Skip to main content
Resources

PRIVACY POLICY

Last Updated: 5 March 2021

[Redline from the previous version of our Privacy Policy] [PDF, 201 KB]

The Internet Corporation for Assigned Names and Numbers (ICANN organization) respects the protection and privacy of Personal Information. This policy (Privacy Policy) and the Cookies Policy set out how ICANN organization, which for the purposes of this policy includes its affiliated organization Public Technical Identifiers (PTI) (collectively "we", "us", or "our"), and their managed or sponsored programs, will use and handle electronic information provided by or collected from individuals and what choices individuals have regarding the collection and use of the information. This Privacy Policy applies to all electronic collection and use of Personal Information, including via any mobile version of the websites, mobile applications, electronic mail, and other electronic services that link to this Privacy Policy (collectively, the Platforms). The term "User" or "you" refers to (i) individuals that provide their own Personal Information or Personal Information of others on behalf of such other persons to us and (ii) any organization where a person provides Personal Information of others on behalf of such organization.

By using the Platforms, you (including any entity or person on whose behalf you are acting) agree to the terms of this Privacy Policy, as updated. If you do not agree with the practices described in this Privacy Policy, please do not provide us with Personal Information or interact with the Platforms.

This Privacy Policy supplements, and does not supersede, any other privacy policy or statement from us relating to any of our unique programs.

If you have any questions about this Privacy Policy or our Processing of your Personal Information as the Data Controller, please feel free to contact us at privacy@icann.org.

This Privacy Policy covers the following key topics:

  1. Definitions
  2. Personal Information Collection
  3. Use of Personal Information
  4. Retention
  5. Sharing of Personal Information
  6. International Transfers
  7. Information Security and Integrity
  8. Do Not Track
  9. Exercise of Data Subject Rights
  10. Minors
  11. Revisions to our Privacy Policy
  12. Questions
  1. Definitions

    "Cookies" are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. Please visit our Cookies Policy to learn more about Cookies and certain functions and features on our Platforms.

    "Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.

    "Data Processor" means a natural or legal person, public authority, agency or any other body which Processes Personal Information on behalf of the Data Controller.

    "Non-Identifying Information" means information that may relate to an individual but does not by itself identify that individual. For example, Web Information is Non-Identifying Information, as is information such as gender, age, city, and physical location, when not linked with other Personal Information.

    "Personal Information" means any information relating to an identified or identifiable natural person, as defined under applicable law, such as name, home address, telephone number, picture, video recording, or email address.

    "Platforms" or "Platform" is as defined in our Terms of Service.

  2. Personal Information Collection

    This Privacy Policy applies to the following types of electronic information about Users or use of the Platforms:

    • Personal Information submitted to us: This may be personal contact, identification, and location information, such as name, home or work address, personal or business email address, contact details such as your home, facsimile or mobile phone number, gender, age or date of birth, job title, country of residence, school, affiliation or organization, username, domain name (if personally identifiable), User's photo or image, government issued identification numbers or passport details, or emergency contact details that Users may submit in connection with any of our services or programs, including, for example, public comment submissions, program or service applications, community surveys, email list subscription, general enquiries, event registration, or online meetings. This also includes information provided to us on the Platforms that would constitute personal data under applicable law.

    • Personal Information received from a third party: This may include Personal Information such as name and address for identity verification or to Process a request or an application submitted to us.

    • Financial information: This may include financial account information or financial transaction information when participating in any of our services or programs where such information is requested or generated.

    • Automatically logged use information: The Platforms may automatically record information that is sent by the User's browser or device when accessing and using the Platforms, which can be identifying or non-identifying. This information may include information such as IP address, browser type, internet service provider (ISP), date/time stamp, page viewed, operating system, mobile device information, clickstream information, preference information, and other similar information.

    • Cookies and other tracking technologies: Cookies and other user tracking technologies devices may be stored on the User's computer when using the Platforms. For more information on our use of Cookies and other tracking technologies, see our Cookies Policy. You acknowledge the use of such tracking devices as noted in this Privacy Policy and the Cookies Policy, and consent to having such tracking devices stored on your computing devices.

    • Recordings, Photographs, and Transcripts: We collect and maintain recordings, photographs, and/or transcripts of public and closed meetings, including through virtual meeting Platforms, which contain your Personal Information if you are a participant. Such recordings, photographs, and transcripts of these meetings are processed based on our legitimate interest of promoting accountability, openness, and transparency. Such recordings, photographs, and transcripts of these meetings, and any Personal Information contained in them, may be publicly accessible. When meetings and sessions are hosted by us and recorded, we will notify you and other participants of the recording before the start of each meeting. When we record a meeting, your Personal Information contained in any recording and related transcript will be processed in accordance with this Privacy Policy.

      This Policy does not apply to any meetings using a service that is not provided or supported by us, unless otherwise stated with respect to that service. Please note that individuals that elect to provide, host, or participate in a meeting not using a service not provided or supported by us are solely responsible for ensuring that participants give their informed consent to the recording, and that all legal requirements applicable to the collection, recording, and processing of Personal Information are fully satisfied.

  3. Use of Personal Information

    We will Process Personal Information only for fair, lawful, and legitimate reasons, including to:

    • To improve our Platforms' performance, content, and services;
    • To perform information analysis, compliance audits, data metrics, develop new services, and protect the Platforms and integrity of any of our services or programs;
    • To create anonymized data sets to improve the Platforms' performance or in connection with our services or programs;
    • To respond to User questions, comments, inquiries, feedback, including those concerning our services or programs or with respect to services provided by registry operators, accredited registrars, and data escrow agents;
    • To assist in policy discussion, development activities, and performance of activities consistent with our functions;
    • To administer participation or registration in any of our services, activities, programs, meetings, and Platforms, including sending electronic communications related to such participation or registration, and to manage and report on these participations, interactions and relationships;
    • To assist with travel support for participants related to our events;
    • To maintain archival records of a User's participation for historical and research purposes, subject to retention limits imposed by applicable laws;
    • To process payments and fulfill a transaction between a User and us, if the User submits payment information in connection with any of our services or programs;
    • To reimburse expenses related to any of our meetings or other events or programs;
    • To perform relevant contractual obligations with the User and other third parties;
    • To administer User's application for any of our services or programs;
    • To publish a User's Personal Information such as his or her name and organization or affiliate on the Platforms;
    • To publish a User's comments or feedback along with a User's name for the benefit of others and otherwise to comply with our accountability and transparency principles;
    • To register and provide access to our meetings, which could involve processing of a User's dietary restrictions or disability information for special accommodations;
    • To expedite and obtain approval for a User's visa application to attend our meetings;
    • To share basic participant information (name, organization, affiliation) or other information the User voluntarily chooses to provide with other participants of the same meeting;
    • To provide updates, news and other information regarding our programs, events and service delivery; and
    • To provide information or a service requested by the User.

    We will also process your Personal Information with your consent, where required by applicable law, to send you newsletters, and provide you with marketing information concerning news, updates, and other information regarding our programs, events.

    Lastly, we will Process Personal Information to comply with applicable laws, rules, regulations, court orders, and law enforcement requests.

    We will not use Personal Information for any other purpose other than as set forth in this Privacy Policy.

    We will use Non-Identifying Information generally for the same purposes as with Personal Information, and to improve User services, store User's Platform preferences, track Platform use trends, improve the Platforms' performance, help maintain personal and device identity verification, Platform security, and measure effectiveness of electronic communications.

  4. Retention

    We will retain certain Personal Information stored on our servers in accordance with our general archival practices and as required or permitted by law.

    We will store the User's Personal Information only for as long as is required to fulfill the purposes set out above. However, where we are required by law to retain a User's Personal Information longer or where a User's Personal Information is required for us to assert or defend against legal claims, we will retain the User's Personal Information until the end of the relevant retention period or until the claims in question have been resolved.

  5. Sharing of Personal Information

    We may share certain Personal Information with contractors and other agents for the purpose of Processing this information on our behalf and providing other services to us or to the User on our behalf. These third parties include providers that provide services such as data analysis, email transmission, customer relationship management (CRM), IT security, cloud service providers, database management, hotel and other travel service, asset management solutions, consultants, and financial or legal advisors. We require that these parties agree to handle this information in compliance with appropriate confidentiality obligations and security measures. We also may publish some Personal Information on the Platforms in a manner that is viewable by our community members, as described in the relevant program description.

    We will provide Personal Information to such third parties, government authorities and agencies to:

    • comply with applicable laws, regulations, legal process or enforceable governmental request;
    • if permitted or required by law or in response to a law enforcement or other legal request;
    • protect our or a third party's legal rights, including the enforcement of terms with Users;
    • receive contracted services or use of licensed products from third party providers;
    • comply with any court order or legal proceeding;
    • comply with our accountability and transparency principles and disclosure policies;
    • identify the User to anyone that the User sends a communication through the Platforms;
    • effectuate a reorganization or organizational change resulting in the divestiture or transfer of any of our operation, unit, function, or asset to such third party;
    • detect, prevent or otherwise address fraud or other criminal activity or errors, security or technical issues; or
    • protect against imminent harm to our rights, property, or the safety of our users or the public as required or permitted by law.

    We will not sell or otherwise share any Personal Information with third parties for marketing purposes.

  6. International Transfers

    By using our Platforms or providing us with your Personal Information electronically, the User is directly transferring Personal Information and Non-Identifiable Information to us in the United States. The User's Personal Information also may be transferred and Processed in other countries where our staff or third-party service providers are located. The United States and such other countries may not have the same level of information protection as the User's jurisdiction.

    Whenever such transfers are by one of our location in a country outside the United States to another of our location in the United States, they are based on contractual commitments, such as the Standard Contractual Clauses (according to EU Commission Decision 87/2010/EC or any future replacement), or other applicable data transfer arrangements, in order to contractually provide that your Personal Information is subject to adequate levels of data protection. You may request further information concerning such contractual commitments by sending a request to privacy@icann.org.

    The User is solely responsible for compliance with any information protection or privacy obligations in the User's jurisdiction when using the Platforms or providing us with Personal Information. By submitting Personal Information, the User agrees to such Processing.

  7. Information Security and Integrity

    We will use reasonable industry standard safeguards (which may include physical, procedural and technical measures) to protect against the unauthorized disclosure of Personal Information it collects and holds. We will take reasonable steps to ensure that Personal Information collected is complete and relevant to its intended use.

    The Platforms contain links to other third-party websites, which are subject to the respective privacy policies of those third parties. We are not responsible for the privacy practices of such linked third-party sites, and their owners and operators.

    The Platforms may contain social media widgets including Twitter, Facebook and LinkedIn, and other features that may collect a User's Personal Information and Non-Identifying Information and may set Cookies on the User's devices unless the device or browser settings prevent such Cookies from being stored. Such social media widgets and features may be hosted by a third party. We are not responsible for the operation of such widgets and features, and any information collection will be subject to the privacy policy of the provider of such widgets and features, and not this Privacy Policy.

    Due to the open communication nature of the Internet, we cannot represent, warrant or guarantee that communications stored on our servers will be free from unauthorized access by third parties, loss, misuse, or alterations. While we will take reasonable and appropriate security measures to protect against unauthorized access, disclosure, alteration or destruction of Personal Information received, WE DISCLAIM ANY AND ALL LIABILITY FOR UNAUTHORIZED ACCESS OR USE OR COMPROMISE OF YOUR PERSONAL INFORMATION TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. USERS ARE ADVISED THAT THEY SUBMIT SUCH PERSONAL INFORMATION AT THEIR OWN RISK.

  8. Do Not Track

    Users' browsers may allow users to set a "Do Not track" preference. Unless otherwise stated, the Platforms do not honor "Do Not Track" requests.

  9. Exercise of Data Subject Rights

    Users may be entitled to obtain access to information on the Processing of Personal Information, to object to certain Processing, request information portability, and have their Personal Information rectified, deleted, or otherwise restricted in terms of Processing, in each case as permitted under applicable law. Users also may be entitled to withdraw any consent given with prospective effect with respect to the Processing of their Personal Information. Users can exercise these rights or learn more about the Processing of Personal Information by us, by sending a request to privacy@icann.org. Any request is subject to identity verification. All privacy-related access requests are taken seriously, and we will respond to request(s) as soon as reasonably practicable, but in any case, within the legally required period of time. Please note that certain Personal Information may be exempt from such access, correction, objection, or deletion rights pursuant to local laws.

    If you are not satisfied with our response or believe that your Personal Data is not being Processed in accordance with the law, you also may contact or lodge a complaint with the competent supervisory authority or seek other remedies under applicable law.

    If a User no longer wishes to receive certain electronic communications from us, the User may opt-out from such communication by following the unsubscribe instructions at the bottom of such communication or by accessing any available preference setting functionality in the Platforms.

  10. Minors

    We do not knowingly collect or require Personal Information from children under the age of 13. If you believe your child has provided us with Personal Information, please notify us by email at privacy@icann.org.

  11. Revisions to our Privacy Policy

    We reserve the right to change this Privacy Policy at any time. Any changes we make will be posted on this page. If we make material changes to how we treat your Personal Information, we will notify you. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have a deliverable email address for you, and for periodically monitoring and reviewing any updates to this Privacy Policy. Your continued use of our Platforms after such amendments will be deemed your acknowledgement of these changes to this Privacy Policy.

  12. Questions

    Should you have any questions or concerns about this Privacy Policy and our privacy practices, you may contact us at privacy@icann.org.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."