CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31, 2012. https://www.centralnic.



Similar documents
14. Privacy Policies Introduction

.rest Registration and Launch Policies

Guidance for Preparing Domain Name Orders, Seizures & Takedowns

.bar Registration and Launch Policies

1 Processing of personal data Information collected for use WHOIS search function Introduction Purpose...

Service Schedule for Business Lite powered by Microsoft Office 365

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

DNSSEC Policy Statement Version Introduction Overview Document Name and Identification Community and Applicability

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Information security due diligence

Specifications for Registrars' Interaction with Flexireg Domain Registration System

Acceptable Use Policy

Service Schedule for BT Business Lite Web Hosting and Business Lite powered by Microsoft Office 365

Bodywhys Privacy Policy

Brobuild Terms & Conditions

DOMAIN NAME TERMS. Jonathan Neale

Policy Overview and Definitions

Registrar Ramp Up Process. Prepared by Afilias

Domain Name Suspension Request

ACCEPTABLE USE AND TAKEDOWN POLICY

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Domain Name Registration Agreement (081310)

Acceptable Use (Anti-Abuse) Policy

DATA PROTECTION POLICY

Office 365 Data Processing Agreement with Model Clauses

ENOM, INC. REGISTRATION AGREEMENT

EPP Status Codes: What do they mean, and why should I know?

Data Protection Act Guidance on the use of cloud computing

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

1.3 By requesting us to register or manage a domain names or names on your behalf, you agree to:

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

The potential legal consequences of a personal data breach

1. The following terms and conditions apply to the domain registration Service: 1. You acknowledge and recognize that the domain name system and the

ESTRO PRIVACY AND DATA SECURITY NOTICE

DATA PROTECTION POLICY

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

PRIVACY POLICY. What Information Is Collected

Privacy Policy Draft

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314

If you have any questions about any of our policies, please contact the Customer Services Team.

.ke Domain Name WHOIS Policy .ke Domain Name WHOIS Policy

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION

DK HOSTMASTER S GENERAL CONDITIONS FOR THE ASSIGNMENT, REGISTRATION AND ADMINISTRATION OF.DK DOMAIN NAMES

Security and Data Protection for Online Document Management Software

Procedure Title: TennDent HIPAA Security Awareness and Training

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Secure Frequently Asked Questions

.tirol Anti-Abuse Policy

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Domain Name Registration Agreement

The Anti-Corruption Compliance Platform

AUSTRALIAN COMMUNICATIONS AUTHORITY CALL FOR EXPRESSIONS OF INTEREST FOR A TIER 1 REGISTRY OPERATOR FOR THE AUSTRALIAN TRIAL OF ENUM

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Acceptable Usage Policy

Law Enforcement Recommendations Regarding Amendments to the Registrar Accreditation Agreement

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review

Acceptable Use Policy and Terms of Service

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

PRIVACY POLICY. "Personal Information" comprising:

AASA Online Privacy Policy CRP.020

Specifications for Registrars' Interaction with the Domain Registration System During Landrush and General Registration Periods

Domain Name Expiry Renewal and Deletion

INFORMATION SECURITY MANAGEMENT POLICY

IBX Business Network Platform Information Security Controls Document Classification [Public]

Policies for.design TLD Launch, Registration, and Acceptable Use

Managing internet security

Revelian Pty Ltd ABN Privacy Policy Effective 1 September 2014


SDNP.mw cctld DOMAIN REGISTRATION POLICY Ver 1.2 of 23 July 2015

Data Protection in Ireland

Transcription:

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12 CentralNic Privacy Policy Version 1.0 July 31, 2012 https://www.centralnic.com/ CentralNic Privacy Policy Last Updated: February 6, 2012 Page 1 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 2 of 12 Table Of Contents Introduction Guiding principles Relationship with registrars What information we collect Information we don t collect How information is stored How we use information How information is protected How information is deleted How to get further information or ask a question Version History 3 4 5 5 6 6 7 9 10 11 12 CentralNic Privacy Policy Last Updated: February 6, 2012 Page 2 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 3 of 12 Introduction As a domain name registry operator, CentralNic collects information about our users and customers through a variety of means. This information is stored and used in a number of different ways. This Privacy Policy is intended to outline the information we collect, how it s stored, how it s used and how it s protected. This Policy relates to our domain name registry system only. For information related to our website (www.centralnic.com), please go to: https://www.centralnic.com/support/privacy For information about our other sites and services, please see below: Emailme.com: https://www.emailme.com/privacy www.la: https://www.la/privacy CentralNic Ltd is registered in the UK Data Protection Register with registration number Z1690303. This Privacy Policy is Copyright 2012 CentralNic Ltd. All rights reserved. CentralNic Privacy Policy Last Updated: February 6, 2012 Page 3 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 4 of 12 Guiding principles CentralNic is subject to the Data Protection Act 1998 1, a United Kingdom Act of Parliament that defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. It was enacted to bring UK law into line with the European Directive of 1995, which requires EU Member States to protect people's fundamental rights and freedoms, and in particular their right to privacy with respect to the processing of personal data. In practice, it provides a way for individuals to control information about themselves. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles, which have guided the development of this policy: 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under the Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an 1 http://www.legislation.gov.uk/ukpga/1998/29/contents CentralNic Privacy Policy Last Updated: February 6, 2012 Page 4 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 5 of 12 adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Relationship with registrars Like most other domain name registries, almost all domain names registered in our database are registered via accredited third parties called registrars 2. These registrars are agents who register domain names on behalf of their customers, and typically provide additional services (such as web hosting, email, and SSL certificates) in addition. Registrars have broad powers to register, delete, and modify the domain names that are registered for their customers, and use a variety of automated and manual tools to do so. CentralNic has contracts with registrars that require that they ensure that their connection to our registry system is secure, and that all data exchanged between their system and ours is protected. However, CentralNic cannot ensure or guarantee the security of registrars systems. Registrants should contact their registrar if they have any questions or concerns about how the registrar processes, stores and transmits their personal information. What information we collect All domain names registered in our database have to be associated with the following information: Registered Name Holder (or registrant): the legal owner of the domain name. Administrative Contact: the entity authorized by the registrant to interact with the registrar on behalf of the registrant. Technical Contact: the entity authorized by the registrant to maintain the technical operations of the domain name. Sponsoring registrar: The entity authorized by the registrant to register and manage the domain. Name servers: the domain name servers to which the domain must be delegated in order to function. The following information may also be provided: Billing Contact: the entity authorized by the registrant that is responsible for payment of registration and renewal fees to the registrar. 2 https://www.centralnic.com/registrars CentralNic Privacy Policy Last Updated: February 6, 2012 Page 5 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 6 of 12 DNSSEC DS records: digests of the DNSSEC Secure Entry Point (SEP) for the domain name. The Registrant and the Administrative, Technical and Billing Contacts described above include the following information: Contact Name/Role Organisation Street Address City State/Province Post code Country Phone Fax Email The registrar provides this information to us when the domain is registered. Registrars can also amend the above information at any time during the lifetime of the domain registration. At the point of registration, we also store the following information: The creation date of the domain, The expiry date of the domain, Status codes used to lock the domain, prohibit updates, etc., A random authorisation code used for transfers. Information we don t collect Because we do not directly interact with registrants, we do not receive or store any of the following information: The IP address of the registrar s customer, Any credit card information, Any passwords used by the registrant to access the registrar s website. How information is stored Domain name registration information is stored in a central database. This database is hosted in a secure colocation facility and is protected by enterprise- grade firewalls. CentralNic Privacy Policy Last Updated: February 6, 2012 Page 6 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 7 of 12 We take regular backups of the database to ensure continuity of service. All backups are stored in an encrypted format and are transmitted to off- site locations using encrypted communications channels to prevent unauthorized access. How we use information As a domain name registry, we use this information in the following ways: 1. We use the domain name, name servers, and DNSSEC DS records (if any) to publish DNS zone files to facilitate the functioning of the domains. This information can be queried through our public DNS servers. Third parties can also access copies of the zone files after signing an agreement. 2. The Registrant, Administrative, Technical and Billing Contact information is published via our Whois service. The Whois system is a standard service operated by all domain name registries and Regional Internet Registries (RIRs) and is used by third parties to obtain information about registered domain names, and has a variety of uses, including: a. Supporting the security and stability of the Internet by providing contact points for network operators and administrators, including ISPs, and certified computer incident response teams; b. Determining the registration status of domain names; c. Assisting law enforcement authorities in investigations for enforcing national and international laws; d. Assisting in combating abusive uses of information communication technology; e. Facilitating inquiries and subsequent steps to conduct trademark research and to help counter intellectual property infringement; f. Contributing to user confidence in the Internet by helping users identify persons or entities responsible for content and services online; and g. Assisting businesses, other organizations and users in combating fraud, complying with relevant laws and safeguarding the interests of the public. 3. We use the Registrant, Administrative, Technical and Billing Contact information to contact the appropriate entities when dealing with the following issues: a. Non- payment of registration or renewal fees by the registrar 3 3 In most cases, this is not required, however we may send notifications in some circumstances. CentralNic Privacy Policy Last Updated: February 6, 2012 Page 7 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 8 of 12 b. Misdirected SSL certificate requests (see https://www.centralnic.com/support/ssl) c. Complaints of trademark or copyright infringement, malware, fraud or spam (see https://www.centralnic.com/support/abuse) An example of a typical Whois record appears below. Domain ID:CNIC- DO57351 Domain Name:CENTRALNIC.UK.COM Created On:03- Aug- 2000 12:00:42 UTC Last Updated On:16- Jan- 2012 16:26:58 UTC Expiration Date:03- Aug- 2012 23:59:59 UTC Status:OK Registrant ID:H1030205 Registrant Name:Hostmaster, CentralNic Ltd Registrant Street1:35-39 Moorgate Registrant City:London Registrant Postal Code:EC2R 6AR Registrant Country:GB Registrant Phone:+44.8700170900 Registrant FAX:+44.8700170901 Registrant Email:domains@centralnic.com Admin ID:C11480 Admin Name:Domain Administrator Admin Organization:CentralNic Ltd Admin Street1:35-39 Moorgate Admin City:London Admin Postal Code:EC2R 6AR Admin Country:GB Admin Phone:+44.8700170900 Admin FAX:+44.8700170901 Admin Email:domains@centralnic.com Tech ID:C11480 Tech Name:Domain Administrator Tech Organization:CentralNic Ltd Tech Street1:35-39 Moorgate Tech City:London Tech Postal Code:EC2R 6AR Tech Country:GB Tech Phone:+44.8700170900 Tech FAX:+44.8700170901 Tech Email:domains@centralnic.com Billing ID:H1030205 Billing Name:Hostmaster, CentralNic Ltd Billing Street1:35-39 Moorgate Billing City:London Billing Postal Code:EC2R 6AR Billing Country:GB Billing Phone:+44.8700170900 Billing FAX:+44.8700170901 Billing Email:domains@centralnic.com Sponsoring Registrar ID:C11480 Sponsoring Registrar Organization:CentralNic Ltd Sponsoring Registrar Street1:35-39 Moorgate Sponsoring Registrar City:London CentralNic Privacy Policy Last Updated: February 6, 2012 Page 8 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 9 of 12 Sponsoring Registrar Postal Code:EC2R 6AR Sponsoring Registrar Country:GB Sponsoring Registrar Phone:+44.8700170900 Sponsoring Registrar FAX:+44.8700170901 Sponsoring Registrar Website:http://www.centralnic.com/ Name Server:NS.CENTRALNIC.UK.COM DNSSEC:Signed DS Key Tag 1:56736 Algorithm 1:7 Digest Type 1:1 Digest 1:6419B7C362DC3904484D519507208AB2CDF62947 DS Key Tag 2:56736 Algorithm 2:7 Digest Type 2:2 Digest 2:BAC5C176500C920C4DF5013DD0A84C3BA4CAAF916C91F017F06B36EF E7788774 How information is protected All interfaces used to collect information (specifically, our EPP and Toolkit systems, the web- based Registrar Console, our website and account manager used by our retail customers) use the Secure Sockets Layer (SSL) to encrypt information as it is transmitted to our system. This is the same technology used to secure e- commerce systems and online banking. All our systems are secured against unauthorised access to prevent unauthorised third parties from accessing data. As described above, the database storing domain name registration data is hosted on a server in a secure colocation facility, protected by a firewall. When copied from this server, the database is always transmitted and stored using strong encryption technology. Our experience of operating a registry since 1995 has demonstrated that the main threat to the information we store comes from abusive use of the Whois service. It is relatively easy for attackers to obtain copies of zone files, or to assemble dictionaries of potentially registered domain names. These can then be used to query the Whois system in bulk to obtain contact information. To mitigate this threat, we operate the following anti- abuse mechanisms: 1. Access to the port- 43 Whois server at whois.centralnic.com is rate- limited, and hosts that send excessive queries to the server are blocked. See https://www.centralnic.com/registrars/whois for further details) 2. Access to the web- based Whois interface is protected by a CAPTCHA to prevent high- volume automated access In addition to the above mechanisms, we also support a Whois Privacy system. This system allows registrars to have contact objects opt- out of display in Whois records for domain names that are associated with that contact. CentralNic Privacy Policy Last Updated: February 6, 2012 Page 9 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 10 of 12 Registrants who wish to use this system should contact their registrar, who may also provide other privacy related services. CentralNic signs DNS zone files using DNSSEC. To prevent an attacker from using a zone walking attack to recover the contents of these zone files, we use NSEC3 to provide authenticated denial of existence. How information is deleted When a domain name is deleted, the contact information normally remains in the database unless the registrar deletes it. CentralNic does not currently delete unused contact information, but we plan to introduce a system whereby unused contact information is deleted once it has remained fallow for a certain period of time. This issue is complicated by the fact that registrars may expect these contacts objects to exist in the future, and deleting them could cause a problem if a customer whose domain was previously deleted registers a new domain. Therefore we are working with our registrars, and with other registry operators to develop best practice in this area. Any person who believes that their contact information is stored in our registry system in an unused contact object, can request its deletion by sending a request by email (see below). CentralNic Privacy Policy Last Updated: February 6, 2012 Page 10 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 11 of 12 How to get further information or ask a question If you have any questions or comments about this policy or you wish to request deletion of unused contact information, please contact us in one of the following ways: By email: info@centralnic.com By telephone: +44 (0)8700 170 900 (during UK office hours) By post: 35-39 Moorgate, London EC2R 6AR, United Kingdom CentralNic Privacy Policy Last Updated: February 6, 2012 Page 11 of 12

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 12 of 12 Version History Version Date Remarks 1.0 July 29 2012 First Publication CentralNic Privacy Policy Last Updated: February 6, 2012 Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information