UK GDPR Addendum to the Privacy Notice

This UK GDPR Privacy Notice Addendum is for residents of the United Kingdom (UK) and supplements the information contained in the Newfold Digital, Inc. Privacy Notice (the “Privacy Notice”) and other addendums relevant to you. This Addendum applies solely to UK data subjects who purchased Services from certain brands, including Web.com, which are covered by Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR). 

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

Depending on what personal information we collect from you and how we collect it, we rely on various grounds for processing your personal information under the UK GDPR, including the following:

  • In order to perform our contractual relationship, including setting up your requested Services, payments, renewals and processes;

  • Because it is in our legitimate interest to run an effective and efficient business and provide you with the Services and other useful content;

  • In order to comply with any applicable legal obligations we may have to collect this personal information from you; and/or

  • Because you have provided your consent for us to do so.

INTERNATIONAL DATA TRANSFER

In order for us to fulfill your request or provide the Services to you, your personal information will be transferred to, stored at, and processed in jurisdictions other than where you live, including in the United States. For instance, your personal information may be processed by staff operating outside the UK, who work for us or for one of our suppliers. Laws in these countries may differ from the laws applicable to your country of residence and may not offer the same level of protection. In addition, in certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

Our Services are largely operated in the United States. If you are located in the UK please be aware that in order to fulfil your request or provide access to our Services, the personal information you provide will be processed in the United States. As it relates to Web.com UK (which includes, but is not limited to, Enable Media and TouchLocal), our Services are operated in the UK, but some personal information may still be hosted in the United States.

For transfers of personal information outside the UK by our UK companies within the Newfold corporate family and for transfers of personal information to third parties, such transfer will be pursuant to the relevant European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (“SCCs”), or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined by the relevant UK authorities to provide an adequate level of protection for individuals’ rights and freedoms for their personal information. To obtain a copy of the SCCs in the Data Protection Addendum (DPA) click here or you may contact the Data Protection Officer via the details listed below to obtain a copy of the DPA or for more information regarding the relevant safeguards we put in place. In the event of conflict between the Privacy Shield (see below) and the SCCs in the DPA, the SCCs control.

PRIVACY SHIELD

Although no longer a legal basis for the transfer of data from the UK to the US, Newfold Digital, Inc. and certain subsidiaries, including Ecomdash, Bluehost, Endurance International Group Holdings, Inc., Web.com Group, Inc. and others (together known as “Covered Entities”) participate in and have certified compliance with the principles set out in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (together, the “Privacy Shield Frameworks”). When the Covered Entities access your personal information, they do so in compliance with the Privacy Shield Frameworks. The Covered Entities are responsible for the processing of personal data they receive under the Privacy Shield Frameworks, including data they subsequently transfer to a third party acting on their behalf. The Covered Entities comply with the Privacy Shield Principles for all onward transfers of personal data from the UK, including the onward transfer liability provisions. To learn more about the Privacy Shield Frameworks, and to view our certifications, visit the U.S. Department of Commerce at https://www.privacyshield.gov/list. We are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individuals in the UK who have inquiries or complaints regarding our compliance with the Privacy Shield Frameworks should first contact us at [email protected] If you have an unresolved privacy or data use concern not addressed satisfactorily by Covered Entities, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, more fully described on the Privacy Shield website (available here), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

CONTACT US AND COMPLAINTS

Our local UK Representative is Bird & Bird, which may be contacted as follows:

Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
London EC4A 1JP
United Kingdom
[email protected]

If you have any questions about this Privacy Notice Addendum or our data handling practices, or you wish to make a complaint, you may contact our Data Protection Officer at [email protected] or by regular mail at:

Newfold Digital, Inc.
5335 Gate Pkwy
Jacksonville, FL 32256
U.S.A.
Attn: Data Protection Officer

If you think we have infringed data protection laws, you can file a claim with the UK Information Commissioner’s Office (the “ICO”).