DDNS Has Created This Privacy Statement In Order To Demonstrate Our Firm Commitment To Protecting Your Privacy.
The following discloses our information gathering and dissemination practices for our web site.
When you visit the DDNS web site, you can expect to be notified of:
- information this site gathers / tracks about you
- which organisation is collecting the information
- what this site does with the information it gathers / tracks
- with whom this site shares the information it gathers / tracks
- what choices are available to you regarding collection, use and distribution of the information
- this site's policy on correcting and updating personally identifiable information
- this site's policy on deleting or deactivating your name from our database systems
- security procedures to protect the loss, misuse or alteration of information under our control
- links to other sites not under our control
We suggest that you practice reasonable discretion with any site when providing site operators / owners with personal information. It should also be noted that whenever you post personal information in publicly accessible places such as chat rooms or message boards, this information becomes available to anyone with access to the Internet. Therefore, we recommend that you refrain from posting any information that you do not want seen in these public areas.
You should feel free to contact any site that requests personal information from you if you have any questions regarding its policies. If you have any questions about this privacy statement, the practices of this site or your dealings with this web site, contact DDNS.
What Information Does DDNS Collect?
At different times, DDNS may collect three types of information about you.
First, we use a feature of your browser called a "cookie" to assign identification to your computer. The cookie automatically identifies your computer - but not you - to our servers every time you visit our site. Cookies, by themselves, cannot be used to find out the identity of any user. Unless you specifically tell us, we will never know who you are, even though we assign your computer a cookie. You can turn the cookie's feature off by using your browser preference options - although you may not be able to utilise some services properly.
Second, we keep track of your IP address to help diagnose problems with our server and to administer our Web site. Your IP address is also used to gather a broad demographic information about you, such as your location and your Internet Service Provider. DDNS may also collect aggregate information on how our users are utilising the site. This might include information regarding traffic patterns through the site and search queries.
Third, at specific times we may ask you to provide us with personal information in order for you to register for a service (e.g. DDNS E-mail, Web Hosting) or to enter a competition. You may choose not to provide us with this information; however, this may limit our ability to provide you with a specific service or offer you personalised content. For example, DDNS Product and / or Service Registration Form requests that you provide contact information (such as an e-mail address) and demographic information (such as post / zip code, your age and income level), as well as information regarding your interests.
You may "opt-out" of receiving mailings from us (see the delete/deactivate section below). Web Hosting registrations require similar contact information, demographic information and, if purchasing a service, credit card details. All transactions are protected through encryption and are never disclosed to a third party not directly involved in the transaction. Users may "opt-out" of receiving future mailings (see the delete/deactivate section below).
What Organisation Is Collecting The Information?
DDNS usually collects the requested information, however, we have chosen select partners in order to provide you with a full-service web site. DDNS partners provide users with services such as secure payment services. In order to use these services, it may be necessary to enter information which then goes to our partner and is not kept by DDNS.
What Does DDNS Do With The Data It Collects?
Whenever DDNS collects data, it is intended to tailor or improve the experience of visitors to our site. From the data collected we can offer content based on the users preferences. We analyse what our users prefer in order to improve DDNS. We may use information from a "cookie" (a feature of your browser used to assign identification to your computer) to control the frequency of individual advertisements to individual computers, as well as to target advertisements to broad demographic segments as collected in other parts of our Web site. For example, if an advertiser wants to target males between the ages of 25-40, we may limit ad presentation to this group. We may also use information about your interests to display banner advertisements.
On occasion, we will send e-mail communications to provide you with information which we think you will find useful, including information about new products and services from DDNS. We might also contact you to see if you are interested in participating in market research regarding DDNS. It is our policy to send e-mail only to customers who give us permission to do so. In every such e-mail, we will also have instructions on how to unsubscribe and avoid receiving any future e-mails from us. Please see our "Opt-Out Policy" section below.
With Whom Does DDNS Share Data?
DDNS will not disclose any of your personal information to a third party without your consent, unless we believe, in good faith, that the law requires it or that the rights or property of DDNS need to be protected.
What Choices Are Available Regarding Collection, Use And Distribution Of The Information (Opt-Out Policy)?
Our site provides you with the opportunity to "opt-out" of receiving communications from us and our partners at the time we ask you for this information. In addition, whenever we contact you via e-mail, we will also have instructions on how to unsubscribe so that you will not receive any future e-mails from us if you so choose.
As previously noted, you may choose to not provide us with any of the information we request, however, this may limit our ability to provide you with a specific service or limit our ability to offer personalised content. For example, DDNS E-mail Registration Form requests your contact information (such as your e-mail address), demographic information (such as your post/zip code, age and income level), as well as information regarding your interests.
Deletion / Deactivation
The following avenues are provided for deletion from DDNS records in order to stop receiving communications and/or to no longer receive our services.
- You can send an email to firstname.lastname@example.org
- You can send mail to the following postal address:
PO Box 887
Procedures Designed To Protect The Loss, Misuse Or Alteration Of Information Under DDNS Control
See AUDA's WHOIS policy here.
DDNS has taken measures to ensure that information is accessible only to the user who has initially entered the information. Only select individuals at DDNS have access to this information. In both situations, the information is accessible only after a password has been entered.
Links To Other Sites
DDNS contains links to other sites not affiliated with DDNS. These sites have their own policies and practices with respect to online privacy, and DDNS cannot be responsible for the privacy practices or the content of these unaffiliated Web sites.
In addition, in certain instances a DDNS advertiser may ask you for personal information. DDNS cannot be held responsible for the privacy practices of its advertisers; however, DDNS encourages our partners and advertisers to adopt privacy policies similar to our own.
European Union - GDPR Addendum
Policy between DDNS and its Customers/Resellers (“Customers” )
"DDNS" and "Customers" are also referred to herein as “Party” and “Parties”.
On 25th of May 2018, it is agreed between the above Parties the following:
1.1. In this Data Processing Addendum, unless the context otherwise requires the following definitions apply:
“Data Controller” has the meaning set out in Article 4(1) of the GDPR.
“Data Subject” means an identified or identifiable natural person who is the subject of Personal Data.
"Data Processing Addendum" means this addendum (including any schedule or annexure to it and any document in agreed form);
“Data Protection Authority” the relevant data protection authority in the territories where the parties to this Agreement are established.
“GDPR” means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and such enabling legislation or other applicable laws Data Protection Act 1998, the Privacy and Electronic Communications EC Regulations and any laws or regulations, ratifying, implementing, adopting, supplementing or replacing the GDPR; and such laws are updated, amended or replaced from time to time.
“Personal Data” has the meaning set out in Article 4(1) of the GDPR and relates only to personal data (whether or not comprised in registration data), or any part of such personal data.
“Processor” and “Processing”” have the meaning set out in Article 4(1) of the GDPR and “Process” shall have a corresponding meaning.
2. Data Processing obligations
2.1. Applicability Both Parties will comply with all applicable requirements of the GDPR in relation to any European Union Data Subject wherever they may reside. This Addendum is in addition to, and does not relieve, remove or replace, a Party’s obligations under the GDPR or all other applicable laws, enactments, regulations, orders, standards and other similar instruments that apply to its personal data processing operations. Note as EU data subjects may reside anywhere in the world DDNS will apply these terms globally
2.2. Purpose and Scope. DDNS under this Agreement provides solutions to allow the Customer to offer directly or to third parties registration, renewal, and transfer of domain names and related services. The Customer acts as the Controller relating to the end user or third party contracts, if applicable but is the Processor in so far as providing any such Personal Data to DDNS which processes the data by recording of the services, transmitting such data as required to the ROs, processing data to data escrow agents and sharing of such data in relation to other third party services. DDNS manages the systems and operations in collection of data, processing to third parties and acting in compliance with its Registrar Accreditation with ICANN, or as the proxy registrant of the ccTLD registrations if applicable. In relation to policy requirements of each of the TLD, SLD or ccTLD these are set by the RO. Any additional processing is governed by the respective RRA and Registry Policy. With regards to WHOIS data, DDNS will implement Privacy Services in its sole discretion. DDNS and Customer may process (disclose) or share personal data to comply with applicable laws, court orders, dispute resolution procedures as applicable, and to avoid any liability.
2.3. DDNS is the Controller in so far as DDNS manages in the performance of the functions of clause 2.2 in relation to Personal Data provided by Customer.
2.4. Fair and Lawful processing Both Parties shall Process the Personal Data only to the extent, and in such a manner, as is necessary, in compliance with all applicable laws and in accordance with the applicable registry and ICANN requirements from time to time and shall not Process the Personal Data for any other purpose without the consent of the Data Subject. Both Parties shall keep a record of any Processing of Personal Data they carry out.
2.5. Accuracy DDNS and Customer shall promptly comply with any request from a Data Subject to amend, transfer or delete their Personal Data subject always to any legitimate interest for retention of data to meet applicable lawful or statutory requirements.
2.6. Security DDNS and Customer shall each implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing Personal Data under this Agreement and to safeguard against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data. It is the responsibility of each Party to ensure that all its staff members are appropriately trained to handle and process Personal Data.
2.7. Data Subject Rights DDNS and Customer shall each implement appropriate technical and organisational measures, insofar as possible, for the fulfillment of their obligations under Chapter 3 (Rights of the Data Subject) of the GDPR.
2.8. Controller and Processor DDNS and Customer each taking into account the nature of processing shall each ensure compliance with Chapter 4 (Controller and Processor) of the GDPR and in particular: Sections 2 (Security of Personal Data) and Section 3 (Data protection impact assessment).
2.9. Accountability DDNS and Customer shall each make available to the each other the information necessary to demonstrate compliance with this Addendum.
2.10. Complaints If either Party, receives any complaint, notice or communication which relates directly or indirectly to the Processing of the Personal Data or to either Party’s compliance with the GDRP and the data protection principles set out therein, it shall immediately notify the other Party and provide the other Party with full cooperation and assistance in relation to any such complaint, notice or communication.
2.11. Breach Response Each Party agrees and undertakes that it shall promptly and in any event within 24 hours of becoming aware of it, notify the other Party of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed under this Agreement that would have a risk of harm to the rights and freedoms of Data Subjects.
2.12. Data Access Limitation DDNS and Customer shall each ensure that access to Personal Data is limited to those of its personnel who need access to the Personal Data to enable each Party to comply with its obligations under this Policy and in any case only to such part of parts of the Personal Data as is strictly necessary for the performance of the employee’s duties. DDNS and Customer shall ensure that those of its personnel handling Personal Data are informed of the confidential nature of the Personal Data and are aware of their obligations under this Policy and the law.
2.13. SARS Request DDNS shall notify the Customer within 72 hours if it receives a request from a Data Subject for access to that person's Personal Data and shall provide the Customer with full cooperation and assistance in relation to any request made by a Data Subject to have access to that person’s Personal Data. This may include referring such Data Subject to the Customer in relation to a domain name registration and directing them to such website(s). DDNS shall not disclose the Personal Data to any Data Subject or other third party other than at the request of the Customer or Data Subject, to comply with law enforcement, to comply with court orders, (or recognized legitimate interest under ICANN consensus policy) or as provided for in this Policy.
2.14. Data Audit Each Party reserves its rights to assess the other Party's arrangements for the processing of Shared Personal Data and to terminate the Agreement where it considers that the other Party is not processing the Shared Personal Data in accordance with this Agreement. In the event such Party wishes to exercise rights of inspection, the Party must produce grounds for such inspection and justification after all other inquiries have been undertaken.
2.15. Third Party Processors The Parties accept that either Party may engage with other third party processors or subcontracts to perform particular services for such parties, in the event of an engagement the Parties must have written agreements that cover all the responsibilities in relation to Personal Data set out herein and in accordance with the GDPR.
2.16. Transfers outside of the European Economic Area. DDNS and Customer agree to not transfer data originating from EEA to third parties outside of the EEA unless it: is necessary in relation to the Purpose at clause 2.2, is with the consent of the Data Subject, complies with the provisions of the GDPR in the form of contractual commitments for safeguarding Personal Data, or Binding Corporate Rules in accordance with Article 44 - 50 of GDPR. In any event the Party shall inform the Data Subject of the likelihood of transfers outside of the EEA in the provision of Services and obtain consent.
2.17. Retention and Deletion. Each Party shall not retain or process Personal Data for longer than is necessary for the purposes in clause 2.2 save that each Party may retain such Personal Data in accordance with statutory retention periods in their respective countries. Each Party agrees to destroy data in accordance with best practices to ensure it is destroyed.
2.18. Resolution of disputes with Data Subjects or the Data Protection Authority. In the event of a dispute or claim brought by a Data Subject(s) or the Data Protection Authority concerning the processing of Personal Data against either or both Parties, the Parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
2.18.1. The Parties agree to respond to any generally available non-binding mediation procedure initiated by a Data Subject or by the Data Protection Authority. If they do participate in the proceedings, the Parties may elect to do so remotely (such as by telephone or other electronic means). The Parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
2.18.2. Each Party shall abide by a decision of a competent court of the Data Discloser's country of establishment or of the Data Protection Authority which is final and against which no further appeal is possible.
2.19. Rights of Third Parties Except as expressly provided in this Addendum, a person who is not a party to this Agreement shall not have any rights under the Contracts (rights of Third Parties) Act 1999 (UK) to enforce any term of this Agreement.
3. Commencement and Termination This Data Processing Policy shall take effect from the date above and shall continue in force until stated otherwise.
4. Prevailing Terms To the extent that the provisions of this Data Processing Addendum conflict with the provisions of this Policy, this Data Processing Addendum shall prevail.
Our Information Security Policy
Discount Domain Name Services Pty Ltd (DDNS) is committed to understanding and effectively managing risks related to Information Security to provide a greater certainty and confidence for our customers, employees, and suppliers and for the communities in which we operate. Finding the right balance between information security and risk and business benefit enhances our business performance and minimises potential future exposures.
IT is the Policy of Discount Domain Name Services Pty Ltd to ensure;
- Information will be protected against unauthorized access.
- Confidentiality of information will be maintained.
- Information will not be disclosed to unauthorized persons through deliberate or careless action.
- Integrity of information through protection from unauthorized modification.
- Availability of information to authorized users when needed.
- Information security training must be completed by all staff.
- All suspected breaches on information security will be reported and investigated.
Any individual dealing with information, no matter what their status (e.g.; employee, contractor or owner etc), must comply with the information security policies and related information security documents published on our intranet. This policy applies to all information, computer and network systems governed, owned by and/or administered. The objective of these policies are to:
- Reduce the opportunity for mistake and misunderstandings to occur when dealing with IT assets both physical and electronic.
- Educate staff to allow them to independently make informed decisions with regards to the secure handling of IT assets and information which we own within the framework of the information security policies.
- Assist in the identification and investigation of fraudulent Information Security related activities and cooperate with relevant legal agencies.
- Defend IT assets and information that we govern, own, manage, maintain or control which are both tangible and intangible and safeguard IT related records and documents that exist in all forms – paper and electronic.
- Comply with the needs of the Regulatory Authorities (internal or external) and relevant legislation.
The goals of information security management are to:
- Have information security controls in the framework of information security policies so as to provide a secure environment for the operation of our various business.
- Identify through appropriate risk assessment, the value of information assets and to understand their vulnerabilities and the threats that may expose them to risk.
- Manage the risks to an acceptable level through the design, implementation and maintenance of appropriate security processes and controls.
- Comply with legislation and industry best practices that apply to our business units.
All personnel have a responsibility to report perceived and actual information relating to information security breaches and or IT incidents to the CEO or to their immediate managers. Management and employees are responsible for embedding information security risk management in our core business activities, functions and processes. Information Security Risk awareness and our tolerance for risk are key considerations in our decision making.