Privacy Policy

 

NetBeacon (to encompass the NetBeacon website at netbeacon.org, and the NetBeacon service at app.netbeacon.org, collectively “NetBeacon”) provides a centralized tool to accept reports of DNS Abuse (“Reports”) from reporters (“Abuse Reporters”), enrich Reports, and distribute Reports to the relevant registrar, provider, or party (“Abuse Report Recipient”).

 

This Privacy Notice provides information regarding how and when NetBeacon will collect and process personal data and how users may make inquiries about the use, amendment, and correction of their personal data.  Personal data includes data such as: your name, email address, and other data that could directly or indirectly identify you.

 

Inquiries can be made electronically via email at privacy@dnsabuseinstitute.org, or via mail to DNS Abuse Institute, 11911 Freedom Drive, 10th Floor, Suite 1000, Reston, VA 20190, USA, or via PIR’s EU and UK Representative at datenschutz@rickert.net or Rickert Rechtsanwaltsgesellschaft mbH, Kaiserplatz 7-9, 53113, Bonn, Germany.

I. Why do we collect information

In order to accept Reports and provide Reports to the Abuse Report Recipient, NetBeacon will:

• Authenticate an Abuse Reporter through use of an Oauth service.
• Create an account for the Abuse Reporter. 
• Accept appropriate evidence for the type of Report.
• Identify the Abuse Report Recipient.
• Enrich the Report: NetBeacon will enrich the Report by submitting the reported domain name or URL to online sources for domain name and abuse related information, and then appending those results to the submitted Report.  NetBeacon may respond to the Abuse Reporter to clarify the submitted information.  Reports submitted to the Abuse Report Recipient will include the Abuse Reporter’s contact information as submitted to NetBeacon so that the Abuse Report Recipient can communicate with the Abuse Reporter regarding action on the report. 
• Submit the enriched Report to the correct Abuse Report Recipient.
• Prevent abuse of the tool itself (submission of malware, bots, spamming the system, ddos, etc.). 

II. What personal information do we collect

a. Abuse Reporter Accounts 

• To create a account within NetBeacon using:
• Abuse Reporter name
• Abuse Reporter email address

• Authenticate an Abuse Reporter 
• NetBeacon will utilize several Oauth providers to authenticate Abuse Reporter email addresses. Only name and email address will be available to NetBeacon as part of the Oauth service.

 b. Reports/Submissions

• Accept appropriate evidence for the type of abuse 
• NetBeacon will accept screen shots and other evidence to support the Report.  NetBeacon has directed Abuse Reporters not to submit personal data within the Report.  
• Enrich the Report
• This process consists of submitting the URL to publicly available online sources of domain name abuse intelligence. The information shared will only consist of the reported URL.
• No personal data is collected or processed for this action.   
• Identify the registrar, registry, and hosting provider supporting the domain name 
• No personal data is collected or processed for this action.
• Submit the enriched Report to the Abuse Report Recipient
• NetBeacon will share the provided Abuse Reporter’s contact information with the Abuse Report Recipient with the Report so that the party can communicate with the Abuse Reporter regarding action on the Report.

 c. User generated content

NetBeacon is not responsible for maintaining as confidential any personal or other data posted by you on message boards hosted by our websites. Users voluntarily disclosing such personal data makes your information publicly available.  

NetBeacon will accept screen shots and other evidence to support the Report which is considered user generated content.  NetBeacon has directed Abuse Reporters not to submit personal data within the Report. 

d. Website Users

 i. User Information

You may visit the NetBeacon website without identifying yourself. If you are interested in our services or wish to subscribe to our newsletter, you may be required to create an account or provide an email address. When you create an account, we may request certain personal data, including your name and email address. We may also request personal data for purposes such as the provision of customer service and other exchanges of information.iiCookies

ii. Cookies

A cookie is a small data file that certain websites write to your hard drive when you visit the site.  A cookie file can contain information that allows NetBeacon to track the pages you have visited.  We use cookies to tell when a user is a repeat visitor and to let us know how the user found the website. Cookies also allow us to automatically link users to their personalized accounts (should you choose to register), enabling you to enter various services as a member and to visit member-restricted areas of the site without having to log in each time. This applies to the use of cookies by NetBeacon and does not apply to the use of cookies or other tracking technologies used by any third parties.

Visitors to our sites have the option to disable cookies via their browser preferences.  You can refuse cookies by turning them off in your browser (Google Chrome, Safari, Internet Explorer, Firefox).  Please be aware that some websites and services will not perform optimally if cookies are disabled. 

iii. Analytics

NetBeacon utilizes third-party website analytics tools which includes collecting aggregated anonymized data from visitors to our websites via third-party data analytics (Google) (i.e., cookies, log files, usage data, IP address, browser, click stream data, etc.) as well as general performance data from any third-party ads and may use that data to analyze and evaluate the effectiveness of our website design, services, marketing, and campaigns.

iv. Third-party Links

This Privacy Notice only addresses the processing of personal data you provide to NetBeacon via this website. The processing of any data you disclose to other parties via third-party links will be governed by their privacy policies. Users should be aware of their personal privacy settings when using platforms and apps and update them to manage your privacy preferences. NetBeacon is not responsible for the privacy policies of other websites. We encourage you to familiarize yourself with the privacy policies of other websites you visit. 

v. Log Files

NetBeacon gathers information about all users collectively, such as what areas of its site’s users visit most frequently and what services users access most often. This data is logged and aggregated so we may use it to understand user behavior and for system-performance monitoring. NetBeacon does not maintain individual log file data and only maintains aggregate user statistics which are not capable of identifying an individual.  NetBeacon may disclose aggregated user statistics to describe the service to prospective partners, advertisers, and other third parties and for other lawful purposes.

vi. Google Safe Search

NetBeacon directs its Abuse Reporters to not include personal data or explicit images as part of Report evidence.  However, to ensure that NetBeacon does not view or inadvertently share explicit material, NetBeacon will utilize Google’s Safe Search to scan Reports.  This service only scans an image file and does not include or collect any personal data.

vii. Oauth Service

As part of the account creation and registration process for Abuse Reporters, NetBeacon will use several Oauth services (Google, LinkedIn, Facebook, Apple) to authenticate the Abuse Reporter’s email address.  NetBeacon will only have access to the name and email address of the user and the user will only be asked to submit name and email to the Oauth service.  As noted above, we encourage users to review the privacy policies of third party services.

 

• Purposes for using personal data

NetBeacon will make all reasonable efforts to ensure that personal information is processed only for the purposes set out below (including to provide the services requested by you).  We will make all reasonable efforts to ensure that personal information is not processed in a way incompatible with the purpose for which it was collected or received. We will only disclose personal information, or elements of this information, in certain situations as defined below under Data Sharing and Disclosure.

a. NetBeacon (Centralized DNS Abuse Reporting Tool)

NetBeacon uses the personal data you provide to us to perform the functions and services of a centralized DNS abuse reporting tool to:

• Administer and manage your account,
• Submit Reports centrally,
• Provide Reports to Abuse Report Recipient, 
• Facilitate communication between NetBeacon and Abuse Reporters, and between Abuse Reporters and Abuse Report Recipient, and
• Develop public reporting metrics (applying appropriate anonymization).

 

1. Website

If you submit personal data to NetBeacon through our website, we may use that information to assist with the functionality of the website. This may include sending you information you have requested to receive (i.e., newsletters) and providing you with policy and services updates. Be aware that any information you voluntarily provide via message boards or public discussion tools becomes publicly available information and may be used by NetBeacon or others.

We collect aggregated anonymized data from visitors to our websites via third-party data analytics (Google) (i.e. cookies, log files, usage data, IP address, browser, click stream data, etc.) and may use that data to evaluate and improve the effectiveness of our website design and services.

• Lawful Bases for Processing Personal Data

NetBeacon processes your personal data: (a) based on the performance of a contract to which you are a subject, (b) where we have a legitimate business interest in doing so, or (c) on the basis of consent freely provided by you.

When an Abuse Reporter creates an account and requests use of the NetBeacon services, they will consent to processing of specific personal data and agree to the Terms of Service.  

NetBeacon may also have a legitimate interest in using personal data that is provided by you in order to optimize our service to you and your experience on our Website. 

In some cases, where a user requests to receive information (i.e., mailing list, newsletter, etc.) but does not create an account with NetBeacon, their requests may be processed on the basis of consent. 

• Data Sharing and Disclosure

Our trusted processors (technical backend providers, vendors, and other similar business partners) are responsible for performing certain parts of the technical requirements of the services provided.  NetBeacon and will therefore share some of the personal data you provide to those processors as necessary to perform the requested services.  These processors are not authorized to use such personal data for purposes beyond those specified by us.  To the extent that they process any personal data they are required to provide security and privacy protections in line with this Privacy Notice and in compliance with applicable privacy and data protection laws. 

 

The information that you supply to NetBeacon will never be given, sold, rented, loaned, or otherwise disclosed to any third parties, except as outlined above or as described in Exceptions and Special Circumstances, below. Our Exceptions and Special Circumstances Policy (below), permits NetBeacon to share information when it is necessary to comply with legal process or protect the rights, property, or personal safety of NetBeacon, its customers, or the public.

2. Back End

NetBeacon is the operator of the centralized abuse reporting tool. NetBeacon’s technical developer, CleanDNS, owns and administers the service and maintains the infrastructure.  CleanDNS is a data processor for NetBeacon.    

3. Registrars/Registries

NetBeacon, as stated in its Terms of Service, will disclose the Abuse Reporter’s email address to the Abuse Report Recipient so that the Abuse Report Recipient can communicate with the Abuse Reporter regarding action on the Report.

 4. Links and third-party collection

This Privacy Notice only addresses the processing of personal data you provide to NetBeacon via this website. The processing of any data you disclose to other parties via third-party links will be governed by their privacy policies. Users should be aware of their personal privacy settings when using platforms and apps and update them to manage your privacy preferences. NetBeacon is not responsible for the privacy policies of other websites. We encourage you to familiarize yourself with the privacy policies of other websites you visit.

5. Oauth Services

As part of the account creation and registration process for Abuse Reporters, NetBeacon will use several Oauth services (Google, LinkedIn, Facebook, Apple) to authenticate the Abuse Reporter’s email address.  NetBeacon will only have access to the name and email address of the user and the user will only be asked to submit name and email to the Oauth service.  As noted above, we encourage users to review the Privacy Policies of third-parties services.

6. Google Safe Search

NetBeacon directs its Abuse Reporters to not include personal data or explicit images as part of  Report evidence.  However, to ensure that NetBeacon does not view or inadvertently share explicit material, NetBeacon will utilize Google’s Safe Search to scan Reports.  This service only scans an image file and does not include or collect any personal data.

7. Analytics

NetBeacon utilizes third-party website analytics tools which includes collecting aggregated anonymized data from visitors to our websites via third-party data analytics (Google) (i.e., cookies, log files, usage data, IP address, browser, click stream data, etc.) as well as general performance data from any third-party ads and may use that data to analyze and evaluate the effectiveness of our website design, services, marketing, and campaigns.

8. Website

NetBeacon will use WP Engine and Google Cloud to host and maintain the security and stable operation of the website.

• Exceptions and Special Circumstances

There are occasionally special circumstances that require NetBeacon to disclose information which could include personal data.

In certain circumstances, NetBeacon must disclose information beyond the limits outlined above including when it is necessary to fulfill a transaction or provide information you have requested; necessary to protect the rights, property or personal safety of NetBeacon, its customers or the public; in the vital interests of the data subject or another person; required by law or necessary to respond to legal process; necessary to meet the requirements of requests, lawfully made by public authorities, including requests to meet national security or law enforcement requirements.

NetBeacon reserves the right to disclose personal data or non-personal data that we believe, in good faith, is appropriate or necessary to enforce our Terms of Service, and to protect the security or integrity of our systems.

• How to Access, Amend, and Control your personal data

As a Abuse Reporter you may access and amend your account information via the NetBeacon website. You may also revoke or amend your consent for personal data processing at any time via your account or by contacting us.  

You may also wish to contact us should you no longer desire our service. You may contact NetBeacon via email at privacy@dnsabuseinstitute.org or at DNS Abuse Institute, 11911 Freedom Drive, 10th Floor, Suite 1000, Reston, VA 20190, United States of America.

• Special note for EU data subjects

1. Data Subject Rights

The EU General Data Protection Regulation (2016/679) (the “GDPR”) affords you certain rights.  Where applicable you may request confirmation that NetBeacon does or does not process personal data related to you.  You may request a copy of your personal data or request that a copy is sent to a third party.  You may request that your data, such as your address, is amended or corrected. In some circumstances you may request that your data processed by NetBeacon be deleted.  You may also request, in certain cases, that we restrict processing of your personal data by NetBeacon. You also have the right to object to receiving direct marketing.  To the extent your information is processed by NetBeacon based upon consent, you may withdraw that consent at any time.

Should you wish to exercise any of these rights or other rights afforded you by the GDPR please contact us via email at privacy@dnsabuseinstitute.or, or atDNS Abuse Institute, 11911 Freedom Drive, 10th Floor, Suite 1000, Reston, VA 20190, United States of America.

You may contact PIR’s EU and UK Representative at datenschutz@rickert.net or Rickert Rechtsanwaltsgesellschaft mbH, Kaiserplatz 7-9, 53113, Bonn, Germany.

2. Data Transfer

In order to provide the promised services to you, NetBeacon may receive data from EEA countries or transfer your data to third countries.  NetBeacon transfers EEA data to third countries as is necessary to perform the requirements of our Terms of Service using standard contractual clauses and consent (depending upon the processing action) as our legal mechanism for transfer.  NetBeacon may transfer your data on the basis of consent.  In such cases, your consent will be explicitly requested and is revocable at any time.

3. Security

NetBeacon takes precautions to protect information and continually strives to ensure that we are adhering to industry best practices and security standards.  When you submit personal data to us, your personal data is protected both online and offline.

We are required to take reasonable steps to protect personal data from loss, misuse, unauthorized disclosure, alteration, or destruction and not to use or authorize the use of personal data in a way that is incompatible with the purposes for which it was collected. All partners and vendors (third party processors) are to adhere to the requirements in this privacy policy and in their contracts to meet security standards that are commensurate with the data they receive and process.  These third parties also have their own privacy and security policies. Should you have questions about their privacy policies or security practices, you should contact them.

4. Data Breaches

Upon discovering a data breach NetBeacon will ensure we meet all data privacy requirements, including GDPR Articles 33 and 34, where applicable.

 5. Data Retention

NetBeacon does not retain personal data for any longer than is necessary for its original purpose.

XII. Update

This Privacy Notice was last updated April 2022.