We like privacy, and we especially like privacy policies that don't require lawyers to comprehend. This one was updated on May 23, 2018.
Who we are and our core purposes
This privacy statement is about the practices of ideegeo Group Ltd, trading as “iwantmyname”. We are the data controller, which means that we determine the purposes for, and ways in which, we collect and use personal information. We also use third party data processors, and share your information with other data controllers. More about this below.
We have two core purposes for collecting and processing your personal information:
- Create a simple, transparent experience for domain seekers to make it easy to find, register, and set up domains
- Comply with our obligations to assist domain industry regulatory bodies to keep the domain ecosystem transparent
We measure all our privacy practices against these purposes. If we find that we’re collecting or processing more personal information than required to meet these purposes, we’ll stop doing so.
Our lawful grounds for collecting and processing your information
We need to collect and process personal information about you to meet our contractual obligations to you as a domain host. We also need to process some information to meet our legitimate interests, including making sure we’re providing the best products and services we can and complying with domain industry regulatory obligations. We rely on your consent to make some of your personal information public on the WHOIS database.
The personal information we collect about you
We collect information from you directly when you register a domain with us or contact us. We may also generate information about you when we’re delivering services, for example when we build customer profiles to enable more effective communication. In all cases, we’ll only ever collect or generate the minimum amount of personal information necessary to meet our purposes.
We collect the following information about you:
- full name
- physical address
- phone number
- email address
- IP address
- cookies (see below)
- payment information, including credit card details
- identity verification documents
- emails or other correspondence relating to the services you receive from us
- internal notes about the services you receive from us
How we use your personal information
To meet our core purposes – making it easy to register and manage domains and complying with our regulatory obligations – we need to use your personal information to:
- identify you
- associate your domain name with your computer
- manage and deliver any products or services you request from us
- personalise your experience, for example, by ensuring that you are invoiced in the right currency
- contact you if required for the purposes of managing your account
- keep your account secure
- investigate and resolve any queries or concerns you raise with us
- detect and prevent fraudulent activity
- continuously improve our products and services
- comply with our contractual obligations to domain registries and registrars we resell for
- permit others operating or using the Internet to easily contact you to resolve any issue with your domain name
- comply with our legal and regulatory obligations and any lawful requests from government agencies or regulators
To make sure we can get the job done well, we use software solutions to automate some services or processes. We use Google Analytics to monitor and report on the use of our website. We use Sift Science to identify and prevent fraud, by catching fraud attacks and nuisance transactions from credit card testers. We also outsource the management of abandoned shopping carts.
If you have any concerns about our use of these automated processing tools, you can object by following the process set out here.
Who we share your personal information with
To do the things we’ve set out above, we may need to share your information with trusted third parties.
Sharing to deliver services and manage our business
As part of our delivery of products and services you have requested, or in order to meet our legitimate business interests, we may share your personal information with:
- our trusted information service providers, including cloud storage providers (which may be located in NZ or overseas)
- our trusted providers of other services, including analytical, research or fraud prevention services, where these services require the processing of personal information (which may be located in NZ or overseas)
- our data escrow agent (an agency that retains a backup of your registration data to ensure that your domain registration can continue in the event that we can no longer host or manage it)
- government agencies, regulators, or law enforcement agencies, where required or permitted by law
Sharing to meet our regulatory obligations
We are also required to:
- share your personal information with domain industry regulators to assist them to keep the domain ecosystem transparent
- make sure that the registrars and registries which manage particular domains have a record of domain registrants
- facilitate the maintenance of the public WHOIS database, which provides Internet users with information about domain name holders
We have no choice about sharing information with the registrars and registries we resell for. However, this does not mean your information will always be made public on the WHOIS database. In fact, we’ve decide to automatically opt our users out of the public WHOIS scheme, where this feature is available for the domain you’ve chosen. For more information about WHOIS privacy, click here.
.nz domain licenses
We’re an accredited registrar for the .nz domain, which means we can issue .nz domain licenses directly to our customers. In this case, we may share your personal information with the:
- registry for the .nz domain, Internet NZ
- agency that regulates the .nz domain, Domain Name Commission Ltd
- public via the WHOIS database (where you have opted into this)
All other domain licenses
We also sell domain licenses on behalf of other registries and registrars, including our partner registrar Hexonet. This includes generic domains, such as .com, and some country domains, such as .de. In these cases, we may share your personal information with:
- Hexonet, our partner registrar
- any other registrars which issue domain licenses for domains we resell
- the registries which create the domain extensions for the licenses we resell (sometimes the registrars will share this data, not us)
- the agency that regulates generic domains, Internet Corporation for Assigned Names and Numbers (“ICANN”)
- the public via the WHOIS database (where you have opted into this)
Where we store your personal information and how we keep it safe
Storage and location
We’re a global company, and we use third party service providers to store our data and provide us with services. We also need to share personal information with registries, registrars, and regulators all over the world. This means that we may transfer personal information, or access it from, countries other than the country where you live.
We recognise that we’re accountable for your personal information wherever it is in the world. Where we can, we will send personal information only to countries that have adequate privacy laws in place (such as NZ, Australia, or the EU). However, where we cannot do this, we take reasonable steps to ensure that any third party service providers we use can meet our privacy and security expectations.
We retain personal information only for as long as we have a lawful purpose to use it. Generally, this is the duration of your registration plus a further two years to ensure that any disputes or queries about that registration can be managed. We retain identity documents for only two weeks.
Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations very seriously, and have a security action plan in place to make sure our data protection policies, processes, and controls are continuously improved.
We also back up your personal information with our data escrow agent so that your domain registration can continue in the event that we can no longer host or manage it. This is an important part of maintaining a stable domain ecosystem.
Exercising your privacy rights
You have some important privacy rights and we’re committed to making sure you can exercise them easily. This is part of our focus on being ethical, simple, and good to your data. To exercise any of the rights set out below, or to make a complaint, or ask a question about your information, please contact us by:
- using our web contact form
- emailing us at firstname.lastname@example.org
- or writing to us at ideegeo Group Ltd, c/o iwantmyname, PO BOX 11671, Wellington 6142, NZ.
We may need to verify your identity or authority before responding to your request. Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible, and no later than 20 working days (one calendar month) after we receive it.
Getting a copy of your info
You have the right to request a copy of your personal information. We’ll be as open as we can with you, but sometimes we may need to withhold personal information, for example, where the information is legally privileged, commercially sensitive, or includes personal information about other people. If we need to withhold information, we’ll tell you why.
Correcting or deleting your info
If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate interests, you can ask us to delete it.
If we can’t correct or delete your information (for example, where we don’t agree that it’s wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.
Managing how we use your info
Where we’re processing your personal information on the basis of consent, you can revoke your consent at any time (see below in relation to WHOIS privacy). Where we’re processing your personal information on the basis of our legitimate interests (such as improving our products and services), including automated processing, you can object to this. If you believe we’re using your personal information in ways that are unlawful, or if we’re continuing to use information that you think is inaccurate, you can ask us to restrict this processing.
Many domain registrars offer a WHOIS privacy service, which replaces your personal information with the contact information of the domain registrar. With WHOIS privacy enabled, you are still the legal owner (registrant) of any domain name, and have full control should you wish to update the registrant details, change the owner, or transfer it to another registrar; your information is just hidden on public WHOIS databases.
WHOIS privacy is a free service for iwantmyname customers, and is automatically added to all new domains using the extensions listed here. Domains registered before February 2017 do not have WHOIS privacy on by default, but you can turn it on from your domain's WHOIS update page under Domains > yourdomain.com > Domain owner > enable privacy.
If you currently have our old WHOIS privacy service in place, you can update to the new full masking service by clicking disable privacy in your dashboard to remove the old service, letting the page refresh, then clicking enable privacy to add the new WHOIS privacy service.
Making a complaint
If you have any concerns about the way we’ve collected or processed your personal information, let us know. You might simply want to understand why we’ve used or shared your information in a certain way. We want you to tell us about your concerns so we can resolve them for you and also learn from them.
If we can’t resolve your concerns, you can also make a complaint to your local data protection authority. You can contact the Office of the NZ Privacy Commissioner by:
- completing an online complaint form at www.privacy.co.nz
- or writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143, NZ
If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection authority. You can ask us for help to determine which authority is the right one to contact.