(Effective August 3, 2020)
Registry Services, LLC (“Registry Services”), the administrator of the country code top level domain for the United States (the “usTLD”), wants you to know and understand what personal information we collect about usTLD registrants (“Registrant Data”) and how we use and disclose that information. In addition, this Privacy Notice describes the information we collect about visitors to the usTLD’s website at www.about.us.
What Registrant Data do we collect and where does it come from?
When you register a domain in .us, your usTLD Registrar transfers to us the following categories of personal information about registrants, their technical contacts, and their administrative contacts:
- Postal address
- Email address
- Telephone number
- Fax number (where available)
We also receive information from your usTLD Registrar about the domain itself, which is associated with the personal information listed above, including:
- Name of the sponsoring usTLD Registrar
- IP addresses for the domain’s nameservers
- The domain’s creation and expiration date; and
- Domain status
This information may be updated (by you or your usTLD Registrar) from time to time if, for example, you change your hosting service or admin contact, transfer the domain to another usTLD Registrar, etc. In addition, we may occasionally receive complaints or inquiries about the domain from registrants themselves and/or from third parties.
How do we use Registrant Data?
We use and disclose Registrant Data when necessary, in our sole discretion, to:
- Provide registry services for the usTLD;
- Optimize and enhance those services;
- Trouble-shoot and resolve Registry performance issues, and provide support to usTLD registrants;
- Enforce our agreements and usTLD policies, including (without limitation) policies on WHOIS Accuracy, Nexus, and Privacy/Proxy Registrations;
- Investigate and respond to inquiries, complaints, or disputes about registration of the domain and/or policy compliance;
- Prevent, detect, and respond to malicious behavior and/or misuse of our services and enforce prohibitions on the use of domain names to distribute malware, operate botnets, or engage in phishing, piracy, intellectual property infringement, fraudulent or deceptive practices, counterfeiting or other activity that is contrary to applicable law;
- Investigate, identify, respond to, and help others to investigate and respond to cyber security threats and other criminal behavior, including in support of law enforcement investigations;
- Protect our rights and the rights of third parties;
- As necessary to comply with our contractual obligations to the US Department of Commerce, for example by conducting regular audits of the accuracy of such data;
- In an emergency to protect the personal safety of Registry Services employees, its customers, or any person;
- Comply with US or foreign laws or respond to lawful requests and legal process in US or foreign civil, criminal or investigative matters; and
- Conduct research using aggregated or de-identified data.
We will not use Registrant Data in personally identifiable form for other purposes without your permission.
To whom do we disclose Registrant Data?
Registry Services may disclose Registrant Data for the purposes described above to the following third parties:
- Registry Services is required by United States policy, as reflected in our agreement with the U.S. Department of Commerce, to publish Registrant Data online, via the usTLD WHOIS database (available at whois.us). Registry Services prohibits use of WHOIS Data: (i) in a manner contrary to applicable law; (ii) to allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; (iii) in contravention of any applicable data and privacy protection laws; or (iv) to enable high volume, automated, electronic processes that interact with domain name registry systems. We also prohibit the copying, compilation, repackaging, or dissemination or usTLD WHOIS data.
- Registry Services may share Registrant Data with third party vendors, consultants, professional services providers, and other service providers who are working on our behalf, but we limit their access and use of personal information to that which is needed to carry out their work for us, including cloud service providers, software development and support contractors, contractors providing data base management and other administrative support services, security services partners, and legal and accounting professionals.
- Registry Services cooperates with government and law enforcement officials and private parties to fulfill our contractual obligations and to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties that we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
- We may disclose Registrant Data in connection with any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company.
How do we safeguard Registrant Data?
Registry Services has implemented policies that include reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, or disclosure of Registrant Data.
While we cannot prevent misuse of Registrant Data in the public usTLD WHOIS database, all WHOIS queries are subject to terms and conditions described above, and we have implemented reasonable technical measures designed to prevent collection and use in violation of those terms.
What about sensitive data, including information about children?
Registry Services does not collect or process sensitive information (e.g., government issued, identifiers, financial or health information, information about race, ethnicity, religious or political beliefs, sex life, or sexual orientation) about usTLD Registrants, nor does it collect personal information about children under 18. If you believe the WHOIS database contains information about a child under 18 years of age, please contact us immediately by email to email@example.com.
How long do you retain Registrant Data?
Registry Services maintains Registrant Data for the life of your registration plus 2 years.
Information for California Residents
If you are a consumer residing in California, you may have the right to make certain requests under the California Consumer Privacy Act (CCPA):
You may have the right to know about personal information that we have collected or disclosed, including:
- The categories of personal information we have collected or shared about you in the preceding 12 months;
- The categories of sources from which we have collected that information in the preceding 12 months;
- The commercial or business reason(s) we have collected or shared that information; and
- The categories of third parties with whom we have shared that information in the preceding 12 months.
Under limited circumstances, you may have the right to request deletion of personal information about you. To submit a request to know or delete personal information we collect from you, you can send an email to firstname.lastname@example.org. Please note that, depending on the nature of your request, we may need additional information to verify your identity including, without limitation, name, address, telephone number, and/or email addresses. We will use any information you submit only to fulfill your request. If you would like to designate an authorized agent, we will require you to submit an email or letter with that information, including information that allows us to verify your identity as well as the identity of your agent.
Registry Services does not sell Registrant Data or knowingly process personal information about children under 18. To submit a request to know or delete Registrant Data collected by your Registrar, you will need to contact your usTLD Registrar to fulfill the request.
Registry Services is prohibited by law from treating you in a discriminatory fashion as a result of your election to exercise any rights you have under CCPA. Please be advised, however, that our contract with the US Department of Commerce requires us to collect, use, and publish Registrant Data in the manner described in this Privacy Notice.
If you would like to know more about how Registry Services processes personal information about usTLD registrants, please contact us via email or snail mail to the address below:
Registry Services, LLC
14455 North Hayden Road Scottsdale, AZ 85260
Information for EEA Residents
Registry Services honors confirmation, access, correction, objection, and erasure rights of data subjects to the extent required under the EU's General Data Protection Regulation (GDPR). If you are resident in the European Economic Area (EEA), please contact us at email@example.com to initiate this process. Please be advised, however, that our contract with the US Department of Commerce requires us to collect, use, and publish Registrant Data in the manner described in this Privacy Notice.
Residents of the European Union and Switzerland may have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information about this, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Registry Services is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield
Framework, Registry Services is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Registry Services commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Registry Services at:
Registry Services, LLC
14455 North Hayden Road
Scottsdale, AZ 85260
Registry Services has further committed to cooperate with the panel established by the EU dataprotection authorities (DPAs) and the Swiss Federal Data Protection and InformationCommissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If you have not received a timely or satisfactory response from Registry Services to your question or complaint, please contact the independent recourse mechanism provided by the DPAs or FDPIC, as applicable.
usTLD Website Cookies
Data Protection Authority
If you are a resident of the European Economic Area (EEA) and believe we maintain your personal information subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to your local supervisory authority or our lead supervisory authority, the UK's Information Commissioner’s Office, as noted below:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom Phone: 0303 123 1113
In the alternative, you may contact us by mail:
Attn: Office of the Data Protection Officer, 14455 North Hayden Road, Suite 219, Scottsdale, AZ 85260 USA, or for customers established in the EEA, Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA.
We will respond to all requests, inquiries or concerns within thirty (30) days of receipt.