APNIC Privacy Statement

1. Introduction

As the Regional Internet Registry (RIR) in the Asia Pacific region, Asia Pacific Network Information Centre (APNIC) provides the following functions:

  • The distribution and management of Internet number resources;
  • providing forums for Internet policy development;
  • help build essential technical skills across the Asia Pacific region;
  • support Internet infrastructure development;
  • produce insightful research; and
  • serve as an active participant in the multi-stakeholder model of Internet cooperation and governance.

The APNIC Secretariat (the staff of APNIC, hereinafter referred to collectively as APNIC) carries out the day-to-day work to support APNIC’s mission – to serve its members and the Asia Pacific Internet community stakeholders.

APNIC needs to collect personal information that is necessary to support its role as the RIR for the Asia Pacific region. As an entity located in Australia, APNIC complies with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).

APNIC respects your privacy and is committed to protecting the personal information that you provide, no matter where you are physically located. This privacy statement describes how APNIC collects, store, uses, discloses and protects your personal information.

Top

2. The types of information collected

2.1. Personal information we collect from you

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

APNIC collects personal information about you when you contact us, visit our website, access APNIC Academy online courses, use MyAPNIC or deal with us in some other way.

  • Identity information including your name, address, date of birth and gender; and
  • Other personal information, such as details of your interactions with us.

Note that some of services provided by APNIC (i.e. our mailing lists, public forums, participation in our public meetings etc) make the information you provide public. You are personally responsible for carefully considering whether to use these services (for more information, please see section 6).

Top

2.2. Non-personal information – Organizational and Network information

Aside from personal information, APNIC collects organization and network information that are not personal information.

“Organizational information” is information provided to APNIC relating to an organization that is authorized to use our services, for instance, a member. APNIC primarily collects routine business contact information – the name of the organization, business address and organizational contact information. Organizations should only provide the personal information of their staff, customers or others to APNIC with the consent of the affected individuals. The organizations involved are responsible for ensuring the ongoing accuracy of such information supplied to APNIC.

“Network Information” is information collected when users access APNIC’s website or uses APNIC’s services, but by itself is not typically used to identify an individual. These include your IP address, geographical location, browser type, referral source, length of visit and number of page views.

Top

3. How your personal information is used

APNIC collects personal information for the following main purposes:

  • to support Internet number resource requests;
  • for account and billing purposes;
  • to administer conferences, meetings, training events, and other communication activities (such as mailing lists);
  • for contact management;
  • to provide better service to members;
  • to monitor network performance;
  • for recruitment purposes; and
  • for disclosure required by law or by enforcement bodies.

Each of these purposes is described below.

Top

3.1. Personal information used to support Internet number resource requests

IP addresses are public resources. To ensure that these Internet number resources are managed responsibly, APNIC must collect a range of information including:

  • personal information and proof of identity documents from people authorized by an organization to request IP addresses and maintain database entries; and
  • documentation of network infrastructure, plans, and target customers, which demonstrate the need for IP addresses requested.

APNIC collects such information by the following means:

  • via web forms;
  • on the following websites:
    • the main APNIC website;
    • MyAPNIC website;
    • APNIC Academy website;
  • from general correspondence by phone, email, post, and fax; and
  • from face-to-face meetings.

APNIC uses this information to evaluate Internet number resource requests and administer accounts. It also may store some or all this information for archival purposes, for the purposes of validating or auditing Internet number resource allocations in future.

Some of the personal information you provide may be publicly registered in the APNIC Whois Database. This is limited to contact details relating to the allocation of specific public Internet resources. Please note that in relation to these network contact details, the APNIC Whois Database allows organizations to register “role objects” in place of personal details. Also, APNIC policies allow for Internet number resource holders to choose whether their assignment details should be publicly visible.

3.2. Personal information used for account and billing purposes

APNIC collects organizational and personal information, including banking details, for billing and account administration purposes.

All APNIC Members are required to provide an email address that will be included on a mailing list for membership-related announcements. This does not need to be a personal email address.

APNIC publishes the names and uniform resource locator (URLs) of all APNIC Members on the APNIC website.

This may include APNIC members who operate their businesses as individuals.

3.3. Personal information used for conferences, meetings, training, and communication activities

In order to administer conferences, meetings, training sessions, and communication activities such as public discussion lists, it is necessary for APNIC to use registration forms to collect personal information. APNIC may also collect optional personal information from you such as such as age bracket, gender and proficiency in English, if you choose to provide them, for diversity research and statistics.

The personal information gathered by registration forms is used to help plan and conduct public conferences, meetings, online and face to face training sessions. APNIC archives registration details to help plan future events and develop services. The personal information gathered by subscription procedures is used only in the mailing lists you specify and may be visible to other list members. APNIC provides simple online tools to allow you to manage your own subscription status on mailing lists.

Certain events such as APNIC Conferences require photography and videography and such media may be used in APNIC publications, on the APNIC website, or on social media platforms. APNIC takes all care to inform event attendees that photography and videography may take place.

3.4. Personal information used for contact management

APNIC and its subsidiary, APNIC Foundation collect and share organizational and personal information for contact management purposes. The personal information gathered by face-to-face meetings, for example, the exchange of business cards is used only to enable APNIC to effectively manage and organize information about its Members, attendees of APNIC conferences and other contacts. We use this information to improve our engagement with the community.

3.5. Non-personal information to provide better service to members

APNIC is always working on improving the products and services to provide members with the best service experience. We may obtain access to non-personal Network Information about your computer and your visits from third party sources to APNIC websites such as your IP address, geographical location, browser type, referral source, length of visit and number of page views. We obtain access to this non-personal Network Information to build on anonymous insights whilst always protecting end-user privacy. We may use this anonymized behavioral information in the administration of this website, to improve the website’s usability, and for communication purposes. We may also use that information to recognize your computer when you visit our website, and to personalize our website for you.

We will not use the aggregated data to identify personal information.

3.6. Information used for APNIC measurements and Ad serving

APNIC uses online advertisements to measure aspects of the Internet’s infrastructure and support for new technologies, such as the deployment of IPv6 or the support of Domain Name System Security Extensions (DNSSEC). APNIC does not collect personal information in such advertisements placed by APNIC. For more information about APNIC’s practices for APNIC measurements and Ad serving, please see.

3.7. Personal information used for recruitment

If you provide personal information for the purposes of recruitment, APNIC will only use your personal information for that purpose, and your personal information will be stored securely. You can update your personal information, or gain access to it at a mutually convenient time by sending a written request to hr@apnic.net .

3.8 Disclosure required by law or by enforcement bodies

APNIC may also disclose personal information about you if such disclosure is:

  • required or authorized by or under an Australian law, or by a court or tribunal order; or
  • reasonably necessary for one or more enforcement activities conducted by, or on behalf of, an enforcement body; or
  • permitted under the circumstances described as permitted general situations under section 16A of the Privacy Act 1988.

4. Protection and storage of your personal information

APNIC policies and agreements contain specific protections for the confidentiality and security of personal information collected by APNIC.

All APNIC staff members, contractors, and Executive Council members, are required to preserve the confidentiality of any confidential information received.

In addition, APNIC maintains a high level of physical security and protection for all its computer and network facilities, and particularly for those in which personal information may be stored. APNIC takes all reasonable measures to ensure the electronic security of its computer systems and networks, including the information stored in APNIC offices, data centre facilities, and by third-party application providers.

Top

5. Personal Information sharing and transfer

APNIC may need to share personal information with its subsidiary, APNIC Foundation.

APNIC also may need to share personal information with other Internet-related organizations such as other RIRs, Internet Corporation for Assigned Names and Numbers (ICANN) and Internet Assigned Numbers Authority (IANA). The information shared is limited to that which is required for the respective purpose and is subject to those other organizations providing equivalent levels of security and protection.

APNIC does not share personal information that is collected from event registration forms, except as necessary for the conduct of the event in question. APNIC may publish lists of conference attendee names and affiliations on a website, as part of its commitment to open and transparent policy development. This information would only be listed if those attendees provide APNIC with the express permission to publish the information.

Top

6. Accessing, updating and correcting your personal information

Individuals and organizations that maintain information in the APNIC Whois Database can modify their own registration details by using either email or web-based methods.

To prevent unauthorized changes, there are strict procedures to identify people and verify their right to request changes.

You may modify any information you have used in a web-based form at any time. You will need to create a password and APNIC will then send you a personalized URL, which allows you to modify that information. This data will generally be deleted from APNIC servers after two weeks.

If you have subscribed to any APNIC mailing lists, you are able to unsubscribe yourself at any time.

If you have concerns about the accuracy or appropriateness of any other personal information held by APNIC, please contact us. APNIC will seek to correct any problems as soon as possible.

Top

7. Privacy Complaints

If you have a concern or complaint about your privacy, you may make a complaint to APNIC by emailing, or in writing to:

APNIC
PO Box 3646
South Brisbane, QLD 4101, Australia
Email address: privacy@apnic.net

APNIC will investigate all complaints it receives. Once APNIC has completed its investigation and made a finding, APNIC will inform you of the outcome and explain how it came to such a finding. APNIC is committed to resolving complaints fairly and promptly.

If you are not satisfied with how we handled your complaint in relation to how we handled your personal information, you can also contact the Office of the Australian Information Commissioner (OAIC).

Office of the Australian Information Commissioner

GPO Box 5218, Sydney NSW 2001
Phone 1300 363 992
Visit

Top

8. Changes to this privacy statement

APNIC will amend this statement from time to time. If there are any substantial changes, they will be announced on the APNIC website. This document was last updated on 31 March 2020.

9. Questions or suggestions

If you have questions or concerns about the issues discussed, please contact us via the contact details listed in section 7.
Top