GDPR and Switzerland Addendum to the Privacy Notice

This GDPR Privacy Notice Addendum is for residents of the European Economic Area (EEA) and Switzerland, and supplements the information contained in the Newfold Digital, Inc. Privacy Notice (the “Privacy Notice”) and other addendums relevant to you. This Addendum applies solely to EEA and Swiss Data Subjects who purchased services from certain brands that are covered, as relevant, by the European Union’s General Data Protection Regulation 2016/679 (GDPR) and applicable Swiss data protection laws.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Depending on what personal information we collect from you and how we collect it, we rely on various grounds for processing your personal information under the GDPR, including the following:

  • In order to perform our contractual relationship, including setting up your requested Services, payments, renewals and processes;
  • Because it is in our legitimate interest to run an effective and efficient business and provide you with the Services and other useful content;
  • In order to comply with any applicable legal obligations we may have to collect this personal information from you; and/or
  • Because you have provided your consent for us to do so.

INTERNATIONAL DATA TRANSFER

In order for us to fulfill your request or provide the Services to you, your personal information will be transferred to, stored at, and processed in jurisdictions other than where you live, including in the United States. For instance, your personal information may be processed by staff in India and the Philippines, who work for us or for one of our suppliers. Laws in these countries may differ from the laws applicable to your country of residence and may not offer the same level of protection. In addition, in certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our Services are largely operated in the United States. If you are located in the EEA or Switzerland please be aware that in order to fulfil your request or provide access to our Services, the personal information you provide will be processed in the United States.

For transfers of personal information outside of the EEA and Switzerland within the Newfold corporate family and for transfers of personal information to third parties, such transfers will be pursuant to the relevant European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (“SCCs”), unless the data transfer is to a country that has been determined by the relevant EEA or Swiss authorities, as applicable, to provide an adequate level of protection for individuals’ rights and freedoms for their personal information. To obtain a copy of the SCCs in the Data Protection Addendum (DPA) click here or you may contact the Data Protection Officer via the details listed below to obtain a copy of the DPA or for more information regarding the relevant safeguards we put in place. In the event of conflict between the Privacy Shield (see below) and the SCCs in the DPA, the SCCs control.

PRIVACY SHIELD

Although no longer a legal basis for the transfer of data from the EEA or Switzerland to the US, Newfold Digital, Inc. and certain subsidiaries, including Ecomdash, Bluehost, Endurance International Group Holdings, Inc., Web.com Group, Inc. and others (together known as “Covered Entities”) participate in and have certified compliance with the principles set out in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (together, the “Privacy Shield Frameworks”). When the Covered Entities access your personal information, they do so in compliance with the Privacy Shield Frameworks. The Covered Entities are responsible for the processing of personal data they receive under the Privacy Shield Frameworks, including data they subsequently transfer to a third party acting on their behalf. The Covered Entities comply with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions. To learn more about the Privacy Shield Frameworks, and to view our certifications, visit the U.S. Department of Commerce at https://www.privacyshield.gov/list. We are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individuals in the EEA and Switzerland who have inquiries or complaints regarding our compliance with the Privacy Shield Frameworks should first contact us at [email protected] If you have an unresolved privacy or data use concern not addressed satisfactorily by Covered Entities, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield .  Under certain conditions, more fully described on the Privacy Shield website (available here), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

CONTACT US AND COMPLAINTS

Our local EU Representative is Bird & Bird, which may be contacted as follows:

Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium
[email protected]

If you have any questions about this Privacy Notice Addendum or our data handling practices, or you wish to make a complaint, you may contact our Data Protection Officer at [email protected] or by regular mail at:

Newfold Digital, Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
U.S.A.
Attn: Data Protection Officer

If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the EEA country in which you live or work, Switzerland, or where you think we have infringed data protection laws, as applicable to you.