1. Background

1.1 Purpose of Data Protection Policy
MYNIC Berhad (MYNIC) respects the customers right to personal data protection and privacy of personal data. MYNIC’s data protection policy is in compliance with Personal Data Protection Act 2010 (the Act), including all its modification there to.This policy applies to all personal data collected, used, disclosed and managed by MYNIC in rendering MYNIC's services such as the registration of .MY domain name. “Personal Data” means any information relating to an identifiable individual which is collected and further processed by MYNIC to provide MYNIC's services. Examples of personal data are names, addresses, contact details, etc.

1.2 Purpose of WHOIS
MYNIC operates an electronic lookup service called “WHOIS” which is designed to provide information concerning .my Domain Names. The information allows the public to obtain information about the existence and status of Domain Names and identify persons or organisations responsible for .my Domain Names.

1.3 Applicability
This policy applies to and binds all parties who use or contribute to the WHOIS service. Contributors to the WHOIS service include Registrants and Resellers. This Policy also sets out MYNIC’s policy on the collection, disclosure and use of personal data for the WHOIS service (“WHOIS Data”). The Registrant agrees for MYNIC to make public some of the Registrant’s personal data through MYNIC WHOIS service. This policy sets out which of the Registrant’s personal data or information may be disclosed by or through the WHOIS service.

2. Collection and Use of Personal Data

2.1 The personal data held by MYNIC is collected to meet its objectives as the manager of .MY Domain Name and provide the services necessary for meeting those objectives. MYNIC collects the customers personal data for the following purposes:

2.1.1 Administering registration of .my domain names (including Internationalised Domain Names);

2.1.2 Maintenance or operation of a .my domain name registry;

2.1.3 To process any financial transactions;

2.1.4 Maintenance and Administration of customer’s accounts;

2.1.5 To conduct any research or analysis;

2.1.6 For the administration of any contest that MYNIC may organize from time to time;

2.1.7 To improve on website marketing efforts or when there are website visits;

2.1.8 Receiving and dealing with any comments, questions or complaints from customers or third parties;

2.1.9 Obtaining customer feedback on our services;

2.1.10 General record keeping in the course of MYNIC operations including the processing of employment applications;

2.1.11 Provision of services from vendor or contractor to MYNIC and to inform customers on latest promotion and activities.

2.2 Domain Name Registration

2.2.1 When Customer register for a .my domain name through Reseller or Business Partner, customer is required to accept the Agreement for Registration of Domain Name which authorises MYNIC to collect, use and disclose information about a customer. Such information may include name, address and email address. The information is necessary for MYNIC to manage and administer the Registry database with accurate details and to implement, execute and enforce the applicable policies, rules, and procedures.

2.2.2 MYNIC may use customer registration information to contact on issues related to the domain name. We may occasionally send promotional materials or updates regarding the services we provide. However, customer may choose to opt-out from receiving such materials.

2.3 Website

2.3.1 MYNIC shall make a record of customer visits to our website. The record will show the IP address and details of the pages visited. This information is used for preparing general statistics on the usage of MYNIC website and prevention or detection of crime. Some of the information may be gathered through the use of “Cookies”. Cookies are small bits of information that are automatically stored on a web browser that can be retrieved by the sites visited. Customer may be requested to enable these cookies setting on the web browser. MYNIC use of this technology does not mean that we automatically know any information about our customer. The acceptance of our cookie in no way gives us access to customer computer. The use of cookies is to provide good experience for customers. The cookies are not accessible by others and are not identifiable to a person.

2.3.2 MYNIC website may feature links to other websites. We are not responsible for the content and privacy practices of such websites.

2.4 Contact

2.4.1 When Customer contact us with a comment, question or complaint, customer may be asked for information that identifies customer along with additional information we need to help MYNIC provide support, answer question, or respond to any comment or complaint. MYNIC may retain this information to assist customer in the future and to improve our services.

2.5 Employment

2.5.1 MYNIC advertise employment opportunities on our website. In connection with a job application or related inquiry, the applicant may provide us with information that identifies the applicant. We use this information for the purpose of processing and responding to the application for employment.

3. Security and Retention of Personal Data

MYNIC implements security measures to protect customer personal data against unauthorised access, misuse, disclosure, copying, use, alteration, accidental loss or theft, destruction or damage. Such security measures include technical protection of MYNIC’s system, training of MYNIC staff and the implementation of information security management system (ISMS) policies under ISO 27001:2013. The personal data that customer provide to us will be retained for such period as may be determined by MYNIC from time to time.

4. Disclosure of Personal Data

MYNIC may disclose the customer personal data to MYNIC duly appointed business partners or resellers who acts on MYNIC behalf in providing the respective services. MYNIC will ensure that these appointed business partners or resellers shall only use and process customer personal data for the purpose(s) it was collected for by MYNIC and adopt appropriate technical and organizational security measures when processing customer personal data.

4.1 WHOIS Information MYNIC also operates a WHOIS service which provides users of the WHOIS service the ability to verify the details of a .MY domain name registration and who it is registered to, as part of the administration of the .MY Registry. The information allows the public to identify the contact persons or organisations responsible for the domain name and to contact persons or organisations for the resolution of ’.MY’ domain name issues. Specifically, the name of the contact for the domain name will be displayed. For technical contacts, the email address will also be displayed. This is necessary for quick resolution of technical issues pertaining to the domain name. The technical contact may be an organisation instead of an individual. If the contact is an individual, the individual may provide functional information instead of personal data so long as the contact can be contacted via the functional information. For more information as to the WHOIS service, please click on the link here.

4.2 MYNIC’s Domain Name Dispute Resolution Policy (MYDRP) MYNIC may provide customer information to the Asian International Arbitration Centre (AIAC) to facilitate domain name disputes concerning customer domain name, where there are complaints filed with AIAC under the MYDRP over the registration or use of the domain name.

4.3 Service Provider Arrangements

4.3.1 MYNIC may transfer or otherwise make available customer personal data to third parties who provide services on our behalf. For example, we may use service providers to host our website, send e-mail, conduct customer research, or manage/analyse data.

4.3.2 Before transferring or otherwise making available any personal data to any third-party service provider, MYNIC shall enter into an agreement with the service provider pursuant to which it is required to use the personal data solely for the purpose of providing the service and to maintain security and privacy measures to safeguard the data. Our service providers are given only the information they need to perform their designated functions, and MYNIC do not authorize them to use or disclose personal data for their own marketing or other purposes.

4.4 Legal MYNIC may provide customer personal data in response to a search warrant or other legally valid inquiry or order, or as otherwise required by applicable law. MYNIC may also disclose personal data where necessary for the establishment, exercise or defense of legal claims.

4.5 MYNIC will not disclose, sell, trade, share or rent customer personal data to any other third party other than as set out in this Policy or as required by Law.

4.6 Disclosure of WHOIS Data

4.6.1 MYNIC shall disclose and make the following information available in the WHOIS searchable database. Such information disclosure is mandatory for a Domain Name.

• the Domain Name itself;
• the creation, expiration and modification (if any) dates of the Domain Name Registration;
• status of the Domain Name;
• the Registrant’s address, name and email address;
• the Reseller’s name, address and email address;
• the Administrative and Billing Contact’s address, name and email address;
• the Technical Contact’s name, address and email address; and
• the primary and secondary name servers.

4.6.2 For Technical Contacts, the email address will be displayed to facilitate the quick resolution of technical issues pertaining to the domain name. If the contact is an individual, the individual can provide any functional contact information (instead of personal contact information) so long as the individual can be reached.

4.7 Reservation

4.7.1 For the avoidance of doubt, nothing in this document constitutes waiver of any right of MYNIC to use any registration information provided to MYNIC in connection with the registration of a Domain Name or pursuant to the Agreement for Registration of Domain Name. For technical reasons or in compliance with any legal obligation or requirements, MYNIC at its sole discretion, may disclose to any third party upon application to it information in its possession relating to customer whether referred to in its WHOIS record or otherwise.

4.7.2 MYNIC may from time to time, in its discretion and not as a duty or obligation to customer or user, impose terms and conditions on the users of the WHOIS system to govern the use of any data or information obtained from the WHOIS system. In the event such terms and conditions are imposed, MYNIC does not warrant that the users would comply with the terms and conditions so imposed.

5. Access to Personal Data

MYNIC is committed processing the customers personal data within the ambit of the Act. Subject to the provisions of the Act, customer has the right to access, update personal data or correct personal data with MYNIC should customer believe the personal data provided to MYNIC is incorrect, inaccurate, or incomplete. Should customer wish to access, update or correct the personal data retained by MYNIC, kindly contact MYNIC at customercare@mynic.my.

6. Accuracy

MYNIC will ensure all personal data collected is accurate and kept up to date. MYNIC will make a request to customer for updates of personal data if the update is necessary to fulfil the purposes for which the data was collected.

7. Protection of Minors

Children (users under the age of 18 years) are not eligible to use MYNIC services. We request that children do not submit any personal data to us online. If customer is under the age of 18 years, they may surf this website upon obtaining consent from parents or legal Guardian.

8. Openness

MYNIC’s Data Protection Policy is displayed on this website and the policy is set out in the same language medium as the website. MYNIC encourage all users to read our Data Protection Policy to understand the objective of collecting their personal data.

9. Right of Review and Restrictions

MYNIC reserves the right to review and amend this Policy from time to time. The following activities are prohibited, and customer or user shall not:

• attempt to perform a bulk access or obtain a copy of the entire WHOIS database;
• use information obtained from the WHOIS system for advertising, marketing, unsolicited communication, spamming, unlawful or other abusive purposes.