iwantmyname

IWantMyName is a service provider based in New Zealand that focuses solely on domain name management.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Note

No data is used for targeted marketing

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, all parties specified (only to critical service providers)

8/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

As part of our delivery of products and services you have requested, or in order to meet our legitimate business interests, we may share your personal information with:

  • our trusted information service providers, including cloud storage providers (which may be located in NZ or overseas)
  • our trusted providers of other services, including analytical, research or fraud prevention services, where these services require the processing of personal information (which may be located in NZ or overseas)
  • our data escrow agent (an agency that retains a backup of your registration data to ensure that your domain registration can continue in the event that we can no longer host or manage it)
  • government agencies, regulators, or law enforcement agencies, where required or permitted by law

We are also required to: - share your personal information with domain industry regulators to assist them to keep the domain ecosystem transparent - make sure that the registrars and registries which manage particular domains have a record of domain registrants - facilitate the maintenance of the public WHOIS database, which provides Internet users with information about domain name holders

We’re an accredited registrar for the .nz domain, which means we can issue .nz domain licenses directly to our customers. In this case, we may share your personal information with the:

  • registry for the .nz domain, Internet NZ
  • agency that regulates the .nz domain, Domain Name Commission Ltd
  • public via the WHOIS database (where you have opted into this)

We also sell domain licenses on behalf of other registries and registrars, including our partner registrar Hexonet. This includes generic domains, such as .com, and some country domains, such as .de. In these cases, we may share your personal information with:

  • Hexonet, our partner registrar
  • any other registrars which issue domain licenses for domains we resell
  • the registries which create the domain extensions for the licenses we resell (sometimes the registrars will share this data, not us)
  • the agency that regulates generic domains, Internet Corporation for Assigned Names and Numbers (“ICANN”)
  • the public via the WHOIS database (where you have opted into this)

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, by contacting someone

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate interests, you can ask us to delete it.

If we can’t correct or delete your information (for example, where we don’t agree that it’s wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? Only when required by a court order or subpoena

4/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

government agencies, regulators, or law enforcement agencies, where required or permitted by law

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

This policy doesn't require the service to disclose data breaches.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? No

0/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Note

This policy doesn't require the service to notify users of policy changes

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

This one was updated on May 23, 2018.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Yes

2/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We’re a global company, and we use third party service providers to store our data and provide us with services. We also need to share personal information with registries, registrars, and regulators all over the world. This means that we may transfer personal information, or access it from, countries other than the country where you live.

We recognise that we’re accountable for your personal information wherever it is in the world. Where we can, we will send personal information only to countries that have adequate privacy laws in place (such as NZ, Australia, or the EU). However, where we cannot do this, we take reasonable steps to ensure that any third party service providers we use can meet our privacy and security expectations.

We retain personal information only for as long as we have a lawful purpose to use it. Generally, this is the duration of your registration plus a further two years to ensure that any disputes or queries about that registration can be managed. We retain identity documents for only two weeks.

Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations very seriously, and have a security action plan in place to make sure our data protection policies, processes, and controls are continuously improved.

We also back up your personal information with our data escrow agent so that your domain registration can continue in the event that we can no longer host or manage it. This is an important part of maintaining a stable domain ecosystem.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

o meet our core purposes – making it easy to register and manage domains and complying with our regulatory obligations – we need to use your personal information to:

  • identify you
  • associate your domain name with your computer manage and deliver any products or services you request from us
  • personalise your experience, for example, by ensuring that you are invoiced in the right currency
  • contact you if required for the purposes of managing your account
  • keep your account secure
  • investigate and resolve any queries or concerns you raise with us
  • detect and prevent fraudulent activity
  • continuously improve our products and services
  • comply with our contractual obligations to domain registries and registrars we resell for
  • permit others operating or using the Internet to easily contact you to resolve any issue with your domain name
  • comply with our legal and regulatory obligations and any lawful requests from government agencies or regulators

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, exhaustively

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

All types of collected personal data are listed specifically

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

We collect the following information about you:

  • full name
  • physical address
  • phone number
  • email address
  • IP address
  • cookies (see below)
  • payment information, including credit card details
  • identity verification documents
  • emails or other correspondence relating to the services you receive from us
  • internal notes about the services you receive from us

Cookies are small data files that our website sends to your browser, which are then stored on your system for later retrieval. We only use cookies to give you a simpler and easier login experience — not to track your website use. Remember, you can always clear cookies locally in your browser.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

No data is collected from third parties

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? N/A (no data used for non-critical purposes)

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Note

Data is not used for non-critical purposes

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

iwantmyname has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for iwantmyname, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

7.6/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions