- Website User
- Domain Name Registrant or Domains Protected Marks List User
- General Privacy Conditions – All Users
Each section details important information regarding the use and disclosure of your Personal Information in conjunction with the Service you have chosen to use, as well as options we make available to you to update, access, or otherwise take control of the Personal Information you provide to Donuts.
INFORMATION WE COLLECT
User Provided Information: We collect information you provide to Donuts when choosing to participate in various activities on the Website. Such information may include Personal Information.
|Cookie Name||Expiration Time||Description|
|_ga||12 months from last visit||Used to distinguish visitors to site|
|_gat||10 minutes||Used to throttle request rate|
|_utmt||10 minutes||Used to throttle request rate|
|_ _utma||12 months from last visit||Used to distinguish visitors and pages visited. Records a unique ID, the date and time of first visit, time of current visit and total number of visits made|
|_ _utmb||30 minutes from last visit||Used to determine new sessions or visits. Stores the number of page views in current visit and start time of visit|
|_ _ utmc||Session cookie||Used to note that the visit has ended when browser is closed|
|_ _utmz||6 months||Records the site you may have linked to our page from. Only records data if you clicked on a link to our site from a different website|
Log File Information: When you use the Website, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, and one or more cookies that may uniquely identify your browser.
Analytics: We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.
THE WAYS WE USE INFORMATION
WEBSITE USERS INFORMATION
If you submit Personal Information to us through the Website, then we may use it to operate, maintain, and provide to you the features and functionality of the Website, including, when applicable, sending you information.
Personal Information or other content that you voluntarily disclose online (on discussion boards, in messages and chat areas) may become publicly available and can be collected and used by others, including Donuts, without any additional permission. We may use your email address to send commercial, marketing, or other messages regarding the Website or our Services without additional consent. We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website. We may disclose Personal Information and/or non-personally-identifiable information if required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or respond to a court order, subpoena, or search warrant. Donuts reserves the right to disclose Personal Information and/or non-personally-identifiable information that Donuts believes, in good faith, is appropriate or necessary to take precautions against liability, to investigate and defend itself against any third party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our Website, to protect the rights, property, or personal safety of Donuts, our users or others, and to protect the rights, property, or personal safety of Donuts, our users or others.
COOKIES / LOG FILES
We may use both your Personal Information and certain non-personally-identifiable information (such as anonymous user usage data, cookies, IP addresses, browser type, click stream data, etc.) to improve the quality and design of the Website and to create new features, promotions, functionality, and Services by storing, tracking, and analyzing user preferences and trends. We may use and disclose to trusted third parties cookies and log file information to: (a) monitor the effectiveness of our marketing campaigns; and (b) monitor aggregate metrics such as total number of visitors, pages viewed, etc.
DATA SUBJECT REQUESTS
Should you, as a Website user, believe the data provided through the Website, and held by us, is inaccurate and requires rectification, Donuts shall, when notified, make all necessary and timely attempts to update and correct such an identified inaccuracy.
Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you and so we provide links below to popular manufacturers’ instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use (“third party cookies”), or those from specific websites.
DOMAIN NAME REGISTRATION & DOMAINS PROTECTED MARKS LIST (“DPML”) SERVICE USERS
DOMAIN REGISTRATION DATA
Donuts is required to collect data relating to the registration of domain names in our TLDs from our registrar partners (“Registration Data”) as required by each TLD’s Registry Agreement with ICANN to effect the proper registration of your domain name. Donuts does not collect Registration Data from you, rather it is disclosed to us by your registrar of choice.
REGISTRATION DATA WE COLLECT AND PROCESS
- Domain Name
- Registration Data
- Registrant Name
- Registrant Organization (where applicable)
- Registrant Address
- Registrant Email
- Registrant Fax (where applicable)
- Registrant Phone number
- Administrative Contact
- Administrative Contact Organization (where applicable)
- Administrative Contact Address
- Administrative Contact Email
- Administrative Contact Fax (where applicable)
- Administrative Contact Telephone Number
- Technical Contact
- Technical Contact Organization (where applicable)
- Technical Contact Address
- Technical Contact Email
- Technical Contact Fax (where applicable)
- Technical Contact Telephone Number
- Billing Contact
- Billing Contact Organization (where applicable)
- Billing Contact Address
- Billing Contact Email
- Billing Contact Fax (where applicable)
- Billing Contact Telephone Number
PURPOSE / LEGAL BASIS FOR PROCESSING
We use the Registration Data disclosed to us by your registrar for the following purposes:
- mitigation of DNS abuse, including but not limited to the investigation and mitigation of reported instances of abuse Donuts considers to be contrary to the terms of its Acceptable Use Policy;
- centralization of authoritative Registrant Data at the registry level to ensure the ongoing continuity, stability and resiliency of the DNS;
- maintained integrity of the current dual failsafe system at the registrar and registry levels;
- verification of registrant eligibility, where applicable; and
- to update and improve our Services, systems and ability to provide you with a secure and stable Service experience.
OTHER WAYS WE USE YOUR INFORMATION
First and foremost, Donuts uses your Registration Data to carry out the registration and supported functionality of your domain(s) at your registrar’s request. Additionally, Donuts may use Registrant Data to (i) improve our Services, promotions and functionality, (ii) develop and collect aggregate statistics (ensuring appropriate anonymization) regarding our systems and Services, and (iii) communicate with you regarding your registration or related Services.
DATA CONTROLLER ROLES
Donuts collects and processes your Registrant Data to carry out the registration of your domain, to ensure that your registration functions as expected, and that registrations do not affect the security of our registry. In order to enter your chosen domain name into our registry system, we are required to process your data in a manner obligated in our contracts with Internet Corporation for Assigned Names and Numbers (“ICANN”). In this respect, it is our understanding under applicable law that each of our TLD registries acts as a joint data controller of your data, working in conjunction with your registrar and ICANN, as herein described.
The registry’s joint controllership and our responsibility for your data is limited to only that data and the use of such data, which is necessary for the registration of domains within one of our TLDs.
With specific reference to the registration of a domain name, your registrar is responsible for:
- collection of registration data;
- providing you with adequate information and a means by which you may exercise your individual privacy rights, such as data access, deletion, and rectification.
ICANN is the private-sector body responsible for coordinating the global Internet’s systems of unique identifiers. The mission of ICANN is to coordinate the stable operation of the Internet’s unique identifier systems. More information about ICANN can be found here: www.icann.org. ICANN is responsible for identifying and requiring, by contract, both registry operators and registrars to provide to them registration data. Registrant Data we collect and process is data which ICANN deems necessary to ensure the ongoing security and stability of the DNS.
DOMAINS PROTECTED MARKS LIST (“DPML”)
INFORMATION WE COLLECT FOR DPML
In order to provide the DPML service, Donuts must receive the following information from your registrar:
- Signed Mark Data File obtained from the Trademark Clearinghouse
- DPML Block String
- DPML Block Holder Name
- DPML Block Holder Address
- DPML Block Holder Contact Details (email / phone)
- DPML Block Administrative Contact Name
- DPML Block Administrative Contact Address
- DPML Block Administrative Contact Details (email / phone)
- DPML Block Technical Contact Name
- DPML Block Technical Contact Address
- DPML Block Technical Contact Details (email / phone)
THE WAYS WE USE DPML INFORMATION
Donuts uses DPML data you provide to enable a DPML block across our TLDs at your registrar’s request. Additionally, Donuts may use DPML data provided to: (i) improve our DPML product; (ii) develop and collect aggregate statistics regarding our systems and Services; and (iii) communicate with you regarding your use of our DPML services.
DPML DATA CONTROLLER
For the purposes of our DPML product, Donuts is the data controller. Our registrar partners, acting as data processors on our behalf, collect information directly from DMPL customers.
DISCLOSURE OF REGISTRANT DATA AND DPML DATA
There are instances where Donuts may have to disclose your Personal Information. At all times however, such disclosure shall be limited and subject to the required safeguards.
All non-Personal Information, as required by our contracts with ICANN, will be made available to the public via an interactive webpage (http://whois.donuts.co) and via a “port 43” WHOIS service. Donuts also maintains a non-public WHOIS database that contains all Registration Data – including Personal Information – as received from your registrar. Personal Information contained in the non-public WHOIS database may be disclosed to third parties pursuant to the Exceptions to Disclosure Limitations section below.
THIRD PARTIES PROCESSING DATA ON OUR BEHALF
Data Escrow (domain name registrations only)
Each TLD registry operated by Donuts is required by ICANN to provide a copy of all Registration Data to a secure third party who shall hold such data securely in escrow (“Escrow Provider”). Donuts utilizes the services of ‘Iron Mountain Inc.’, a US Corporation, with servers in the United States, as its Escrow Provider. Data held by the Escrow Provider can be used to restore a registry in the event of a catastrophic event, or a failure of the registry’s systems. In this case, the data may be securely transferred to another registry to ensure the ongoing security and stability of the DNS and to prevent any interruption to the proper functioning of registered domains.
DNS Abuse Management (domain name registrations only)
Donuts uses third party services to track reports, and actions relating to abusive use of our domains. Your data may be stored on each of these vendor’s servers, subject to industry standard encryption and security protections.
Email Provider / Cloud Storage
Donuts uses the third party services of Google Inc.’s G-Suite for both email and associated cloud services. Your data may be stored on Google’s servers, subject to industry standard encryption and security protections.
Client Relationship Management System
Donuts uses third party services to ensure the proper management of our client and customer service queries. Your data may be stored on each of these vendor’s servers, however, subject to industry standard encryption and security protections.
EXCEPTIONS TO DISCLOSURE LIMITATIONS
- necessary to fulfill a transaction or provide information you have requested;
- in your vital interests or in the vital interests of another person, including events of an emergency that poses a threat to your safety;
- required by ICANN;
- required by law or necessary to respond to legal process;
- in circumstances in which Donuts believes that its registry, websites, domain names, or Services are being used in the commission of a crime;
- necessary to enforce our Acceptable Use Policy, and to protect the security or integrity of the DNS or our Website;
- as necessary to establish, assert, defend, or protect our rights or property; or
- as necessary to meet the requirements of requests, lawfully made by public authorities, including requests to meet national security or law enforcement requirements.
FAMILY OF COMPANIES
Each TLD registry we operate is part of the Donuts family of companies (the “Family of Companies”). As part of the Family of Companies, we may share information we have about you within the Family of Companies. Such sharing however shall be strictly limited in use. We will only share information about you to such members of the Family of Companies to facilitate, support and integrate their activities in a manner that is consistent with, and related to, the original stated use of the information, as explained to you upon collection, and to improve the provision of our services to you.
The Family of Companies includes the following companies: Dozen Donuts, LLC; Rightside Group, Ltd; Nametrust, LLC; Rightside Operating Co.; Domain Protection Services, Inc. Name.com, Inc.; Name.net, Inc.; Name104, Inc.; Name105, Inc.; Name106, Inc.; Name107, Inc.; Name108, Inc.; Name109, Inc.; Name110, Inc.; Name111, Inc.; Name112, Inc.; Name113, Inc.; Name114, Inc.; Name115, Inc.; Name116, Inc.; Name117; Name118, Inc.; Name119, Inc.; Name120, Inc.; Mobile Name Services Incorporated; Sipence, Incorporated; Vedacore.com, Inc.; Binky Moon, LLC; Corn Lake, LLC; Dog Beach, LLC; John Island, LLC; Pixie North, LLC; Blink Global LLC. The Family of Companies also includes the following non-U.S. based companies: Donuts (HK) Limited; Capable Network Technology (Shanghai) Co., Ltd.; Rightside Domains Europe Limited; Name.com Canada Corp; Hot Media Inc, Acquire This Name, Inc.; and Rightside Canada Inc.
GENERAL PRIVACY CONDITIONS ALL USERS
Donuts has physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your Personal and non‑personal information. To that extent, we employ security measures that are deemed commensurate to the quality of data held, with due regard to the state of the art and cost of the available security measures, and the risk to the privacy rights of you, as data subject. We do not, nor can we, guarantee security. Neither people nor security systems are foolproof, including encryption systems.
Where a breach occurs, Donuts shall, upon discovering such a breach, ensure that our obligations are met under applicable data privacy requirements, and with specific acknowledgement of Articles 33 and 34 of the GDPR, where applicable.
RETENTION OF DATA
Donuts does not retain any Personal Information for longer than is necessary.
A Contact ID is a file that contains the registration data of a particular registration, or multiple registrations, within our registry system. This data is retained for the duration of the life of any registrations associated with that Contact ID.
Orphaned Contact IDs (Contact IDs that have no registrations associated with them) shall be periodically identified and purged within a period of no more than ninety (90) days.
Where the registry is investigating or has taken action relating to a specific domain or domains, which have been flagged or confirmed as engaged in abusive behaviors (as per Donuts Acceptable Use Policy) we will ordinarily retain such data until such a time that such data is no longer necessary to defend against current or possible future suit(s). This period depends on limitation periods applicable, however should ordinarily be no longer than six (6) years.
See Section on Website Users.
NOTE REGARDING SENSITIVE PERSONAL INFORMATION
“Sensitive Personal Information” refers to personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sex life of the individual.
Donuts does not ordinarily or knowingly require or collect Sensitive Personal information. As such shall not use or disclose such information with third parties without your explicit consent.
NOTE REGARDING CHILDREN (under 18 years of age)
Please note that we do not knowingly permit or solicit information from individuals under eighteen (18) years of age. In addition, we do not knowingly market our products or services to individuals under eighteen (18) years of age.
DATA SUBJECT RIGHTS
ACCESS TO PERSONAL INFORMATION
Where applicable, you have the right to obtain from us a confirmation as to whether or not Personal Information concerning you is processed by us. In addition, where such processing is confirmed, and you request it, we will arrange access to the Personal Information along with the following information:
- the categories of Personal Information collected and processed;
- the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, in particular recipients in third countries (outside of the European Economic Area (“EEA”) or international organizations;
- the period for which the Personal Information will be stored, or, if not possible to be determined, the criteria used to determine that period;
- the existence of the right to request from us, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where Personal Information was not collected directly from the you, any available information as to its source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where your Personal Information is transferred to a third country, you also have the right to be informed of the appropriate safeguards we have put in place pursuant to Article 46 of the GDPR relating to the transfer.
Copies of the Data:
Donuts may provide, where requested, a copy of that data, relating to you, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.
All Personal Information held by us, is as disclosed to us by the relevant registrar upon registration and any update to the registrar system of your Registration Data will be automatically reflected in the registry system. Should you believe we hold incorrect or inaccurate data relating to you, your registration, or related service, please first contact your registrar to update that relevant data. If you are unable or unwilling to contact the relevant registrar, Donuts will, upon notification of any inaccurate data held, without undue delay and after reasonable verification of the identity, with the reasonable co-operation of our joint controllers, make the necessary updates to your data, where appropriate to do so.
Where you, as the data subject, wish the erasure of your Personal Information, Donuts will fulfill your request should one of the following grounds apply:
- the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, e.g. the provision of our Services;
- where processing is based solely upon your required consent, and you withdraw this consent on which the processing is based;
- where you object to the processing, and where there are no overriding legitimate grounds for the processing;
- where you can demonstrate that the Personal Information has been unlawfully processed;
- where you provide notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
- where Donuts is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR.
RIGHT TO BE FORGOTTEN
Where Donuts has publicly disclosed your data and where you have made a valid request to erase your Personal Information, Donuts will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any controllers which are processing that personal data, of your request for erasure.
Donuts and its subsidiary registries are the sole registry operators for the TLDs for which a Registry Agreement has been signed. (See https://donuts.domains/great-domains/domain-categories/) As such, in the ordinary course of business, no other registry is permitted or capable of providing the specific TLD and associated services that Donuts provides. That being stated, registrations within the Donuts registries, and the associated registration data, are in the format as specified by ICANN (compatible with the relevant technical standards as stated in the Internet Engineering Task Force’s (IETF) Request for Comments (RFCs).
Should our registry be unable to act as registry operator in any circumstances, the entire registry, including all Personal Information as contained in Registration Data, may be transferred to another registry operator, to ensure continuity of the DNS.
SPECIAL NOTES FOR INTERNATIONAL USERS
FOR EUROPEAN UNION & SWISS CITIZENS
Transfer of data outside of the European Economic Area (“EEA”): Donuts is a US registered
entity, and all our primary servers are located within the USA. Depending on the registrar you
choose to use, the use of our Service may involve the transfer of data outside of the EEA.
PRIVACY SHIELD FRAMEWORKS
We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. We have certified that we adhere to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Note that you have the right to access, correct, delete, and limit the use and disclosure of your Personal Information processed by us. For assistance with accessing, correcting, or deleting your personal data, please contact us at firstname.lastname@example.org. Please be aware that deleting your Personal Information may result in termination of the services you receive through us.
Donuts’ accountability for the personal data that it receives under the Privacy Shield, and subsequently transfers to a third party, is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Donuts proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, We commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Policy should first contact our Legal Department at email@example.com or by certified mail (return receipt requested) at: Donuts Inc., Attn: Legal Department, 10500 NE 8th Street Suite 750 Bellevue, WA 98004 USA.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Note that the US Federal Trade Commission has enforcement authority over our compliance with this Policy.
ATTN: Data Privacy Section, Legal Department
10500 NE 8th Street
Bellevue, WA 98004
Or for customers established in the EEA:
ATTN: Data Privacy Section, Legal Department
15-18 Earlsfort Terrace
Dublin 2, County Dublin
If you are a resident of the EEA and believe we maintain your personal data subject to the General Data Protection Regulation, you may direct questions or complaints to our lead supervisory authority, the Office of the Data Protection Commissioner, as noted below:
Office of the Data Protection Commissioner.
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Phone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757 Email firstname.lastname@example.org
Last Updated: 25 April 2018