1. Background
.au Domain Administration Limited (ACN 079 009 340) (auDA) recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document sets out auDA’s privacy policy, and tells you how we collect and manage your personal information in the course of performing our functions and activities as the administrator and self-regulatory policy body for the Australian country code top-level domain (.au ccTLD).
We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and other applicable laws that protect your privacy. We are committed to complying with these laws, including the Australian Privacy Principles (APPs) which are set out in the Act, and regulate how we must handle your personal information. auDA may rely on the applicable exemptions in the Act.
2. What is personal information?
The Act provides for the protection of “personal information” which is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable. When used in this privacy policy, the term personal information has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
3. What personal information do we collect and hold?
The types of personal information we may collect about you include:
- Name
- Mailing or street address
- Email address
- Telephone number
- Payment details
- Age or birth date
- Profession, occupation or job title
- IP Address
- Any unique alphanumerical identifier issued under Australian law, which is recorded in
- the database being relied upon by a registrar for that Person (e.g. ABN number for a sole
- trader, Drivers Licence number).
- Driver’s licence
- Birth certificate of a natural person who is an Australian citizen.
- Australian passport
- Certificate of Australian Citizenship
- Letter of grant of a permanent visa for a permanent Australian visa holder.
- Any additional information relating to you that you provide to us directly through our websites or indirectly through your registration of a domain name licence, or use of our websites or online presence, through our representatives or otherwise.
- Information you provide to us through our Compliance Department or membership surveys.
- Information collected through cookies or tracking technologies (including IP address).
- Video images collected through CCTV Surveillance in auDA’s Melbourne office.
- Any other information collected to become an accredited registrar.
- Any other information collected to receive a reseller ID.
- Any other information collected for an auDA event.
- Any other information collected as part of a submission for Policy change.
- Any other information collected as part of a job application.
- Any other information collected about an employee or contractor, such as tax file numbers, emergency contact details, banking information necessary to pay salary and wages, and medical certificates or health related information.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
4. Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health, racial or criminal record information. auDA only collects sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented, or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect information about whether the directors, officers or relevant staff of a registry operator appointment or registrar accreditation have been convicted of a criminal offence.
5. How auDA collects personal information
Direct Collection
We collect your personal information directly from you, unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in various ways including:
- When you complete your Associate Membership application
- When you complete an application to become an accredited registrar
- When you complete an application to receive a reseller ID
- When you apply to attend an auDA event
- When you participate in an auDA submission for policy change
- Through your access and use of our website
- Written communications
- During conversations between you and our representatives
- Recordings of auDA public forums
- auDA Foundation grant applications
- Job applications
- New employee onboarding
- Through CCTV surveillance in auDA offices
- Throughout the course of your employment or contact with us.
Indirect Collection
We may also collect your personal information from third parties and publicly available sources including:
- From third party companies such as credit reporting agencies, law enforcement agencies, other government entities, and contractors or subcontractors acting on our behalf.
- Your employer, where you are nominated as a contact for the entity as part of an application, submission or other communication.
- From the central domain name registry that contains personal information you submitted as part of the registration of a domain name licence through an accredited registrar or one of their resellers.
- From the Australian Securities & Investments Commission (ASIC), the Australian Business Register (ABR), or other government agencies, when investigating and resolving a complaint or enquiry.
In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited. We use this to research our users’ habits so that we can improve our online services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
7. What happens if we can’t collect your personal information?
Where possible, we will allow you to interact with us anonymously. However, for most of our functions and activities we need to ask your name and contact information to enable us to effectively handle your enquiry, request, or complaint.
If you choose not to provide us with your personal information we may not be able to:
- Provide you with an Associate Membership to auDA.
- Provide you with updated information about auDA and the .au namespace.
- Tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
- Provide you with accreditation as a registrar.
- Assist you in addressing your complaint or general enquiry.
- Provide you with other services that you may request.
- Allow you to enter auDA’s offices where CCTV operates.
8. For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can provide you with services that you request, perform our business activities and functions, and provide the best possible quality of customer service.
We collect, hold and use your personal information for the following purposes:
- To perform our roles and responsibilities for the administration of the .au country code top level domain and management and security of the Australian domain name system.
- To ensure you are held accountable for the use of domain name licences in compliance with Australian law.
- To review your eligibility to hold a domain name licence.
- To process your auDA Membership information and to keep you informed of auDA Membership governance, news and events.
- To accredit and license registrars.
- To process applications for the auDA Foundation funding and other auDA funding offerings and competitions.
- To conduct policy consultation processes.
- To consider applications for employment or service provision.
- To properly manage our business affairs, consultants and contractors and the employment of our staff.
- To answer enquiries and provide information or advice about existing and new products or services.
- To assess the performance of the auDA website and improve the operation of the auDA website.
- To update our records and keep your contact details up to date.
- To process and respond to any complaint or general enquiry made by you.
- To process and respond to any complaint about your eligibility to hold a domain name licence.
- To collect feedback about our products, services, website, policies and processes, including about our complaints handling processes.
- To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
- Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.
Who do we disclose your information to?
We may disclose your personal information to:
- Contractors or service providers who assist us to provide our products and services including, without limitation, web hosting providers, data and IT systems administrators, security providers, couriers, payment processors, data service providers, electronic network administrators, and debt collectors.
- Professional advisors such as accountants, solicitors, business advisors, and consultants.
- Enforcement bodies as defined in section 6 of the Privacy Act 1988 (Cth)
- Any organisation for any authorised purpose with your express consent.
9. Direct marketing materials
We may send you direct marketing communications and information about our services thatwe consider may be of interest to you. These communications may be sent in various forms,
including postal mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by using the unsubscribe link in the footer of our emails or by contacting us at privacy@auda.org.au.
10. How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us at privacy@auda.org.au Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Amendment requests should be forwarded to privacy@auda.org.au.
11. What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact our Privacy Officer at privacy@auda.org.au and provide details of the concern or incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer at privacy@auda.org.au. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
If we are unable to satisfactorily resolve your concerns, you can contact the Office of the Australian Information Commissioner (OAIC) via their website: https://www.oaic.gov.au.
12. Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related third-party service providers located overseas.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Australian privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- Our DNS name server data hosting facilities which may be located outside of Australia.
- Application software and technology service providers which may be located in the USA.
13. Security
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form.
When we no longer need your information for a disclosed purpose, we will either destroy or deidentify the personal information, so that the information can no longer be used to identify you.
To comply with the Fair Work Act 2009 (Cth), we will continue to keep employment records, including employee details, pay, leave and hours of work, for a period of 7 years.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We maintain a plan and procedures for responding to actual or suspected data security breaches involving personal information in accordance with applicable requirements under the Act.
14. Links
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
15. Contacting us
If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact our Privacy Officer at:
Privacy Officer, auDA
Post: Level 19, 8 Exhibition Street, Melbourne 3000 Victoria
Tel: +61 3 8341 4111
Email: privacy@auda.org.au
16. Changes to our privacy policy
We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. The next review date for the Privacy Policy is April 2026.
This privacy policy was approved by the auDA Board on 4 April 2024.