1. Legal Framework
Internet Computer Bureau Plc, a company registered in England runs the .io Registry (NIC.IO) takes into account both the UK Data Protection Act of 1998 and the European Directive 95/46/EC.
In the course of its Domain name Registration service NIC.IO needs to gather and process personal information (the Data) about the Registrant and/or Administrative Contact and/or Techical Contact and/or Billing Contact (the Data Subject):
- Organization Name (if applicable)
- Full Address
- Phone Number
- Fax Number
The Data will be associated with the .io Domain name to be Registered and can be used to supply information about the Domain Name(s) registered by the Data Subject following queries made using the WHOIS service.
3. Consent to the Processing of the Data
As part of the Domain name Registration Process, the Data Subject must grant consent to NIC.IO to process and include the Data in the Registry Database as well as to publish parts of the Data relating to the Data Subject's registration as the result of a WHOIS query on one of the Data Subject's Registered Domain names.
This consent is expressed at the time of Registration by checking the Terms and Conditions box after having read the TERMS page
4. Rights of Data Subject
a) Right to Refuse publication of certain parts of the Data
b) Right to Rectify the Data
The Administrative Contact has the right to Refuse publication of certain elements of the Data by checking the box 2b. at the time of Registration (see the form).
The Data will be processed by the Registry following the consent given at the time of registration (see 3. above) and/or after any modification of the Data made by the Data Subject (see b. below) but parts of it (Phone, Fax and e-Mail) will not be used in the result of WHOIS queries or made publicly available.
Once the Data has been processed by the Registry, the Data Subject has the possibility to verify, edit or delete the Data simply by using the appropriate form on the NIC.IO web site.
Using its Password and ID (Account ID), the Data Subject can access the relevant page to perform selected modifications on the Data, including withdrawing certain elements.
Additionally the Registrant is granted the possibility to nominate another Administrative contact (while remaining the Billing contact) by creating another Account ID using the appropriate form.
c) Right to know what Data has been processed
At all times, the Data Subject has the right to check which Data is held or has been processed by NIC.IO.
The Data can be checked either by accessing the https://www.NIC.IO/mod.xzx page with the relevant Account ID and password, or using the WHOIS service on one or more of its Registered .io Domain(s).
5. Third Parties
If the Domain name Registration has been performed by a Registrar, the Data has been automatically transferred to NIC.IO as part of the registration process.
The Data Subject can either verify, edit or remove the Data from the NIC.IO database on the relevant page using its Password and Account ID or contact the Registrar directly to do so.
b) Transfer from a Registrar to another
Registrar Transfers are free in the NIC.IO Registry and can be performed simply by supplying a new Account ID as the Technical Contact for a selected Domain name on the relevant page.
As specified in the Terms & Conditions of Registration: NIC.IO shall be permitted by the Applicant's Agent (who shall expressly obtain the consent of individuals whose personal data is to be held on the Register of .io Domain Names and if such consent is withheld or withdrawn then the agent shall immediately terminate the registration) to allow other organisations and members of the public to access the data for the purpose of obtaining information about the registration of the Domain Name or any other related purpose.
Should the Registrant not be willing to have their personal information associated with a registered domain name they are able to use an Agent for Service as their representative. This action in effect transfers all rights in the domain name to the Agent as the Registry shall only record the Agent's as associated with the domain. It is therefore recommended, if a Registrant uses this third party service, that the relationship between the actual user/holder of the domain and the Agent for Service is clearly documented with a signed agreeemnt of each others undertakings in the event of a dispute. The Agent will be deemed the Data Subject and benefit from the relevant rights established by this Policy.
7. Data Protection Office
Internet Computer Bureau Plc is a Registered Data Controller to the UK Data Protection office under the number Z7229464
Details can be accessed by following this link to the Data Protection Office