By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Sunrise and DPML Dispute Resolution Policy

1. Background and Objectives

    a) Scope and purpose The ICANN gTLD Applicant Guidebook sets out a requirement for all new gTLD registries to provide a Sunrise Dispute Resolution Policy (Module 5, Trademark Clearinghouse, paragraph 6). In addition, Identity Digital Inc. (“Identity Digital”) provides a dispute resolution mechanism for its Domains Protected Marks List service (“DPML). This Sunrise and DPML Dispute Resolution Policy (the “Policy”) governs disputes arising out of or concerning the Sunrise service and DMPL offered by Identity Digital. Additional information regarding Sunrise and DPML is available on the Identity Digital Website.     b) Definitions In this Policy, the following words and phrases have the following meanings:

Complainant: A person (legal or natural) who makes a complaint under this Policy.

Identity Digital Website: identity.digital

Identical Match: The domain name label is an identical match to the trademark, meaning that the label consists of the complete and identical textual elements of the mark in accordance with section 4.2.1 of the TMCH Guidelines. In this regard:

  1. For a trademark exclusively consisting of letters, words, numerals and/or special characters: the recorded name of the mark is an identical match to the reported name as long as all characters are included in the trademark record provided to the TMCH and in the same order in which they appear on the trademark certificate.
  2. For a marks that do not exclusively consist of letters, words, numerals, or special characters: the recorded name of the trademark is an identical match to the reported name as long as the name of the trademark includes letters, words, numerals, keyboard signs, and punctuation marks that are: (i) predominant, (ii) clearly separable or distinguishable from the device element, and (iii) all predominant characters are included in the trademark record submitted to the TMCH in the same order they appear in the mark.

Panellist: The person or organisation appointed by the Provider to provide a written decision in relation to a dispute arising under this Policy.

Provider: The dispute resolution provider appointed by Identity Digital to administer resolution of disputes arising under this Policy.

Provider’s Website: https://oxil.uk/dispute-resolution/donuts-sunrise/

Respondent: The applicant or registrant of the domain name(s), or the DPML account holder subject to a complaint under this Policy.

SMD File: A signed mark data file issued by the TMCH signifying that the TMCH has verified that the trademark contained in the SMD File meets the requirements for inclusion in the TMCH in accordance with TMCH Guidelines in force at the time when a complaint under this Policy is filed.

Sunrise: That period of time during which holders of SMD Files may submit domain name applications for a TLD before registration becomes available to the general public

TMCH: Trademark Clearinghouse (http://www.trademark-­‐clearinghouse.com).

TMCH Guidelines: Guidelines published by the TMCH for mark holders and agents to inform them about the eligibility requirements for inclusion of marks in the TMCH and participation in sunrise services (currently available at http://www.trademark-­ clearinghouse.com/sites/default/files/files/downloads/TMCH%20guideli nes%20v1.1_0.pdf).

    c) End-­‐Date Sunrise Identity Digital utilizes an end-­‐date Sunrise process, meaning Sunrise registrations will not occur during Sunrise. Rather, at the end of Sunrise, sole applicants meeting all Sunrise criteria for an available domain will be awarded their applied-­‐for domain.  Other than the requirement to submit a valid SMD File with Sunrise applications, Identity Digital does not apply allocation criteria in its Sunrise application process. If there are multiple applicants for an available domain, those applicants will go to auction at the end of Sunrise after which the auction winner will be allocated the domain. Additional information regarding Sunrise and the auction process is available on the Identity Digital Website.     d) Trademark validation and SMD File fraud The TMCH is responsible for maintaining Sunrise eligibility requirements, validating and authenticating marks (as applicable), and hearing challenges regarding validity of a mark or SMD File. When processing Sunrise applications, Identity Digital relies on the validity of mark holder information contained in SMD Files provided by the TMCH. Disputes regarding the validity of an SMD File are subject to a separate TMCH dispute process and should be submitted to the TMCH using its dispute resolution procedures outlined in https://trademark-­clearinghouse.com/dispute prior to initiation of a complaint under this Policy. In the event the TMCH reports fraud in an SMD File or a Sunrise application, Identity Digital may disqualify the Sunrise application or, in the event that fraud is detected after the Sunrise period, delete the applicable domain name(s).

2. Identity Digital Internal Review

Prior to initiating a dispute under this Policy, potential Complainants must submit complaints to Identity Digital at legal@identity.digital. When possible, Identity Digital may attempt to resolve the issue internally without charge. If, in the opinion of Identity Digital, the matter would be more appropriately dealt with by the TMCH, Identity Digital will advise the potential Complainant accordingly. If the complaint relates to a registry process error, Identity Digital will investigate and if upheld seek to resolve such errors internally without charge. In the event Identity Digital, in its discretion, is unable to resolve the dispute, Identity Digital will notify the potential Complainant to submit its complaint to the Provider as outlined in this Policy.

3. Who can make a Complaint?

Any person can raise a complaint under this Policy, subject to the following:

  1. Identity Digital (in its internal review) or the Panellist may in their sole discretion determine that a Complainant is a vexatious complainant, i.e. the Complainant has habitually and persistently and without any reasonable grounds instituted vexatious complaints under this Policy or equivalent policies (whether against the same person or different persons)(a Vexatious Complainant”).
  2. Factors that are relevant to the determination include, but are not limited to (a) the number of complaints made by the Complainant under this Policy, or equivalent policies, which were resolved in favour of a respondent; and (b) whether the Complainant has exhibited a pattern or practice of filing complaints that have not passed Identity Digital’ Internal Review.

Identity Digital may in its sole discretion bar a Vexatious Complainant from future filing under this Policy.

4. What you Need to Prove

    4.1 Sunrise complaints To prevail in a Sunrise dispute under this Policy, a Complainant must prove by clear and convincing evidence that any of the following grounds apply:

  1. at the time the challenged domain name was registered, the registrant did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-­‐validated or protected by statute or treaty;
  2. the domain name is not identical to the mark on which the registrant based its sunrise registration;
  3. the trademark registration on which the registrant based its sunrise registration is not of national effect (or regional effect) or the trademark had not been court-­‐validated or protected by statute or treaty;
  4. the trademark registration on which the domain name registrant based its sunrise registration did not issue on or before the effective date of the Registry agreement and was not applied for on or before ICANN announced the applications received;
  5. the Sunrise registrant does not meet the “in-­‐use” standard;
  6. the SMD File used to complete the Sunrise registration was fraudulently obtained and/or submitted; or
  7. a registry process error occurred that resulted in an incorrect Sunrise registration.

    4.2 DPML complaints To prevail in a DMPL dispute, a Complainant must prove by clear and convincing evidence that any of the following grounds apply:

  1. at the time the challenged domain name was blocked, the DPML block applicant did not hold a trademark registration of national effect (or regional effect) or the trademark had not been court-­‐validated or protected by statute or treaty);
  2. the trademark registration on which the DPML applicant based its DPML block is not of national effect (or regional effect) or the trademark had not been court-­‐validated or protected by statute or treaty;
  3. the trademark registration on which the DPML applicant based its DPML block did not issue on or before the effective date of the Registry agreement and was not applied for on or before ICANN announced the applications received;
  4. the DPML block otherwise does not meet Identity Digital requirements for DMPL eligibility (e.g. the blocked domain name label is not an Identical Match or does not contain an Identical Match of the domain name label in the SMD File); or
  5. a registry process error occurred that resulted in an incorrect DPML Block.

Questions or disputes regarding the ability of a mark holder to override a DPML block should be addressed to Identity Digital at DPML@identity.digital. Additional information regarding DPML is available on the Identity Digital Website.

5. Initiation of Complaint Under this Policy

5.1 Timing of submission

  1. Sunrise complaints must be filed with the Provider within ninety (90) days of the date of registration of the relevant domain name(s).
  2. DPML complaints may be filed at any time the applicable DPML block is in effect.

5.2 Format of submission All submissions, including any annexes, under this Policy must be lodged electronically via the appropriate form on the Provider’s Website. 5.3 Providing evidence

  1. The complaint must include:
  2. Name, company (if applicable), email, phone number and address of the Complainant and of any representative authorised to act for the Complainant in the administrative proceeding;
  3. Domain name(s) that are the subject of the dispute;
  4. Applicable trademark(s) as validated by the TMCH and the relevant SMD File;
  5. Name of the Respondent, and the Respondent’s contact information from the WHOIS entry associated with the disputed domain name(s);
  6. Ground(s) relied on (as set out in paragraphs 0 or 0);
  7. Up to 500 words describing how the criteria relied on are made out;
  8. The remedy requested; and
  9. Identify any other legal proceedings that have been commenced or terminated in connection with or relating to any of the domain name(s) that are the subject of the dispute.

The complaint must conclude with the following statement for and on behalf of the Complainant: “Complainant agrees that its claims and remedies concerning the registration of the domain name, the dispute, or the dispute’s resolution shall be solely against the Respondent and waives all such claims and remedies against (a) the dispute resolution provider and panellists except in the case of deliberate wrongdoing, (b) the registrar, (c) Identity Digital, its directors, officers, employees, affiliates and agents, and (d) ICANN as well as their directors, officers, employees and agents.” “Complainant certifies that the information contained in this complaint is to the best of Complainant’s knowledge complete and accurate, that this complaint is not being presented for any improper purpose, such as to harass, and that the assertions in this complaint are warranted under this Policy and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.” Annex any documentary or other evidence upon which the Respondent relies, together with a schedule indexing all documents.

  1. A single complaint may relate to more than one domain name, provided that the domain names are registered the same registrant, and are all in TLDs operated by Identity Digital.

6. Fees

  1. All fees charged by the Provider in connection with a dispute under this Policy shall be paid by the Complainant at the time of submission of the complaint.
  2. The fees are GBP 250 for a single complaint relating to up to 5 domain names registered to the same registrant. For a complaint involving 6 or more domain names, the Complainant should contact the Provider directly for a quotation using the contact details on the Provider’s Website.
  3. The Provider’s Website contains information about acceptable payment mechanisms.

7. Notification of Complaint

  1. The Provider shall review the complaint for administrative compliance with this Policy and, if in compliance, shall forward the complaint, including any annexes, electronically to the Respondent within five (5) days following receipt of the fees to be paid by the Complainant in accordance with paragraph 6.
  2. If the Provider finds the complaint to be administratively deficient, it shall promptly notify the Complainant and the Respondent of the nature of the deficiencies identified. The Complainant shall have five (5) days within which to correct any such deficiencies, after which the administrative proceeding will be deemed withdrawn without prejudice to submission of a different complaint by the Complainant.
  3. The date of commencement of the administrative proceeding shall be the date on which the Provider completes its responsibilities under paragraph 7(a) in connection with sending the complaint to the Respondent.
  4. The Provider shall immediately notify the parties, the concerned registrar, and Identity Digital of the date of Commencement of the administrative proceeding.

8. Response

  1. Within twenty (20) days of the date of commencement of the administrative proceeding the Respondent shall submit a response to the Provider.
  2. The response shall:
  3. In up to 500 words, respond specifically to the statements and allegations contained in the complaint and include any and all bases for the Respondent to retain the disputed domain name;
  4. Provide the name, postal and email addresses and the telephone numbers of the Respondent and of any representative authorised to act for the Respondent in the administrative proceeding;
  5. Identify and annex applicable trademark(s) as validated by the TMCH and the relevant SMD File; and
  6. Identify any other legal proceedings that have been commenced or terminated in connection with or relating to any of the domain name(s) that are the subject of the dispute.

The response must conclude with the following statement for and on behalf of the Respondent: “Respondent certifies that the information contained in this response is to the best of Respondent’s knowledge complete and accurate and that the assertions in this response are warranted under this Policy and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.” Annex any documentary or other evidence upon which the Respondent relies, together with a schedule indexing such documents.

9. Further Statements

The Panellist is not required to consider any further statements submitted by or on behalf of the parties in relation to any administrative proceeding under this Policy.

10. Appointment of Panellist

  1. The Provider shall maintain a list of Panellists and their qualifications.
  2. The role of the Panellist is to evaluate whether or not the Complaint satisfies the criteria set out at paragraph 4 of this Policy. The Panellists shall not specify a remedy, which is to be determined by Identity Digital (see paragraph 17).
  3. The Provider shall appoint within five (5) days following receipt of the response or the lapse of the time period for the submission of the response, a Panellist.  The Provider will notify the parties of the name of the Panellist and the date on which a decision, absent exceptional circumstances, the Panellist shall forward its decision on the complaint to the Provider.

11. Impartiality and Independence

A Panellist shall be impartial and independent and shall have, before accepting appointment, disclosed to the Provider any circumstances giving rise to justifiable doubt as to the Panellist’s impartiality or independent. If, at any stage during the administrative proceeding, new circumstances arise that could give rise to justifiable doubt as to the impartiality or independence of the Panellist, the Panellist shall promptly disclose such circumstances to the Provider. In such event, the Provider shall have the discretion to appoint a substitute Panellist.

12. Communication between the Parties and the Panellist

No party or anyone acting on its behalf may have any unilateral communication with the Panellist. All communications between a Party and the Panellist shall be made through the Provider.

13. Transmission of File

The Provider shall forward the file to the Panellist as soon as appointed.

14. No In-­‐Person Hearings

There shall be no in-­‐person hearings (including hearings by teleconference, video conference or web conference).

15. Impact of Default

  1. In the event that a party, in the absence of exceptional circumstances, does not comply with any of the time periods established by this Policy or the Panellist, the Panellist shall proceed to a decision on the complaint.
  2. If a party, in the absence of exceptional circumstances, does not comply with any provision of, or requirement under, this Policy or any request from the Panellist, the Panellist shall draw such inferences as it considers appropriate.

16. Panellist Decision

16.1 Basis of decision

  1. The Panellist will make a decision on the basis of the statements and documents provided by the parties, this Policy, other Identity Digital policies, and any rules and principles of law that it deems applicable;
  2. In the absence of exceptional circumstances, the Panellist shall forward its decision on the complaint to the Provider within fourteen (14) days of its appointment pursuant to paragraph 10;
  3. The Panellist’s decision will be in writing, in summary format and may (but is not required to) provide reasons or commentary as the Panellist in its sole discretion deems appropriate; and
  4. All decisions rendered under this Policy will be published on the Provider’s website. Subject to the parties’ rights under paragraph 18, the Panellist’s decision shall be final, without the availability of appeal.

16.2 Communication of decision to the parties Within five (5) days after receiving the decision from the Panellist, the Provider shall communicate the full text of the decision to each party, the applicable registrar, and Identity Digital.

17. Remedies

  1. If the Panellist finds that the Complaint succeeds, Identity Digital in its discretion shall determine the most appropriate remedy for the parties consistent with the decision of the Panellist.
  2. The available remedies may include, but are not limited to:
  3. revocation or cancellation of the disputed domain name(s) or DPML block without refund of any registration or related fees; or
  4. transfer of the disputed domain name(s) to the Complainant, provided that the Complainant agrees to the same terms as required for registration in the relevant TLD.
  5. In the event that a complaint under this Policy is not upheld, the disputed domain(s) will be retained by the Respondent and any lock in place will be lifted.

18. Implementation of decision

Identity Digital will implement the remedy as directed by the Panellist’s decision unless Identity Digital has received within ten (10) days of issuance of such decision official documentation (such as a copy of a complaint, file-­‐stamped by the clerk of the court) that the Complainant or Respondent has commenced and served a lawsuit against the other party/parties in another venue. If Identity Digital receives such documentation within the ten (10) day period, Identity Digital will not implement the decision, and will take no further action, until Identity Digital receives (i) satisfactory evidence of a resolution between the parties; (ii) satisfactory evidence that the lawsuit has been dismissed or withdrawn; or (iii) a copy of an order from such court dismissing the lawsuit or ordering that a party/parties have no right to the domain name(s) in dispute.

19. No modifications, transfers, or deletion during disputes under this Policy

On initiation of a complaint under this Policy, the disputed domain name(s) will be locked against modification or transfers between registrants and/or registrars, and against deletion.

20. Availability of Court Proceedings

The dispute process set forth in this Policy does not prevent either party from submitting a dispute concerning the domain name to another administrative proceeding (e.g. UDRP or URS) or to a court of competent jurisdiction. Such activity may be initiated during the Sunrise or DMPL dispute resolution process or after such proceeding is concluded. The party initiating such activity must immediately provide the Provider with notice of commencement of such activity, whereupon any active proceedings under this Policy will be stayed pending the outcome of the proceedings so initiated.

21. Exclusions of Liability

Except in the case of deliberate wrongdoing, neither Identity Digital, the Provider, nor any Panellist shall be liable to a party for any act or omission in connection with any administrative proceeding under this Policy.

22. Language of Proceedings

The language of proceedings shall be English. All communications shall be in English. It is the responsibility of the parties to provide certified translations into English of all documents and supporting evidence whose original is in any other language, along with a copy of the original.

23. Ability to Update

This Policy is subject to change in Identity Digital discretion. It is the obligation of the parties to check the most recent version of this Policy as published on the Identity Digital Website. The version of this Policy in effect at the time of submission of the complaint to the Provider shall apply to the relevant administrative proceeding.

Last Updated: May 14, 2025

This Privacy Policy describes how Identity Digital Inc. and our subsidiaries and affiliated companies (collectively, “Identity Digital,” “we,” or “us”) collect, use, disclose, and otherwise process information about you if you:

  • Visit our websites and other online products and services that link to this Privacy Policy (collectively, our “Websites”);
  • Work with a registrar that relies on our internet registration products, including Domain Name Registration, Domains Protected Marks List, or Domain Engine (collectively the “Products”);  and
  • Otherwise interact with us in a business or professional context, such as if you are a registrar who has an account with us, communicate with us via email, or provide us your contact information at a conference.

This Privacy Policy does not apply in all circumstances. For example, Identity Digital may operate as a “data processor” for certain third-party registry operators. In those instances, we handle domain name registrant personal information on behalf of such registry operators, subject to the terms of our agreements with them.  Please carefully review the terms associated with registry operators you work with. In addition, Identity Digital may also provide different or additional notices of our privacy practices for certain offerings, in which case those notices will supplement or replace the disclosures in this Privacy Policy.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by notifying your registrar, adding a statement to our Websites, or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

CONTENTS

COLLECTION OF INFORMATION

The information we collect about you depends on which Products you use and how you use our Websites or otherwise interact with us. In this section, we describe the categories of information we collect and the sources of this information.

Information You Provide to Us

We collect information you provide directly to us. For example, we collect information directly from you when you fill out a form on one of our Websites, create an account with us, request customer support, connect with us via email, or otherwise communicate with us. The types of information that we collect directly from you include your name, email address, postal address, phone number, and any other information you choose to provide. If you are a registrar or other party making a payment to us, we work with a third-party payment processor to process your payment information.

Information We Collect Automatically

We automatically collect information about your interactions with us, including:

  • Device, Usage, and Activity Information: We collect information about how you access our Websites and how you use our Domain Engine Product, which certain registrars may make available to you. The information we may collect includes data about the device and network you use (such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, and browser type), and data about your interactions with our Websites and Domain Engine Product, such as access dates and times, browsing behavior (such as pages viewed and links clicked), terms you search for, and information about your activity on specific pages.
  • Chat and Audio Content: If you contact our support team through email or by phone or video conference, we may monitor and retain those conversations, including for training purposes.
  • Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies and pixels, to collect information about your interactions with our Websites and our marketing communications. These technologies help us improve our offerings and marketing communications, personalize your experience, and analyze your interactions with us, including to count visits and understand popularity of different features. For more information about the cookies and similar tracking technologies we use, and the choices available to you, see the Targeted Advertising and Analytics and the Your Choices sections below.

Information We Collect from Other Sources

We obtain information from other sources. For example, you may purchase one of our registration products from your registrar, in which case they may provide us with certain information including your registrant name, organization, address, email, fax, phone number, and contact information for various stakeholders, including administrative, technical, and billing contacts. We may also collect information from entities that gather and license business contact information, industry partners, and advertising networks.

Information We Derive

We may derive information or draw inferences about you based on the information we collect. For example, if you use our Domain Engine Product or visit our Websites, we may make inferences about your approximate location based on your IP address.

USE OF INFORMATION

We use the information we collect in the following ways:

  • Domain Name Registration: If you purchase our Domain Name Registration Product from your registrar, we process the associated information to carry out the registration of your domain, to ensure that your registration functions as expected, and that registrations do not affect the security of our registry. We also process it to centralize authoritative registrant data at the registry level to ensure the ongoing continuity, security, stability and resiliency of the domain name system (“DNS”). To enter your chosen domain name into our registry system, we are required to process your data in accordance with our contracts with the Internet Corporation for Assigned Names and Numbers (“ICANN”). In these instances, each of our top-level domain registries acts as a “joint controller” of your information, working together with your registrar and ICANN.
  • Domains Protected Marks List: If you purchase our Domains Protected Marks List (“DPML”) Product from your registrar, we process the associated information to enable the DPML block across our top-level domains at your registrar’s request.
  • Domain Engine: If you use our Domain Engine Product on a registrar’s website, we use the search terms you enter and your IP address to help identify relevant and high-performing domain names for you.
  • Other Uses of Information: We also use the personal information we collect pursuant to this Privacy Policy to:
    • Process and fulfill purchases;
    • Maintain and improve our Products and Websites, including but not limited to maintaining the integrity of the current dual failsafe system at the registrar and registry levels;
    • Mitigate DNS abuse, including but not limited to the investigation and mitigation of reported instances of abuse Identity Digital considers to be contrary to the terms of its Acceptable Use Policy;
    • Detect, investigate, respond to, prosecute, and help protect against security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect the rights and property of Identity Digital and others;
    • Send you technical notices, security alerts, support messages, and other transactional or relationship messages;
    • Send you marketing communications (see the Your Choices section below for information about how to opt out of these communications at any time);
    • Monitor and analyze trends, usage, and activities in connection with our Websites and Products;
    • Target advertisements to you on third-party platforms and websites (for more information and to opt out, see the Targeted Advertising and Analytics section below);
    • Develop new products and services; and
    • Comply with our legal and financial obligations.

TARGETED ADVERTISING AND ANALYTICS

We engage others to provide analytics services, advertise Identity Digital and our Products to you on third-party sites and services, and perform related services across the web and in mobile applications. To do this, Identity Digital and these partners may use cookies, web beacons pixels, SDKs, and similar technologies to collect information about your use of our Websites and third-party services, including your device identifiers, IP address, web browser and mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information is used to deliver advertising targeted to you on other companies’ websites and mobile apps, understand the effectiveness of this advertising, analyze and track data, and better understand your activity. When you arrive on our site, you will be presented with consent options upon arriving at our websites and can subsequently change those choices using the “Your Privacy Choices” link. Your choice will be linked to your browser only; therefore, you will need to renew your selections if you visit our website from a new device or browser, or if you clear your browser’s cookies.

In addition to ad targeting activities that rely on cookies and similar technologies, we work with advertising partners to translate other identifiers, such as your email address or phone number, into a unique identifier (called a hashed value) that such partners can then use to show ads that are more relevant to you across the web and in mobile apps. You may opt out of these disclosures by contacting us at privacy@identity.digital.

The activities described in this section may constitute “sharing,” or “selling” under the California Consumer Privacy Act. See the Additional Information for California Residents section below for details.

You can also learn more about interest-based ads, or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance, by visiting www.aboutads.info/choices or www.youronlinechoices.eu (if you reside in Europe) or https://youradchoices.ca (if you reside in Canada). Your device may also include a feature that allows you to opt out of having certain information collected through mobile apps used for behavioral advertising purposes.

DISCLOSURE OF INFORMATION

We disclose information about you as described in the Targeted Advertising and Analytics section above and in the following scenarios:

  • Vendors and Service Providers. We make personal information available to our vendors, service providers, contractors and consultants who perform services on our behalf, such as companies that assist us with payment processing, cloud storage, marketing, analytics, mitigating abuse and customer service.
  • ICANN. ICANN is the private-sector body responsible for coordinating the global Internet’s systems of unique identifiers. The mission of ICANN is to coordinate the stable operation of the Internet’s unique identifier systems. More information about ICANN can be found here: www.icann.org. In connection with providing our Domain Name Registration Product, we may provide certain personal information to ICANN or to others as required by ICANN.
  • Domain Name Registration Organizations. If you purchase our Domain Name Registration Products, we may disclose certain personal information escrow providers to effectuate the proper registration of your domain name and in accordance with ICANN requirements. Data held by the escrow provider can be used to restore a registry in the event of a catastrophic event or a failure of the registry’s systems. In this case, the data may be securely transferred to another registry to ensure the ongoing security and stability of the DNS and to prevent any interruption to the proper functioning of registered domains.
  • Law Enforcement Authorities and Individuals Involved in Legal Proceedings. We disclose personal information in response to a request for information if we believe that disclosure is in accordance with, or required by, any applicable law, regulation, or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
  • To Protect the Rights of Identity Digital and Others. We may disclose personal information if we believe that your actions are inconsistent with our policies (including our Acceptable Use Policy), if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Identity Digital or others.
  • Professional Advisors. We disclose personal information to our legal, financial, insurance, and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
  • Corporate Transactions. We disclose personal information in connection with, or during negotiations of, certain corporate transactions, including a merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  • Corporate Subsidiaries. Personal information may be disclosed between and among Identity Digital and certain of our subsidiaries under common control and ownership.
  • With Your Consent or at Your Direction. We make personal information available to third parties when we have your consent or you intentionally direct us to do so.

We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.

YOUR CHOICES

Account Information

You can update certain information stored within your account with us at any time by logging in and navigating to the settings menu.

Cookies and Similar Tracking Technologies

Identity Digital uses cookies and similar tracking technologies on our Websites, as described above. You can usually adjust your browser settings to remove or reject browser cookies. In addition, if you are in the United States, you may opt out of cookie-based ad targeting on our website by clicking the link titled “Your Privacy Choices ” on the footer of our Websites. If you are outside of the United States, you will be presented with consent options upon arriving at our Websites and can subsequently change those choices using the “Cookies Settings” link.

Communications Preferences

You may opt out of receiving promotional emails from us by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your orders with us or our ongoing business relationship. Depending upon where you live, we may only send you promotional emails where we have your consent to do so.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

California has enacted the California Consumer Privacy Act (“CCPA”), which grants California residents certain rights and requires specific disclosures. If you reside in California, this section applies to you and also serves as our California notice at collection.

In the preceding sections, we explain how we collect, use, and disclose information about you, as well as our targeted advertising and analytics practices. As required by the CCPA, we use the tables below to explain this same information.  

Use and Disclosure of Personal Information for Business Purposes

Category of Personal Information
Categories of Recipients
Use of Personal Information
Categories of Recipients
  • Identifiers (such as your name, email address, and IP address)
  • Registrant information (such as your organization name, and contact information in connection with a domain registration)
  • Internet or other electronic network information (such as information about your activity on our Websites or interactions with Domain Engine)
  • Commercial information (such as records of purchases from us)
  • Audio information (such as if you contact our customer service team by phone)
  • Inferences (such as your approximate location derived from your IP address)
Categories of Recipients
  • Vendors and service providers
  • ICANN
  • Domain name registration organizations
  • Law enforcement authorities and individuals involved in legal proceedings
  • Others as necessary to protect the rights of Identity Digital and others
  • Professional advisors
  • Relevant stakeholders in connection with corporate transactions
  • Corporate subsidiaries
  • Others with your consent or at your direction
Use of Personal Information
  • If you purchase our Domain Name Registration Product from your registrar, we process the associated information to carry out the registration of your domain, to ensure that your registration functions as expected, and that registrations do not affect the security of our registry. We also process it to centralize authoritative registrant data at the registry level to ensure the ongoing continuity, security, stability and resiliency of the DNS. To enter your chosen domain name into our registry system, we are required to process your data in accordance with our contracts with ICANN;
  • If you purchase our DPML Product from your registrar, we process the associated information to enable the DPML block across our top-level domains at your registrar’s request;
  • Process and fulfill purchases;
  • Maintain and improve our Products and Websites, including but not limited to maintaining the integrity of the current dual failsafe system at the registrar and registry levels; 
  • Mitigate DNS abuse, including but not limited to the investigation and mitigation of reported instances of abuse Identity Digital considers to be contrary to the terms of its Acceptable Use Policy
  • Detect, investigate, respond to, prosecute, and help protect against security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect the rights and property of Identity Digital and others;
  • Send you technical notices, security alerts, support messages, and other transactional or relationship messages; 
  • Send you marketing communications (see the Your Choices section below for information about how to opt out of these communications at any time);
  • Monitor and analyze trends, usage, and activities in connection with our Websites and Products; 
  • Develop new products and services; and
  • Comply with our legal and financial obligations.

We do not collect information that is deemed “sensitive” under the CCPA.

As described in the Collection of Information section above, we collect personal information from various sources, including directly from you, automatically when you access or use our Websites or Domain Engine Product, from registrars and from other third-party sources.

We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in this Privacy Policy.

Sales and Sharing Activities

We also disclose certain categories of personal information to show you targeted ads on third-party properties and for related purposes. These disclosures may be considered “sales” or “sharing” under the CCPA, and the table below provides more information about our practices.

Category of Personal Information
Category of Third Parties
Category of Personal Information
  • Identifiers (such as your IP address, cookie ID, or hashed version of your email address) 
  • Internet or other electronic network information (such as information about your activity on our Websites)
Category of Third Parties
  • Advertising and marketing networks

We do not engage in sales, sharing, or targeted advertising using personal information about consumers we know to be under the age of 18.

Your Rights

Opt Out of Sales and Sharing

You may opt out of activities that we engage in that constitute “sharing” or “sales” of personal information under the CCPA by:

  • Cookies and Similar Technologies: Clicking the “Your Privacy Choices ” link on the footer of our Websites and following the instructions that appear. Your opt-out choice will be linked to your browser only; therefore, you will need to renew your opt-out choice if you visit our website from a new device or browser, or if you clear your browser’s cookies; and
  • Other Identifiers: Emailing us at privacy@identity.digital to opt out of “sharing,” and “sales” based on your email address and other non-cookie identifiers.

If you reside in California, you can also opt out by visiting our website with a legally recognized universal opt-out signal enabled, such as the Global Privacy Control.

Access, Correction, and Deletion

If you are a California resident, you have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.

To request access, correction, or deletion of your personal information, please contact us at privacy@identity.digital. To authenticate your request, we may ask you to provide some additional information, such as about previous interactions with us.

Nondiscrimination

You have the right not to be discriminated against for exercising any of your privacy rights.

Authorized Agents

You may also designate an authorized agent to submit rights requests on your behalf. For access, correction, or deletion requests, we may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make a rights request on behalf of a California resident, please email us at privacy@identity.digital.

ADDITIONAL INFORMATION FOR INDIVIDUALS OUTSIDE OF THE UNITED STATES

International Transfers

Identity Digital is based in the United States, and we and our service providers process and store personal information on servers located in the United States and other countries. Whenever we make restricted international transfers of personal information, we take steps to ensure that your personal information receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses) or ensure that we can rely on an appropriate derogation under data protection laws. Where relevant, you may request access to any safeguard which we use to transfer your personal information outside of the European Economic Area, the United Kingdom, or Switzerland (although we may need to redact data transfer agreements for confidentiality reasons).

For personal information about EEA, Swiss, and UK individuals, Identity Digital complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Frameworks”), each as set forth by the U.S. Department of Commerce.  As described in our Frameworks certification, Identity Digital has certified that it adheres to the Frameworks Principles with regard to the processing of personal information received from the EEA, Switzerland, and the UK in reliance on the Frameworks.  In accordance with the Frameworks, we remain responsible under the Onward Transfer Principle for personal information that we disclose to third parties for processing on our behalf.  To learn more about the Frameworks or to view our certification, please visit the Frameworks website.  The Federal Trade Commission has jurisdiction over Identity Digital’s compliance with the Frameworks.

Identity Digital commits to resolve Frameworks Principles-related inquiries and complaints about our processing of personal data under the Frameworks. Individuals located in the EEA, UK, and Switzerland can contact us with inquiries or complaints at privacy@identity.digital.  If we are unable to resolve the complaint, such individuals may refer the complaint to your local data protection authority, and we will work with them to resolve the issue. Contact details for the relevant data protection authorities can be found using the links below:

  • For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
  • For individuals in the UK: https://ico.org.uk/global/contact-us/
  • For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Framework Principles.

The following US-based Identity Digital affiliates adhere to the Frameworks: Afilias Inc.; Afilias USA, Inc.; Binky Moon, LLC; Covered TLD, LLC.; Dog Beach, LLC; Domain Protection Services, Inc.; Domainsite, Inc.; Dozen Donuts, LLC; DTLD Holdings, LLC; DTLD Parent, Inc.; Identity Digital Capital LLC; Identity Digital Inc.; Identity Digital Ventures LLC; Monolith Registry, LLC; Name.com, Inc.; Name.net, Inc.; Name105, Inc.; Name106, Inc.; Name117, Inc.; Nametrust, LLC; Ruby Glen, LLC; Spring McCook, LLC.

The Identity Digital family of companies also includes the following non-U.S. based companies: Afilias (Shanghai) Information Technology Co., Ltd.; Afilias India Pvt. Ltd.; Afilias Resolution Services Ltd.; Capable Network Technology (Shanghai) Co., Ltd.; Domain Registry Services Ltd.;  doMEn d.o.o.; Donuts (HK) Limited; Dot Global Domain Registry Ltd.; Global Website Asia Ltd.; Global Website TLD Asia Ltd; HOTEL Top-Level-Domain S.a.r.l.; Identity Digital Australia Pty Ltd.; Identity Digital Canada Corp.; Identity Digital Domains Ltd.; Identity Digital Holdings Ltd.; Identity Digital Limited; and Internet Computer Bureau Ltd..

Legal Basis for Processing

If you are located in Europe or another jurisdiction that requires a lawful basis for processing personal information, please note that when we process your personal data as described in this Privacy Policy, we do so in reliance on the following lawful bases:

  • To perform our responsibilities under our contract with you (e.g., processing payments for and providing the Products you requested);
  • When we have a legitimate interest in processing your personal information to operate our business or protect our interests (e.g., to coordinate with ICANN, provide, maintain, and improve our products and services, conduct data analytics, and communicate with you);
  • To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications); or
  • When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing of your personal information, you may withdraw such consent at any time.

Data Subject Requests

If you are located in Europe or another jurisdiction that grants you data subject rights, you have the right to (1) access your personal data, including in a portable format, (2) request erasure of your personal data, and (3) request correction of inaccurate personal data. In addition, you may have the right to object to certain processing or request we restrict certain processing. To exercise any of these rights, please email us at privacy@identity.digital.

If you have a concern about our processing of personal data, we encourage you to contact us in the first instance. However, if we are not able to resolve it, you may have the right to lodge a complaint with the Data Protection Authority where you reside (if you live in the EEA, UK, or Switzerland, see links in the International Data Transfers section for contact information).

Individuals in Canada

If you are a Canadian resident, this section applies to you.

Consent

By submitting personal information to Identity Digital, our service providers, or our agents, you consent to the collection, use, disclosure, and transfer of your personal information in accordance with this Privacy Policy and as permitted or required by law.

You may withdraw your consent at any time to the collection, use, disclosure, or transfer of your personal information by contacting Identity Digital as set forth in the Contact Us section below. If you withdraw your consent (or if you decide not to provide certain personal information), you acknowledge that Identity Digital may not be able to provide you, or continue to provide you, with certain products, services, or information that may be of value to you.

Canada’s Anti Spam Law

Identity Digital will only send you commercial electronic messages (“CEMs”) where we have your express or implied consent to do so. Your consent to receive CEMs is implied where we have an existing business relationship with you, or you have reached out to us and made an inquiry within a certain time frame. You may unsubscribe from receiving CEMs at any time, by clicking the unsubscribe button on an email. If you opt out, we may still send you non-promotional messages, such as those about your account or our ongoing business relations.

CONTACT US

If you have questions about this Privacy Policy, please contact us at privacy@identity.digital.