Uhh, no, not if you 'paid to keep it private'!!! That's like saying it's ok for every bank teller/employee to just go thru your bank records at their whim because they're an employee there!
Interesting peoples take on what is ok to do with what others have paid and trusted to be 'private'!!!
When you purchase a registrar's privacy service, what exactly do you expect? If you also read your registrar's FAQs, legal prints, etc. regarding that privacy service, how much are aligned with those expectations?
At the very least, you expect the registrar not to show your domain's actual contact details (and maybe contact name) in WHOIS, right? Many registrars' prints detailing their WHOIS privacy service say they do that.
Now, do you expect a registrar's employee not to look at your domain's actual details in their internal tools
for any reason whatsoever? Will there be an objection if, say, an employee looks it up to notify you for renewal, or if they receive a UDRP notice or...knock on wood...a court order, even if their legal prints indicate that?
I ask because sometimes it helps to keep one's expectations real. Otherwise, you can find yourself needlessly frustrated if you keep insisting on something others might not necessarily be willing to do.
But again, that depends what exactly you expect, and what the registrar's legal prints say.