Last Updated: April 17th, 2023
An outline of the material below is:
I. Website Users
II. Domain Name Registration
III. Data Controller Roles
IV. Domains Protected Marks List (“DPML”)
V. Relevant Name Search (“RNS”)
VI. General Privacy Conditions – All Users
VII. Exceptions to Disclosure Limitations
VIII. Family of Companies
IX. Information Security
X. Data Breaches
XI. Retention of Data
XII. Note Regarding Sensitive Personal Information
XIII. Note Regarding Children (under 18 years of age)
XIV. Data Subject Rights
XVI. Deletion / Erasure
XVII. Supplemental Erasure
XVIII. Data Portability
XIX. For European Union, Swiss & United Kingdom Citizens
XX. Privacy Shield Frameworks
XXI. Information for California Residents
XXIII. Contact Us
firstname.lastname@example.org. Our dedicated team will be happy to provide you with support.
1. WEBSITE USERS
a. INFORMATION WE COLLECT
b. THE WAYS WE USE INFORMATION
c. COOKIES / LOG FILES
We may use both your Personal Information and certain non-personally-identifiable information (such as anonymous user usage data, cookies, IP addresses, browser type, click stream data, etc.) to improve the quality and design of the Website and to create new features, promotions, functionality, and Services by storing, tracking, and analyzing user preferences and trends. We may use and disclose to trusted third parties cookies and log file information to: (a) monitor the effectiveness of our marketing campaigns; and (b) monitor aggregate metrics such as total number of visitors, pages viewed, etc.
e. DATA SUBJECT REQUESTS
Should you, as a Website user, believe the data provided through the Website, and held by us, is inaccurate and requires rectification, Identity Digital will, when notified, endeavour to make all necessary and timely attempts to update and correct such an identified inaccuracy.
f. MANAGING COOKIES
Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you, and so we provide links below to popular manufacturers’ instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use (“third-party cookies”), or those from specific websites.
2. DOMAIN NAME REGISTRATION
Any information collected or handled by Identity Digital in the fulfilment of our role as registry operator is provided to us by your chosen Registrar who controls the collection of such data. We do not have a direct relationship with the end users of our customers (registrant/service recipients), therefore end users should primarily and ordinarily direct all privacy enquiries, such as any requests to access, correct, amend or delete personal information, relating to products and services obtained via a registrar, to the sponsoring Registrar prior to escalating to Identity Digital. We are not responsible for the privacy or security practices of Registrars.
a. DOMAIN REGISTRATION DATA
Identity Digital is required to collect data relating to the registration of domain names in our TLDs from our registrar partners (“Registration Data”) by each TLD’s Registry Agreement with Internet Corporation for Assigned Names and Numbers (“ICANN”) to effect the proper registration of your domain name. Identity Digital does not collect Registration Data from you, rather it is disclosed to us by your registrar of choice.
b. REGISTRATION DATA WE COLLECT AND PROCESS:
c. PURPOSE / LEGAL BASIS FOR PROCESSING
We use the Registration Data disclosed to us by your registrar for the following purposes:
d. OTHER WAYS WE USE YOUR INFORMATION
First and foremost, Identity Digital uses your Registration Data to carry out the registration and supported functionality of your domain(s) at your registrar’s request. Additionally, Identity Digital may use Registrant Data to (i) improve our Services, promotions and functionality, (ii) develop and collect aggregate statistics (ensuring appropriate anonymization) regarding our systems and Services, and (iii) communicate with you regarding your registration or related Services.
3. DATA CONTROLLER ROLES
Identity Digital collects and processes your Registrant Data to carry out the registration of your domain, to ensure that your registration functions as expected, and that registrations do not affect the security of our registry. In order to enter your chosen domain name into our registry system, we are required to process your data in a manner obligated in our contracts with ICANN. In this respect, it is our understanding under applicable law that each of our TLD registries acts as a joint data controller of your data, working in conjunction with your registrar and ICANN, as herein described.
The registry’s joint controllership and our responsibility for your data is limited to only that data and the use of such data, which is necessary for the registration of domains within one of our TLDs.
With specific reference to the registration of a domain name, your registrar is responsible for:
c. CHOICE OF REGISTRAR
ICANN is the private-sector body responsible for coordinating the global Internet’s systems of unique identifiers. The mission of ICANN is to coordinate the stable operation of the Internet’s unique identifier systems. More information about ICANN can be found here: www.icann.org. ICANN is responsible for identifying and requiring, by contract, both registry operators and registrars to provide to them registration data. Registrant Data we collect and process is data which ICANN deems necessary to ensure the ongoing security and stability of the DNS.
4. DOMAINS PROTECTED MARKS LIST (“DPML”)
a. INFORMATION WE COLLECT FOR DPML
In order to provide the DPML service, Identity Digital must receive the following information from your registrar:
b. THE WAYS WE USE DPML INFORMATION
Identity Digital uses DPML data you provide to enable a DPML block across our TLDs at your registrar’s request. Additionally, Identity Digital may use DPML data provided to: (i) improve our DPML product; (ii) develop and collect aggregate statistics regarding our systems and Services; and (iii) communicate with you regarding your use of our DPML services.
c. DPML DATA CONTROLLER
For the purposes of our DPML product, Identity Digital is the data controller. Our registrar partners, acting as data processors on our behalf, collect information directly from DPML customers.
5. RELEVANT NAME SEARCH (“RNS”)
a. INFORMATION WE COLLECT FOR RNS
In order to provide you with the RNS service, Identity Digital must receive the following information upon signup from you, the Partner:
b. THE WAYS WE USE RNS ACCOUNT INFORMATION
Identity Digital uses RNS Account data you provide to provision the RNS service to you at your request. Additionally, Identity Digital may use the data provided to: (i) improve our RNS product; (ii) develop and collect aggregate statistics regarding our systems and services; and (iii) communicate with you regarding your use of the RNS service, and any associated products and services.
c. DATA CONTROLLER
For the purposes of our RNS account information, Identity Digital is the data controller. For the purposes of the RNS service itself, Identity Digital has designed the system so as not to unnecessarily and knowingly collect Personal Information, except as detailed herein. The RNS service itself does not require any personal data, nor does it knowingly retain any Personal Information. NOTE: The RNS service does retain individual search queries and, as such, given the free form nature of such queries, it is possible, if not probable, that an end-user may submit Personal Information to RNS. Identity Digital does not knowingly process any such data; and where deemed necessary, Partners should provide the prerequisite privacy warnings to their users. Partners who, in the use and presentation of the RNS service, collect additional data not associated with the RNS service, and which may be capable of further identifying an “End User,” such processing is wholly outside of the control of Identity Digital, and Identity Digital will not be responsible for any such additional processing activities.
6. GENERAL PRIVACY CONDITIONS – ALL USERS
a. DISCLOSURE OF DATA
There are instances where Identity Digital may have to disclose your Personal Information. At all times, however, such disclosure will be limited and subject to the required safeguards.
All non-Personal Information, as required by our contracts with ICANN, may be made available to the public via an interactive webpage (http://whois.donuts.co) and via a “port 43” WHOIS service. Identity Digital also maintains a non-public WHOIS database that contains all Registration Data – including Personal Information – as received from your registrar. Personal Information contained in the non-public WHOIS database may be disclosed to third parties pursuant to the Exceptions to Disclosure Limitations section below.
c. THIRD PARTIES PROCESSING DATA ON OUR BEHALF
d. DATA ESCROW (domain name registrations only)
Each TLD registry operated by Identity Digital is required by ICANN to provide a copy of all Registration Data to a secure third party who will hold such data securely in escrow (“Escrow Provider”). Identity Digital currently utilizes the services of Iron Mountain Inc., a US Corporation, with servers in the United States, as its Escrow Provider. Data held by the Escrow Provider can be used to restore a registry in the event of a catastrophic event, or a failure of the registry’s systems. In this case, the data may be securely transferred to another registry to ensure the ongoing security and stability of the DNS and to prevent any interruption to the proper functioning of registered domains.
e. DNS ABUSE MANAGEMENT (domain name registrations only)
Identity Digital uses third-party services to track reports and actions relating to abusive use of our domains. Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections.
f. EMAIL PROVIDER / CLOUD STORAGE
Identity Digital uses the third-party services of Google Inc.’s G-Suite for both email and associated cloud services. Your data may be stored on Google’s servers, subject to industry standard encryption and security protections.
g. CLIENT RELATIONSHIP MANAGEMENT SYSTEM
Identity Digital uses third-party services to ensure the proper management of our client and customer service queries. Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections.
7. EXCEPTIONS TO DISCLOSURE LIMITATIONS
8. FAMILY OF COMPANIES
Each TLD registry we operate is part of the Identity Digital family of companies (the “Family of Companies”). As part of the Family of Companies, we may share information we have about you within the Family of Companies. Such sharing, however, will be strictly limited in use. We will only share information about you to such members of the Family of Companies to facilitate, support and integrate their activities in a manner that is consistent with, and related to, the original stated use of the information, as explained to you upon collection, and to improve the provision of our services to you. The Family of Companies includes the following companies: DTLD Holdings, LLC, DTLD Parent, Inc., Covered TLD, LLC., Domainsite, Inc. Identity Digital Inc., Dozen Donuts, LLC;; Nametrust, LLC; Domain Protection Services, Inc.; Name.com, Inc.; Name.net, Inc.; Name105, Inc.; Name106, Inc.; Name117, Inc.; Binky Moon, LLC; Corn Lake, LLC; Dog Beach, LLC; John Island, LLC; Pixie North, LLC, Baxter Pike, LLC, Baxter Sunset, LLC, Cotton Fields, LLC, Foggy North, LLC, Foggy Sunset, LLC, Little Birch, LLC, Ruby Glen, LLC, Spring Mccook, LLC, Trixy Canyon, LLC, Victor Cross, LLC, Victor Dale, LLC, Afilias Inc.; Afilias USA, Inc.; Monolith Registry, LLC. The Family of Companies also includes the following non-U.S. based companies: Donuts (HK) Limited; Capable Network Technology (Shanghai) Co., Ltd.; Rightside Domains Europe Limited; Name.com Canada Corp.; Rightside Canada Inc., Afilias Limited, Afilias Canada Corp., Afilias Resolution Services Ltd., Afilias India Pvt. Ltd., Afilias (Shanghai) Information Technology Co., Ltd., Afilias (Beijing) Information Technology Co. Ltd., Domain Registry Services Ltd., Internet Computer Bureau Ltd., Identity Digital Australia Pty Ltd., Dot Global Domain Registry Ltd., HOTEL Top-Level-Domain S.a.r.l., Global Website Asia Ltd., and Global Website TLD Asia Ltd.
9. INFORMATION SECURITY
Identity Digital has physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your Personal and non-personal information. To that extent, we employ security measures that are deemed commensurate to the quality of data held, with due regard to the state of the art and cost of the available security measures, and the risk to the privacy rights of you, as data subject. We do not, nor can we, guarantee security. Neither people nor security systems are foolproof, including encryption systems.
10. DATA BREACHES
Where a breach occurs, Identity Digital will, upon discovering such a breach, ensure that our obligations are met under applicable data privacy requirements, and with specific acknowledgement of Articles 33 and 34 of the GDPR and other relevant legislation, where applicable.
11. RETENTION OF DATA
Identity Digital does not retain any Personal Information for longer than is necessary.
a. CLIENT / ACCOUNT DATA
Data provided to Identity Digital in the context of the provision of a product or service (other than domain name registration or DPML), will ordinarily be retained until such a time that such data is deemed no longer necessary to defend against current or possible future suit(s). This period depends on limitation periods applicable, however should ordinarily be no longer than six (6) years.
b. CONTACT IDs
A Contact ID is a file that contains the registration data of a particular registration, or multiple registrations, within our registry system. This data is retained for the duration of the life of any registrations associated with that Contact ID. Orphaned Contact IDs (Contact IDs that have no registrations associated with them) will be periodically identified and purged within a period of no more than ninety (90) days.
c. REGISTRANT DATA
Where the registry is investigating or has taken action relating to a specific domain or domains, which have been flagged or confirmed as engaged in abusive behaviors (as per Identity Digital
Acceptable Use Policy) we will ordinarily retain such data until such a time that such data is no longer necessary to defend against current or possible future suit(s). This period depends on limitation periods applicable, however should ordinarily be no longer than six (6) years.
d. COOKIE DATA
See Section on Website Users.
12. NOTE REGARDING SENSITIVE PERSONAL INFORMATION
“Sensitive Personal Information” refers to personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sex life of the individual. Identity Digital does not ordinarily or knowingly require or collect Sensitive Personal information. As such, we will not knowingly use or disclose such information with third parties without your explicit consent.
13. NOTE REGARDING CHILDREN (under 18 years of age)
Please note that we do not knowingly permit or solicit information from individuals under eighteen (18) years of age. In addition, we do not knowingly market our products or services to individuals under eighteen (18) years of age.
14. DATA SUBJECT RIGHTS
ACCESS TO PERSONAL INFORMATION
Where, by applicable legislation, you have the right to obtain from us a confirmation as to whether or not Personal Information concerning you is processed by us. If there is no applicable legislation, we will review your request. In addition, where such processing is confirmed, and you request it, we will arrange access to the Personal Information along with the following information where applicable:
Where your Personal Information is transferred to a third country, you also have the right to be informed of the appropriate safeguards we have put in place pursuant to Article 46 of the GDPR relating to the transfer and other applicable legislation.
Identity Digital may provide, where requested, a copy of that data relating to you, which is being processed, subject to the restrictions as noted in Article 23 of the GDPR and per other applicable legislation.
All Personal Information held by us is as disclosed to us by the relevant registrar upon registration, and any update to the registrar system of your Registration Data will be automatically reflected in the registry system. Should you believe we hold incorrect or inaccurate data relating to you, your registration, or related service, please first contact your registrar to update that relevant data. If you are unable or unwilling to contact the relevant registrar, Identity Digital will, upon notification of any inaccurate data held, without undue delay and after reasonable verification of the identity and request and with the reasonable co-operation of our joint controllers, make the necessary updates to your data, where appropriate to do so.
16. DELETION / ERASURE
Where you, as the data subject, wish the erasure of your Personal Information, Identity Digital will fulfill your request should one of the following grounds apply:
17. SUPPLEMENTAL ERASURE
Where Identity Digital has publicly disclosed your data and where you have made a valid request to erase your Personal Information, Identity Digital will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any controllers which are processing that personal data, of your request for erasure, in accordance with applicable legislation.
18. DATA PORTABILITY
Identity Digital and its subsidiary registries are the sole registry operators for the TLDs for which a Registry Agreement has been signed. (See https://identity.digital/our-domains/) As such, in the ordinary course of business, no other registry is permitted or capable of providing the specific TLD and associated services that Identity Digital provides. That being stated, registrations within the Identity Digital registries, and the associated registration data, are in the format as specified by ICANN (compatible with the relevant technical standards as stated in the Internet Engineering Task Force’s (IETF) Request for Comments (RFCs)). Should our registry be unable to act as registry operator in any circumstances, the entire registry, including all Personal Information as contained in Registration Data, may be transferred to another registry operator, in accordance with ICANN requirements and oversight, to ensure continuity of the DNS.
19. FOR EUROPEAN UNION, SWISS & UNITED KINGDOM CITIZENS
Transfer of data outside of the European Economic Area (“EEA”): Identity Digital is a US registered entity, and all our primary servers are located within the USA. Depending on the registrar you choose to use, the use of our Service may involve the transfer of data outside of the EEA.
20. PRIVACY SHIELD FRAMEWORKS
NOTE: Identity Digital will transfer data in accordance with legal and regulatory requirements, to include the judgment of the Court of Justice in the case, Case C-311/18 (Schrems II) and the European Data Protection Board. Identity Digital as a Data Importer continues to be exceptionally mindful of all data transfers to us from within the EEA and undertakes to ensure that all data provided to us from the EEA is processed with the utmost care and in a manner that is providing equivalent protections to EEA data as is guaranteed under the GDPR to protect fundamental rights and freedoms. Identity Digital is not in a position to provide any Services without the transfer of data to servers within the USA; therefore, if you are not comfortable or do not agree with this fact, please do not provide any Personal Information data to Identity Digital by way of your chosen Registrar.
In the context of an onward transfer of data, as a Privacy Shield registered organization, we have a responsibility for the processing of personal information received under the Privacy Shield and any subsequent transfers to a third party acting as an agent on our behalf. We shall remain liable under the Privacy Shield Principles if our agent processes such personal information in a manner inconsistent with said Principles, unless the third party acting as an agent on our behalf can prove that it is not responsible for the event giving rise to the alleged damage.
Identity Digital has not, to date, received any requests from the US Government under FISA or Executive Order 12333.
Regardless of the current status of Privacy Shield, Identity Digital continues to nonetheless comply with its commitments under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. Transfers of data are in accordance with an assessment of the transfer safeguards for Personal Information and governed by contracts with registrars which will include Standard Contractual Clauses as required by legal and regulatory requirements and the inclusion of any supplementary measures and safeguards, as required.
We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern, unless and until alternative legal and regulatory requirements are confirmed by relevant authorities. To learn more about the Privacy Shield program and to view our certification page, please visit https://www.privacyshield.gov/.
Note that you continue to have the right to access, correct, or delete your Personal Information processed by us, in accordance with applicable legislation. For assistance with accessing, correcting, or deleting your personal data, please contact us at email@example.com. Please be aware that deleting your Personal Information may result in termination of the Services you receive through us.
In compliance with the Privacy Shield Principles, or its legal and regulatory equivalent, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals, or those persons resident in the United Kingdom, with inquiries or complaints regarding this Policy should first contact our Legal Department at firstname.lastname@example.org, or by certified mail (return receipt requested) at: Identity Digital Inc., Attn: Legal Department, 10500 NE 8th Street, Suite 750, Bellevue, WA 98004.
Identity Digital has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.. In addition, it is possible, under certain limited conditions, for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission. Note that the US Federal Trade Commission has enforcement authority over our compliance with this Policy.
Where possible and appropriate, Identity Digital will undertake to sign or append the applicable Standard Contractual Clauses with our vendors to further bolster our commitments to ensuring the security of your data.
21. INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents, and it is your sole responsibility to determine if you are a California resident. This section describes how we collect, use, and share Personal Information of California residents when we act as a “business,” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and your rights with respect to your Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Additionally, this section does not apply to information we collect from you in the course of communicating with you in your capacity as an employee, controlling owner, director, officer or contractor of an organization (i.e., company, partnership, sole proprietorship, non-profit or government agency) in the context of performing due diligence on, or providing or receiving products or services to or from, that organization. In some cases, we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you have the rights listed below. However, these rights are not absolute and, in certain cases, we may decline your request as permitted by law.
Information. You can request the following information about how we have collected and used your Personal Information during the past twelve (12) months from the date of the request:
Access. You can request a copy of the Personal Information that we have collected about you during the past twelve (12) months which will be provided in a portable user format.
Deletion. You can ask us to delete the Personal Information that we have collected from you which will be acted on with regard to the CCPA.
Non-discrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
HOW TO EXERCISE YOUR RIGHTS
You may submit requests to exercise your California privacy rights described above as follows:
Request to Know – Right to information, access and deletion. You may submit requests to exercise your right to information, access or deletion by:
PERSONAL INFORMATION THAT WE COLLECT, USE AND DISCLOSE
User provided information (such as information you provide to Identity Digital when choosing to participate in various activities on the Website):
Cookies information / Log File Information / Analytics (such as from session cookies, persistent cookies, and information such as web requests, Internet Protocol (“IP”) address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of those requests, user usage data, referring/exit pages, URLs, platform types, number of clicks):
Domain registration data (such as domain name, nameservers, registration data, and the contact information for registrant, administrative contact, technical contact, and billing contact):
DPML (such as the contact information for the DPML Block Holder, administrative contact, and technical contact):
22. CHANGES AND UPDATES TO THIS PRIVACY
23. CONTACT US
email@example.com or by mail to one of the following addresses:
Identity Digital Inc.
ATTN: Data Privacy Section, Legal Department
10500 NE 8th Street
Bellevue, WA 98004
Or for customers established in the EEA:
Identity Digital Inc
ATTN: Data Privacy Section, Legal Department
10 Earlsfort Terrace
Dublin 2, D02 T380
If you are a resident of the EEA and believe we maintain your personal data subject to the GDPR, you may direct questions or complaints to our lead supervisory authority, the Office of the Data Protection Commissioner, as noted below:
Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
+353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757