GDPR and Switzerland Addendum to the Privacy Notice

This GDPR Privacy Notice Addendum is for residents of the European Economic Area (EEA) and Switzerland, and supplements the information contained in the Newfold Digital, Inc. Privacy Notice (the “Privacy Notice”) and other addendums relevant to you. This Addendum applies solely to EEA and Swiss Data Subjects who purchased services from certain brands that are covered, as relevant, by the European Union’s General Data Protection Regulation 2016/679 (GDPR) and applicable Swiss data protection laws.

In addition to the rights described, where the GDPR or the UK GDPR and UK Data Protection Act or related data protection laws apply, the following rights may be available to you: 

  • Access: You have the right to access personal data we hold about you, how we use it, and who we share it with. 
     
  • Correction: You have the right to correct any personal information held about you that is inaccurate and have incomplete data completed. 
     
  • Erasure: You have the right to request we erase the personal information we hold about you in certain circumstances (e.g. it is no longer necessary for us to hold that information; you have withdrawn your consent; we are processing the personal information on the basis of our legitimate interest and you object to such processing; or you believe your personal information is being unlawfully processed by us). We will retain the personal data if there are valid grounds under law for us to do so (e.g., for the defense of legal claims or freedom of expression). 
     
  • Restriction of processing to storage only: In certain circumstances, you have the right to require us to stop processing the personal information we hold about you other than for storage purposes (e.g., for a period of time to determine the accuracy of your personal information or when exercising your right to object; if you require us to retain the personal information for certain purposes such as the defense of legal claims). If we stop processing the personal data, we may use it again if there are valid grounds under law for us to do so. 
     
  • Objection: In certain circumstances, you have the right to restrict or object to our processing of your personal information. We may continue to process your personal data if there are valid grounds under law for us to do so (e.g., compelling legitimate grounds or for the defense of legal claims).  

Please note that as set out above a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal information. 

We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Depending on what personal information we collect from you and how we collect it, we rely on various grounds for processing your personal information under the GDPR, including the following:

  • In order to perform our contractual relationship, including setting up your requested Services, payments, renewals and processes;
  • Because it is in our legitimate interest to run an effective and efficient business and provide you with the Services and other useful content;
  • In order to comply with any applicable legal obligations we may have to collect this personal information from you; and/or
  • Because you have provided your consent for us to do so.

INTERNATIONAL DATA TRANSFER

In order for us to fulfill your request or provide the Services to you, your personal information will be transferred to, stored at, and processed in jurisdictions other than where you live, including in the United States. For instance, your personal information may be processed by staff in India and the Philippines, who work for us or for one of our suppliers. Laws in these countries may differ from the laws applicable to your country of residence and may not offer the same level of protection. In addition, in certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our Services are largely operated in the United States. If you are located in the EEA or Switzerland please be aware that in order to fulfil your request or provide access to our Services, the personal information you provide will be processed in the United States.

For transfers of personal information outside of the EEA and Switzerland within the Newfold corporate family and for transfers of personal information to third parties, such transfers will be pursuant to the relevant European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (“SCCs”), unless the data transfer is to a country that has been determined by the relevant EEA or Swiss authorities, as applicable, to provide an adequate level of protection for individuals’ rights and freedoms for their personal information. To obtain a copy of the SCCs in the Data Protection Addendum (DPA) click here or you may contact the Data Protection Officer via the details listed below to obtain a copy of the DPA or for more information regarding the relevant safeguards we put in place. In the event of conflict between the Privacy Shield (see below) and the SCCs in the DPA, the SCCs control.

PRIVACY SHIELD

Although no longer a legal basis for the transfer of data from the EEA or Switzerland to the US, Newfold Digital, Inc. and certain other entities and brands including: Web.com Group, Inc. - Endurance International Group Holdings, Inc. - Network Solutions, LLC - EcomDash - Monstercommerce, LLC - Bluehost Inc. - NameSecure, LLC - NameJet, LLC - Fastdomain - Register.com, Inc. - RPI, Inc. - Hostmonster - Justhost - SnapNames - TLDS, LLC dba SRSplus (together known as “Covered Entities”) participate in and have certified compliance with the principles set out in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (together, the “Privacy Shield Frameworks”). When the Covered Entities access your personal information, they do so in compliance with the Privacy Shield Frameworks. The Covered Entities are responsible for the processing of personal data they receive under the Privacy Shield Frameworks, including data they subsequently transfer to a third party acting on their behalf. The Covered Entities comply with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce at https://www.privacyshield.gov/list. We are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individuals in the EEA and Switzerland who have inquiries or complaints regarding our compliance with the Privacy Shield Frameworks should first contact us at [email protected]. If you have an unresolved privacy or data use concern not addressed satisfactorily by Covered Entities, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield . Under certain conditions, more fully described on the Privacy

Shield website (available here), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

CONTACT US AND COMPLAINTS

Our local EU Representative is Bird & Bird, which may be contacted as follows:

Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium
[email protected]

If you have any questions about this Privacy Notice Addendum or our data handling practices, or you wish to make a complaint, you may contact our Data Protection Officer at [email protected] or by regular mail at:

Newfold Digital, Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
U.S.A.
Attn: Data Protection Officer

If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the EEA country in which you live or work, Switzerland, or where you think we have infringed data protection laws, as applicable to you.