Accessibility & Settings


Search For:

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Data Protection Policy

1. Background

  1. Purpose of Data Protection Policy

    MYNIC Berhad (MYNIC) respects the customers right to personal data protection and privacy of personal data. MYNIC’s data protection policy is in compliance with Personal Data Protection Act 2010 (Act 709), Regulations and Order (the Act), including all its modification there to. “Personal Data” means any information relating to an identifiable individual which is collected and further processed by MYNIC to provide MYNIC's services. Examples of personal data are names, addresses, contact details, etc. The basis on which MYNIC collect such data and other relevant information are set out below.

    This policy applies to all personal data collected, used, disclosed and managed by MYNIC in rendering MYNIC's services such as the registration of .MY domain name.

  2. Purpose of WHOIS
    MYNIC operates an electronic lookup service called “WHOIS” which is designed to provide information concerning .my Domain Names. The information allows the public to obtain information about the existence and status of .my Domain Names.

2. Collection and Use of Personal Data

  1. The personal data held by MYNIC is collected to meet its objectives as the manager of .MY Domain Name and provide the services necessary for meeting those objectives. MYNIC collects the customers personal data for the following purposes:
    1. Administering registration of .my domain names (including Internationalised Domain Names);
    2. Maintenance or operation of a .my domain name registry;
    3. To process any financial transactions;
    4. Maintenance and Administration of customer’s accounts;
    5. To conduct any research or analysis;
    6. For the administration of any contest that MYNIC may organize from time to time;
    7. To improve on website marketing efforts or when there are website visits;
    8. Receiving and dealing with any comments, questions or complaints from customers or third parties;
    9. Obtaining customer feedback on our services;
    10. General record keeping in the course of MYNIC operations including the processing of employment applications;
    11. Provision of services from vendor or contractor to MYNIC and to inform customers on latest promotion and activities.
  2. Domain Name Registration
    1. When Customer register for a .my domain name through Reseller or Business Partner, customer is required to accept the Agreement for Registration of Domain Name which authorises MYNIC to collect, use and disclose information about a customer. Such information may include name, address and email address. The information is necessary for MYNIC to manage and administer the Registry database with accurate details and to implement, execute and enforce the applicable policies, rules, and procedures.
    2. MYNIC may use customer registration information to contact on issues related to the domain name. We may occasionally send promotional materials or updates regarding the services we provide. However, customer may choose to opt-out from receiving such materials.
  3. Website
    1. MYNIC shall make a record of customer visits to our website. The record will show the IP address and details of the pages visited. This information is used for preparing general statistics on the usage of MYNIC website and prevention or detection of crime. Some of the information may be gathered through the use of “Cookies”. Cookies are small bits of information that are automatically stored on a web browser that can be retrieved by the sites visited. Customer may be requested to enable these cookies setting on the web browser. MYNIC use of this technology does not mean that we automatically know any information about our customer. The acceptance of our cookie in no way gives us access to customer computer. The use of cookies is to provide good experience for customers. The cookies are not accessible by others and are not identifiable to a person.
    2. MYNIC website may feature links to other websites. Any links to external sites are out of our control and we are not responsible for the content and privacy practices of such websites. We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so.
  4. Contact
    1. When Customer contact us with a comment, question or complaint, customer may be asked for information that identifies customer along with additional information we need to help MYNIC provide support, answer question, or respond to any comment or complaint. MYNIC may retain this information to assist customer in the future and to improve our services.
  5. Employment
    1. MYNIC advertise employment opportunities on our website. In connection with a job application or related inquiry, the applicant may provide us with information that identifies the applicant. We use this information for the purpose of processing and responding to the application for employment.

3. Security and Retention of Personal Data

MYNIC implements security measures to protect customer personal data against unauthorised access, misuse, disclosure, copying, use, alteration, accidental loss or theft, destruction, or damage. Such security measures include technical protection of MYNIC’s system, training of MYNIC staff and the implementation of information security management system (ISMS) policies under ISO 27001:2013.

The personal data that customer provide to us will not be retained for longer than is required unless there are other legislative requirements that require personal data to be kept for a longer period.

4. Disclosure of Personal Data

MYNIC may disclose the customer personal data to MYNIC duly appointed business partners or resellers who acts on MYNIC behalf in providing the respective services. MYNIC will ensure that these appointed business partners or resellers shall only use and process customer personal data for the purpose(s) it was collected for by MYNIC and adopt appropriate technical and organizational security measures when processing customer personal data.
  1. WHOIS Information

    MYNIC operates a WHOIS service which provides users to obtain information on domain registration and availability of Domain Names, as part of the administration of the .MY Registry. MYNIC has taken proactive measures to limit the showcase of all the contact information with the exception of Registrar information.

    MYNIC provides a Domain Contact Request to help users of the WHOIS service to contact a Registrant or Domain Contacts for specific .MY domain name to address misuse, abuse and intellectual property infringements. MYNIC makes no guarantee that the Registrant will comply with the Domain Contact Request to reveal the personal information. For more information, please click on the link here.

  2. Disclosure of WHOIS Information
    MYNIC shall disclose and make the following information available in the WHOIS searchable database. Such information disclosure is mandatory for a Domain Name.
    • the Domain Name itself;
    • the creation, expiration and modification (if any) dates of the Domain Name Registration;
    • status of the Domain Name;
    • the Registrar’s or Reseller’s name and contact number;
    • the primary and secondary name servers and IP (if any); and
    • the DNSSEC status.
  3. MYNIC’s Domain Name Dispute Resolution Policy (MYDRP)
    MYNIC may provide customer information to the Asian International Arbitration Centre (AIAC) to facilitate domain name disputes concerning customer domain name, where there are complaints filed with AIAC under the MYDRP over the registration or use of the domain name.
  4. Service Provider Arrangements
    1. MYNIC may transfer or otherwise make available customer personal data to third parties who provide services on our behalf. For example, we may use service providers to host our website, send e-mail, conduct customer research, or manage/analyse data.
    2. Before transferring or otherwise making available any personal data to any third-party service provider, MYNIC shall enter into an agreement with the service provider pursuant to which it is required to use the personal data solely for the purpose of providing the service and to maintain security and privacy measures to safeguard the data. Our service providers are given only the information they need to perform their designated functions, and MYNIC do not authorize them to use or disclose personal data for their own marketing or other purposes.
  5. Legal
    MYNIC may provide customer personal data in response to a search warrant or other legally valid inquiry or order, or as otherwise required by applicable law. MYNIC may also disclose personal data where necessary for the establishment, exercise or defense of legal claims.
  6. MYNIC will not disclose, sell, trade, share or rent customer personal data to any other third party other than as set out in this Policy or as required by Law.
  7. Reservation
    1. For the avoidance of doubt, nothing in this document constitutes waiver of any right of MYNIC to use any registration information provided to MYNIC in connection with the registration of a Domain Name or pursuant to the Agreement for Registration of Domain Name. For technical reasons or in compliance with any legal obligation or requirements, MYNIC at its sole discretion, may disclose to any third party upon application to it information in its possession relating to customer whether referred to in its WHOIS record or otherwise.
    2. MYNIC may from time to time, in its discretion and not as a duty or obligation to customer or user, impose terms and conditions on the users of the WHOIS system to govern the use of any data or information obtained from the WHOIS system. In the event such terms and conditions are imposed, MYNIC does not warrant that the users would comply with the terms and conditions so imposed.

5. Access to Personal Data

MYNIC is committed processing the customers personal data within the ambit of the Act. Subject to the provisions of the Act, customer has the right to access, update personal data or correct personal data with MYNIC should customer believe the personal data provided to MYNIC is incorrect, inaccurate, or incomplete. Should customer wish to access, update or correct the personal data retained by MYNIC, kindly contact MYNIC at

6. Accuracy

MYNIC will ensure all personal data collected is accurate and kept up to date. MYNIC will make a request to customer for updates of personal data if the update is necessary to fulfil the purposes for which the data was collected.

7. Protection of Minors

Children (users under the age of 18 years) are not eligible to use MYNIC services. We request that children do not submit any personal data to us online. If customer is under the age of 18 years, they may surf this website upon obtaining consent from parents or legal Guardian.

8. Openness

MYNIC’s Data Protection Policy is displayed on this website and the policy is set out in the same language medium as the website. MYNIC encourage all users to read our Data Protection Policy to understand the objective of collecting their personal data.

9. Right of Review and Restrictions

MYNIC reserves the right to review and amend this Policy from time to time.

The following activities are prohibited, and customer or user shall not:

  • attempt to perform a bulk access or obtain a copy of the entire WHOIS database;
  • use information obtained from the WHOIS system for advertising, marketing, unsolicited communication, spamming, unlawful or other abusive purposes.