APNIC privacy statement

Contents

Introduction

The APNIC Secretariat respects your privacy and is committed to protecting the personal information that you provide. This privacy statement describes how the APNIC Secretariat collects, uses, and protects your personal information.

The APNIC Secretariat performs the role of Regional Internet Registry (RIR) for the Asia Pacific region. In this capacity it distributes "Internet resources" to requesting organisations around the region, in response to formal requests. Internet resources include, but may not be limited to, Internet Protocol (IP) addresses, including both IPv4 and IPv6 addresses, and Autonomous System Numbers (ASNs).

Top

How your personal information is collected and used

The APNIC Secretariat collects personal information that is necessary to support its role as RIR for the Asia Pacific region, and in connection with other specific services.

The main purposes for collecting data are:

to support Internet resource requests
for account and billing purposes
to administer meetings, training events, and other communication activities (such as mailing lists and the MyAPNIC and ICONS websites)
to monitor network performance
for recruitment

Each of these purposes is described below.

Top

2.1. Data used to support resource requests

Internet addresses are public resources. To ensure that resources are managed responsibly, the APNIC Secretariat must collect a range of information including:

documentation of network infrastructure, plans, and customer details, which demonstrate the need for addresses requested; and

personal information of people authorised by an organisation to request resources and maintain database entries.

The APNIC Secretariat collects such information from text forms that are submitted by email; web forms, on either the main APNIC web site or the MyAPNIC web site; from general correspondence by phone, email, post, and fax; and from face-to-face meetings.

The APNIC Secretariat uses this information to evaluate resource requests and administer accounts. It also may store some or all of this information for archival purposes, for the purposes of validating or auditing resource allocations in future.

Some of the personal information you provide may be publicly registered in the APNIC Whois Database. This is limited to contact details relating to the allocation of specific public Internet resources.

Please note that in relation to these network contact details, the APNIC Whois Database allows organisations to register "role objects" in place of personal details.

Also, APNIC policies allow for resource holders to choose whether their assignment details should be publicly visible.

Top

2.2. Data used for account and billing purposes

The APNIC Secretariat collects organisational and personal information related to account management.

This information is only used for billing and account administration purposes. All APNIC members are required to provide an email address that will be included on a mailing list for membership-related announcements. This does not need to be a personal email address.

The APNIC Secretariat does publish the names and URLs of APNIC member organisations on the APNIC website, but does not publish personal information relating to those members.

Top

2.3. Data used for meetings, training, and communication activities (such as mailing lists and the MyAPNIC and ICONS websites)

One of APNIC's roles is to provide a open forum where the Internet community can discuss, develop, and learn about Internet technologies and policies.

The APNIC Secretariat uses registration forms and voluntary subscription procedures to collect the information needed to administer meetings, training sessions, and public discussion lists.

The information gathered by registration forms is used to help plan and conduct public meetings and training sessions. The APNIC Secretariat archives registration details to help plan future events and develop services.

The information gathered by subscription procedures is used only in the mailing lists you specify. The APNIC Secretariat provides simple online tools to allow you to manage your own subscription status on mailing lists.

Top

2.4. Data used to monitor network performance

The APNIC Secretariat logs certain technical data from visits to APNIC web sites.

The APNIC Secretariat does not attempt to personally identify people who browse these web sites, or build profiles of their browsing patterns.

The APNIC Secretariat uses this information only to analyse how the online services are used and how they perform. This is needed to maintain and develop services.

In cases where APNIC's online services are abused or attacked, the APNIC Secretariat may use the logged information to investigate the incidents or to deny further access to those responsible.

Top

2.5. Data used for recruitment

The type of personal information the APNIC Secretariat collects for recruitment is the information included in your application letter or resume, or raised in your interview and any other phone calls, emails, or letters.

The APNIC Secretariat may collect this information from you directly, or from a recruitment agency that you have authorised.

The APNIC Secretariat may collect information from previous employers or other referees that you have nominated, but only with your consent.

If you provide personal information for the purposes of recruitment, the APNIC Secretariat will only use your information for that purpose.

Your information will be kept on file for one year. At the end of that time, your information will be securely destroyed. During the time, you can update your personal information, or gain access to it at a mutually convenient time, by sending a written request to employment@apnic.net.

Top

Protecting your information

APNIC policies and agreements contain specific protections for the confidentiality and security of information collected by the APNIC Secretariat.

All APNIC staff members, contractors, and Executive Council members, are required to sign non-disclosure agreements relating to any confidential information received.

In addition, the APNIC Secretariat maintains a high level of physical security and protection for all its computer and network facilities, and in particular for those in which personal information may be stored.

Top

Data sharing and transfer

The APNIC Secretariat sometimes shares information with related Internet address organisations such as IANA, ICANN, other RIRs, and National Internet Registries (NIRs). This may be done to support APNIC’s requests for new address resource allocations. It may also be done to help ensure that request evaluations are performed consistently across this region and globally. The information shared in these cases is limited to that which is required for the respective purpose and is subject to those other organisations providing equivalent levels of security and protection.

The APNIC Secretariat authorises the downloading of the APNIC Whois database only for the purpose of Internet operational and troubleshooting applications. Only information which is normally publicly available is transferred in these downloads.

The APNIC Secretariat does not share personal information which is collected from event registration forms, except as necessary for the conduct of the event in question. The APNIC Secretariat may publish lists of meeting attendees on a web site, as part of its commitment to open and transparent policy development. Those attendance lists contain the name of the attendee and their organisation, but no contact or other personal details.

The APNIC Secretariat does not share any mailing list subscription details, although it may on occasion forward external messages to a particular mailing list if it is relevant and appropriate for that list. The APNIC Secretariat does, however, provide publicly searchable archives of all public mailing lists, as this is necessary for the open and transparent policy development process.

The APNIC Secretariat does not share personal information that you have provided in relation to recruitment unless you specifically consent to this.

Top

Accessing and changing your information

Individuals and organisations who maintain information in the APNIC Whois Database are able to modify their own registration details by using either email or web-based methods. The APNIC Secretariat is able to help those who may have trouble modifying their own data; however, to prevent unauthorised changes to registration details, there are strict procedures to identify people and verify their right to request changes.

Some web-based forms allow you to save the state of your form before you submit it. The data from these forms is stored securely on APNIC servers. In these cases, you will be asked to create your own password. The APNIC Secretariat will then send you a personalised URL which allows you to revise and correct any information you have saved. This data will be deleted from APNIC servers after a short period (generally two weeks).

If you have subscribed to any APNIC mailing lists, you are able to unsubscribe yourself at any time.

If you have concerns about the accuracy or appropriateness of any other personal information held by the APNIC Secretariat, please contact helpdesk@apnic.net. The APNIC Secretariat will seek to correct any problems as soon as possible.

Top

Changes to this privacy statement

The APNIC Secretariat will amend this statement from time to time. If there are any substantial changes, they will be announced on the APNIC web site.

Top

Questions or suggestions

If you have questions or concerns about the issues discussed, please email helpdesk@apnic.net.

Top | Corporate documents