Skip to main content
    • Find a Domain
    • Search for Domain Names
    • Transfer Domain Names
    • Browse Domain Name Options
    • Auctions for Domains
    • Auctions for Domain Names
    • Appraise Domain Name Value
    • Investing in Domain Names
    • Domain Tools and Services
    • Domain Broker Service
    • Generate Domain & Business Names
    • Find a Domain Owner (WHOIS)
    img-meganav-domains-2
    Buy a Domain You Want
    • Websites
    • Website Builder

      Free Trial

    • All Website Options
    • Hosting
    • WordPress Hosting
    • Web Hosting
    • VPS Hosting
    • All Hosting Options
    • Web Security
    • SSL Certificates
    • Website Security
    • All Web Security Options
    img-meganav-ecommerce-hosting.jpg
    Sell Online With WordPress Ecommerce Hosting
    • Email and Marketing Tools
    • Email and Microsoft 365
    • Content & Photo Creator
    • Free Logo Maker
    • Digital Marketing Suite

      Free Trial

    Image-Grow-Desktop.jpg
    Learn to Grow Your Business
  • Pricing
Help Center Account Basket
Contact UsHelp
Sign In
Registered Users
Have an account? Sign in now.
Sign In
New Customer
New to GoDaddy? Create an account to get started today.
Create an Account

INBOX LINKS

  • Sign in to Office 365 Email
  • Sign in to GoDaddy Webmail
Checkout Now

GoDaddy - Data Privacy Framework Notice

Last Revised: 30/11/2023

GoDaddy Operating Company, LLC (“GoDaddy”) has self-certified its compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and the UK Extension to the EU-U.S. DPF (“UK Extension”), collectively (the “DPF”).

This Data Privacy Framework Notice describes our compliance with the specific requirements of the DPF. For a complete statement of our privacy practices, please see our Global Privacy Notice. For the purposes of this Data Privacy Framework Notice, all references to PII and personal information in our Global Privacy Notice and its supplements are deemed to be references to personal data.

Certifications

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program please visit www.dataprivacyframework.gov.

Several other GoDaddy affiliates also have certified their compliance with the DPF Principles, including:

GoDaddy.com, LLC GoDaddy Media Temple, Inc. GoDaddy Corporate Domains LLC GoDaddy Sellbrite, Inc. Starfield Technologies, LLC Domains by Proxy, LLC Blue Razor Domains, LLC

To view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search/.

Scope

This DPF Notice applies to our processing of personal data transferred to the United States from the European Union/European Economic Area (“EU/EEA”), Switzerland, and the United Kingdom in reliance upon the DPF. If there is any conflict between this notice and the DPF Principles, the DPF Principles govern.

We process personal data as a controller (who determines the purpose and means of processing) or processor (who acts upon the written instructions of the controller)

Notice of Privacy Practices: Controller

Our privacy practices when we act as a data controller are set forth in our Global Privacy Notice, including:

  • the types of personal data collected
  • the purposes for which we collect personal data
  • the type of third parties to whom we disclose personal data,
  • our practices relating to the collection and use of personal data,
  • the right of individuals to access their personal data, and
  • the choices and means we offer for limiting use and disclosure of personal data.

Notice of Privacy Practices: Processor

When we act as a data processor, our customers determine the types of personal data collected, and the practices relating to the collection and use of personal data collected.

Our rights and obligations as a processor are defined by a written data processing addendum (“DPA”) executed between us and our customer. In general, we process personal data according to applicable law and the instructions provided by our customer acting as the data controller. Our customers are responsible for ensuring they:

  • have a lawful basis for collecting the personal data provided to us
  • have provided appropriate notices and disclosures to data subjects as required under applicable law
  • have the right to allow transfer of personal data to the United States
  • have otherwise complied with all applicable laws relating to the collection and processing of personal data
  • provide responses to requests from individuals to access their personal data, and
  • provide appropriate choices and means to individuals to limit the use and disclosure of their personal data.

When acting as a processor, we disclose personal data:

  • to our affiliates and subprocessors for the purpose of operating our business and/or providing our services
  • to third parties at our Customer’s request
  • when required to make disclosures pursuant to law or in response to lawful requests from governmental authorities, including in response to national security, government interests, or law enforcement requests.

Onward Transfers of Personal Data

When transferring personal data to a processor (or subprocessor) pursuant to the DPF (an “Onward Transfer”), we:

  • require the processor to enter into a written DPA
  • require the processor to process the personal data for only limited and specific purposes defined in the agreement
  • take reasonable and appropriate steps to ensure that the personal data is processed in a manner consistent with the DPF Principles,
  • require the processor to notify us if the processor determines that it can no longer meet its obligations under the DPF Principles,
  • take reasonable and appropriate steps to stop and remediate unauthorized processing, and
  • will provide a summary or representative copy of the relevant privacy protections in our agreements with our processors to the Department of Commerce upon request.

We remain liable under the DPF Principles if our processor or any other party to whom our processor transfers personal data processes personal data in a manner not consistent with the DPF Principles, unless we demonstrate that we are not responsible for the unauthorized processing.

Other Disclosures

We also disclose Personal Data (a) for the purpose of operating our business and providing our Services as described in our Global Pri