Privacy Policy

1. INTRODUCTION

This XRI I-Broker Privacy Policy (the 'Privacy Policy'), sets forth the privacy commitments of Cannon Tomlinson Mansley Ltd, 5 Stow Court, Stow Road, Stow-cum-Quy, Cambridgeshire CB25 9AS ('I-Broker') to our Registrants and to the integrity of the XRI integrity and infrastructure.

XDI.org is an international public trust organisation that exists for the benefit of the entire Internet community. XDI.org is devoted to the work of creating an environment of trust for Internet users, and that means that we and other bodies operating under the governance of XDI.org are striving to enhance the privacy and security techniques available to you as an Internet user. In keeping with its purpose and principles, both XDI.org and we take your privacy interests very seriously.

We actively protect the privacy of visitors to our website, participants in discussion lists, email correspondents, and others who interact directly with us. We also protect the privacy of information concerning i-name registrants and others when we have access to it. Finally, through a chain of agreements beginning with the XDI.org Intellectual Property Rights ('IPR') Agreement, the XDI.org Global Service Provider ('GSP') Agreement, and our agreement with the XRI Registry Operator, we seek to ensure that we and our subcontractors and licensees do the following: (i) communicate our own privacy practices clearly and conspicuously and (ii) implement broadly accepted 'Fair Information Practices' in handling personal information.

We want to make sure that you are informed concerning what personal information is collected about you, who uses it and for what purposes, what choices you have concerning communications with you and data sharing with others, how your personal information is secured, how you can access and update or correct the information about you, and how you can control what information about you appears in the public i-name registry. Please note that while we repeatedly refer in this Privacy Policy to privacy in the sense of protecting the confidentiality of information relating to individual persons ('Personal Information'), we also take similar steps to protect the confidentiality of information about corporations and other organisations that register for global i-names or i-numbers or otherwise participate in the XDI community. As the XDI community and technology evolve, we will strive to update this Privacy Policy and to keep it consistent with the XDI.org privacy principles published at www.xdi.org.

2. DEFINITIONS

1. Diligent Efforts. 'Diligent Efforts' means, with respect to a given goal, the application of material and substantial energy toward the achievement of that goal as expeditiously as possible.
2. Global Services Specifications (GSS). 'Global Services Specifications' or 'GSS' shall mean the specifications published by XDI.org governing the operation of operation of services offered by XDI.org and its authorised agents. The GSS is set forth in Exhibit A of this Agreement and http://gss.xdi.org.
3. Registrant. 'Registrant' means an individual or organisation that enrolls with I-Broker to obtain a service from the GRS Registry System.
4. Registration Agreement. 'Registration Agreement' means the document under which a Registrant registers with I-Broker for one or more services from the GRS Registry System.
5. Service. 'Service' means services provided by I-Broker in connection with the XRI under this Registration Agreement, and includes contracting with Registrants, collecting registration data about the Registrants, and submitting registration information to a Contact Agent or Contact Data Custodian.
6. XRI. 'XRI' means the URI-compatible scheme and resolution protocol for abstract identifiers used to identify and share resources across domains and applications as set forth by the OASIS XRI Technical Committee (http://www.oasis-open.org/committees/xri/).

Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined, or, if not defined herein, shall have the definitions set forth in the I-Broker Agreement.

3. NOTICE REGARDING CHILDREN

Our websites and email discussion lists are not designed for children, and we do not monitor postings or communications among participants in discussion groups for content that would be inappropriate for minors. We do not encourage the registration of i-names by minors without the permission and participation of a parent or legal guardian, established to the satisfaction of the relevant i-broker. We will not knowingly communicate with a child under the age of 13 without parental permission. Any questions concerning this policy should be directed to http://equalsyou.com/contact_us.html.

4. FAIR INFORMATION PRACTICES

I-Broker models its treatment of personal information on internationally accepted principles of 'Fair Information Practices'. I-Broker requires those with whom we contract to apply these Fair Information Practices in developing their own specific policies and procedures for handling Personal Information.

Fair Information Practices are described in international conventions and guidelines as well as in national privacy laws and guidelines, prominently including the following:

• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980)
  (http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_119820_1_1_1,00.html)
• Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981)
  (http://conventions.coe.int/Treaty/EN/Treaties/Html/108.htm)
• United Nations Guidelines Concerning Computerized Personal Data Files (1990)
  (http://europa.eu.int/comm/internal_market/privacy/instruments/un_en.htm)
• European Union .Data Protection Directive,. Directive 95/46/EC (1995)
  (http://europa.eu.int/comm/internal_market/privacy/law_en.htm) (the basis for national laws in the European Union, the European Economic Area, and in many jurisdictions outside the EU and EEA)
• APEC Privacy Framework (2005) (guidelines for privacy laws and practices adopted by the 21 members of the intergovernmental Asia-Pacific Economic Cooperation group)
• US Federal Trade Commission 'Fair Information Practice Principles' (1998)
  (http://www.ftc.gov/reports/privacy3/fairinfo.htm)
• US-EU Safe Harbor Privacy Principles (2000)
  (http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm)
• Canadian Standards Association Model Code for the Protection of Personal Information (CAN/CSA-Q830-96), incorporated as Schedule 1 (Section 5) of the Canadian federal Personal Information Privacy and Electronic Documents Act ('PIPEDA') (2000)
  (http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp)
• Australian National Privacy Principles, found in the Privacy Amendment (Private Sector) Act 2000
  (http://www.privacy.gov.au/publications/npps01.html)
• Japanese Personal Information Protection Act (2003)
  (unofficial English translation available at http://www.privacyexchange.org/japan/japanindex.html)
• Principles of confidentiality and security are also found in legislation concerning privacy in the specific context of the transmission and storage of electronic communications, such as the US Electronic Communications Privacy Act of 1986, as amended (http://cio.doe.gov/Documents/ECPA.HTM), and the 2002 EU Directive on Privacy and Electronic Communications, Directive 2002/58/EC (http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/l_201/l_20120020731en00370047.pdf)

The various conventions, laws, and guidelines around the world dealing with Fair Information Practices are very similar in principle and intent, even though they differ somewhat in details and terminology. The common principles can be summarized as these:

• Purpose and collection limitation: Personal information should be collected by fair and lawful means, preferably with the knowledge of the individual, and it should be used and disclosed only for legitimate, announced purposes.
• Data quality and accuracy: The personal information collected should be relevant, complete, and not excessive for the intended purpose. The information should come from reliable sources. The information should be kept as accurate and up-to-date as needed for the intended purposes, and it should be retained no longer than needed for those purposes.
• Notice and awareness: Individuals normally have a right to know when personal information about them is being collected, stored, used, or disclosed to others. They should be told what kinds of information are collected, who has access to it, how it will be used, how it will be protected, and what options they have with regard to its collection and use.
• Choice and consent: Individuals should be given choices, wherever feasible, as to what personal information is collected and how it is used. To illustrate, there are legal and business requirements as to what information must be collected, stored, and disclosed to banks or intermediaries when they order a service and pay for it by credit card, but further use of some of those personal details (for example, to create a marketing mailing list) should be subject to an opt-in or opt-out choice by the individual.
• Access and objection: Individuals should be given a reasonable opportunity (a) to review the information that has been collected about them, (b) to challenge its accuracy or completeness, and (c) to object to its further processing.
• Security: The personal information should be protected at all times by appropriate technical and organisational security safeguards to prevent loss or misuse, destruction or alteration of the data, or unauthorised access or disclosure. (Note that OASIS standards and XDI.org Global Services Specifications may prescribe particular security measures for certain XRI or XDI functions, but this general principle applies in all cases where personal information is handled.)
• Accountability, enforcement, and recourse: organisations that handle personal information should appoint responsible persons to develop privacy and security policies, train relevant staff and contractors, and take appropriate steps to ensure that their privacy and security policies are effective and enforced. They should provide contact points for questions and complaints by individuals and ensure that there is some practical form of recourse and redress for persons injured by privacy lapses or abuses.

5. I-BROKER'S PRIVACY PRACTICES

I-Broker's specific privacy practices, described in the following sections, are designed to take account of the principles of Fair Information Practices listed above. We encourage your questions and comments so that we can ensure that these privacy practices are as comprehensive and effective as possible.

6. WEBSITES

We use log files, as most website servers do, to record certain technical information about visits to our website, including the IP address and the DNS name of the access provider (such as your Internet Service Provider), the type of browser used, referring and exit pages, platform type (where available), a date and time stamp, and possibly the number and sequence of pages visited. Unless your IP address or associated DNS name identify you specifically, none of this information reveals who you are, and we do not link it to other data in an effort to discover the identity of a site visitor. I-Broker staff and consultants use this information solely to administer the site, analyze trends, and track the use of the site in the aggregate so that we can make improvements to better meet user needs. Any log data that we publish, such as the total number of hits or users in a given period, is disclosed only in an aggregate form that does not reveal personally identifiable information. I-Broker deletes its log files monthly and strongly recommends all partner sites to do the same.

I-Broker may record information about queries submitted to I-Broker website search facilities to better understand how visitors use the website's search features. As with other forms of Web access, this information generally cannot be associated with any particular user. In any case, search query information is not disclosed to anyone outside the relevant I-Broker staff, except in an aggregate or anonymized form.

Please remember that any comments or documents that you post on an I-Broker website should be considered public and may ultimately be viewed by site visitors and also accessed by spiders, web crawlers, or search engines. Use care in posting comments and documents, because any personal information that you post on a website is likely to become public information!

7. EXTERNAL LINKS

I-Broker websites may contain links to websites operated by other parties. I-Broker does not control those external websites and cannot be responsible for their privacy practices.

8. EMAIL

Please use discretion in sending email messages to I-Broker staff or role accounts (such as 'postmaster'). I-Broker will endeavor to store, use, and disclose email only as needed to answer your requests and perform our oversight, administrative, standards-development, and educational functions. But electronic mail is not a reliably secure medium of communication, and I-Broker cannot guarantee the confidentiality of email messages in transit or stored on the servers of ISPs, employers, or others to whom emails may be manually or automatically routed and who are outside the direct control of I-Broker. If you feel a message is particularly sensitive, you might consider sending it from a private email account or device, addressing only known individuals, and perhaps protecting the contents by using a strong public key encryption technology such as PGP.

To receive an I-Broker publication or subscribe to an I-Broker email list, you must provide your email address -- without it, you won't receive anything from us. Although I-Broker does not require subscribers to provide their names, your email program or Internet Service Provider may automatically include your name with the email containing your subscription request. If so, I-Broker will record your name with your email address, only for the purpose of ensuring that you are not confused with someone else when we have to manually sort out subscription problems. We will delete your name from the email list database at your request, and we will delete your email address at any time from the email list database if you follow the posted instructions for .unsubscribing. (please allow a few days for an unsubscribe request to take effect).

I-Broker holds the names and email addresses of correspondents and email list subscribers in the strictest confidence and will not disclose personal information about email senders or email list subscribers without their permission, unless required by law. I-Broker email servers and archives, email subscription lists, and email subscriber databases are accessed by only a few I-Broker staff members, for the purpose of maintaining them, and we take every reasonable precaution to protect them against unauthorised access, theft, tampering, and misuse (electronic or otherwise).

The I-Broker email lists use 'cookies' only if you choose to change the default subscriber options for email list participation, and then only to ensure that those options are given effect.

Aggregate information about I-Broker email subscription lists (such as the total number of subscribers) may be published to promote I-Broker, but I-Broker will not publish identifying information about individual subscribers without their permission.

9. DISCUSSION LISTS & ARCHIVES

I-Broker maintains discussion lists with web-based archives. Although I-Broker keeps email list subscriber information in the strictest confidence, as discussed above, participating in discussion lists may reveal some information about you to all subscribers. This will include your email address and name (if the name is automatically displayed with your emails or revealed by the email address itself), as well as the content or your email message and email signature (if any). (You could, of course, participate using an email address and server that do not reveal your name.)

Users should consider any discussion list a public forum and exercise caution in disclosing any personal information. You are not likely to know all the other subscribers to an email discussion list, and subscribers may disclose messages to others. And although I-Broker takes steps to prevent automated programs from harvesting email addresses and other information, third parties may still find a way to access email addresses or messages sent to an email discussion list.

10. SURVEYS

I-Broker may ask website users or email list subscribers to participate in surveys. In all cases, participation will be voluntary. If a survey asks for personal information, answering those questions will be optional. Survey responses will be seen only by I-Broker personnel and any contractors or consultants assisting I-Broker in conducting the survey. Survey results will be made public only in the aggregate, without reference to individuals, unless an individual gives us permission to quote and attribute his or her response.

11. I-NAMES AND I-NUMBERS

A key purpose of XRI technology is to allow i-name or i-number registrants to control the sharing of their contact details and other Personal Information with others. XDI.org and OASIS have developed standards and specifications to enable this privacy-enhancing technology, but it is implemented through i-brokers or other XDI service providers that have their own commercial relations with i-name and i-number registrants.

XDI.org is the community governance authority for a set of global i-name and i-number registries offered to the public as XDI Global Services. These global public registries are operated by contractors to XDI.org called Global Service Providers. Neither XDI.org nor Global Service Providers collect registration information directly from global i-name or i-number registrants. These registrations are performed by i-brokers accredited by a Global Service Provider to i-broker accreditation standards determined by XDI.org.

When you register a global i-name or i-number with us as an accredited i-broker, you will be asked to provide the information that you want listed in the global public registry, such as a pointer to your current i-broker and an account authentication credential such as a password. You may also be asked to provide certain information that will not be listed in the global public registry but will be stored only by us as your i-broker, such as your true identity and (where applicable) affiliation, your contact and payment details, and possibly other relevant information that would allow us to confirm your identity when you make any requests to change, transfer, or terminate your registration, directory listing, or other services.

Global Service Providers (initially, Cordance Corporation), Contact Agents, and Contact Data Custodians are required to provide clear and conspicuous privacy statements that apply the principles of Fair Information Practices as listed in section 4 above. Global Service Providers are also obliged to require the same of i-brokers whom they accredit and others with whom they subcontract to provide XDI Global Services as provided in the XDI.org Global Service Provider ('GSP') Agreement. As a consequence, we will maintain our current privacy statement on our website at http://equalsyou.com and also on our I-Broker Policy Page at http://equalsyou.com/policies/. We encourage you to review that privacy statement before registering. You will need to communicate directly with us, rather than with XDI.org, to indicate your preferences with respect to any optional data collection, data sharing, or contacts.

12. REGISTRANT INFORMATION HELD BY US

I-Broker obtains, uses, and stores Personal Information about registrants -- when available -- only to the extent necessary for its purposes in providing i-broker services, such as registering and renewing i-names and i-numbers, authenticating change requests, correcting technical problems, resolving disputes, and complying with applicable laws. For these purposes, I-Broker does not routinely use Personal Information beyond what is found in the registration application and global public registry and the resolution data associated with an i-name or i-number, such as the Uniform Resource Identifier (URI) of the host i-broker (where applicable). In connection with changes and disputes, I-Broker may from time to time request additional identifying information from i-brokers, Global Service Providers, Contact Agents, or Contact Data Custodians, and the arbitrators or parties to a dispute may provide I-Broker with information relevant to dispute resolution proceedings.

I-Broker employs technical and organisational safeguards, including password access controls and physical security, to protect Personal Information as long as it is in our possession, and we retain Personal Information only as long as needed for our governance and development purposes.

Unless you give us permission, we will not share your Personal Information with third parties except as necessary to fulfill its governance and development responsibilities. The categories of third parties that might receive Personal Information from us for these purposes include our contractors and consultants, the affected i-brokers or Global Service Providers, law enforcement agencies, arbitrators, and parties to litigation.

We will not use, sell, rent, or otherwise disclose Personal Information for marketing purposes without your permission.

13. LEGAL REQUESTS FOR PERSONAL INFORMATION

Please be advised that, as in the case of domain name registrars and Internet Service Providers, we, XDI.org, a Global Service Provider, a Contact Agent, or a Contact Data Custodian, could be legally compelled in some circumstances to disclose Personal Information that we or they may hold, such as the identity of an i-name registrant, to law enforcement authorities or to parties in civil litigation.

14. CONTACTING US ABOUT PERSONAL INFORMATION

Please go to our website at http://equalsyou.com to make change, transfer, or termination requests with respect to your i-name registration and global public registry entries. To review, correct, or ask for the deletion of any Personal Information that we may have, please contact us at http://equalsyou.com/contact_us.html, email us at info@equalsyou.com, or send a letter to =you, c/o ctm, 5 Stow Court, Stow Road, Stow-cum-Quy, Cambridgeshire CB25 9AS, United Kingdom. We may ask for additional information to verify your identity and to facilitate our search for relevant data, which we will do to the extent it is indexed or reasonably searchable by name or i-name.

Please contact us at http://equalsyou.com/contact_us.html or email us at info@equalsyou.com to report any privacy policy concerns or suspected violations. We will correct any errors on our part, notify third parties that obtained relevant data from us concerning any necessary corrections or deletions, and try to reach a reasonable accommodation with you with respect to any unusual privacy concerns you might have.

15. CONTACT AGENTS AND CONTACT DATA CUSTODIANS

XDI.org may accredit one or more Contact Data Custodians, which are unaffiliated with any i-broker, to hold a copy of contact information supplied by an i-name registrant ('Confidential Social Contact Data'). This information can be retrieved and revised by the i-name registrant from the Contact Data Custodian. NeuStar, Inc. serves as the default Contact Data Custodian unless the i-broker names another accredited Contact Data Custodian.

XDI.org may also accredit one or more Contact Agents, which are unaffiliated with any i-broker, whose function is to provide notice to i-name registrants of claims and disputes relating to the i-name. Contact Agents may obtain Confidential Social Contact Data from Contact Data Custodians for the sole purpose of providing such notice. XRI Contact Services, Inc. serves as the default Contact Agent unless the i-broker names another accredited Contact Agent.

Contact Agents and Contact Data Custodians are required to provide clear and conspicuous privacy statements that apply the principles of Fair Information Practices discussed in section 4 above.

Only your i-name and the associated Contact Agent are publicly searchable information.

16. JURISDICTION, MODIFICTIONS, AND GSS CONFORMANCE

In the event of litigation over alleged privacy breaches by I-Broker, we submit to personal jurisdiction in the courts of general jurisdiction in English. This policy may be updated from time to time. Proposed alterations shall be posted at http://equalsyou.com/policies/privacy.html not less than thirty days in advance of the date such alterations shall take effect. I-Broker shall assure that this Privacy Policy is in conformance with the XDI.org Global Privacy Policy found at section 2.4.3 of the GSS.

Don't miss out - register your i-name with us today!

Copyright ©2007 =you | All Rights Reserved | =you Policies | Sitemap | Technical Support