- We are committed to complying with Australian legislation governing privacy of personal information by businesses and to protecting and safeguarding your privacy when you deal with us.
Collection of Information
- Some information provided to us by clients, customers, contractors and other third parties might be considered private or personal. Without these details we would not be able to carry on our business and provide our services to you. We will only collect such personal information if it is necessary for one of our functions or activities.
- We collect personal information in the following situations:
- If you contact us, we may keep a record of that correspondence or call.
- When you establish or access an account or order product.
- When you submit your e-mail address to our web site mailing list.
- When you place an order via our web-site, telephone, or fax, we will collect personal information from you. This information includes your full name, mailing address, contact telephone and fax numbers, and your email address. We will also collect payment details from you such as your credit card number when you order an email or website hosting package, or apply to register, renew, or transfer a domain name. Additional information such as your date of birth, document number (including, but not limited to national ID card number, national ID card country of issue, drivers licence number, passport number, passport country of issue, or birth certificate number) may be requested by the registry in order to comply to the registration terms for the respective ccTLD registry;
- Financial Information collected via our web site is used by us to bill you for products and services. Any financial information that is collected is for the purpose of transaction approval and funds transfer. The financial information we collect from you is kept confidential and held on secure servers in controlled facilities.
Use of information collected and disclosure of personal information to others.
- We may use personal information held about an individual for the primary purpose for which it is collected (eg. provision of our services, including administration of our services, notification to you about changes to our services or to verify that your contact details are up to date, record-keeping following termination of our services to you and technical maintenance). As a Registrar, we are required to pass on your full name, mailing address, telephone and fax numbers, and email address to the relevant registry when you apply to register, renew, or transfer a domain name. This function is required to facilitate registration and to ensure registry records are correct and current. We may also use such information for a purpose related to the primary purpose of collection and where you would reasonably expect that we would use the information in such a way. This information is only disclosed to persons outside our business in the circumstances set out in this policy or as otherwise notified to you at the time of collection of the information.
- In addition we may use or disclose personal information held about you:
- Where you have consented to the use or disclosure;
- Where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
- Where we reasonably suspect that unlawful or non-compliant activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities or the Internet Corporation for Assigned Names and Numbers;
- Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
- Where we reasonably believe that the use or disclosure is reasonably necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, conduct of, proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body;
- Between Instra Corporation Pty Ltd and Domain Directors Pty Ltd, and other companies in the Instra Group, to provide services to you (such as, for example, a consolidated report or company renewal notice).
- Our web site may contain links to third party web sites who may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. We encourage users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information.
Security and storage
- We place a great importance on the security of all information associated with our customers, clients and contractors. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
- Personal information is de-identified or destroyed securely when no longer required by us.
- We retain the information you provide to us including your contact and credit card details to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. This information is held on secure servers in controlled facilities.
- Our website site uses a process called Secure Sockets Layer (SSL) technology. SSL locks all critical information passed from you to us, such as payment information, in an encrypted envelope, making it extremely difficult for this information to be intercepted. The transfer of information across any media may involve a certain degree of risk, and the internet is no exception. As a result, while we take reasonable steps to protect users' personal information, we cannot ensure or warrant the security of any information transmitted to us or from our website.
- You should be careful and responsible whenever you are online. Ultimately, you are solely responsible for keeping your passwords and/or account information secure and should take all reasonable steps to do so.
The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool and Port 43
- Collection of WHOIS Data
- Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the "WHOIS data").
- Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.
- Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is intended to be highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.
- In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.
- Disclosure of WHOIS Data
- The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based and Port 43) for all domain names in the .AU name space open 2LDs.
- In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed in the WHOIS record for all .AU domain names we register.
- It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.
- To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.
- In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service. Registrants who wish to check the creation, renewal or expiry date of their own domain name can do so through their registrar or reseller.
Access to and correction of personal information
- We are committed to maintaining accurate, timely, relevant and appropriate information about our customers, clients and web-site users. For the purposes of receiving timely renewal notices, consumer alerts, and other related correspondence, it is imperative that the contact details we hold for you are always current. If you would like to access or advise us of a change to your personal information, please e-mail your request to firstname.lastname@example.org or call our customer service department on +61 3 9783 1800. We may also contact you from time to time to confirm that your details are still current.
- Inaccurate information will be corrected upon receiving advice to this effect from you. To ensure confidentiality, details of your personal information will be passed on to you only if we are satisfied that the information relates to you.
- If we refuse to provide you with access or correct the personal information held about you by us, then we will provide reasons for such refusal.
Transfer of information overseas
Pursuant to the Australian Privacy Principles we may transfer personal information we have collected about you to someone other than you in a country other than Australia only if such transfer is permitted by the Australian Privacy Principles. For example, your personal information may be transferred to the United States in relation to certain domain names. Generally, your personal information will be transferred to a country relevant to where you register a country code domain name for the purpose of registering and renewing that domain name.
- If, at any time after registering for information or ordering our services, you change your mind about receiving information from us or about the use of information volunteered by you, please send us a request specifying your new choice. In certain circumstances, we may not be able to provide services to you if you request us to cease use of your personal information.
- To opt out of marketing or promotional emails, please either click the unsubscribe link in the footer of the email communication or go to http://www.instra.com/unsubscribe.html to be removed from future communications.
Contacting us and complaints
- Should you wish to read more information on privacy legislation or the Australian Privacy Principles we recommend that you visit the Federal Privacy Commissioner's web-site at www.privacy.gov.au
Instra uses web based technologies tools in order to offer you the most convenient, secure and relevant services. An example of this technology that Instra uses is a cookie.
Cookies are very small text files that your browser stores on your computer when you visit certain websites. Every time you visit a website that has issued a cookie to your computer, your browser sends the data that it has stored in that cookie back to the website's server. Extensive information about how cookies work can be found by searching the web.
You may be able to configure your browser to notify you when you are offered a cookie and decide whether or not to accept it. You may choose not to accept cookies when browsing our websites, however you may be unable to log on to our secure services if you choose not to accept cookies.
Third party partners and analytics
On the Instra public website, the Google Analytics web analytics system is used to measure anonymised site activity in order to understand and optimize user experiences. Further information regarding Google Analytics can be found online at:
It is important to know that the Instra website may provide web links to various other web sites not operated by Instra. Instra is not responsible for the privacy practices of those websites and/or the reliability of the information provided by these third parties.