- Instra Corporation Pty Ltd is committed to complying with Commonwealth legislation governing privacy of personal information by businesses and to protecting and safeguarding your privacy when you deal with us. Collection of Information.
- Some information provided to us by clients, customers, contractors and other third parties might be considered private or personal. Without these details we would not be able to carry on our business and provide our services to you. We will only collect such personal information if it is necessary for one of our functions or activities.
- Instra Corporation Pty Ltd collects personal information in the following situations:
- If you contact us, we may keep a record of that correspondence.
- When you establish or access an account or order product.
- When you submit your e-mail address to our web site mailing list.
- When you place an order via our web-site, telephone, or fax, we will collect personal information from you. This information includes your full name, mailing address, contact telephone and fax numbers, and your email address. We will also collect payment details from you such as your credit card number when you order an email or website hosting package, or apply to register, renew, or transfer a domain name. Additional information such as your date of birth, document number (including, but not limited to national ID card number, national ID card country of issue, drivers licence number, passport number, passport country of issue, or birth certificate number) may be requested by the registry in order to comply to the registration terms for the respective ccTLD registry.
- Financial Information collected via our web site is used by us to bill you for products and services. Any financial information that is collected is for the purpose of transaction approval and funds transfer. The financial information we collect from you is strictly confidential and held on secure servers in controlled facilities. Use of information collected and disclosure of personal information to others.
- We may use personal information held about an individual for the primary purpose for which it is collected (eg. provision of our services, including administration of our services, notification to you about changes to our services, record-keeping following termination of our services to you and technical maintenance). As a Registrar, Instra Corporation Pty Ltd is required to pass on your full name, mailing address, telephone and fax numbers, and email address to the relevant registry when you apply to register, renew, or transfer a domain name to us. This function is required to facilitate registration and to ensure registry records are correct and current. We may also use such information for a purpose related to the primary purpose of collection and where you would reasonably expect that we would use the information in such a way. This information is only disclosed to persons outside our business in the circumstances set out in this policy or as otherwise notified to you at the time of collection of the information.
- In addition we are permitted to use or disclose personal information held about you:
- Where you have consented to the use or disclosure;
- Where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
- Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
- Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
- Where we reasonably believe that the use or disclosure is reasonably necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, conduct of, proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body.
- Our web site may contain links to third party web sites who may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. Instra Corporation Pty Ltd encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information.
Security and storage
- Instra Corporation Pty Ltd places a great importance on the security of all information associated with our customers, clients and contractors. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
- Personal information is de-identified or destroyed securely when no longer required by us.
- Instra Corporation Pty Ltd retains the information you provide to us including your contact and credit card details to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. This information is held on secure servers in controlled facilities.
- Our website site uses a process called Secure Sockets Layer (SSL) technology. SSL locks all critical information passed from you to us, such as payment information, in an encrypted envelope, making it extremely difficult for this information to be intercepted. The transfer of information across any media may involve a certain degree of risk, and the internet is no exception. As a result, while we take all reasonable steps to protect users' personal information, we cannot ensure or warrant the security of any information transmitted to us or from our website.
- You should be careful and responsible whenever you are online. Ultimately, you are solely responsible for keeping your passwords and/or account information secure and should take all reasonable steps to do so.
The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool and Port 43.
- Collection of WHOIS Data
- Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the "WHOIS data").
- Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.
- Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.
- iv. In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.
- Disclosure of WHOIS Data
- The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based and Port 43) for all domain names in the .AU name space open 2LDs.
- In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed in the WHOIS record for all .AU domain names we register.
- It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.
- To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.
- In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service. Registrants who wish to check the creation, renewal or expiry date of their own domain name can do so through their registrar or reseller.
- Use of WHOIS Data
In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:
- use of WHOIS data to allow, enable or otherwise support the transmission of unsolicited communications to any person, by any means;
- use of WHOIS data to support an automated electronic query process; and
bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).
Access to and correction of personal information
- We are committed to maintaining accurate, timely, relevant and appropriate information about our customers, clients and web-site users. For the purposes of receiving timely renewal notices, consumer alerts, and other related correspondence, it is imperative that the contact details we hold for you are always current. If you would like to access or advise us of a change to your personal information, please e-mail your request to email@example.com or call our customer service department on +61 3 9783 1800.
- Inaccurate information will be corrected upon receiving advice to this effect from you. To ensure confidentiality, details of your personal information will be passed on to you only if we are satisfied that the information relates to you.
- If we refuse to provide you with access or correct the personal information held about you by us, then we will provide reasons for such refusal.
Transfer of information overseas
- Pursuant to the National Privacy Principles we may transfer personal information we have collected about you to someone other than you in a foreign country only if such transfer is permitted by the National Privacy Principles.
- If, at any time after registering for information or ordering our services, you change your mind about receiving information from us or about the use of information volunteered by you, please send us a request specifying your new choice.
- To opt out of marketing or promotional emails, please either click the unsubscribe link in the footer of the email communication or go to http://www.instra.com/unsubscribe.html to be removed from future communications.
- Should you wish to read more information on privacy legislation or the National Privacy Principles we recommend that you visit the Federal Privacy Commissioner's web-site at www.privacy.gov.au.