We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and other applicable laws that protect your privacy. We are committed to complying with these laws, including the Australian Privacy Principles (APPs) which are set out in the Act, and regulate how we must handle your personal information. auDA may rely on the applicable exemptions in the Act.
2. What is personal information?
3. What personal information do we collect and hold?
The types of personal information we may collect about you include:
- Mailing or street address
- Email address
- Telephone number
- Payment details
- Age or birth date
- Profession, occupation or job title
- IP Address
- Any unique alphanumerical identifier issued under Australian law, which is recorded in the database being relied upon by a registrar for that Person (e.g. ABN number for a sole trader, Drivers Licence number).
- Driver’s licence
- Birth certificate of a natural person who is an Australian citizen.
- Australian passport
- Certificate of Australian Citizenship
- Letter of grant of a permanent visa for a permanent Australian visa holder.
- Any additional information relating to you that you provide to us directly through our websites or indirectly through your registration of a domain name licence, or use of our websites or online presence, through our representatives or otherwise.
- Information you provide to us through our Compliance Department or membership surveys.
- Information collected through cookies or tracking technologies (including IP address).
- Any other information collected to become an accredited registrar.
- Any other information collected to receive a reseller ID.
- Any other information collected for an auDA event.
- Any other information collected as part of a submission for Policy change.
- Any other information collected as part of a job application.
- Any other information collected about an employee or contractor, such as tax file numbers, emergency contact details, banking information necessary to pay salary and wages, and medical certificates or health related information.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
4. Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health, racial or criminal record information. auDA only collects sensitive information where it is reasonably necessary for our functions or activities and either:
• the individual has consented, or
• we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect information about whether the directors, officers or relevant staff of a registry operator appointment or registrar accreditation have been convicted of a criminal offence.
5. How auDA Collects Personal Information
We collect your personal information directly from you, unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in various ways including:
- When you complete your Associate Membership application
- When you complete an application to become an accredited registrar
- When you complete an application to receive a reseller ID
- When you apply to attend an auDA event
- When you participate in an auDA submission for policy change
- Through your access and use of our website
- Written communications
- During conversations between you and our representatives
- Recordings of auDA public forums
- auDA Foundation grant applications
- Job applications
- New employee onboarding
- Throughout the course of your employment or contact with us.
We may also collect your personal information from third parties and publicly available sources including:
- From third party companies such as credit reporting agencies, law enforcement agencies, other government entities, and contractors or subcontractors acting on our behalf.
- Your employer, where you are nominated as a contact for the entity as part of an application, submission or other communication.
- From the central domain name registry that contains personal information you submitted as part of the registration of a domain name licence through an accredited registrar or one of their resellers.
- From the Australian Securities & Investments Commission (ASIC), the Australian Business Register (ABR), or other government agencies, when investigating and resolving a complaint or enquiry.
We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
7. What happens if we can’t collect your personal information?
Where possible, we will allow you to interact with us anonymously. However, for most of our functions and activities we need to ask your name and contact information to enable us to effectively handle your enquiry, request, or complaint.
If you choose not to provide us with your personal information we may not be able to:
- Provide you with an Associate Membership to auDA.
- Provide you with updated information about auDA and the .au namespace.
- Tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
- Provide you with accreditation as a registrar.
- Assist you in addressing your complaint or general enquiry.
- Provide you with other services that you may request.
8. For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can provide you with services that you request, perform our business activities and functions, and provide the best possible quality of customer service.
We collect, hold and use your personal information for the following purposes:
- To perform our roles and responsibilities for the administration of the .au country code top level domain and management of the Australian domain name system.
- To ensure you are held accountable for the use of domain name licences in compliance with Australian law.
- To review your eligibility to hold a domain name licence.
- To process your auDA Membership information and to keep you informed of auDA Membership governance, news and events.
- To accredit and license registrars.
- To process applications for the auDA Foundation funding and other auDA funding offerings and competitions.
- To conduct policy consultation processes.
- To consider applications for employment or service provision.
- To properly manage our business affairs, consultants and contractors and the employment of our staff.
- To answer enquiries and provide information or advice about existing and new products or services.
- To assess the performance of the auDA website and improve the operation of the auDA website.
- To update our records and keep your contact details up to date.
- To process and respond to any complaint or general enquiry made by you.
- To process and respond to any complaint about your eligibility to hold a domain name licence.
- To collect feedback about our products, services, website, policies and processes, including about our complaints handling processes.
- To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
9. Who do we disclose your information to?
We may disclose your personal information to:
- Contractors or service providers who assist us to provide our products and services including, without limitation, web hosting providers, data and IT systems administrators, couriers, payment processors, data service providers, electronic network administrators, and debt collectors.
- Professional advisors such as accountants, solicitors, business advisors, and consultants.
- Enforcement bodies as defined in section 6 of the Privacy Act 1988 (Cth)
- Any organisation for any authorised purpose with your express consent.
10. Direct marketing materials
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including postal mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by using the unsubscribe link in the footer of our emails or by contacting us at firstname.lastname@example.org.
11. How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us at email@example.com Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Amendment requests should be forwarded to firstname.lastname@example.org
12. What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact our Privacy Officer at email@example.com and provide details of the concern or incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer at firstname.lastname@example.org. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
If we are unable to satisfactorily resolve your concerns, you can contact the Office of the Australian Information Commissioner (OAIC) via their website: https://www.oaic.gov.au.
13. Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related third-party service providers located overseas.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Australian privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- Our DNS name server data hosting facilities which may be located outside of Australia.
- Application software and technology service providers which may be located in the USA.
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form.
When we no longer need your information for a disclosed purpose, we will either destroy or deidentify the personal information, so that the information can no longer be used to identify you.
To comply with the Fair Work Act 2009 (Cth), we will continue to keep employment records, including employee details, pay, leave and hours of work, for a period of 7 years.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We maintain a plan and procedures for responding to actual or suspected data security breaches involving personal information in accordance with applicable requirements under the Act.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
16. Contacting us
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact our Privacy Officer at:
Privacy Officer, auDA
Post: Level 17, 1 Collins Street, Melbourne 3000 Victoria
Tel: 03 8341 4111