The Policy includes the following:
The types of information EDUCAUSE collects;
How it collects that information;
The general purposes for which it collects such information;
The types of organizations to which it discloses the information; and
The choices and means by which registrants may limit its use and disclosure.
Whether and how certain information is used (where such use is unrelated to the uses for which it was originally disclosed); and
Whether and the manner in which a third party uses certain information (where such use is unrelated to the uses for which it was originally disclosed).
Reasonable precautions to protect information from loss, misuse, unauthorized access, disclosure, alteration, or destruction;
Reasonable policies and procedures to ensure that information is kept only for the purposes for which it has been gathered;
Reasonable measures to ensure accurate and complete recording of information; and
Reasonable access by a registrant to its information as well as procedures for correcting or modifying that information where appropriate.
The application for domain name registration services found at http://net.educause.edu/edudomain shows the information requested of each applicant. All of the information requested is obligatory unless otherwise noted on the relevant form. When an application is made, the applicant agrees to provide and maintain accurate, complete, and updated information.
After an application is received or registration is completed, EDUCAUSE may be in communication about an account, technical questions or other matters. This information may be kept for future use.
For operational and quality assurance purposes, EDUCAUSE may take note of whether and how a registrant uses the information provided, such as by recording site traffic patterns and by maintaining log files of users' access to site files.
Information received is stored on systems designed to prevent the loss, misuse, unauthorized access, disclosure, alteration, or destruction of that information.
Pursuant to its domain name registration services, EDUCAUSE compiles and maintains a publicly accessible registration database that includes basic information about each domain name registered with us, including the names, telephone numbers, and e-mail addresses of individuals designated as points of contact for a given domain name. Whether or not applicable domain name registration fees have been paid is also publicly accessible. With the gradual continued privatization of the Domain Name System, and consistent with the rules or policies applicable to that system, or to comply with any changes in law or regulation, EDUCAUSE may, if appropriate, take steps to restrict the accessibility and amount of personally identifying information available in the registration database.
Information Corrections or Changes
An applicant or registrant has the ability to correct or change certain information in EDUCAUSE records, such as address and contact information. The process for changing your information begins at http://net.educause.edu/edudomain. An applicant or registrant may change this information at any time and as often as necessary.
Use of Information
EDUCAUSE uses information about each applicant and registrant for purposes of monitoring and improving internal operations, as well as to ensure: (i) proper billing, (ii) administration of accounts in accordance with agreements, and (iii) proper performance of services.
EDUCAUSE also uses the information collected to monitor and improve internal operations, as well as to improve the experience of users. For example, EDUCAUSE may correlate Web site traffic information with data about individual users. This data helps EDUCAUSE to determine how much its customers use parts of the site, allowing EDUCAUSE to enhance it to fit the needs of as many customers as possible. EDUCAUSE may also break down overall usage statistics according to customers' domain names, browser types, and MIME types by reading this information from the browser string (information contained in every user's browser).
We may also use the information we collect to send you important notices and information affecting your domain-name registration.
Sharing of Information
When a domain name is registered, EDUCAUSE must disclose it and its associated Internet Protocol ("IP") numbers to the appropriate registry in order to make the domain name a functional address on the Internet. EDUCAUSE is the registrar for all second-level domain names in the .edu top-level domain. The registry for such names discloses each registered domain name and its associated IP numbers ("TLD zone files") to TLD server administrators so that the domain name is capable of functioning as an address on the Internet. Consistent with the current rules and policies for the Domain Name System, the registry unit also discloses the TLD zone files to other interested persons, provided those persons agree, among other things, not to use the TLD zone files for improper purposes, including the transmission of unsolicited commercial e-mail.
EDUCAUSE may share certain information about each applicant and registrant with certain vendors who are responsible for handling accounts or performing other services related to EDUCAUSE’s provision of domain name registration services. EDUCAUSE will not share such information with other third parties, except in response to formal requests (e.g., subpoena or court order) made in connection with litigation or arbitration proceedings directly relating to a domain name registration services.
As noted above, certain information is available to the general public via the EDUCAUSE domain name registration database look-up and directory services. These services give users access to such data on a query-by-query basis. EDUCAUSE does not at this time provide access to such data on a so-called “bulk access” basis.
Representation of Each Applicant and Registrant
By applying for and using a .edu domain name, each applicant and registrant represents to EDUCAUSE that it has provided notice to, and obtained consent from, any third party individuals whose personal data is supplied to EDUCAUSE with regard to: (i) the purposes for which such third party's personal data have been collected, (ii) the intended recipients or categories of recipients of the third party's personal data, (iii) which of the third party's data are obligatory and which data, if any, are voluntary, and (iv) how the third party can access and, if necessary, rectify the data held about them.
EDUCAUSE Employees and Vendors
Only those EDUCAUSE employees and vendors that have a legitimate business purpose for accessing and handling personal information obtained by EDUCAUSE are given authorization to do so. The unauthorized access or use of such information by an EDUCAUSE employee is prohibited and constitutes grounds for disciplinary action. Vendors are not authorized to use such information for purposes beyond those specified by EDUCAUSE and are required to preserve the confidentiality with which EDUCAUSE treats such information. EDUCAUSE information management systems are configured in such a way as to block or inhibit employees from accessing information that they have no authority to access.