C17.6. Billing and collection systems. Technical characteristics, system security, accessibility.

Billing will be in place for domain creation and renew commands. The billing system incorporates customizable transaction types, a low-credit triggered messaging system, a billing statement generator and support for “Grace Period” credit refunds.

All of the work for the billing is done from within the Oracle database, and all of the “business logic” of the billing system and the creation and renewal of domain names is handled in real time. The database is synchronised (Read reconciled) with the bank accounts automatically every 5mins, this means, that a registrar who deposits any money will have to wait a maximum of 5 mins before the funds will appear in there registry account and then be able to register domains.

The system as it currently stands support providing credit, but currently there are no plans to implement a credit limit with the dot org registry. As a registrars balance approaches zero, warning emails are sent, and numerous messages are sent using the poll features of EPP.

Registrars will be required to deposit in to an account that the registry will open for them, the 5min reconciliation process will transfer the required amount of money from the registrars account to the registrys account as payment for domain names, it will also detect any deposit having been made and credit those to the current balance as seen by the database. All accounting operations will be logged and easily verifiable, the bank provided receipts for all transactions will also be logged.

A full monthly reconciliation will also be done at the end of every month. This is to triple check all happenings throughout the month and ensure that all deposits and transfers were preformed by the system. The whole process is 100% secure making use of currently available encryption technology.

Billing details are contained within the security of the database that is not public accessible. Only authorised Unity Registry personnel will have access to the database severs and all that do will have strictly worded contracts in place. Registrars are unable to update any of their billing information such as account numbers etc in real time, all of these are to be done via written authorisation.

Full online reporting is provided including real time balance and real time generated, “bank like” transactional statements, registrars will be able to match up bank credits and registry payment transfers. Billing records will be kept online for registrars to trace back for up to a year, and then they will be archived to tape. All of the reports mentioned will all be available online from the Administration web site.

As mentioned elsewhere, separate username and passwords will be required by registrars to access the billing sections of this web site. This web site is secured using https, and registrars are required to supply the IP address range from which they will be accessing the site. A registrar’s username and password, even if valid, will not be accepted if the request does not originate in this IP Address range, and requests originating from non registered IP address will not even make it to the server. This means that registrars will not be able to access other registrar’s billing even if they somehow learn another registrar’s password.

A vital component of any billing/collection system is the treatment of personal data including payment information. Unity Registry will adhere to all appropriate legal standards concerning personal information and will ensure that all customers are aware of the registrar’s privacy policy, as proposed below.

Proposed Privacy Policy

Unity Registry is committed to respecting the privacy of your personal information. This Policy sets out our personal information management practices. Throughout this Policy, we refer to your “personal information” which means information which identifies you as an individual or from which your identity can be reasonably ascertained. Your name, address and telephone number are examples of personal information. References to “us”, “we” and “our” are references to Unity Registry and references to “you” or “your” are references to Unity Registry’s customers.

The text of the proposed privacy policy that will be applicable to .org is as follows:

Compliance with the National Privacy Principles

The Australian operation of Unity Registry complies with the Australian National Privacy Principles under the Privacy Act 1988 and with any other applicable laws that protect your privacy.

The United Kingdom operation of Unity Registry complies with the Data Protection Act 2001 and the code of conduct published by the Information Commissioner, and with any other applicable laws.

Personal information collected

We only collect personal information that is necessary for our functions and activities. Without your personal details, we may not be able to supply our services to you. Generally, we try to collect personal information directly from you. However, there are certain situations in which we may collect personal information about you from someone else. In either case, we will take reasonable steps to ensure that you are aware of the purposes for which the information is collected. In certain circumstances we may collect sensitive information, to assist in meeting your special needs. We will only collect this information with your consent or otherwise in accordance with the law.

Use and disclosure of personal information

We will generally use and disclose your personal information for purposes related to the main purpose for which the information has been collected, or where you have consented to the use or disclosure.

We may provide personal information about you to our service providers who assist us in providing our services. These may include companies that assist Unity Registry with data processing and analysis, research, mail services or maintenance. We will only disclose your personal information to those third party service providers so that the service provider can effectively provide those services.

In order to inform you of the range of services and benefits we offer, we may use personal information for the purpose of direct marketing. We will not use your personal information for marketing purposes where you have made a request that you do not want it to be used in this way.

We may otherwise use or disclose your personal information where required or authorised by law, which may include emergency situations and assisting law enforcement agencies.

Accessing and updating your personal information

If you need to access or correct any personal information we hold about you, please contact us using the “Contact Details” set out below. We request that you provide us with as much detail as you can about the particular information you seek, in order to help us retrieve it. An access fee may be charged to cover our costs of providing that information to you. In certain circumstances, we may not be required by law to provide you with access or to correct your personal information. If that is the case, we will give you our reasons for that decision.

We take reasonable steps to make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date. If there is any change to the personal information you have provided to us, please let us know.

Security of personal information

We take reasonable steps to protect all of the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. This protection applies in relation to information stored in both electronic and hard copy form. Our commitment to privacy extends to our Internet sites.

Complaint Process

If you wish to make a complaint about the way in which we have handled your personal information, please contact us at

Australia:

Privacy Officer, Unity Registry, Level 6, 10 Queens Road, Melbourne, Vic. 3004, privacy@UnityRegistry.com.au or telephone +61 3 9866 3710.

United Kingdom:

Complaints Officer

Unity Registry,

Rutherford House,

Manchester Science Park,

Manchester, UK

M40 3WA

Tel: +44 161 906 3800

complaints@unityregistry.org

Contact Details

If you have any questions in relation to privacy, or require any further information about Unity Registry’s Personal Information Management Policy, please contact us at