iwantmyname

IWantMyName is a service provider based in New Zealand that focuses solely on domain name management.

7.7/10

How we calculate ratings →

Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Does the service allow you to permanently delete your personal data? Yes, by contacting someone

3/5

Does the service allow third-party access to private personal data? Yes, all parties specified (only to critical service providers)

8/10

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Score

Yes

The policy allows sharing personal data with third parties (not just critical service providers), and does not explicitly list the third parties.

Yes, all parties specified (including non-critical service providers such as advertisers)

30%

Yes, not all parties specified (but only to critical service providers)

70%

Yes, all parties specified (only to critical service providers)

80%

100%

Citation

As part of our delivery of products and services you have requested, or in order to meet our legitimate business interests, we may share your personal information with:

our trusted information service providers, including cloud storage providers (which may be located in NZ or overseas)
our trusted providers of other services, including analytical, research or fraud prevention services, where these services require the processing of personal information (which may be located in NZ or overseas)
our data escrow agent (an agency that retains a backup of your registration data to ensure that your domain registration can continue in the event that we can no longer host or manage it)
government agencies, regulators, or law enforcement agencies, where required or permitted by law

We are also required to:

share your personal information with domain industry regulators to assist them to keep the domain ecosystem transparent
make sure that the registrars and registries which manage particular domains have a record of domain registrants
facilitate the maintenance of the public WHOIS database, which provides Internet users with information about domain name holders

We’re an accredited registrar for the .nz domain, which means we can issue .nz domain licenses directly to our customers. In this case, we may share your personal information with the:

registry for the .nz domain, Internet NZ
agency that regulates the .nz domain, Domain Name Commission Ltd
public via the WHOIS database (where you have opted into this)

We also sell domain licenses on behalf of other registries and registrars, including our partner registrar Hexonet. This includes generic domains, such as .com, and some country domains, such as .de. In these cases, we may share your personal information with:

Hexonet, our partner registrar
any other registrars which issue domain licenses for domains we resell
the registries which create the domain extensions for the licenses we resell (sometimes the registrars will share this data, not us)
the agency that regulates generic domains, Internet Corporation for Assigned Names and Numbers (“ICANN”)
the public via the WHOIS database (where you have opted into this)

When does the policy allow law enforcement access to personal data? Only when required by a court order or subpoena

4/5

Score

Always

This includes cases in which law enforcement either runs the service or has a known backdoor into (or relationship with) the service.

Not specified

When reasonably requested

60%

Only when required by a court order or subpoena

80%

N/A (no personal data to share)

The service would have no personal data to share with law enforcement.

100%

Never (special legal jurisdiction)

The service operates in a jurisdiction in which sharing data with law enforcement is never required.

100%

Citation

government agencies, regulators, or law enforcement agencies, where required or permitted by law

Transparency

Does the policy outline the service's general security practices? Yes

2/3

Score

Somewhat

The policy provides only a very vague overview of its security practices.

30%

Yes

60%

Yes, including audits

"Reviews," "monitoring," etc. also count as audits.

80%

Yes, including independent audits

Independent "reviews," "monitoring," etc. also count as independent audits.

100%

N/A

The service doesn't collect any personal information.

100%

Citation

We’re a global company, and we use third party service providers to store our data and provide us with services. We also need to share personal information with registries, registrars, and regulators all over the world. This means that we may transfer personal information, or access it from, countries other than the country where you live.

We recognise that we’re accountable for your personal information wherever it is in the world. Where we can, we will send personal information only to countries that have adequate privacy laws in place (such as NZ, Australia, or the EU). However, where we cannot do this, we take reasonable steps to ensure that any third party service providers we use can meet our privacy and security expectations.

We retain personal information only for as long as we have a lawful purpose to use it. Generally, this is the duration of your registration plus a further two years to ensure that any disputes or queries about that registration can be managed. We retain identity documents for only two weeks.

Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations very seriously, and have a security action plan in place to make sure our data protection policies, processes, and controls are continuously improved.

We also back up your personal information with our data escrow agent so that your domain registration can continue in the event that we can no longer host or manage it. This is an important part of maintaining a stable domain ecosystem.

Is the policy's history made available? Only the date it was last modified

3/5

Does the policy require users to be notified in case of a data breach? Not necessarily

0/7

Will affected users be notified when the policy is meaningfully changed? No

0/5

Collection

Does the service collect personal data from third parties? No

10/10

Is it clear why the service collects the personal data that it does? Yes

10/10

Score

Somewhat

30%

Mostly

70%

Yes

100%

N/A

The service doesn't collect any personal information.

100%

Citation

o meet our core purposes – making it easy to register and manage domains and complying with our regulatory obligations – we need to use your personal information to:

identify you
associate your domain name with your computer
manage and deliver any products or services you request from us
personalise your experience, for example, by ensuring that you are invoiced in the right currency
contact you if required for the purposes of managing your account
keep your account secure
investigate and resolve any queries or concerns you raise with us
detect and prevent fraudulent activity
continuously improve our products and services
comply with our contractual obligations to domain registries and registrars we resell for
permit others operating or using the Internet to easily contact you to resolve any issue with your domain name
comply with our legal and regulatory obligations and any lawful requests from government agencies or regulators

Does the service allow the user to control whether personal data is collected or used for non-critical purposes? N/A (no data used for non-critical purposes)

10/10

Does the policy list the personal data it collects? Yes, exhaustively

10/10

Score

The policy does not claim to not collect personal data, but it also doesn't provide any meaningful insight into the types of personal data it collects.

Only summarily

The policy uses overly vague language to provide a summary of the types of collected personal data.

30%

Yes, generally

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

70%

Yes, exhaustively

All types of collected personal data are listed specifically

100%

N/A (no personal data is collected)

100%

Citation

We collect the following information about you:

full name
physical address
phone number
email address
IP address
cookies (see below)
payment information, including credit card details
identity verification documents
emails or other correspondence relating to the services you receive from us
internal notes about the services you receive from us

Cookies are small data files that our website sends to your browser, which are then stored on your system for later retrieval. We only use cookies to give you a simpler and easier login experience — not to track your website use. Remember, you can always clear cookies locally in your browser.

Last Updated

June 24, 2020

Sources

Source #1 ↗

Contributors

doamatto