Enom Inc. (“Enom”) is dedicated to maintaining both a high standard of privacy and a high standard of data protection in all of its activities. The company must, however, balance its respect for the privacy interests of its customers—both its resellers and its end-users—and employees with its public responsibilities as a service provider. This is particularly true with respect to Enom’s obligations as an accredited registrar where the company may be required to present registrant or other contact information in the applicable whois or similar directory (the “Whois”).
The policy will apply to and protect all personal information collected, used, or disclosed by Enom, except information that is aggregated in such a manner that it cannot be connected to a person and/or information which is published in the Whois.
Personal information which may fall under the policy may include, but is not limited to:
- usernames and passwords;
- technical support records;
- credit history/performance information;
- how much is spent on Enom’s services and that of its competitors;
- industry or business data;
- credit card information;
- date and location of birth;
- citizenship data;
- national or local identification number;
- taxation data;
- language preferences;
- Internet protocol addresses and time stamps;
- payment and banking information; and
- special needs.
This information is based on the data elements requested by registries and may include data points that are not relevant to your specific case.
Personal information may be collected when:
- A person makes any inquiries by telephone, agrees to a contract, registers a domain name, or provides any information by email or through the Internet, inquires about their services, receives technical support, registers an account online, makes additional orders for services, or when they make a complaint; and/or
- A person visits a Enom owned, hosted, and/or controlled website including, but not limited to: bulkregister.com, enom.com, enomcentral.com, and registryrocket.com (the “Websites”).
However, the policy does not impose any limits on the collection, use, or disclosure of the following information:
- a person’s name, address, telephone number, fax number, and email address, when listed in the Whois;
- business data, including an employee’s name, title, address, telephone number, fax number, and email address; or
- information that is publicly available.
Third Party Services
In order to provide the highest level of service to our customers, employees, and to end-users, it is sometimes necessary for Enom to use third party services. Here is a list of the third party services that Enom uses:
- American Express
- AWS (Amazon Web Services)
- DENIC Data Escrow Services
- Iron Mountain Data Escrow Services
- Sage (Intacct)
We only share personal information when necessary to provide the service and we make sure that the third parties we work with are responsible stewards of that information.
Guidelines for Internet/Website Users
There are additional guidelines that apply to persons who use the Websites and portals. In addition to the principles outlined above, Enom may permit third parties to offer users subscription and/or registration-based services through the Websites. In such circumstances, Enom cannot be responsible for the content of any third-party offerings or any actions or policies of such third parties.
Enom also reminds users that voluntarily-disclosed information online in discussion areas or other public areas of the Websites can be collected and used by third parties and may result in unsolicited messages from third parties. Unfortunately, such activities are beyond the control of Enom.
Any submissions made to discussion areas or other public areas on the Websites are done with a user’s understanding that they are accessible to third parties. If comments are not intended for third parties, you are advised not to make any submissions.
Enom’s policy generally and in connection with Internet use is subject to the requirements or provisions of any applicable legislation, regulations, contracts, or agreements, or order of any court or other lawful authority. Your use of the Websites is also subject to these requirements as well as Enom’s Acceptable Use Policy.
The Privacy Principles Enom Follows
There are ten principles that form the basis of Enom’s policy. These principles are interrelated and Enom adheres to them as a whole. Each principle must be read in conjunction with the accompanying commentary. The commentary in Enom’s policy may be tailored to reflect personal information issues specific to Enom.
To better understand our policy, Enom has set out some basic definitions to use when reading and interpreting the principles below:
Collection: the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
Consent: voluntary agreement with the collection, use, and disclosure of personal information for defined purposes. Consent can be provided directly by the individual or by an authorized representative of an entity.
Customer: an individual or entity that uses, or applies to use, Enom’s products or services including, but not limited to, both resellers and registrants.
Disclosure: making personal information available to a third party.
Personal information: information about an identifiable individual that is recorded in any form; this does not include aggregated information that cannot be associated with an individual. For a customer, such information does not include information that is aggregated in such a manner that it cannot be connected to them and/or information that is publicly listed in a written or online directory.
Third party: an individual or organization outside Enom.
Use: the treatment, handling, and management of personal information by and within Enom.
Principle 1 Accountability
Enom is responsible for personal information under its control. In response, it has designated its Data Protection Officer (“DPO”) as accountable for the company’s compliance with the following principles.
- Responsibility for ensuring compliance with the provisions of the Enom policy rests with the Legal Department within Enom, which shall designate one or more persons to be accountable for compliance with the Enom policy. Other individuals within Enom may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information. The DPO has been designated in order that Enom may ensure that consumers have a resource to answer their privacy-related inquiries.
- Enom shall make known, upon request, the identity of the person or persons designated to oversee Enom’s compliance with its policy.
- Enom is responsible for personal information in its possession or control. Enom shall use appropriate means to provide a comparable level of protection while information is being processed by a third party.
- Enom shall implement policies and practices to give effect to these principles, including:
- implementing procedures to protect personal information and to oversee Enom’s compliance with its policy;
- establishing procedures to receive and respond to inquiries or complaints;
- training and communicating to staff about Enom’s policies and practices; and
- developing information to explain Enom’s policies and practices.
Principle 2 Identifying Purposes for Collection of Personal Information
Enom shall identify the purposes for which personal information is collected within a reasonable period after obtaining the data, and prior to using the data.
- Enom collects personal information only for the following purposes:
- to establish and maintain responsible commercial relations with customers and to provide ongoing services and offers;
- to understand customer needs;
- to develop, enhance, market, or provide products and services;
- to manage and develop Enom’s business and operations, including personnel and employment matters; and
- to meet legal, regulatory, and contractual requirements.
- Further references to “identified purposes” mean the purposes identified in this Principle 2.
- Enom shall specify orally, electronically, or in writing the identified purposes to the customer or employee at the time personal information is collected or within a reasonable period. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within Enom who shall explain the purposes.
- Unless required by law, Enom shall not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer.
Principle 3 Obtaining Consent for Collection, Use, or Disclosure of Personal Information
The knowledge and consent of a customer is required for the collection, use, or disclosure of personal information, except where inappropriate.
Note: In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, when required to fulfill a contract or when information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information.
- In obtaining consent, Enom shall use reasonable efforts to ensure that a customer is advised of the identified purposes for which personal information collected will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer or employee.
- Generally, Enom shall seek consent to use and disclose personal information at the same time it collects the information. However, Enom may seek consent to use and disclose personal information after it has been collected but before it is used or disclosed for a new purpose.
- Enom will only require customers to consent to the collection, use, or disclosure of personal information as a condition to the supply of a product or service if such collection, use, or disclosure is required to fulfill the identified purposes.
- In determining the appropriate form of consent, Enom shall take into account the sensitivity of the personal information and the reasonable expectations of its customers.
- Unless required by contract, Enom will obtain express consent within a reasonable period after obtaining the data and prior to using the data.
- A customer may withdraw consent at any time, subject to legal, regulatory, or contractual restrictions and reasonable notice. For example, if consent is required to perform the service requested by the customer, withdrawal of consent may result in termination of the service. Customers may contact Enom at the address below for more information regarding the implications of doing so.
Principle 4 Limiting Collection of Personal Information
Enom shall limit the collection of personal information to that which is necessary for the identified purposes. Enom shall collect personal information by fair and lawful means.
- Enom collects personal information primarily from its customers.
- Enom may also collect personal information from other sources including but not limited to credit bureaus or other third parties who represent that they have the right to disclose the information.
Principle 5 Limiting Use, Disclosure, and Retention of Personal Information
Enom shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by a registry or by law. Enom shall retain personal information only as long as necessary for the fulfillment of those purposes or as required by law.
- Enom may disclose a customer’s personal information to:
- a registrant or end-user’s reseller;
- a third party service provider for the efficient and cost-effective provision of services purchased through the Websites;
- another person or corporation as part of conducting business together or pursuant to the sale of all or substantially all of Enom’s assets related to one or more specific lines of business;
- a company involved in supplying communications or communications directory related services;
- a company or individual employed by Enom to perform functions on its behalf;
- another company or person for the development, enhancement, marketing, or provision of any of Enom’s products or services;
- an agent or third party retained by Enom in connection with Enom’s administration or the provision of Enom’s products or services;
- an agent used by Enom to evaluate the customer’s creditworthiness or to collect the customer’s account;
- credit grantors and reporting agencies;
- a public authority or agent of a public authority, if in the reasonable judgment of Enom, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of this information;
- a person who, in the reasonable judgment of Enom, is seeking the information as an agent of the customer; and
- a third party or parties, where the customer consents to such disclosure or disclosure is required by law or emergency.
- Enom reserves the right to contact persons at any time regarding account status, changes to services, and other matters relevant to underlying services and/or personal information. Except as permitted in this Principle, Enom does not provide or sell its customer lists to any outside company for use in marketing or solicitation.
- Only Enom’s employees with a business need to know, or whose duties reasonably so require, are granted access to personal information that is not publicly available about customers.
- Enom shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, Enom shall retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
- Personal information that is no longer necessary or relevant for the identified purposes or required to be retained by law shall be destroyed, erased, or made anonymous. In any event, Enom shall maintain reasonable and systematic controls, schedules, and practices for such information, its retention and destruction.
Principle 6 Accuracy of Personal Information
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Personal information used by Enom shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer.
- Enom shall update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7 Security Safeguards
Enom shall protect personal information by implementing security safeguards appropriate to the sensitivity of the information.
- Enom shall protect personal information against such risks as loss, theft, unauthorized access, disclosure, copying, use, modification, or destruction, through appropriate security measures. Enom shall protect the information regardless of the format in which it is held.
- Enom shall protect personal information it discloses to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
- All of Enom’s employees with access to personal information shall be required as a condition of employment to contractually respect the confidentiality of personal information.
Principle 8 Openness Concerning Policies and Practices
Enom shall make readily available to customers and employees specific information about its policies and practices relating to the management of personal information.
Enom shall make information about its policies and practices easy to understand, including:
- the title and address of the DPO, who is accountable for Enom’s compliance with the policy and to whom inquiries or complaints can be forwarded;
- the means of gaining access to personal information held by Enom; and
- a description of the type of personal information held by Enom, including a general account of its use.
Principle 9 Customer Access to Personal Information
Enom shall inform a customer of the existence, use, and disclosure of their personal information upon request and shall give the individual access to that information. A customer shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Note: In certain situations, Enom may not be able to provide access to all of the personal information it holds about a customer. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, commercial proprietary reasons, or information that is subject to attorney-client or litigation privilege. Enom shall provide the reasons for denying access upon request.
- Upon request, Enom shall afford customers a reasonable opportunity to review the personal information it holds. Personal information shall be provided in understandable form within a reasonable time and at a minimal or no cost to the individual.
- Upon request, Enom shall provide an account of the use and disclosure of personal information. In providing an account of disclosure, Enom shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
- In order to safeguard personal information, a customer may be required to provide sufficient identification information to permit Enom to account for the existence, use, and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
- Enom shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Enom shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
- Customers can obtain information or seek access to their individual files by contacting a designated representative at Enom’s business offices as described below.
Principle 10 Challenging Compliance
A customer shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for Enom’s compliance with the policy.
- Enom shall maintain procedures for addressing and responding to all inquiries or complaints from its customers about Enom’s handling of personal information.
- Enom shall inform its customers about the existence of these procedures as well as the availability of complaint procedures.
- The person or persons accountable for compliance with Enom’s policy may seek external advice where appropriate before providing a final response to individual complaints.
- Enom shall investigate all complaints concerning compliance with the policy. If a complaint is found to be justified, Enom shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.
For more information:
Please contact us through any of the Websites or directly through our Privacy Office as follows by:
Mail: Enom Inc.
96 Mowat Avenue
Toronto, ON M6K 3M1