DomainTools Privacy Notice
Last Updated: January 2023
At DomainTools LLC (“DomainTools”), we appreciate your interest in our services, products, and websites (collectively, our “Services”). Your privacy is very important to us. This Privacy Notice sets out information about how we collect, store, process, transfer, and use personal data, which is data that relates to an identified or identifiable natural person (“Personal Data“).
1) What Personal Data do we collect and how do we collect it?
DomainTools collects data in order to develop, offer, and support Services dedicated to research, cybersecurity, and intellectual property protection. In the context of our Services, we may collect Personal Data from or about you. This Personal Data is collected in several ways and may include:
Personal Data you provide to us directly.
You may provide us with Personal Data voluntarily in connection with purchasing our Services, registering for a DomainTools user account, requesting information or support from DomainTools via phone, email, mail, or our website, or attending a DomainTools webinar or event. We may collect your name, job title (if applicable), address, email address, phone number, information from correspondence with you, your account alias and password for user login, information related to the use of our Services, payment information such as credit card or other billing information, and additional Personal Data you provide to us. While you are free to choose what information you provide to us or whether you want to provide information to us at all, some information, such as your name, address, payment information, and information about your Services usage or subscription may be necessary for the performance of our contractual obligations. If you do not provide such information to us, you will not be able to license or use certain Services.
Personal Data collected via technology.
Personal Data we receive from others.
We may receive Personal Data about you from third parties such as social media sites, law enforcement agencies, your employer (if you use Services through a DomainTools subscriber account provided by your employer), promotional partners, and other marketing vendors. This information may include your name, company and job title (if applicable), address, email address, and phone number.
Personal Data associated with the registration or maintenance of an internet domain.
We collect domain and DNS related information that is available to the public (often referred to as Open Source Intelligence or OSINT) from entities tasked with coordinating the internet’s global domain name system. This information (“DNS related information”) may include the name, address, phone number, and email address of a domain registrant, administrative contact, or technical contact.
2) Why do we collect and use your Personal Data?
The reasons we collect and use Personal Data differ depending on the purpose of the collection.
We use your Personal Data in order to offer or provide Services to you.
If you license Services from DomainTools or contact us to request Services or Services support, we use your Personal Data to provide Services to you. Personal Data we use for this purpose includes information we need to contact you and communicate with you, information to provide you with individualized offers, information to manage and execute your requests, and information necessary to obtain payment.
We use your Personal Data when supported by legitimate business interests.
We may use Personal Data in connection with a legitimate business interest, such as to evaluate and review our business performance or to identify potential cybersecurity threats to our Services, networks, or systems. If necessary, we may also use your Personal Data to pursue or defend ourselves against legal claims. If you use our Services, we may use your Personal Data to provide and improve those Services.
We collect and use DNS related information that is available to the public at the time of collection, and that may contain Personal Data, to provide Services to users, to maintain and improve those Services, and to develop new Services. These Services include tools to help our users prevent, detect, investigate, or mitigate cybersecurity threats, fraud, and misuse; protect intellectual property rights; research the history of a domain; or contact the registrant, administrative contact, or technical contact of a domain.
We use your information after obtaining your consent.
In some cases, we may ask you to grant us separate consent to use your information, for example, in connection with our marketing campaigns. In that event, you are free to deny your consent or withdraw your consent at any time without any negative consequences. If you have granted us consent to use your information, we will use it only for the purposes specified in the consent. You may unsubscribe from our marketing communications at any time by sending an email to [email protected] or clicking the “unsubscribe” link in communications you receive from us.
We use your information to comply with legal obligations.
We may be legally obligated to retain certain Personal Data.
We will only use your Personal Data for the purposes for which we have collected it. We will not use your Personal Data for other purposes or for automated individual decision-making.
3) Does DomainTools share your Personal Data with third parties?
Our reasons for sharing your Personal Data and with which third parties depend on why we have your Personal Data. If you are a customer, we share your Personal Data with your consent or as necessary to provide you with Services you have requested or purchased. We share DNS related information obtained from sources available to the public via our Services to our customers and users. Additionally, we may share Personal Data with our affiliates; vendors working on our behalf; where required by law; to maintain the security of our Services; or to protect the rights or property of DomainTools. Specifically, we may share Personal Data in the following circumstances:
Service providers and advisors.
Third party vendors and other service providers may have access to your Personal Data if they perform services for us or on our behalf. These providers may support our marketing efforts (including sales outreach, communications management, and event support), provide business productivity solutions and applications to us (such as tools for messaging, email, and document creation, accounting and payment processing, or customer relations management), offer professional services (such as tax, accounting, or legal services), or assist with network or systems support, maintenance, and security. For example, if you are a customer, we share contact information with providers that support our marketing efforts and that support accounting functions so that we can contact you with pertinent information, such as an invoice. Our authorized third-party vendors and partners have their own privacy notices which govern the use, handling, and disclosure of your Personal Information.
Purchasers and third parties in connection with a business transaction.
Personal Data may be disclosed to third parties in connection with a DomainTools-related transaction, such as a merger, sale, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.
Law enforcement, regulators, and other parties for legal reasons.
We may disclose Personal Data to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our legal claims or to protect the security or integrity of our Services; or (c) exercise or protect the rights, property, or personal safety of DomainTools, Services users, or others.
Certain Services make DNS related information available to the public without charge. Other Services, such as reporting, monitoring, and analysis of DNS related information are provided to registered customers.
4) How long do we keep your Personal Data?
We will store Personal Data as long as necessary to fulfill the purposes for which we collect it, in accordance with our legal obligations and legitimate business interests. We retain Personal Data related to a customer until the expiration of any legal retention requirement or limitations period for claims related to that relationship. We retain marketing-related information for potential customers until the conclusion of our relationship with that individual or the receipt of a request to delete such Personal Data. We retain DNS related information for as long as it is used in connection with the delivery, maintenance, support, and development of our Services.
5) How do we protect your Personal Data?
We implement appropriate technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, change, or damage, as well as any unauthorized access to or disclosure of Personal Data on our systems. All Personal Data we collect will be stored on secure servers. When you provide sensitive information to us (such as payment information when purchasing a Service via our website), we undertake to encrypt this information using secure socket layer (“SSL”) or similar technology. In order to benefit from these protections you must use an SSL-enabled web browser.
6) Children Under 13
We do not knowingly collect information from minors and the Site is intended for adults over the age of 18. If you are a parent or guardian and believe that your child under the age of 13 has provided Personal Information to us without your consent, please notify us at [email protected]. If we become aware that information is or has been submitted by or collected from a minor under the age of 13, we will work to promptly delete this information.
7) For EU Residents
Because DomainTools is located in the United States, Personal Data provided to us will be processed and stored in the United States. If you are in the European Union, Switzerland, European Economic Areas, or United Kingdom, this may mean that your Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective than the jurisdiction in which you reside.
A) Is DomainTools a data processor or a data controller?
DomainTools may operate as a data processor at times and as a data controller at times. Where DomainTools is the data controller of your Personal Data, we are responsible for, and control, the processing of that Personal Data. We are a data controller when we receive DNS related information or when you provide your (or an employee or co-worker’s) Personal Data to us in connection with purchasing our Services. Where DomainTools processes Personal Data on behalf of another company(for example, when a customer provides us with Personal Data to obtain the Services), DomainTools acts as a data processor. In that circumstance, you should consult with the other company to learn more about its privacy practices and your rights.
B) General Data Protection Regulation rights.
If you are a resident of the European Union and we hold your Personal Data, you have specific rights under applicable privacy law:
Right of access.
The right to obtain access to your Personal Data.
Right to rectification.
The right to obtain rectification of your Personal Data without undue delay where that personal information is inaccurate or incomplete.
Right to erasure.
The right to obtain the erasure of your Personal Data without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
Right to restriction.
The right to restrict us from processing your Personal Data in certain circumstances, such as where you contest the accuracy of the Personal Data.
Right to object.
You have a right to object, on grounds relating to your particular situation, to processing based on our legitimate interests. You can object to marketing activities for any reason.
Right to data portability.
You have a right to transfer your Personal Data in our possession that you provided to us. This right does not apply to publicly available information in our possession.
Additionally, EU residents have the right to lodge a complaint with their local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
8) For California Residents
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our California Privacy Notice.
9) For Colorado Residents
If you are a Colorado resident, you may exercise your rights under Colorado law by contacting us through the contact information listed below. If 45 days after you send us a request, we have not responded to your request or asked for additional time to respond to your request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us through the contact information listed below.
10) For Connecticut Residents
If you are a Connecticut resident, you may exercise your rights under Connecticut law by contacting us through the contact information listed below. If we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action by contacting us through the contact information listed below within 45 days of receiving our decision.
11) For Utah Residents
If you are a Utah resident, you may exercise your rights under Utah law by contacting us through the contact information listed below.
12) For Virginia Residents
If you are a Virginia resident, you have specific rights under applicable privacy law:
Right of access.
The right to confirm whether we have your Personal Data and obtain access to your Personal Data.
Right to rectification.
The right to correct inaccuracies in your Personal Data.
Right to erasure.
The right to delete your Personal Data in our possession.
Right to restriction.
The right to restrict us from processing your Personal Data for the purposes of selling your Personal Data.
Right to data portability.
If we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us through the contact information listed below within 45 days of receiving our decision.
13) How to contact us
If you have any questions or concerns about our Privacy Notice or if you want to exercise your rights, please send an email to [email protected] or write to us at: DomainTools, 2101 4th Ave, Suite 1150, Seattle, WA 98121. If you are in the European Union or the United Kingdom, you may address privacy-related inquiries to our representative pursuant to Article 27 GDPR as follows:
EU: EU-REP.Global GmbH, Attn: DomainTools LLC, Hopfenstr. 1d, 24114 Kiel, Germany
UK: DP Data Protection Services UK Ltd., Attn: DomainTools LLC, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
14) Data Protection Officer
For inquiries regarding DomainTools’ activities, you may contact our Data Protection Officer:
2101 4th Avenue Suite 1150
Seattle, WA 98121
Attn: Data Protection Officer
15) Online Privacy Notice Updates
We may update our Privacy Notice from time to time. When we change the Privacy Notice in a material manner, we may let you know and update the “last updated” date at the top of this page. Please review our policies regularly as updated policies will apply to your future use of our Services.