Skip to main content

CIRA Privacy Policy – Version 2.1 (March 9, 2020)

The Canadian Internet Registration Authority (“CIRA”) is committed to protecting the privacy of personal information in the course of its operation and administration of the Canadian country code top-level domain name (the “Registry”). As part of this commitment, we have set out this Privacy Policy to outline the manner in which CIRA collects, uses, discloses and otherwise manages personal information in its custody and control.

Definitions

Capitalized terms used in this Policy that are not defined in this Policy have the meanings specified in By-Law No. 1 of CIRA.

.CA – means the Internet country code top-level domain for Canada.

Administrative Contact – means the person identified in the Registration Information as the Administrative Contact for the Registrant’s Domain Name Registration(s).

Authorized Representative – in the case of a Registrant who is not an individual, means a representative of the Registrant who: (i) is an employee of the Registrant; (ii) is a member of the board of directors of the Registrant; (iii) is a member of the board of governors of the Registrant; or (iv) has the authority to bind the Registrant, provided such authority is not limited to .CA domain name related matters.

Dispute Resolution Service Provider – means a dispute resolution service provider approved by CIRA to administer dispute resolution proceedings.

Domain Name – means a .CA domain name or sub-domain name.

Domain Name Registration – means the registration by CIRA of a Domain Name in the Registry, in the name of the Registrant, pursuant to the Registrant Agreement.

Law Enforcement Requester – means a member of a Canadian law enforcement or national security agency that is a government institution or part of a government institution, who has identified its lawful authority to obtain the Information, and who complies with all of the obligations of the Request for Disclosure of Registrant Information for Law Enforcement and National Security Agencies – Rules and Procedures.

Person – means an individual, a corporation, a partnership, a trust, an unincorporated organization, association or club, the government of a country or any political subdivision thereof, or any agency or department of any such government, any of the individuals or entities listed in the Canadian Presence Requirements for Registrants (as defined in the applicable Registry PRP) and the executors, administrators or other legal representatives of an individual in any of such capacities.

Registrant – means a Person who is listed in the Registry as the Registrant of a Domain Name.

Registry PRP – means the CIRA policies, rules, and procedures relating to Registrants, Registrars, and Domain Name Registrations as may be amended or adopted by CIRA from time to time, which are located on our Website.

Registrars – means Persons from time to time certified by CIRA to offer Domain Name registration services within the .CA Internet Domain Name system.

Registrar of Record – means the Registrar listed in the Registry as the Registrar of a specific Domain Name Registration, other than CIRA. In no event will CIRA be a Registrar of Record for the purpose of the Registry PRP.

Registry – means the .CA Internet Domain Name registry operated by CIRA.

Technical Contact – means the person which may be listed in the Registry as the Technical Contact for a specific Domain Name Registration.

Website – means www.cira.ca or such other CIRA website(s) as may be created by CIRA from time to time.

Collection and Use of Personal Information

We may collect personal information when you:

  • Register a .CA Domain Name;
  • Register to become a CIRA member;
  • Submit a dispute to be settled;
  • Participate in surveys, contests, calls for public comment, events or activities;
  • Visit our Website;
  • Apply for employment on our Website; and
  • Contact our Customer Service Department, or otherwise contact us or one of our service providers with a comment, question or complaint.

Domain Name Registration

When you register for a .CA Domain Name, we receive information about you from your Registrar such as your name, your status as a Canadian citizen or resident, and certain WHOIS contact information.

Information collected from your Registrar includes:

  • Your name;
  • Your mailing address, e-mail address, telephone number, and fax number;
  • Your status as a Canadian citizen, permanent resident, legal representative or aboriginal person;
  • Your Domain Name;
  • The IP Address of the primary name server and secondary name server and, if applicable, the tertiary, quaternary, quinary, and senary name servers for each Domain Name Registration, as well as the corresponding domain names of those servers; and

The following WHOIS Information (as defined below in the WHOIS section) is also collected from your Registrar:

  • Domain Name Information
  • Administrative Contact Information
  • Technical Contact Information

Your registration information is necessary for CIRA to manage and administer the Registry and to implement, execute and enforce the applicable Registry policies, rules and procedures. We may use your registration information to contact you about Domain Name registration issues, to facilitate the resolution of disputes, or other issues related to registering a Domain Name or the operation of the Registry. We will also use your contact information for mandatory communications from CIRA and to forward correspondence sent to you via CIRA from any third party.

Membership

To become a CIRA member, we collect information about you such as your name and contact information.

Information collected from CIRA members includes:

  • Your name, mailing address, telephone number, and e-mail address;
  • Your Domain Name; and
  • A declaration of identity from a guarantor or a copy of government issued photo identification.

We collect this information to maintain CIRA membership records, to confirm your identity, to conduct the affairs of CIRA that involve members, and as may be required by law. We may also use your membership information to contact you about CIRA member issues. You may opt out of receiving non-mandatory membership emails by clicking the “unsubscribe” link at the bottom of each e-mail, or by changing their communication preferences in their membership profile.  Additional information on CIRA membership is available on the CIRA membership homepage.

Marketing Communications and Participation in Events and Activities

We may use your contact information submitted upon registration (please see the “Information collected from your Registrar” section, above) to send you information regarding our products and services, or information on internet security. We may also offer you the opportunity to participate in one of our surveys, contests, calls for public comment, events or activities. We may collect information that identifies you (such as your name, contact information and any information you include in a call for public comment or related materials) to administer your participation in the survey, contest, call for public comment, event or activity. We may use your contact information to send you information in connection with these activities. You may unsubscribe from receiving these e-mails at any time by clicking the “unsubscribe” link at the bottom of each e-mail, or by contacting CIRA at [email protected]. Please note that you may continue to receive transactional communications from us related to your .CA domain name registration.

In participating in a CIRA survey, the information obtained is used in an aggregated non-personally identifiable form. We use this information to help understand our Registrants and CIRA members, and to enhance our service offerings, and events.

Domain Name Disputes

If you initiate a Domain Name dispute resolution process with CIRA, we collect information in your complaint and supporting material. You may be asked for information that identifies you (such as your name and contact information) along with any other information we need to help us administer the dispute resolution process.

Information collected during the Domain Name dispute resolution process includes:

  • The complainant’s name, mailing address, e-mail address, telephone number and fax number; and
  • The name and contact information for any representative authorized to act on the complainant’s behalf.

Employment at CIRA

We advertise employment opportunities on our Website. In connection with a job application or related inquiry, you may provide us with information that identifies you (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purpose of processing and responding to your application for employment.

Customer Service

When you contact our Customer Service Department, or otherwise contact us or one of our service providers for support, or with a comment, question or complaint, you may be asked for information that identifies you (such as your name and contact information), along with additional information we need to help us provide support, answer your question or respond to your comment or complaint. We may also retain this information to assist you in the future, and to improve our customer service.

Disclosures of Personal Information

We will not disclose, trade, rent, sell or otherwise transfer your personal information, to any third party other than as set out in this policy.

WHOIS Information

As part of the administration of the .CA Registry, CIRA operates an electronic look-up service called “WHOIS”. WHOIS is designed to provide limited information concerning Domain Names.

WHOIS has built-in privacy protection options, which can be used to limit the personal information available through the WHOIS system. For Registrants who are individuals (e.g. as opposed to organizations), the privacy protection options are turned on by default, and only limited personal information is available to third parties when they search the WHOIS system for a Domain Name that you have registered. If you turn your privacy protection option off, more of your personal information will be available through the WHOIS system. Your privacy protections can be changed by contacting your Registrar.

When your privacy protection is turned on, the following information is visible:

  • Domain Name;
  • Domain Name status;
  • Creation date;
  • Expiry date;
  • Updated date;
  • Registrar name; and
  • Registrar number.

When your privacy protection is turned OFF, the following information is visible

Registrant Information includes:

  • Registrant name;
  • Mailing address, e-mail address, phone number and fax number;

Domain Name Information includes:

  • Domain Name;
  • Domain Name status;
  • Creation date;
  • Expiry date;
  • Updated date;
  • Registrar name; and
  • Registrar number.

Administrative Contact Information and Technical Contact Information includes:

  • Name;
  • Mailing address;
  • Phone;
  • Fax; and
  • E-mail.

If you are a non-individual Registrant, the information that will be made available through the WHOIS system will be the same as an individual Registrant with their privacy protection turned OFF. Non-individual Registrants may request to CIRA, in writing, that the information described above not be disclosed to the public via the WHOIS. In such a written request, the non-individual Registrant must certify that it has a legitimate need to protect the privacy of its information, which need is greater than that of other CIRA Registrants who are not individuals, because the nature of that Registrant’s operations or activities is such that disclosure of its information via the WHOIS would be likely to cause harm to individuals or to that Registrant.

CIRA retains the discretion to determine in any case whether a non-individual Registrant meets the criteria and will be permitted to opt out of standard disclosure of information in the WHOIS. If CIRA accedes to the request, the non-individual Registrant’s WHOIS information will only be disclosed thereafter in accordance with the terms for disclosure applicable to individual Registrants.

Domain Name Disputes and Law Enforcement

CIRA has established policies on the disclosure of registration information for Domain Name disputes and law enforcement purposes.

(i) Domain Name Disputes

CIRA has implemented two policies, entitled Registration Information Access Rules and Procedures and Request for Disclosure of Registrant Information – Rules and Procedures, that address disclosures in the course of Domain Name disputes.

Under the Registration Information Access Rules and Procedures policy, CIRA will provide a person, who requests in the applicable form, a list of the .CA Domain Names registered in the name of a Registrant or registered in the name of the same Registrant as a Domain Name identified by the requester, even where the identity of the Registrant is unknown. This is done to facilitate bona fide rights holders to determine infringements of intellectual property rights.

Under the Request for Disclosure of Registrant Information – Rules and Procedures, CIRA may provide a person, who requests in the applicable form, certain Registrant information not publicly available through CIRA’s WHOIS.

Information disclosed to requesters includes:

  • The name of the Registrant;
  • The mailing address and e-mail address of the Registrant;
  • The name of the Registrant’s Administrative Contact and Technical Contact; and
  • The mailing address and e-mail address of the Administrative Contact and Technical Contact

If a Domain Name that you have registered is subject to a proceeding under the CIRA Domain Name Dispute Resolution Policy, your personal information may also be disclosed to the relevant Dispute Resolution Service Provider to facilitate the dispute resolution process.

(ii) Requests from Law Enforcement

CIRA has implemented a policy entitled Request for Disclosure of Registrant Information for Law Enforcement and National Security Agencies – Rules and Procedures that addresses disclosures for law enforcement purposes. Under this policy, CIRA may provide a Law Enforcement Requester, who requests in the applicable form, certain Registrant information not publicly available through CIRA’s WHOIS.

Information disclosed to Law Enforcement Requesters includes:

  • The name of the Registrant;
  • The mailing address and e-mail address of the Registrant;
  • The name of the Registrant’s Administrative Contact and Technical Contact; and
  • The mailing address and e-mail address of the Administrative Contact and Technical Contact.

(iii) Notification

If a Registrant’s information is disclosed pursuant to the Request for Disclosure of Registrant Information – Rules and Procedures, or the Request for Disclosure of Registrant Information for Law Enforcement and National Security Agencies – Rules and Procedures, we shall, unless prohibited by law, not less than thirty (30) and not more than sixty (60) days after disclosure of the personal information, use reasonable efforts to send an e-mail to the Registrant and Administrative Contact  for the relevant Domain Name Registration(s) indicating:

  • what parts of the information were disclosed; and
  • to whom it was disclosed.

Service Provider Arrangements

We may transfer (or otherwise make available) your personal information to third parties who provide services on our behalf. For example, we may use service providers to host our website, operate certain of its features, send e-mail, run our surveys and contests, conduct customer research, and manage and analyze data. These third parties may be based in Canada, the United States or in other foreign jurisdictions.

Before transferring (or otherwise making available) any personal information to any third party service provider, CIRA enters into an agreement with the service provider pursuant to which it is required to use the personal information solely for the purpose of providing the service and to maintain security and privacy measures at least as stringent as those of CIRA. Our service providers are only given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other purposes.

Legal

In the event that personal information is transferred outside of Canada to the United States or other foreign jurisdictions, it will be subject to the laws of that jurisdiction. CIRA, and its Canadian, U.S. and other foreign service providers may  disclose your personal information in response to a search warrant or other legally valid inquiry or order, or as otherwise required or permitted by applicable Canadian, U.S. or other law. We may also disclose your personal information where necessary for the establishment, exercise or defence of legal claims.

Website Information

When you visit our Website the web server logs IP addresses, the referring website, and associated information relating to the requests made.

Cookies

We may use session cookies to ensure a smooth and convenient site visit. A cookie is a tiny element of data that our Website can send to your Web browser, which may then be stored on your computer. We use cookies on pages of our Website where we require you to log in. You may set your Web browser to notify you when you receive a cookie. However, if you decide not to accept cookies from our Website, you may not be able to take advantage of all of the features of our Website. We may also use a third party to help us gather and analyze information about the areas that you visit on the Website to evaluate and improve the customer experience and the convenience of the Website, and to help us evaluate some of the specific information related to your Website visits.

Safeguards

We have implemented measures designed to protect personal information in our custody and control. We maintain reasonable administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in our custody and control. These safeguards include firewalls and antivirus protection on our servers, and training of our staff.

Access to your Personal Information

You may request access, updating and correcting of inaccuracies to the personal information we have in our custody or control by e-mailing or writing to us at the contact information set out below. In the regular course of business, if you request access, updating or correcting of information related to your Domain Name Registration, your request will be sent directly to your Registrar and we suggest you send your request directly to them. At the time of your request, we may need further information from you to verify your identity, before we can provide you with the personal information we hold.

Changes to the Privacy Policy

The Privacy Policy may be updated periodically to reflect changes to our personal information practices. The revised Privacy Policy will be posted on this Website. We encourage you to please refer to this Privacy Policy often for the latest information about our personal information practices.

Contact Us

The intention of this policy is to answer your questions about our privacy policy and practices. Should you be interested in more detailed information about our procedures and practices, please contact our Chief Privacy Officer:

Chief Privacy Officer

Canadian Internet Registration Authority

979 Bank Street

Suite 400

Ottawa, Ontario

K1S 5K5

[email protected]

Loading…