Privacy Policy

1. Introduction

Thank you for choosing GetYour.iD. This Privacy Policy explains how Digital Districts Pty Ltd, trading as GetYour.iD ("we", "us", "our"), collects, uses, discloses, stores, and protects your personal information when you access our website at www.getyour.id and use our products and services.

GetYour.iD is a domain name registrar and web services provider offering domain name registration, management, and related services across more than 700 domain extensions worldwide, including Generic Top-Level Domains (gTLDs such as .com, .net, .org), Country Code Top-Level Domains (ccTLDs such as .id, .au, .cn), and New Top-Level Domains (nTLDs such as .online, .shop, .tech). We also provide web hosting services (Shared Hosting and VPS Hosting), SSL certificates, Google Workspace integration, WHOIS privacy protection, and DNS management.

We are committed to protecting your privacy and handling your personal data in compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR) where applicable, ICANN's Registration Data Policy (effective 21 August 2025), and any other applicable data protection legislation in the jurisdictions in which we operate.

Our fundamental privacy principles are:

  • We collect personal information only when it is necessary and appropriate to deliver our services.
  • We do not share your personal information except as required to fulfil our services, comply with the law, or as described in this Policy.
  • We store personal information securely and retain it only for as long as is necessary or required by law.
  • We respect your rights to access, correct, and request deletion of your personal data.

2. Information We Collect

2.1 Information from Website Visitors

When you visit our website without creating an account, we automatically collect certain technical information through cookies, server logs, and similar technologies. This includes your Internet Protocol (IP) address, browser type and version, operating system, device type, screen resolution, referring website URL, pages visited on our website, date and time of access, and preferred language and currency settings.

2.2 Account Registration Information

When you create an account with GetYour.iD, we collect personal information necessary to establish and maintain your account. This includes your full name, organisation or company name (if applicable), postal address, email address, telephone number, and account password (stored in encrypted form). For customers purchasing products and services, we also collect billing information including credit card details and billing address. Please note that payment card information is processed by our payment gateway partner Stripe and is not stored on our servers.

2.3 Domain Name Registration Data

Domain name registration is a regulated activity governed by ICANN policies for gTLDs and by the respective country code registry operators for ccTLDs. When you register, transfer, renew, or update a domain name, we are required to collect specific registration data elements as mandated by the applicable registry and ICANN's Registration Data Policy.

The registration data elements we collect include:

  • Registrant Contact: Full name (or organisation name), postal address, email address, telephone number, and fax number (where required by the registry).
  • Administrative Contact: Name, postal address, email address, and telephone number of the person authorised to manage the domain (where required by the registry).
  • Technical Contact: Name, postal address, email address, and telephone number of the person responsible for the technical aspects of the domain (where required by the registry).
  • Billing Contact: Name, postal address, email address, and telephone number of the person responsible for billing matters (where required by the registry).

Under the ICANN Registration Data Policy (effective 21 August 2025), only the Registrant contact is mandatory for gTLD registrations. Administrative, Technical, and Billing contacts are now optional unless specifically required by the individual registry operator. The Registrant Organisation field, if populated, is treated by ICANN as the legal owner of the domain; if left empty, the named individual registrant is deemed the owner.

2.4 WHOIS and RDAP Data

Domain name registration data has historically been published through the WHOIS protocol. As of January 2025, the Registration Data Access Protocol (RDAP) has replaced WHOIS as the required lookup protocol for gTLD registrations. RDAP provides structured data responses over HTTPS with enhanced security, internationalisation support, and differentiated access controls.

Under the current ICANN Registration Data Policy, non-essential personal data is redacted by default from public RDAP/WHOIS queries for gTLD domains. Only limited registration data elements are publicly accessible, while full registrant details are disclosed only through authorised access channels in accordance with applicable laws and ICANN policies.

For ccTLD domains, the applicable registry operator determines what registration data is publicly available. Each ccTLD operates under its own national privacy framework, and the level of data redaction varies. For example, .id domains are governed by the Indonesian registry (PANDI) and Indonesian data protection laws, while .au domains are governed by the .au Domain Administration (auDA) and Australian privacy legislation.

2.5 Web Hosting and Business Add-On Data

If you subscribe to our web hosting services (Shared Hosting or VPS Hosting), SSL certificate services, Google Workspace integration, or logo design services, we may collect additional information necessary to provision and manage these services, including server configuration preferences, website content (as stored on our hosting infrastructure), and SSL certificate request data (such as domain validation details).

2.6 Communication Data

When you contact our customer support team, submit enquiries, or interact with us through email, telephone, or our website contact forms, we collect the content of those communications along with associated metadata (date, time, channel) to provide you with support and improve our services.

3. Lawful Bases for Processing

We process your personal information on the following legal grounds, as required under the GDPR for individuals located in the European Economic Area (EEA) or the United Kingdom, and in accordance with the Australian Privacy Principles for all users:

  • Contractual Necessity: Processing is necessary to perform our contract with you, including domain registration, hosting provision, and account management.
  • Legal Obligation: Processing is necessary to comply with legal obligations imposed on us, including ICANN contractual requirements, registry policies, court orders, and applicable data protection laws.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, network and information security, service improvement, and business analytics, provided these interests are not overridden by your fundamental rights and freedoms.
  • Consent: Where we rely on your consent (for example, for marketing communications or optional cookies), you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Account Management
  • Creating, maintaining, and administering your GetYour.iD account.
  • Processing domain name registrations, transfers, renewals, and modifications across gTLDs, ccTLDs, and other new global TLDs.
  • Provisioning and managing web hosting, SSL certificates, DNS services, and other business add-ons.
  • Submitting required registration data to the relevant domain registry operators and ICANN as mandated by policy.
  • Processing payments and managing billing for your products and services.
4.2 Communication and Support
  • Responding to your enquiries, support requests, and providing technical assistance.
  • Sending transactional notifications including domain expiry reminders, renewal confirmations, service outage alerts, and maintenance notices.
  • Sending newsletters, marketing promotions, and survey invitations (with your consent, where required).
4.3 Security and Compliance
  • Verifying your identity and authenticating account access, including through our two-step authentication system.
  • Detecting, preventing, and investigating fraud, unauthorised access, and other security incidents.
  • Complying with applicable laws, regulations, ICANN policies, and registry requirements.
  • Responding to lawful disclosure requests from law enforcement, regulatory authorities, and intellectual property rights holders through established ICANN and registry channels.
4.4 Service Improvement and Analytics
  • Analysing website usage patterns to improve user experience and interface design.
  • Diagnosing technical problems and optimising website performance.
  • Developing new products, features, and services.

5. Information Sharing and Disclosure

We do not sell your personal information to third parties. We share your personal data only in the following circumstances:

5.1 Domain Registry Operators and ICANN

When you register, transfer, renew, or update a domain name, we are contractually and legally required to transmit your registration data to the relevant registry operator. For gTLD domains, this data is also shared with ICANN in accordance with ICANN's Registration Data Policy. The specific data elements shared vary by TLD type:

  • For gTLD Registrations (e.g. .com, .net, .org, .info): Data is shared with the relevant gTLD registry operator and ICANN. Non-essential personal data is redacted from public RDAP/WHOIS queries by default under the Registration Data Policy.
  • For ccTLD Registrations (e.g. .id, .au, .cn, .es): Data is shared with the respective country code registry operator. Each ccTLD registry has its own data handling policies subject to the national privacy laws of the relevant jurisdiction. Some ccTLD registries may publish registrant data publicly.
  • For nTLD Registrations (e.g. .online, .shop, .tech): New TLD registrations follow the same ICANN data policies as gTLDs. Data is shared with the nTLD registry operator and ICANN, with the same default redaction protections.
5.2 Payment Processors

When you purchase products and services, your payment card information and billing details are transmitted to our third-party payment processor to authorise and complete transactions. We do not store full payment card numbers on our servers. Our payment processing partners through Stripe are PCI-DSS compliant.

5.3 Hosting and Infrastructure Partners

We use trusted third-party hosting (e.g. HostGator) and Amazon AWS cloud infrastructure providers to deliver our services. Your data may be processed by these partners as necessary to operate our platform, subject to strict data processing agreements that ensure the confidentiality and security of your information.

5.4 WHOIS Privacy and Proxy Services

If you opt in to our WHOIS Privacy service, we substitute your personal registration data with our proxy information in publicly accessible RDAP/WHOIS records. Your actual contact details are maintained securely in our systems and disclosed only in accordance with this Policy, applicable law, or through established relay mechanisms for legitimate communications.

Please note that WHOIS Privacy may not be available for all TLDs. Certain registry operators prohibit the use of privacy or proxy services, and in those cases your registration data will be displayed in accordance with the applicable registry's policies.

5.5 Legal and Regulatory Disclosure

We may disclose your personal information where we reasonably believe it is necessary to comply with a law, regulation, legal process, or enforceable governmental request; to protect the safety, rights, or property of GetYour.iD, our customers, or the public; to detect, prevent, or address fraud, security, or technical issues; or to respond to lawful requests for non-public registration data submitted through ICANN's established disclosure channels, including urgent requests as defined under the Registration Data Policy.

5.6 Dispute Resolution Bodies

In connection with domain name disputes (such as proceedings under the Uniform Domain-Name Dispute-Resolution Policy (UDRP), Uniform Rapid Suspension (URS), or equivalent ccTLD dispute resolution processes), we may be required to share relevant registration data with approved dispute resolution providers, panels, and the parties involved.

6. International Data Transfers

GetYour.iD is an Australian-based company that provides services to customers worldwide. The nature of the domain name industry means that your personal data may be transferred to and processed in countries other than your country of residence.

Specifically, your data may be transferred to:

  • Registry operators located in various jurisdictions around the world, depending on the TLD you register (for example, .id registry data is processed in Indonesia, .au in Australia, and many gTLD registries operate from the United States).
  • ICANN, which is headquartered in the United States, for gTLD and nTLD registrations.
  • Our hosting partner HostGator, who may have servers located in multiple jurisdictions. Except our AWS cloud infrastructure partner which we have specifically chosen to reside in Australia regions.
  • Payment processing partners, who may process transactions in their respective jurisdictions.

Pursuant to the Australian Privacy Principles (APP 8), we take reasonable steps to ensure that overseas recipients of your personal information comply with the APPs or are subject to substantially similar privacy protections. For transfers of personal data from the EEA or the United Kingdom, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other recognised transfer mechanisms under the GDPR.

7. Data Security

The security of your personal data is of paramount importance to us. We implement a range of technical and organisational measures designed to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

Our security measures include:

  • Transport Layer Security (TLS/SSL) encryption for all data transmitted between your browser and our servers.
  • Encrypted storage of sensitive account credentials, including passwords (hashed and salted).
  • Two-step authentication (2FA) available for customer account access.
  • Regular security assessments and vulnerability testing of our platform and infrastructure.
  • Role-based access controls limiting staff access to personal data on a need-to-know basis.
  • Secure data centre facilities with physical access controls and environmental protections.
  • Data processing agreements with all third-party service providers that mandate equivalent security standards.

While we take all reasonable precautions to protect your data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal information.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with our legal and contractual obligations, and protect our legitimate business interests.

Our general retention periods are:

  • Active Account Data: Retained for the duration of your account with us and for a reasonable period after account closure to handle any post-closure enquiries or disputes.
  • Domain Registration Data: Retained for the life of the domain registration and for the period required by ICANN policy and the relevant registry operator after the domain expires or is transferred. Under ICANN's Registration Data Policy, registrars are required to retain registration data for a minimum period following domain deletion.
  • Financial and Transaction Records: Retained for a minimum of seven (7) years in accordance with Australian taxation and corporate record-keeping requirements.
  • Communication and Support Records: Retained for a minimum of two (2) years from the date of the last interaction to support ongoing service delivery and dispute resolution.
  • Server Logs and Technical Data: Retained for up to twelve (12) months for security, analytics, and troubleshooting purposes.

When your personal information is no longer required, it is securely de-identified or destroyed in accordance with our data destruction procedures, whether in hardcopy or electronic form.

9. Your Rights and Choices

We are committed to ensuring you have meaningful control over your personal information. Depending on your location and applicable law, you may have the following rights:

9.1 All Users
  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal information. You can also update your account details directly through your online account profile settings at any time.
  • Deletion: You may request the deletion of your personal information, subject to our legal and contractual retention obligations (for example, Domain Registry Operators or ICANN-mandated data retention for domain registration records).
  • Objection to Marketing: You may opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or by contacting us.
  • Account Closure: You may request the closure and deactivation of your account by contacting us. We will verify your identity before processing any such request.
9.2 Additional Rights for EEA and UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you also have the following additional rights under the GDPR:

  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object to Processing: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
9.3 Rights for Australian Residents

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to access and correct your personal information held by us. If you are not satisfied with our handling of your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9.4 Domain-Specific Considerations

Please note that certain personal data associated with domain name registrations may be subject to specific retention and disclosure obligations imposed by ICANN, the relevant registry operator, or applicable law. In such cases, we may not be able to fully comply with a deletion or restriction request until those obligations have been satisfied. We will inform you of any such limitations (if any applicable) and the reasons for them.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our services.

10.1 Types of Cookies We Use
  • Strictly Necessary Cookies: Essential for the operation of our website. These include session cookies that maintain your login state, shopping cart functionality, and security features such as CSRF protection.
  • Functional Cookies: Remember your preferences such as language selection (English, Indonesian, Chinese) and currency settings (USD, AUD, IDR) to provide a personalised experience.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting information on pages visited, time spent, and navigation patterns. This data is used to improve our website and services.
  • Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These cookies are only placed with your explicit consent.
10.2 Cookie Management

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline optional cookies. You can also manage your cookie preferences at any time through the "Cookie Settings" link in the footer of our website. Additionally, you may configure your browser to block or delete cookies, though this may affect the functionality of certain features.

11. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to any individuals whose personal information is involved, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Australian Privacy Act 1988. We will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

For individuals in the EEA or the United Kingdom, we will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, where required by the GDPR, and will communicate the breach to affected individuals where there is a high risk to their rights and freedoms.

12. Automated Decision-Making

We may use automated processes to detect and prevent fraudulent transactions, identify suspicious account activity, and manage domain abuse. These automated systems may flag accounts or transactions for manual review. In compliance with the Privacy and Other Legislation Amendment Act 2024, we will disclose when decisions substantially affecting you are made using automated processes, and you have the right to request human review of any such decision.

13. Third-Party Websites and Links

Our website may contain links to third-party websites, services, and resources that are not operated or controlled by GetYour.iD. When you follow a link to an external website, that website may collect your personal information under its own privacy policy. We are not responsible for the privacy practices or content of third-party websites and encourage you to review their privacy policies before providing any personal information.

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe that a child has provided us with personal information, please contact us using the details stated on our website.

15. Changes to This Privacy Policy

GetYour.iD reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable laws, ICANN policies, or industry standards. Minor changes will be posted on this page with an updated "Last Updated" date. For significant changes that materially affect how we process your personal information, we will provide prominent notice via email to your registered account address and/or a banner on our website prior to the changes taking effect.

Your continued use of our products and services after any changes to this Privacy Policy constitutes your acknowledgement and acceptance of the updated Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

16. Contact Us and Complaints

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your personal information, please contact us:

GetYour.iD (Digital Districts Pty Ltd)
888 Whitehorse Rd
Box Hill VIC 3128
+61.386820401
admin@getyour.id

We aim to respond to all privacy-related enquiries within thirty (30) days. When we receive a formal written complaint, we will contact the complainant to acknowledge receipt and work towards a resolution.

If you are not satisfied with our response, you may escalate your complaint to the relevant supervisory authority:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • European Union: Your local Data Protection Authority (DPA) in your country of residence.
  • United Kingdom: The Information Commissioner's Office (ICO) — www.ico.org.uk

Last Updated: 22 May 2026

Logo
GetYour.iD believes your domain name is more than just a web address—it’s your online identity connecting you to the world. We specialise in domain registration, along with all its features and services, as well as web hosting. Behind GetYour.iD is a passionate team who believes your domain name is more than just a website, it is your digital brand identity, and we’re ready to help you make the most of it.
Digital Districts Pty Ltd t/a GET YOUR ID ABN 25 607 818 235
Domain
Web Hosting
Business Add-Ons
Account
Legal