Published March 2020
We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and other applicable laws that protect your privacy. We are committed to complying with these laws, including the Australian Privacy Principles (APPs) which are set out in the Act, and regulate how we must handle your personal information.
What is personal information?
What personal information do we collect and hold?
The types of personal information we may collect about you include:
- mailing or street address;
- email address;
- telephone number;
- payment details;
- age or birth date;
- profession, occupation or job title;
- IP Address;
- Any unique alphanumerical identifier issued under Australian law, which is recorded in the database being relied upon by a registrar for that Person (e.g. ABN number for a sole trader, Drivers Licence number);
- Drivers licence;
- Birth certificate of a natural person who is an Australian citizen;
- Australian passport;
- Certificate of Australian Citizenship;
- Letter of grant of a permanent visa for a permanent Australian visa holder;
- any additional information relating to you that you provide to us directly through our websites or indirectly through your registration of a domain name licence, or use of our websites or online presence, through our representatives or otherwise;
- information you provide to us through our Compliance Department or membership surveys;
- information collected through cookies or tracking technologies (including IP address);
- any other information collected to become an accredited registrar;
- any other information collected to receive a reseller ID;
- any other information collected for an auDA event;
- any other information collected as part of a submission for Policy change;
- any other information collected as part of a job application; and
- any other information collected for a new employee.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health, racial or criminal record information. auDA only collects sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect information about whether the directors, officers or relevant staff of a registry operator appointment or registrar accreditation have been convicted of a criminal offence.
How auDA Collects Personal Information
We collect your personal information directly from you, unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in various ways including:
- when you complete your Associate Membership application;
- when you complete an application to become an accredited registrar;
- when you complete an application to receive a reseller ID;
- when you apply to attend an auDA event;
- when you participate in an auDA submission for policy change;
- through your access and use of our website;
- written communications;
- during conversations between you and our representatives;
- recordings of auDA public forums;
- auDA Foundation grant applications;
- job applications; and
- new employee onboarding.
We may also collect personal information from third parties including:
- from third party companies such as credit reporting agencies, law enforcement agencies, other government entities, and contractors or subcontractors acting on our behalf;
- your employer, where you are nominated as a contact for the entity as part of an application, submission or other communication; and
- from the central domain name registry that contains personal information you submitted as part of the registration of a domain name licence through an accredited registrar or one of their resellers.
We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide you with an Associate Membership to auDA;
- we may not be able to provide you with updated information about auDA and the .au namespace;
- we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful;
- we may not provide you with accreditation as a registrar;
- we may not be able to assist you in addressing your complaint or general enquiry; and
- we may not be able to provide you with other services that you may request.
For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can provide you with services that you request, perform our business activities and functions and provide the best possible quality of customer service.
We collect, hold and use your personal information for the following purposes:
- to perform our roles and responsibilities for the administration of the .au country code top level domain and management of the Australian domain name system;
- to ensure you are held accountable for the use of domain name licences in compliance with Australian law;
- to review your eligibility to hold a domain name licence;
- to keep you informed of auDA Membership related news and events;
- to accredit and license registrars;
- to process applications for the auDA Foundation;
- to conduct policy consultation processes;
- to consider applications for employment;
- to answer enquiries and provide information or advice about existing and new products or services;
- to assess the performance of the auDA website and improve the operation of the auDA website;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint or general enquiry made by you;
- to process and respond to any complaint about your eligibility to hold a domain name licence;
- to collect feedback about our products, services, website, policies and processes, including about our complaints handling processes; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
To whom may we disclose your information?
We may disclose your personal information to:
- our employees, contractors or service providers for the purposes of operation of our website or our business, to fulfil requests by you and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, law enforcement agency and consultants; and
- any organisation for any authorised purpose with your express consent.
Direct marketing materials
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us at firstname.lastname@example.org
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us at email@example.com Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Amendment requests should be forwarded to firstname.lastname@example.org
What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact our Privacy Officer at email@example.com and provide details of the concern or incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer at firstname.lastname@example.org. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view
Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related third-party service providers located overseas.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- our DNS name server data hosting facilities and other IT service providers which may be located outside of Australia; and
- to other third parties which may be located outside of Australia .
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We maintain a plan and procedures for responding to actual or suspected data security breaches involving personal information in accordance with applicable requirements under the Act.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact our Privacy Officer at:
Privacy Officer, auDA
Post: Level 17, 1 Collins Street, Melbourne 3000 Victoria
Tel: 03 8341 4111