION

    Where, by applicable legislation, you have the right to obtain from us a confirmation as to whether or not Personal Information concerning you is processed by us. If there is no applicable legislation, we will review your request. In addition, where such processing is confirmed, and you request it, we will arrange access to the Personal Information along with the following information where applicable:

    1. the categories of Personal Information collected and processed;

    2. the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, in particular recipients in third countries (outside of the European Economic Area (“EEA”), the State of California in the United States of America or international organizations;

    3. the period for which the Personal Information will be stored or, if not possible to be determined, the criteria used to determine that period;

    4. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

    5. the right to lodge a complaint with a supervisory authority where applicable;

    6. where Personal Information was not collected directly from you, any available information as to its source;

    7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and in other relevant legislation, as well as the significance and the envisaged consequences of such processing for the data subject.

    Where your Personal Information is transferred to a third country, you also have the right to be informed of the appropriate safeguards we have put in place pursuant to Article 46 of the GDPR relating to the transfer and other applicable legislation.

    Afilias may provide, where requested, a copy of that data relating to you, which is being processed, subject to the restrictions as noted in Article 23 of the GDPR and per other applicable legislation.

    Where we receive a data subject request where we act as a Data Processor with a RSP, we will forward the request to the Data Controller to be addressed and responded to.

  1. XIV. RECTIFICATION

    All Personal Information held by us is as disclosed to us by the relevant registrar upon registration, and any update to the registrar system of your Registration Data will be automatically reflected in the registry system.  Should you believe we hold incorrect or inaccurate data relating to you, your registration, or related service, please first contact your registrar to update that relevant data.  If you are unable or unwilling to contact the relevant registrar, Afilias will, upon notification of any inaccurate data held, without undue delay and after reasonable verification of the identity and request and with the reasonable co-operation of our joint controllers, make the necessary updates to your data, where appropriate to do so.

    Where we receive a request for rectification of personal data where we act as a Data Processor with a RSP, we will forward the request to the Data Controller to be addressed and responded to.

  1. XV. DELETION / ERASURE

    Where you, as the data subject, wish the erasure of your Personal Information, Afilias will fulfill your request should one of the following grounds apply:

    • the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed (e.g., the provision of our Services);

    • where processing is based solely upon your required consent, and you withdraw this consent on which the processing is based;

    • where you object to the processing, and where there are no overriding legitimate grounds for the processing;

    • where you can demonstrate that the Personal Information has been unlawfully processed;

    • where you provide notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or

    • where Afilias is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR or applicable legislation.

    Where we receive a request for deletion or erasure of personal data where we act as a Data Processor with a RSP, we will forward the request to the Data Controller to be addressed and responded to.

  1. XVI. SUPPLEMENTAL ERASURE

    Where Afilias has publicly disclosed your data and where you have made a valid request to erase your Personal Information, Afilias will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any controllers which are processing that personal data, of your request for erasure, in accordance with applicable legislation.

  1. XVII. DATA PORTABILITY

    Afilias and its subsidiary registries are the sole registry operators for the TLDs for which a Registry Agreement has been signed. As such, in the ordinary course of business, no other registry is permitted or capable of providing the specific TLD and associated services that Afilias provides.  That being stated, registrations within the Afilias registries, and the associated registration data, are in the format as specified by ICANN (compatible with the relevant technical standards as stated in the Internet Engineering Task Force’s (IETF) Request for Comments (RFCs). Should our registry be unable to act as registry operator in any circumstances, the entire registry, including all Personal Information as contained in Registration Data, may be transferred to another registry operator, in accordance with ICANN requirements and oversight, to ensure continuity of the DNS.

    Where we receive a request for data portability of personal data where we act as a Data Processor with a RSP, we will forward the request to the Data Controller to be addressed and responded to.

  1. XVIII. FOR EUROPEAN UNION, SWISS & UNITED KINGDOM CITIZENS

    Transfer of data outside of the European Economic Area (“EEA”): Afilias is a US registered entity, and all our primary servers are located within the USA. Depending on the registrar you choose to use, the use of our Service may involve the transfer of data outside of the EEA.

  1. XIX. PRIVACY SHIELD FRAMEWORKS

    NOTE: Afilias will transfer data in accordance with legal and regulatory requirements, to include the recent judgment of the Court of Justice in the case, Case C-311/18 (Schrems II) and the European Data Protection Board. Afilias as a Data Importer continues to be exceptionally mindful of all data transfers to us from within the EEA and undertakes to ensure that all data provided to us from the EEA is processed with the utmost care and in a manner that is providing equivalent protections to EEA data as is guaranteed under the GDPR  to protect fundamental rights and freedoms. Afilias is not in a position to provide any services without the transfer of data to servers within the USA; therefore, if you are not comfortable or do not agree with this fact, please do not provide any Personal Information data to Afilias by way of your chosen Registrar.

    For clarity relating to requests that Afilias has received from the US Government under FISA or Executive Order 12333, please see our Transparency Report.

    Name.com, as part of Donuts Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. Regardless of the current status of Privacy Shield, Afilias continues to nonetheless comply with its commitments under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Transfers of data are in accordance with an assessment of the transfer safeguards for Personal Information and governed by contracts with registrars which will include Standard Contractual Clauses as required by legal and regulatory requirements and the inclusion of any supplementary measures and safeguards, as required.  

    We have certified that we adhere to the Privacy Shield Principles of; Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern, unless and until alternative legal and regulatory requirements are confirmed by relevant authorities. To learn more about the Privacy Shield program and to view our certification page, please visit https://www.privacyshield.gov/ .

    Note that you continue to have the right to; access, correct, or delete your Personal Information processed by us, in accordance with applicable legislation . For assistance with; accessing, correcting, or deleting your personal data, please contact us at privacy@afilias.info . Please be aware that deleting your Personal Information may result in termination of the services you receive through us.

    In compliance with the Privacy Shield Principles, or its legal and regulatory equivalent, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals, or those persons resident in the United Kingdom, with inquiries or complaints regarding this Policy should first contact our Legal Department at privacy@afilias.info , or by certified mail (return receipt requested) at: Afilias, 10500 NE 8th Street, Suite 750, Bellevue, WA 98004.

    We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles, or its legal and regulatory equivalent, to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus, or an alternative designated body by an authorised body. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. In addition, it is possible, under certain limited conditions, for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission. Note that the US Federal Trade Commission has enforcement authority over our compliance with this Policy.

    The Website is hosted in the United States and is intended for and directed to users in the United States.  If you are accessing the Website from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website, which is governed by U.S. law, this Website Privacy Policy, and our Website Terms of Use, you are transferring your personal information to the United States and you consent to that transfer.

    Where possible and appropriate, Afilias will undertake to sign or append the applicable Standard Contractual Clauses with our vendors to further bolster our commitments to ensuring the security of your data.

  1. XX. INFORMATION FOR CALIFORNIA RESIDENTS

    This section applies only to California residents, and it is your sole responsibility to determine if you are a California resident. This section describes how we collect, use, and share Personal Information of California residents when we act as a “business,” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and your rights with respect to your Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Additionally, this section does not apply to information we collect from you in the course of communicating with you in your capacity as an; employee, controlling owner, director, officer or contractor of an organization (i.e., company, partnership, sole proprietorship, non-profit or government agency) in the context of performing due diligence on, or providing or receiving products or services to or from, that organization. In some cases, we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.

    YOUR CALIFORNIA PRIVACY RIGHTS.

    As a California resident, you have the rights listed below. However, these rights are not absolute and, in certain cases, we may decline your request as permitted by law.

    • Information. You can request the following information about how we have collected and used your Personal Information during the past twelve (12) months from the date of the request:

      • The categories of Personal Information that we have collected.

      • The categories of sources from which we collected the Personal Information.

      • The categories of third parties with whom we share the Personal Information.

      • Where applicable, the categories of Personal Information that we sold or disclosed for a business purpose.

      • Where applicable, the categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

      • Where applicable, the business or commercial purpose for collecting and/or selling Personal Information.

    • Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months which will be provided in a portable user format.

    • Deletion. You can ask us to delete the Personal Information that we have collected from you which will be acted on with regard to the CCPA.

    • Non-discrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.

    HOW TO EXERCISE YOUR RIGHTS

    You may submit requests to exercise your California privacy rights described above as follows:

    PERSONAL INFORMATION THAT WE COLLECT, USE AND DISCLOSE

    Collection, use and disclosure of your Personal Information. For each category of data described above, the following list describes the corresponding statutory categories of Personal Information specified by the CCPA in California Civil Code § 1798.140(o), the sources of that Personal Information (as further described in WEBSITE USERS (COOKIE POLICY) , DOMAIN NAME REGISTRATION & DOMAINS PROTECTED MARKS LIST (“DPML”) SERVICE USERS), the business/commercial purposes for collecting that Personal Information (as further described in WEBSITE USERS (COOKIE POLICY) , DOMAIN NAME REGISTRATION & DOMAINS PROTECTED MARKS LIST (“DPML”) SERVICE USERS), and the categories of third parties to whom we disclose your Personal Information (as further described in WEBSITE USERS (COOKIE POLICY) , DOMAIN NAME REGISTRATION & DOMAINS PROTECTED MARKS LIST (“DPML”) SERVICE USERS). Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.

    • User provided information (such as information you provide to Afilias when choosing to participate in various activities on the Website):

      • CCPA category: identifiers, financial information, online identifiers.

      • Sources: website users.

      • Purposes: operate, maintain, and provide to you the features and functionality of the Website; send commercial, marketing, or other messages regarding the Website or our Services; compliance and protection; understand the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.

      • Categories of third parties to whom we may disclose: advertisers; the Family of Companies; and authorities.

    • Cookies information / Log File Information / Analytics (such as from session cookies, persistent cookies, and information such as web requests, Internet Protocol (“IP”) address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of those requests, user usage data, referring/exit pages, URLs, platform types, number of clicks):

      • CCPA category: online identifiers, internet or network information.

      • Sources: automatic collection, (subject to browser settings).

      • Purposes: operate, maintain, and provide to you the features and functionality of the Website; send commercial, marketing, or other messages; compliance and protection; improve the quality and design of the Website and create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends; monitor the effectiveness of our marketing campaigns; monitor aggregate metrics such as total number of visitors, and pages viewed.

      • Categories of third parties to whom we may disclose: the Family of Companies and authorities.

    • Domain registration data (such as domain name, nameservers, registration data, and the contact information for registrant, administrative contact, technical contact, and billing contact):

      • CCPA category: identifiers; financial information; internet or network information.

      • Sources: registrar.

      • Purposes: register and maintain your domain; improve our Services, promotions and functionality; develop and collect aggregate statistics (ensuring appropriate anonymization) regarding our systems and Services; communicate with you regarding your registration or related Services.

      • Categories of third parties to whom we may disclose: registry, registrar, ICANN and the Family of Companies.

    • DPML (such as the contact information for the DPML Block Holder, administrative contact, and technical contact):

      • CCPA category: identifiers.

      • Sources: website users.

      • Purposes: enable a DPML block across our top-level domain at your registrar’s request; improve our DPML product; develop and collect aggregate statistics regarding our systems and Services; communicate with you regarding your use of our DPML services.

      • Categories of third parties to whom we may disclose: authorities, WHOIS, data escrow, and the Family of Companies.

    We may draw inferences about user preferences and behavior from the information described above when analyzing it and use them to deliver and improve the Services. We may also use and share the information described above as otherwise described in this Privacy Policy. The foregoing describes our practices for the twelve (12) months preceding the “last updated” date at the top of this Privacy Policy.

  1. XXI. INFORMATION FOR RESIDENTS OF AUSTRALIA

    Afilias Australia Pty Ltd is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).

    If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your personal information, please contact our Privacy Team at the details at XXIV below. The team shall review your enquiry and respond within a reasonable period.

    If you are dissatisfied with the handling of your complaint or concern, you may contact the Office of the Australian Information Commissioner:

    Office of the Australian Information Commissioner,
    GPO Box 5218,
    Sydney NSW 2001,
    Telephone: 1300 363 992 Email: enquiries@oaic.gov.au.

  1. XXIII. CHANGES AND UPDATES TO THIS PRIVACY POLICY

    This Privacy Policy may be revised periodically and this will be reflected by the date above.  Please revisit this page to stay aware of any changes.  We only use your Personal Information in the manner described in the Privacy Policy in effect when we received the personal information you provided.

  1. XXIII. CONTACT US

    If you have any questions, concerns or complaints about our Privacy Policy and how it relates to our products and services, you may contact us by email at privacy@afilias.info or by mail to one of the following addresses:

    Afilias
    (LEGAL ADDRESS)
    ATTN: Data Privacy Section, Legal Department
    10500 NE 8th Street
    Suite 750
    Bellevue, WA 98004
    USA

    Or for customers established in the EEA:

    Afilias
    ATTN: Data Privacy Section, Compliance Department
    Ground Floor
    Le Pole House
    Ship Street Great
    Dublin 8
    Ireland

    If you are a resident of the EEA and believe we maintain your personal data subject to the GDPR, you may direct questions or complaints to our lead supervisory authority, the Office of the Data Protection Commissioner, as noted below:

    Office of the Data Protection Commissioner
    Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
    Phone  +353 (0761) 104 800  | LoCall  1890 25 22 31  | Fax +353 57 868 4757 Email  info@dataprotection.ie