PIR Privacy Notice

Please note that this is a general PIR privacy policy. You can access our other privacy policies here:  .ORG/IDN privacy policy  .NGO/.ONG policy.

Privacy Notice

Our globally diverse team is committed to providing a stable online platform where everyone has a voice. As part of our commitment to provide a secure, stable space to empower people’s voices, your privacy is important to us.

This Privacy Notice outlines what information Public Interest Registry (PIR) collects through your interactions with our products and services, how we use that information, and how we work to protect your privacy and personal data.

Privacy Notice – PIR (All gTLDs under management)

PIR provides reliable, secure management of the .org, .ngo, .ong, .机构, .संगठन, .орг domains.  As the registry operator for these generic top-level domains (gTLD), PIR is responsible for the operation of each gTLD, including maintaining a registry of the domain names within each gTLD.

PIR serves as the registry operator for these gTLDs under contracts with the Internet Corporation for Assigned Names and Numbers (ICANN), a not-for-profit private sector organization which is charged with coordinating and ensuring the stable and secure operation of the Internet’s unique identifier systems.

This Privacy Notice outlines policies that apply to information processed in conjunction with all PIR’s products and services.

Inquiries can be made electronically via e-mail at privacy@pir.org, or via mail to Privacy Office c/o Public Interest Registry, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190 US, or via PIR’s EU Representative at datenschutz@rickert.net or Rickert Rechtsanwaltsgesellschaft mbH, Kaiserplatz 7-9, 53113, Bonn, Germany.

I. Why Do We Collect Information?

As a registry operator, PIR has the responsibility to maintain the operation of each of its gTLDs, including effecting registrations in TLDs and maintaining a registry of the domain names within each gTLD.  PIR takes actions to process information and directs the actions of third parties to process data in connection with our responsibilities as a registry operator to ensure domain name registrations function in a predictable and reliable way as required by our contracts with ICANN.

As defined by our ICANN contracts, PIR works with ICANN accredited registrars to enable the sale of domain names and to ensure those domain names properly function for registrants (domain name owners).  In order to provide domain name services and maintain a secure zone, registrars are required to collect information from registrants upon registration of a domain name.  Registrars are then required to pass certain information to registries to maintain the functionality of the zone.  All of these requirements are outlined in both the registry and registrar contracts with ICANN and the subsequent required contracts between registries and registrars.

Registrars are responsible for collecting and transferring registration data, presenting each registrant with their privacy policies, that of their registry partners, and information on the mechanisms for access and correction of their data.  Because you may choose any ICANN accredited registrar to register a domain name, questions regarding a registrar’s privacy policy or practices should be directed to your Registrar.

ICANN, registries, and registrars are joint controllers for all information collected, stored, transferred, and processed in line with our Registry contracts with ICANN.

In addition to the joint controller relationship between ICANN, registries, and registrars, registries and registrars are required to securely escrow registry data with ICANN accredited data escrow providers to provide protection against the unlikely event of registry or registrar failure or loss.

II. Information We Collect

PIR receives domain name registrations, and the associated personal data provided upon registration of a domain name by registrants, from ICANN accredited registrars.  In addition to domain name registration data, PIR collects information from users interacting with our websites and services. The data PIR collects depends on your interactions with our websites and services:

  • Much of what we collect is provided directly by you during the process of registering a domain name from an ICANN accredited registrar pursuant to a domain name registration contract.
  • We collect information about you when you interact with a PIR website, participate in a survey, request a newsletter or mailing list membership, and apply for a job.
  • PIR may also obtain data from sources such as cookies, publicly available datasets, and third-party data analysis.

1. Registrants

PIR accepts domain name registrations only from ICANN-accredited domain name registrars. PIR does not accept domain name registrations directly from registrants.  When you register a domain name through a registrar, the registrar collects information (in accordance with their ICANN accreditation and ICANN contract requirements and discloses it to PIR (Registration Data or WHOIS Data)). Registrant data is not collected at the registry level by PIR.  Information may be collected from the registrant, a nominated administrative domain contact, technical contact, or billing contact.  This Notice defines “registrant” or “you” as these persons. Registrars then pass the registrant data to PIR as required by our contracts with ICANN to fulfill our requirements and service as a registry operator to register and maintain the domain name. A list of registration data received and processed by PIR:

Domain Name:
Registrant ID:
Registrant Name:
Registrant Organization (optional input)
Registrant Street:
Registrant Street:
Registrant City:
Registrant State/Province: (optional input)
Registrant Postal Code:
Registrant Country:
Registrant Phone:
Registrant Fax: (optional input)
Registrant Email:
Admin ID:
Admin Name:
Admin Organization: (optional input)
Admin Street:
Admin Street:
Admin City:
Admin State/Province: (optional input)
Admin Postal Code:
Admin Country:
Admin Phone:
Admin Fax: (optional input)
Admin Email:
Registry Tech ID:
Tech Name:
Tech Organization: (optional input)
Tech Street:
Tech Street:
Tech City:
Tech State/Province: (optional input)
Tech Postal Code:
Tech Country:
Tech Phone:
Tech Fax: (optional input)
Tech Email:

Please note that each registrar has its own policies and procedures and you should review a registrar’s privacy policy and procedures prior to your registration of a domain name.

2. Website Users

a. User Information

You may visit PIR websites without identifying yourself. If you are interested in our services (other than registering a domain name, which must be done through an accredited registrar) or wish to subscribe to our newsletter, you may be required to register with PIR. When you register, we may request certain personal data, including your name, address, e-mail address and other personal data. In addition to website registration, PIR may request personal data for purposes such as the provision of customer service, service offerings, network management, surveys, and other exchanges of information.

b. Cookies

A cookie is a small data file that certain websites write to your hard drive when you visit the site.  A cookie file can contain information that allows PIR to track the pages you have visited.  PIR uses cookies to tell when a user is a repeat visitor and to let us know how the user found the website. Cookies also allow us to automatically link users to their personalized accounts (should you choose to register with PIR), enabling you to enter various services as a member and to visit member-restricted areas of the site without having to log in each time.

Visitors to our sites have the option to disable cookies via their browser preferences or through www.allaboutcookies.org.  You can refuse cookies by turning them off in your browser.  However, PIR maintains a legitimate interest in using cookies, as some of our website and services will not work if the ability to accept cookies is disabled. This applies to the use of cookies by PIR and does not apply to the use of cookies or other tracking technologies used by any third parties.

c. User generated content

PIR is not responsible for maintaining as confidential any personal or other data posted by you on message boards hosted by our websites.  Users voluntarily disclosing such personal data makes your information publicly available.

d. Log files

PIR gathers information about all users collectively, such as what areas of its site’s users visit most frequently and what services users access most often. This data is logged and aggregated so we may use it to understand user behavior and for system-performance monitoring. PIR does not maintain individual log file data and only maintains aggregate user statistics which are not capable of identifying an individual.  PIR may disclose aggregated user statistics to describe the service to prospective partners, advertisers, and other third parties and for other lawful purposes.

e. Children

Please note that we do not knowingly solicit information from children, and we do not knowingly market our products or services to children.  If you have reason to believe anyone under the age of 18 has provided PIR with any personal data, please contact us at privacy@pir.org,.

f. Sensitive Personal Information

Similarly, PIR dos not ordinarily or knowingly require or collect sensitive personal information (information specifying medical or health conditions, racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, or information specifying sex life of an individual

III. Purpose for Using Personal Data

PIR will make all reasonable efforts to ensure that personal information is processed only for the purposes set out below (including to provide the services requested by you and to fulfill PIR’s contracts with ICANN).  We will make all reasonable efforts to ensure that personal information is not further processed in a way incompatible with the purpose for which it was collected or received. PIR will only disclose this information, or elements of this information, in certain defined situations defined below in the Data Sharing and Disclosure.

1. Domain Name Registration

PIR uses the information provided by registrars to effect domain name registrations and to maintain the security and stability of our TLDs to ensure continued and reliable function to domain name users; to conduct analysis in order to optimize our service to you; and investigate and mitigate abuse in line with PIR’s Abuse Policy. In addition to ensuring the secure and stable registration and operation of your domain name, PIR may use registration data to improve our services, promotions, and systems and to develop and collect aggregate anonymous statistics related to PIR’s systems and services.

2. WHOIS

PIR is required by our ICANN contracts to maintain a public searchable WHOIS or RDDS lookup for domain names in our TLDS.  To that end, PIR will display all non-personal registration information publicly via both web-based WHOIS or RDDS lookup and a Port 43 WHOIS service.  PIR will retain and maintain the full set of registration information provided by registrants upon registration of a domain name.

3. Website Information

If you submit personal data to PIR through our website, we may use that information to assist with the functionality of the website. This may include sending you information you have requested to receive (i.e. newsletters) and providing you with policy and services updates.  Be aware that any information you voluntarily provide via message boards or public discussion tools becomes publicly available information and may be used by PIR or others.

PIR may also collect aggregated data from visitors to our websites (i.e. cookies, log files, usage data, IP address, browser, click stream data, etc.) and may use that data to analyze and evaluate the effectiveness of our website design, services, marketing, and campaigns.

4. OnGood

Because .ngo and .ong are validated TLDs, meaning that only confirmed non-governmental organizations may register these domain names, PIR will use the registration information we receive from registrars, as well as additional credential information provided by the registrant organization, to complete validation and audit processes as required by our ICANN contracts using OnGood, a community of verified .ngo and .ong domains. OnGood requires a contact to enter personal data, including name, address, e-mail address, and other personal data.

IV. Lawful Bases for Processing Personal Data

PIR processes your personal data: (a) based on the performance of a contract to which you are a subject or (b) where we have a legitimate business interest in doing so.

When a person requests and registers a domain name through a registrar, they agree to a domain name registration contract.  In order to provide the requested domain name registered in a person’s name (or in the name of the organization), PIR as a registry, must use the information received from the registrar to effect a domain name registration and ensure domain name function throughout the registration period.

PIR may also have a legitimate interest in using personal data that is provided by you in order to optimize our service to you and your experience on our Website.  PIR may also use third-party data providers to process data in the use of their services to provide online advertisement.

V. Data Sharing and Disclosure

1. Partners and Service Providers

Our trusted processors (vendors, subcontractors, and other similar business partners) are responsible for processing some of the personal data that we receive.  Therefore, PIR discloses some personal data as received from your registrar to our processors.  These processors are not authorized to use such personal data for purposes beyond those specified by us and to the extent that they process any personal data they are required to provide security and privacy protections in line with PIR’s Privacy Policy and in compliance with applicable privacy and data protection laws.

a. WHOIS and Registration Data

PIR only requires the registrars to disclose to us the registration data dictated by ICANN as necessary for the registration and maintenance of a domain name.  ICANN requires the maintenance of both web-based WHOIS access and Port 43 WHOIS access. The below shows the non-personal data that PIR will make publicly available via PIR’s web-based WHOIS portal and Port 43 access pursuant to the redaction requirements in ICANN’s Interim Registration Data Policy for gTLDs.

Domain Name: example.tld
Registry Domain ID: D13664-LRMS
Registrar WHOIS Server:
Registrar URL: www.example.tld
Updated Date: 2017-07-13T15:15:13Z
Creation Date: 2001-07-29T23:51:48Z
Registry Expiry Date: 2018-07-29T23:51:48Z
Registrar Registration Expiration Date:
Registrar: Example Registrar
Registrar IANA ID: XXX
Registrar Abuse Contact Email: abuse@pir.org
Registrar Abuse Contact Phone: +XX.XXXXXXX
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province:
Registrant Country:
Name Server:
DNSSEC:
URL of the ICANN Whois Inaccuracy Complaint Form
Last update of WHOIS Database:

In addition, we may share aggregated demographic information with our business partners and the press. This is not linked to any personal data that can identify any individual.

b. Data Escrow Provider

PIR is required by its contracts with ICANN to escrow all the registration data PIR receives from registrars by providing a copy to a trusted third party (Data Escrow Providers).  The Data Escrow Providers are accredited by ICANN and are tasked with securely holding the data.  They are not authorized to process the data.  In the event of a registry technical failure, the securely held data will be used to ensure the continued functionality of registered domain names.  This backup mechanism is a protective measure that ensures the continued stable and secure operation of the DNS.

c. Afilias

While PIR is the registry operator for the .org, .ngo, .ong, .机构, .संगठन, .орг domains, we contract Afilias, LLC to be our technical backend registry services provider.  To make the chosen domain name a functional address on the Internet, PIR discloses data to TLD server administrators for the purpose of ensuring that the domain name bundle operates as a functional address on the Internet.  As a processor, Afilias receives registrant information solely for the purpose of processing the information on behalf of PIR to perform the technical functions to effect domain name registrations.

PIR also uses Afilias as its third-party technical backend provider for OnGood, which is a community of verified .ngo and .ong domains.  PIR shares information with Afilias so that it can maintain the functionality of .ngo and .ong domains, deliver service features to the registrant, conduct and complete the registrant validation and audit processes as required by our ICANN contracts, and maintain a credentials database.

 d. Sharing the information we collect on our website

The information that you supply to PIR through this site, OnGood, or through a promotional program conducted by PIR will never be given, sold, rented, loaned, or otherwise disclosed to any third parties outside of PIR, except where outlined above or under special circumstances.  Our Exceptions and Special Circumstances Policy (below), permits PIR to shared information when it is necessary to comply with legal process or protect the rights, property, or personal safety of PIR, its customers, or the public.

e. Links and third-party collection

This Privacy Notice only addresses the processing of personal data we collect from you. The processing of any data you disclose to other parties will be governed by their privacy policy.  Users should be aware of their personal privacy settings when using platforms and apps and update them to manage your privacy preferences.

f. Traffic Data

PIR is authorized by our contracts with ICANN to make use of “traffic data” for a variety of purposes (the relevant registry contract provision can be viewed here; Sec. 3.1(f)).  PIR makes use of traffic data for technical purposes to enhance security and stability in its operations.  PIR may make use of such data for purposes connected with the sale of domain names provided that such use does not involve collection or dissemination of personally identifiable information.

2. Exceptions and Special Circumstances

There are occasionally special circumstances that require PIR to disclose information which could include personal data.

In certain circumstances, PIR must disclose information beyond the limits outlined above including when it is necessary to fulfill a transaction or provide information you have requested; necessary to protect the rights, property or personal safety of PIR, its customers or the public; in the vital interests of the data subject or another person; required by law or necessary to respond to legal process; necessary to meet the requirements of requests, lawfully made by public authorities, including requests to meet national security or law enforcement requirements.

PIR reserves the right to disclose personal data or non-personal data that PIR believes, in good faith, is appropriate or necessary to enforce our Registry Policies, and to protect the security or integrity of our Website.

VI. How to Access, Amend, and Control Your Personal Data

If you have any questions about a domain name registration, you should begin by contacting the registrar of record.  Except for certain extraordinary circumstances, PIR only alters a record in the registry at the request of a relevant and authorized registrar.

If you are a domain name registrant and wish to update your domain account information, you should do so through your sponsoring registrar.

If you are another type of user, you may request to have your personal data changed or corrected (e.g., a change of address).  If you object to the processing of your personal data by third party service providers for online advertising please change your personal privacy settings within those services (i.e. Facebook Companies, Google).

You may also wish to contact us should you no longer desire our service. You may contact PIR via e-mail at privacy@pir.org or at Public Interest Registry, c/o Privacy Office, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190, United States of America.

Special Note for EU Data Subjects

1. Data Subject Rights

The EU General Data Protection Regulation (2016/679) affords you certain rights.  Where applicable you may request confirmation that PIR does or does not process personal data related to you.  You may request a copy of your personal data or request that a copy is sent to a third party.  You may request that your data, such as your address, is amended or corrected. In some circumstances you may request that your data processed by PIR be deleted.  You may also request, in certain cases, that we restrict processing of your personal data by PIR. You also have the right to object to receiving direct marketing.  To the extent your information is processed by PIR based upon consent, you may withdraw that consent at any time.

Should you wish to exercise any of these rights or other rights afforded you by the GDPR please contact us via e-mail at privacy@pir.org, or at Public Interest Registry, c/o Privacy Office, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190, United States of America.

You may contact PIR’s EU Representative at datenschutz@rickert.net or Rickert Rechtsanwaltsgesellschaft mbH, Kaiserplatz 7-9, 53113, Bonn, Germany.

2. Data Transfer

In order to fulfill the requirements of our contracts with ICANN and registrars, and to provide the promised services to you, PIR may receive data from EEA countries or transfer your data to third countries.  PIR, as a non-profit, US-based entity, is not able to avail itself of the Privacy Shield Frameworks and instead transfers EEA data to third countries as is necessary to perform the requirements of our contracts using model contractual clauses as our legal basis for transfer.  Ordinarily, PIR will not operate on the basis of consent, however, for certain non-contractual operations, PIR may transfer your data on the basis of consent.  In such cases, your consent will be explicitly requested and is revocable at any time.

VII. Security

PIR takes strong precautions to protect information and continually strives to ensure we are adhering to industry best practices and security standards.  When you submit personal data via our websites or when registrars submit specifics about a domain name registration, as required by our ICANN contracts, your personal data are protected both online and offline.

We are required to take reasonable steps to protect personal data from loss, misuse, unauthorized disclosure, alteration, or destruction and not to use or authorize the use of personal data in a way that is incompatible with the purposes for which it was collected or with the notice provided to registrars. All joint controllers and vendor (third party processors) partners are to adhere to the requirements in this privacy policy and to meet security standards that are commensurate with the data they receive and process.  These third parties also have their own privacy and security policies. Should you have questions about their privacy policies or security practices, you should contact them.

1. Data Breaches

PIR, upon discovering a data breach, ensure we meet all data privacy requirements, including GDPR Articles 33 and 34 where applicable.

2. Data Retention

PIR does not retain personal data for any longer than is necessary for its original purpose.

VIII. Update

We reserve the right to amend this Privacy Notice at any time. This Privacy Notice was last updated in October 2019.