.NGO & .ONG Privacy Policy

Privacy Notice

Our globally diverse team is committed to providing a stable online platform where everyone has a voice. As part of our commitment to provide a secure, stable space to empower people’s voices your privacy is important to us.

This Privacy Notice outlines what information Public Interest Registry (PIR) collects through your interactions with our products and services, how we use that information, and how we work to protect your privacy and personal data.

Privacy Notice – PIR (All gTLDs under management)

Public Interest Registry (PIR) provides reliable, secure management of the .org, .ngo, .ong, .机构, .संगठन, .орг domains. As the registry operator for these generic top-level domains (gTLD), PIR maintains the responsibility for the operation of each gTLD, including maintaining a registry of the domain names within each gTLD.

PIR serves as the registry operator for these gTLDs under contracts with the Internet Corporation for Assigned Names and Numbers (ICANN), a not-for-profit private sector organization which is charged with coordinating and ensuring the stable and secure operation of the Internet’s unique identifier systems (link to ICANN contracts page).

This Privacy Notice outlines policies that apply to information processed in conjunction with all PIR’s products and services.

Inquiries can be made electronically via email at privacy@pir.org, or via mail to Privacy Office c/o Public Interest Registry, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190 US.

I. Why Do We Collect Information?

As the registry operator for the .org, .ngo, .ong, .机构, .संगठन, .орг domains, PIR has the responsibility to maintain the operation of each gTLD, including effecting registrations in TLDs and maintaining a registry of the domain names within each gTLD.  PIR takes actions to process information and direct the actions of some third parties to process data in connection with our responsibilities as a registry operator to ensure domain name registrations function in a predictable and reliable way as required by our contracts with ICANN. (link to ICANN contracts page)

As defined by our ICANN contracts, PIR, as a registry operator, works with ICANN accredited registrars to enable the sale of domain names and to ensure those domain names function reliably for registrants (domain name owners).  In order to provide domain name services and maintain a reliable, secure zone, registrars are required to collect information from registrants upon registration of a domain name. Registrars are then required to pass certain information to registries to maintain the functionality of the zone.  All of these requirements are outlined in both the registry and registrar contracts with ICANN and the subsequent required agreements between registries and registrars.

Registrars are responsible for collecting and transferring registration data, presenting each registrant with their privacy policies, that of their registry partners, and information on the mechanisms for access and correction of their data.  If you have questions or concerns with regard to a registrar’s privacy policy or practices, please be aware that a registrant may choose any ICANN accredited registrar to purchase a domain name and that they may communicate with a registrar regarding questions or concerns at any time.

Because of these relationships outlined by contractual requirements ICANN, registries, and registrars are joint controllers for all information collected, stored, transferred, and processed in line with our Registry Agreements with ICANN. (Link to ICANN contracts page)

In addition to the joint controller relationship between ICANN registries, and registrars; registries and registrars are required to securely escrow registry data with ICANN accredited data escrow providers to provide protection against the unlikely event of registry or registrar failure or loss.

II. Information We Collect

PIR is the registry operator for the .org, .ngo, .ong, .机构, .संगठन, .орг top-level domains (TLDs). As such, PIR receives domain name registrations, and the associated personal data provided upon purchase of a domain name by registrants, from ICANN accredited registrars.  In addition to domain name registration data PIR collects information from users interacting with our websites and services. The data PIR collects depends on your interactions with our websites and services as set out below:

  • Much of what we collect is provided directly by you during the process of purchasing a domain name from an ICANN accredited registrar pursuant to a domain name purchase contract.
  • We collect information about you when you interact with a PIR website, participate in a survey, request a newsletter or mailing list membership and apply for a job.
  • PIR may also obtain data from sources such as cookies, publicly available datasets, and third-party data analysis.

1. Registrants

PIR is the registry operator for the .org, .ngo, .ong, .орг, .机构, and .संगठन top-level domains (TLDs). As such, PIR accepts domain name registrations only from ICANN-accredited domain name registrars. PIR does not accept domain name registrations directly from registrants. When you register a domain name through a registrar the registrar collects information, in accordance with their ICANN accreditation and ICANN contract requirements, including your name, address, contact information, telephone number. Data may be relating to the registrant, a nominated domain contact or a technical contact. When we refer to “registrant” or “you” in this Notice we are referring to all of these persons.

Please note that the registrant data is not collected at the registry level by PIR.  Registrants provide their information to registrars upon purchase of a domain name and registrars then pass only the registrant data to PIR that is required by our contracts with ICANN to fulfill our requirements as a registry operator and register the domain name.

Please note that each registrar has its own policies and procedures and you should review a registrar’s privacy policy and procedures prior to your purchase of a domain name.

2. Website Users

a. User Information

You are free to visit PIR websites without identifying yourself. If you are interested in our services (other than registering a domain name, which must be done through an accredited registrar) or wish to subscribe to our newsletter, you may be required to register with PIR. When you register, we may request certain personal data, including your name, address, e-mail address and other personal data. In addition to website registration, PIR may, from time to time, request personal data for purposes such as the provision of customer service, service offerings, network management, surveys and other exchanges of information.

b. Cookies

A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information that allows PIR to track the pages you have visited. PIR uses cookies to tell when a user is a repeat visitor and to let us know how the user found the website. They also allow us to automatically link users to their personalized accounts (should you choose to register with PIR), enabling you to enter various services as a member and to visit member-restricted areas of the site without having to log in each time.

Visitors to our sites always have the option of disabling cookies via their browser preferences or through www.allaboutcookies.org. You can refuse cookies by turning them off in your browser. However, PIR maintains a legitimate interest in using cookies, as some of the website and services will not work if the ability to accept cookies is disabled. This applies to the use of cookies by PIR and does not apply to the use of cookies or other tracking technologies used by any third parties.

c. User generated content

PIR is not responsible for maintaining as confidential any personal or other data posted by you on message boards hosted by our websites. Users voluntarily disclosing such personal data in this way makes this publicly available information.

d. Log files

PIR gathers information about all users collectively, such as what areas of its sites users visit most frequently and what services users access most often. This data is logged and aggregated so we may use it to understand user behavior and for system-performance monitoring. PIR does not maintain individual log file data and only maintains aggregate user statistics which are not capable of identifying an individual. PIR may disclose aggregated user statistics to describe the service to prospective partners, advertisers, and other third parties and for other lawful purposes.

e. Children

Please note that we do not knowingly solicit information from children, and we do not knowingly market our products or services to children.  If you have reason to believe anyone under the age of 18 has provided PIR with any personal data, please contact us.

III. Purpose for Using Personal Data

PIR will make all reasonable efforts to ensure that personal information is processed only in relation to the purposes set out below including to provide the services requested by you and to fulfill PIR’s agreements with ICANN.  We will make all reasonable efforts to ensure that personal information are not further processed in a way incompatible with the purpose for which it was collected or received. PIR will only disclose this information, or elements of this information, in certain defined situations defined below in the Data Sharing and Disclosure.

1. Domain Name Registration

PIR uses the information provided by registrars to effect domain name registrations and to take efforts to maintain the security and stability of our TLDs to ensure continued and reliable function to domain name users.


PIR is required by our ICANN agreements to maintain a public searchable WHOIS lookup for domain names in our TLDS.  To that end, PIR will display all non-personal registration information publicly via both web-based WHOIS lookup and a Port 43 WHOIS service.  PIR will retain and maintain the full set of registration information provided by registrants upon registration of a domain name.

3. Website Information

As noted previously, you are free to visit PIR websites without identifying yourself.  However, if you submit personal data to PIR through our website, we may use that information to provide the functionality of the website. This may include sending you information you have requested to receive (i.e. newsletters) and providing you with policy and services updates.  Be aware that any information you voluntarily provide via message boards or public discussion tools becomes publicly available information and may be used by PIR or others.

As noted above, PIR may collect aggregated data from visitors to our websites (i.e. cookies, log files, usage data, IP address, browser, click stream data, etc.) and may use that data to analyze and evaluate the effectiveness of our website design, services, and marketing and campaigns.

4. OnGood

Because .ngo and .ong are validated TLDs, meaning that only confirmed non-governmental organizations may purchase these domain names, PIR will use the registration information we receive from registrars, as well as additional credential information provided by the registrant organization, to conduct and complete validation and audit processes as required by our ICANN contracts using OnGood, a community of verified .ngo and .ong domains. OnGood requires a contact to enter personal data, including name, address, e-mail address and other personal data.

IV. Lawful Bases for Processing Personal Data

PIR process your personal data: (a) on the basis of the performance of a contract to which you are a subject or (b) where we have a legitimate business interest in doing so.

As stated above, when a person requests and purchases a domain name through a registrar they agree to a domain name purchase contract. In order to provide the person with the requested domain name registered in their name (or in the name of the organization that they represent), PIR, the registry, must use the information received from the registrar to effect a domain name registration and ensure domain name function throughout the registration period.

PIR may also have a legitimate interest in using personal data that is provided by you in order to optimize our service to you and your experience on our Website.

V. Data Sharing and Disclosure

1. Partners and Service Providers

Our trusted processors (vendors, subcontractors and other similar business partners) are responsible for processing some of the personal data that we receive on our behalf. These processors are not authorized to use such personal data for purposes beyond those specified by us and to the extent that they process any personal data they are required to provide (generally in a written agreement) security and privacy protections in line with PIR’s privacy policy and in compliance with applicable privacy and data protection laws.

a. WHOIS and Registration Data

PIR only requires the registrars to disclose to us the registration data dictated by ICANN as necessary for the registration and maintenance of a domain name.  As noted above ICANN requires the maintenance of both web-based WHOIS access and Port 43 WHOIS access. The full set of registration data disclosed to PIR by a registrar can be found in the 2013 RRA Appendix 3, Section 1.4.2.  The below  shows the non-personal data that PIR will make publicly available via PIR’s web-based WHOIS portal and Port 43 access in line with the redaction requirements in ICANN’s Temporary Specification (link to Temporary Specification and ICANN contracts page).

Domain Name: example.tld

Registry Domain ID: D13664-LRMS

Registrar WHOIS Server:

Registrar URL: www.example.tld

Updated Date: 2017-07-13T15:15:13Z

Creation Date: 2001-07-29T23:51:48Z

Registry Expiry Date: 2018-07-29T23:51:48Z

Registrar Registration Expiration Date:

Registrar: Example Registrar

Registrar IANA ID: XXX

Registrar Abuse Contact Email: abuse@pir.org

Registrar Abuse Contact Phone: +XX.XXXXXXX


Domain Status: ok https://icann.org/epp#ok
In addition, we may share aggregated demographic information with our business partners and the press. This is not linked to any personal data that can identify any individual person.

b. Data Escrow Provider

PIR is required by its agreements with ICANN to escrow all of the registration data PIR receives from registrars by providing a copy to a trusted third party (Data Escrow Providers).  The Data Escrow Providers are accredited by ICANN and are tasked with securely holding the data.  They are not authorized to process the data in any other way.  In the event of a registry, or registry technical failure, the securely held data will be used to ensure the continued functionality of registered domain names. This backup mechanism in case of failure is a protective measure that ensures the continued stable and secure operation of the DNS.

c. Afilias

While PIR is the registry operator for the .org, .ngo, .ong, .机构, .संगठन, .орг domains, we employ Afilias, LLC as our technical backend registry services provider.  To make the chosen domain name a functional addresses on the Internet PIR discloses these data to TLD server administrators for the purpose of ensuring that the domain name bundle operates as functional addresses on the Internet. As a processor, Afilias receives registrant information solely for the purpose of processing the information on behalf of PIR to perform the technical functions to effect domain name registrations.

d. OnGood

We share information with our third-party technical backend provider for OnGood (Afilias, LLC) in order to maintain the functionality of the service, deliver the service features to the registrant, conduct and complete the registrant validation and audit processes as required by our ICANN contracts, and maintain a credentials database.

e. Sharing the information we collect on our website

The information that you supply to PIR through this site, OnGood, or through a promotional program conducted by PIR will never be given, sold, rented, loaned or otherwise disclosed to any third parties outside of PIR, except where we have informed as outlined above or under special circumstances (see Exceptions and Special Circumstances below), such as when it is necessary to comply with legal process or protect the rights, property or personal safety of PIR, its customers or the public.

f. Links and third party collection

This Privacy Notice only addresses the processing of personal data we collect from you. The processing of any data you disclose to other parties will be governed by their privacy policy.

g. Traffic Data

PIR, like a number of other registries, is authorized by our agreements with ICANN to make use of ‘traffic data’ for a variety of purposes (the relevant registry agreement provision can be viewed here; Sec. 3.1(f)).  PIR makes use of traffic data for technical purposes to enhance security and stability in its operations.  PIR may make use of such data for purposes connected with the sale of domain names provided that such use does not involve collection or dissemination of personally identifiable information.

2. Exceptions and Special Circumstances

This Privacy Notice outlines the limited permissible terms for disclosure of information by PIR. However, there are occasionally special circumstances that require PIR to disclose information which could include personal data.

Circumstances for disclosure beyond the limits outlined above include disclosures that are: necessary to fulfill a transaction or provide information you have requested; necessary protect the rights, property or personal safety of PIR, its customers or the public; in the vital interests of the data subject or another person; required by law or necessary to respond to legal process; necessary to meet the requirements of requests, lawfully made by public authorities, including requests to meet national security or law enforcement requirements.

PIR reserves the right to disclose personally data and/or non-personal data that PIR believes, in good faith, is appropriate or necessary to enforce our Terms of Use or our Acceptable Use Policy, and to protect the security or integrity of our Website.

VI. How to Access, Amend, and Control Your Personal Data

If you have any questions about a particular domain-name registration, you should begin by contacting the registrar of record. Except for certain extraordinary circumstances, PIR alters a record in the registry only at the request of the relevant and authorized registrar.
If you are a domain name registrant and wish to update your domain account information, you should do so through your sponsoring registrar.

If you are another type of user, you may request to have your personal data changed or corrected, for example for a change of address. You may also wish to contact us should you no longer desire our service. You may contact PIR via email at privacy@pir.org or at Public Interest Registry, c/o Privacy Office, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190, United States of America.

Special Note for EU Data Subjects: The EU General Data Protection Regulation (2016/679) affords you certain rights. You may request a copy of your personal data or request that a copy is sent to a third party. You may request that your data, such as your address, is amended or corrected. In some circumstances you may request your data is deleted. You may also request, in certain cases, that we restrict processing of your personal data. You also have the right to object to receiving direct marketing at any time. Should you wish to exercise any of these rights please contact us via email at privacy@pir.org, or at Public Interest Registry, c/o Privacy Office, 1775 Wiehle Avenue, Suite 100, Reston, VA 20190, United States of America.

VII. Security

PIR takes strong precautions to protect information and continually strives to ensure we are adhering to industry best practices and security standards. When you submit personal data via our websites or when registrars submit specifics about the domain name registration, as required by the ICANN contracts, your personal data are protected both online and offline.

We are required to take reasonable steps to protect personal data from loss, misuse, unauthorized disclosure, alteration or destruction and not to use or authorize the use of personal data in a way that is incompatible with the purposes for which it was collected or with the notice provided to registrars. All of our Joint Controller and vendor (third party processors) partners are required by written agreement to adhere to the requirements in this privacy policy and to meet security standards that are commensurate with the data they receive and process.  Please note that our Joint Controller and vendor partners also have their own privacy and security policies. Should you have questions about their privacy policies or security practices we suggest you contact them prior to registering a domain name, though they may be contacted at any time.

VIII. Update

We reserve the right to amend this Privacy Notice at any time. This Privacy Notice was last updated in May 2018.