ARIN Privacy Policy
Version 3.1, Effective Date: 28 July 2023
This Privacy Policy describes how ARIN collects and processes Personal Data, and the choices you have with respect to these activities.
Scope of the ARIN Privacy Policy
ARIN’s primary business is operating an Internet Number Registry to ensure global uniqueness of Internet Number Resources. We collect registry related data in order to operate a highly accurate registry. Detailed information about registry data we collect is available in our Registry Data Description.
This Privacy Policy applies to information in ARIN’s registration database, any services offered by ARIN (collectively, the “Services”), applies to the access and usage of ARIN.net and any other ARIN websites (collectively, the “Websites”) and any other interactions you may have with ARIN (for example, use of ARIN Online system, use of the online registration services for ARIN events or meetings, participation in ARIN events, and any information conveyed when interacting with ARIN via phone, in-person, email, or facsimile, etc.)
Please review this Privacy Policy carefully. By using the Services, Websites, or otherwise supplying information to ARIN, you accept the terms of this Privacy Policy and consent to the collection and use of information by ARIN in accordance with this Privacy Policy. If you do not agree with the terms, do not access or use the Services, Websites or otherwise engage with ARIN.
This Privacy Policy may be supplemented by additional terms and conditions agreed upon by you and ARIN in connection with a specific service we provide (“Additional Terms”). If there is a conflict between this Privacy Policy and any Additional Terms, the Additional Terms will control only in regard to such conflict.
ARIN Personal Data Privacy Principles
- ARIN obtains personal data only for specific lawful purposes and by consent of the individual.
- ARIN stores personal data with appropriate protections for its integrity and confidentiality.
- ARIN stores personal data for as long as necessary for the purposes for which it was obtained.
- ARIN will use reasonable efforts to process requests from individuals for correction or deletion of their personal data where feasible.
- ARIN will direct any agents or contractors acting on its behalf to adhere to these (or equivalent) personal data privacy principles.
Information We Collect and Receive
ARIN collects several types of information through the use of our Websites, Services, and related interactions with individuals:
- “Personal Data” is information that can be used to identify an individual, such as their given name, postal address, telephone number, fax numbers, or email addresses. ARIN collects Personal Data when you supply it to the Websites, our systems, or otherwise via interaction with ARIN (for example, your use of ARIN’s meeting or event registration systems, participation in our surveys, participation in ARIN events, use of ARIN’s Helpdesk services, or use of our community mailing lists or other online forums.) Your use of these Services constitutes consent for collection and processing of any Personal Data provided as specified in this Privacy Policy. Note that some of these ARIN Services (e.g. our public mailing lists, public wikis, or other public forums, participation in our public meetings, etc.) make the information that you provide public and therefore you are responsible for careful consideration of whether to use these Services.
- “Organizational Data” is information supplied to ARIN that pertains to the organizations that are authorized to use our Services. The primary data elements that ARIN collects in the normal course of its activities are routine business contact information – organization name, street address, and organizational contact information (i.e. department name or other point of contact in the organization, including business email address and telephone number.) Organizations should only provide Personal Data (of their staff, customers, or others) to ARIN with the consent of the affected individuals, as organizations supplying such information to ARIN are responsible for its ongoing accurate maintenance. Organizations may also provide ARIN additional information that is considered Organizational Data (e.g. corporate registration information, business tax identification numbers, business financial information, technical plans) in the process of completing the organization’s registration to use ARIN Services, when making requests to use additional Services, or when interacting with ARIN regarding use of the Services. Organizational Data also includes the information that ARIN associates with an organization (e.g. Internet number resources holdings, ARIN-assigned identifiers for resources, organizations and contacts, etc.) as a result of their use of ARIN Services.
- “Usage Information” is information obtained when you access the Websites or use the Services, but alone cannot typically be used to identify an individual. This information includes, for example, the web pages you’ve visited, your operating system and browser version, and the Internet Protocol (IP) address accessing our systems. To the extent that such data is associated with Personal Data, the combined data is treated as Personal Data per this Privacy Policy. Usage Information is used by ARIN to analyze usage trends and to help us understand how our Websites and Services are used, and may also be used to troubleshoot service issues or investigate security matters. Usage Information in summary form may also be shared publicly with the Internet community for educational or research purposes.
How We Use and Share Your Data
Our primary uses of the collected information are to provide the requested Services, to administer our business, to protect the integrity of our business practices, and to secure our systems from unauthorized or abusive access. Additionally, we may use the collected information to provide and/or improve our Services or our customer support activities, and to better understand and encourage appropriate usage of our Services.
The above uses generally do not require us to share Personal Data or Organizational Data with third parties, except in the following circumstances:
- When inherent to the nature of the Services: Note that many of ARIN’s Services are registry services or discussion forums that by their inherent nature involve the publication of information either publicly or to an identified community in accordance with specific policies of the registry. Your use of such Services constitutes informed consent to the processing and sharing of any supplied Personal and Organizational data as specified by applicable registry policies, including future changes to those policies when they occur.
- By your direction and consent: We will share Personal Data and Organizational Data provided to ARIN with third parties if and when you direct us, whether by use of a Service or otherwise. For example, ARIN will share Personal and Organizational data related to a number resource transfer request with a related third party if directed by you to do so. Similarly, ARIN will share information about those who choose to participate in the transfer listing service with others utilizing the Service per the Additional Terms of that Service.
- With vendors, consultants and other service providers: We may share Personal Data and Organizational Data provided to ARIN with our vendors who need access to this information in order to carry out work or perform services on our behalf. For example, if you are registering for an ARIN event or participating in an ARIN survey, you may interface with a third-party vendor (of event management or survey polling services) for purposes of facilitating this transaction, and ARIN may provide relevant Personal Data and Organizational Data to the agent for that specific purpose. ARIN will take reasonable and appropriate measures to ensure that our agent is compliant to comparable personal data privacy principles.
- With joint operational partners: We may share Personal Data and Organizational Data provided to ARIN with other strategically affiliated organizations with whom ARIN is engaged in joint activities. For example, ARIN engages in joint operation of the Internet Number Registry System that requires information sharing with the other Regional Internet Registries for coordination purposes. Similarly, ARIN may share meeting registration information with another industry association when conducting a joint meeting with that organization.
- For legal purposes: If we receive a request for information, subpoena, or court order, we may disclose Personal Data or Organizational Data if we reasonably believe disclosure is in accordance with or required by any applicable law or regulation, and/or if we have a good faith basis to believe that you or your organization have violated any of our service policies or usage guidelines, or any other agreements or contracts between you or your organization and ARIN, and such disclosure is required to enforce obligations, rights or laws.
- In the event of a corporate transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose Personal Data or Organizational Data to the party or parties of such transaction.
Data Security
We maintain reasonable security measures to protect the data transmitted to us via the Internet and to prevent unauthorized access to, alteration or deletion of all collected data. Despite these measures, the security of any Personal Data and/or Organizational Data provided to ARIN cannot be guaranteed.
Data Retention
ARIN retains Personal Data and Organizational Data for the time needed for ARIN to pursue legitimate business interests, conduct audits, follow common business information retention practices, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Integrity of registry services requires that ARIN maintain historical records of all registry changes, and these records encompass both Personal Data and Organizational Data associated with Internet Number Registry System resources.
Data Correction or Deletion
You may update or delete your Personal Data or that of your organization by submitting a request by any means made available by us, such as through your ARIN Online account, via email, or by mail at the contact information listed below. Due to the data retention requirements essential to registry integrity, amendment or deletion of Personal or Organizational Data in historical records at ARIN is not possible, but upon request ARIN will make reasonable attempts to remove or amend publicly-visible data when feasible.
Website Usage Tracking
When you visit our Websites, ARIN may use cookies (cookies are small text files created by your browser and stored on your computer) for tracking your access. Specifically, ARIN uses cookies to track authenticated users once they have logged in to our Websites and we do not share the information collected via these cookies with others.
We also make use of Google Analytics to help us understand how users engage with our Websites. Google Analytics uses cookies to track your interactions with our Websites, and then collects that information and reports it to us without identifying individual users.
Some web browsers provide a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. We have no software or configurations that react to the web browser “Do-Not-Track” signal headers.
Children’s Privacy Rights
Our Services are not designed for, intended to attract, or directed toward children under the age of sixteen. If you are aware of an individual under sixteen years of age that has provided ARIN with Personal Data without prior parental consent, please notify us immediately.
Compliance and Questions
You can submit requests or questions about this Privacy Policy to us by sending an email to compliance@arin.net. Please specify “Privacy Policy” in the subject line of your email message. You may also contact us by mail at: ARIN Privacy Policy Compliance, PO Box 232290, Centreville, VA 20120 USA
Changes To This Privacy Policy
We reserve the right to amend this ARIN Privacy Policy and our privacy practices. When we do so, we will post a revised Privacy Policy to this page and update the Effective Date above. If we make material changes that would impact your use of the Services, we will endeavor to notify you of the changes by announcement on our Websites, and/or at ARIN meetings, or by any other reasonable method. By continuing to use the Services after the changes have been posted, you indicate your acceptance of the Privacy Policy as revised.