Version 3.0, Effective Date: 10 April 2018
ARIN Personal Data Privacy Principles
- ARIN obtains personal data only for specific lawful purposes and by consent of the individual.
- ARIN stores personal data with appropriate protections for its integrity and confidentiality.
- ARIN stores personal data for as long as necessary for the purposes for which it was obtained.
- ARIN will use reasonable efforts to process requests from individuals for correction or deletion of their personal data where feasible.
- ARIN will direct any agents or contractors acting on its behalf to adhere to these (or equivalent) personal data privacy principles.
Information We Collect and Receive
ARIN collects several types of information through the use of our Websites, Services, and related interactions with individuals:
- “Organizational Data” is information supplied to ARIN that pertains to the organizations that are authorized to use our Services. The primary data elements that ARIN collects in the normal course of its activities are routine business contact information – organization name, street address, and organizational contact information (i.e. department name or other point of contact in the organization, including business email address and telephone number.) Organizations should only provide Personal Data (of their staff, customers, or others) to ARIN with the consent of the affected individuals, as organizations supplying such information to ARIN are responsible for its ongoing accurate maintenance. Organizations may also provide ARIN additional information that is considered Organizational Data (e.g. corporate registration information, business tax identification numbers, business financial information, technical plans) in the process of completing the organization’s registration to use ARIN Services, when making requests to use additional Services, or when interacting with ARIN regarding use of the Services. Organizational Data also includes the information that ARIN associates with an organization (e.g. Internet number resources holdings, ARIN-assigned identifiers for resources, organizations and contacts, etc.) as a result of their use of ARIN Services.
How We Use and Share Your Data
Our primary uses of the collected information are to provide the requested Services, to administer our business, to protect the integrity of our business practices, and to secure our systems from unauthorized or abusive access. Additionally, we may use the collected information to provide and/or improve our Services or our customer support activities, and to better understand and encourage appropriate usage of our Services.
The above uses generally do not require us to share Personal Data or Organizational Data with third parties, except in the following circumstances:
- When inherent to the nature of the Services: Note that many of ARIN’s Services are registry services or discussion forums that by their inherent nature involve the publication of information either publicly or to an identified community in accordance with specific policies of the registry. Your use of such Services constitutes informed consent to the processing and sharing of any supplied Personal and Organizational data as specified by applicable registry policies, including future changes to those policies when they occur.
- By your direction and consent: We will share Personal Data and Organizational Data provided to ARIN with third parties if and when you direct us, whether by use of a Service or otherwise. For example, ARIN will share Personal and Organizational data related to a number resource transfer request with a related third party if directed by you to do so. Similarly, ARIN will share information about those who choose to participate in the transfer listing service with others utilizing the Service per the Additional Terms of that Service.
- With vendors, consultants and other service providers: We may share Personal Data and Organizational Data provided to ARIN with our vendors who need access to this information in order to carry out work or perform services on our behalf. For example, if you are registering for an ARIN event or participating in an ARIN survey, you may interface with a third-party vendor (of event management or survey polling services) for purposes of facilitating this transaction, and ARIN may provide relevant Personal Data and Organizational Data to the agent for that specific purpose. ARIN will take reasonable and appropriate measures to ensure that our agent is compliant to comparable personal data privacy principles.
- With joint operational partners: We may share Personal Data and Organizational Data provided to ARIN with other strategically affiliated organizations with whom ARIN is engaged in joint activities. For example, ARIN engages in joint operation of the Internet Number Registry System that requires information sharing with the other Regional Internet Registries for coordination purposes. Similarly, ARIN may share meeting registration information with another industry association when conducting a joint meeting with that organization.
- For legal purposes: If we receive a request for information, subpoena, or court order, we may disclose Personal Data or Organizational Data if we reasonably believe disclosure is in accordance with or required by any applicable law or regulation, and/or if we have a good faith basis to believe that you or your organization have violated any of our service policies or usage guidelines, or any other agreements or contracts between you or your organization and ARIN, and such disclosure is required to enforce obligations, rights or laws.
- In the event of a corporate transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose Personal Data or Organizational Data to the party or parties of such transaction.
We maintain reasonable security measures to protect the data transmitted to us via the Internet and to prevent unauthorized access to, alteration or deletion of all collected data. Despite these measures, the security of any Personal Data and/or Organizational Data provided to ARIN cannot be guaranteed.
ARIN retains Personal Data and Organizational Data for the time needed for ARIN to pursue legitimate business interests, conduct audits, follow common business information retention practices, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Integrity of registry services requires that ARIN maintain historical records of all registry changes, and these records encompass both Personal Data and Organizational Data associated with Internet Number Registry System resources.
Data Correction or Deletion
You may update or delete your Personal Data or that of your organization by submitting a request by any means made available by us, such as through your ARIN Online account, via email, or by mail at the contact information listed below. Due to the data retention requirements essential to registry integrity, amendment or deletion of Personal or Organizational Data in historical records at ARIN is not possible, but upon request ARIN will make reasonable attempts to remove or amend publicly-visible data when feasible.
Website Usage Tracking
Some web browsers provide a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. We have no software or configurations that react to the web browser “Do-Not-Track” signal headers.
Children’s Privacy Rights
Our Services are not designed for, intended to attract, or directed toward children under the age of sixteen. If you are aware of an individual under sixteen years of age that has provided ARIN with Personal Data without prior parental consent, please notify us immediately.
Compliance and Questions