Request for Disclosure of Non-Public Registrant Information
For privacy reasons, personal information contained in registration data is no longer displayed in our public WHOIS. However, as an ICANN accredited registrar, GoDaddy is contractually mandated to permit third parties to request access to non-public registration data (“NPRD”). This policy sets forth the general guidelines for a third party to request access to NPRD on the basis of legitimate interest (“Legitimate Interest”). This policy does not jeopardize the fundamental interests, rights and freedoms of a data subject, consistent with the General Data Protection Regulation (“GDPR”) or other similar privacy laws. Also, this policy is not a substitute for other less-intrusive mechanisms available (see Key Considerations, Section 2 below) and we expect these mechanisms to be exhausted prior to any request for NPRD, which should be an avenue of extreme measure and last resort given its potential impact to the data subject.
- Legitimate Interest. You must demonstrate Legitimate Interest in the NPRD you seek in a manner that does not jeopardize the fundamental interests, rights and freedoms of the relevant data subject, consistent with GDPR or other applicable privacy laws, by conducting a 3-part balancing test (“Legitimate Interest Assessment” or “LIA”) and submitting your results for review by GoDaddy. To learn more about LIA, please consult your legal advisors or review help articles via UK Information Commission’s Office.
- Less-Intrusive Mechanisms. GoDaddy offers numerous less-intrusive mechanisms to help address both abuse and infringement.
- IP Complaint Form
- Abuse Complaint Form (Phishing, malware, scam, inappropriate content)
- DBP claim (where applicable)
- UDRP, or court dispute (subject to our subpoena policy.
- Domain Holder Contact Request Form on GoDaddy’s WhoIs
The fundamental rights and freedoms of relevant data subjects outweigh the legitimate interest of a third party when other reasonable and less-intrusive mechanisms are available.
- Data Protection. You must demonstrate that you have implemented appropriate technical and organizational measures to ensure that any NPRD received through this process will be performed in a manner compliant with GDPR or other applicable privacy laws. Additionally, GoDaddy, at its discretion but at your expense, may require an audit of your data processing practices to ensure such practices comply with GDPR or other applicable privacy laws.
- Data Handling of NPRD. You will be responsible for properly disposing the NPRD within 30 days of receipt or when you can no longer rely on Legitimate Interest as the lawful basis of processing NPRD; whichever is sooner.
How to submit a request for NPRD
- If you wish to submit a request for NPRD, please download and complete the “NPRD Request Form,” including all supporting documentation, and submit your completed file to firstname.lastname@example.org.
- Upon receipt of your completed file, GoDaddy will initiate an investigation and respond to a request within 30 days of receipt.
- Requests must only be for current domain registrations. We do not provide historical or archived NPRD through this process.
- Requests must include the exact domain name under review. We do not fulfill partial match requests through this process.
- Requests are reviewed and fulfilled on a per-domain basis. We do not provide search results across multiple related domains or NPRD using this process.
- We will not provide any additional contact details aside from the following: registrant, admin or tech name and email address.
- If GoDaddy concludes, at its sole discretion, that you have demonstrated a legitimate interest for the NPRD requested, we will send you a WHOIS Access Agreement to sign, and upon signature, provide you limited access to the requested NPRD.
- If we conclude you have not demonstrated a legitimate interest to NPRD, no information will be provided.