Where you purchase a digital certificate through us, we are required by the provider of those certificates to collect personal information from you to pass back to that provider (other than your payment details, which we hold internally).
Disclosure of your information to third parties
We may supply your personal information to third parties to perform services on our behalf, such as:
If you are a domain name registrant, we will have to provide your data to the registry operator, or in respect of certain new gTLDs and ccTLDs, to the back-end Registrar. Under ICANN policy, we are also required to transfer your data to a data escrow agent. In response to ICANN contractual compliance requests, we may be required to provide your data to ICANN;
Market research and distribution of marketing information to you (except where you have chosen to opt-out of receiving this information from us);
The supply of web hosting, website design, SEO and other services;
Call centre sales and support services (provider in the Philippines).
Our relationships with such third party service providers are governed by our contracts with them. Those service contracts contain privacy and confidentiality provisions which are consistent with the Australian Privacy Law obligations.
Accuracy / Access
If you’ve moved, changed phone numbers or email address, please let us know. We can’t help you if we can’t contact you. If you want to know what information we hold of yours, if you believe that we may hold other personal information about you which is inaccurate, if you wish to change or update any of the personal information you have provided, you can always ask us. Subject to our obligation to retain your personal information for the purposes of providing services to you, you may also contact us to request erasure of your personal data. You may access and update the personal information we provide to the registries in respect of your domain name licence at any time. The procedure to do this is explained in this support article.
The transfer of information across any media may involve a certain degree of risk, and the Internet is no different. However, helping you to keep your information secure is very important to Affernet.
At Affernet we treat your data with the utmost security and use a range of technologies and policies including firewalls and access controls and restrictions to ensure that your data is secured not only from access and visibility but also from unauthorised alteration or erasure.
You can also use simple precautions to help protect your security, such as protecting against the unauthorised use of your username or password or other authentication ID.
Retention of Data
We will only retain your personal data for as long as is necessary. We will need to retain your data for as long as you have an account with us and will keep your data while your account is active and for a reasonable period afterwards to ensure we are able to properly deal with any enquiries. We will also need to retain data in order to comply with our legal obligations such as compliance with tax laws.
Notifiable Data Breach
From 22 February 2018, a data breach that is likely to result in serious harm to individuals must be reported to those affected and also to the Office of the Australian Information Commissioner (OAIC). A data breach happens when personal information is accessed or released without authorisation, or is lost. Serious harm may include physical, financial, emotional, psychological or reputational harm. We have procedures in place to ensure that a data breach is properly identified, assessed, contained and reported if necessary.