GoDaddy Registry - Global Privacy Notice
Registry Services, LLC cares about your privacy. For this reason, we collect and use personal information only as needed to deliver our products, services, websites and mobile applications, and to communicate with you about the same, or as you have requested (collectively, our “Services”). Your personal information includes information such as:
- Name
- Address
- Telephone number
- Email address
- Billing and payment information
- Candidate information (for job applicants)
- Other data associated with these or other persistent identifiers that could directly or indirectly identify you
Our Privacy Policy not only explains how and why we use your personal information that we collect, but also how you can access, update or otherwise take control of your personal information. If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at privacy@registry.godaddy. This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.
What information we collect, how we collect it, and why.
Much of what you likely consider personal information is collected directly from you when you:
- create an account or purchase any of our Services (ex: billing information, including name, address, credit card number, government identification);
- request assistance from our award-winning customer support team (ex: phone number);
- complete contact forms or request newsletters or other information from us (ex: email); or
- participate in contests and surveys, apply for a job, or otherwise participate in activities we promote that might require information about you.
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we thought we’d highlight and explain a bit more about what these might be (as they vary from time to time):
Registrant data. When you register a domain name, your registrar collects certain information, including the personal information identified above, the name of your Registrar, the IP Address of the servers on which your domain name is hosted, contact information for others involved in operation of the domain, and other information about the domain name registration. We use this information to deliver registry services and for other purposes described below.
DNS services, we provide a variety of Domain Name System (DNS) services to facilitate the global flow of Internet traffic. In providing these services, we collect and processes DNS queries, which includes both source and destination IP Address information, time and date stamps, and other technical information. We use this information to provide connectivity and routing services to our customers, to investigate, identify and mitigate malicious and fraudulent activity, and to enhance our products and services.
DDoS services, in providing DDoS services we collect and process network traffic information containing both source and destination IP Addresses, Referrer URL, and other Internet Log Data to help our customers identify and respond to cyber-attacks and other malicious online traffic, including distributed denial of service (DDoS) attacks. We analyze the attack vector information containing the source and destination IP Addresses, attack duration, and traffic volume to enhance our ability to detect and mitigate malicious activity on the Internet more broadly. Based on this analysis, we may share information about malicious activities, blocked hostnames or IP Addresses, source and target geolocation data, and target industry or vertical information with third parties such as internet security research groups and service providers to prevent, detect, and mitigate against malicious online behavior.
Cookies and similar technologies on our websites and our mobile applications allow us to track your browsing behavior, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. These technologies automatically collect data when you use and interact with our Services, including metadata, log files, cookie/device IDs, page load time, server response time, and approximate location information to measure website performance and improve our systems, including optimizing DNS resolution, network routing and server configurations. Specifically, interactions with the features, content and links (including those of third-parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data is collected. All this allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyze and improve the performance of our Services. We may also collect your location (IP address) so that we can personalize our Services. For additional information, and to learn how to manage the technologies we utilize, please visit our Cookie Policy. If you wish to opt out of interest-based advertising, click here (or if located in the European Union click here). Please note you will continue to receive generic ads.
Supplemented Data may be received about you from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand and analyze the accuracy of our records, assess the qualifications of a candidate for employment, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
How we utilize information.
We strongly believe in both minimizing the data we collect and limiting its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes:
Delivering, improving, updating and enhancing our Services. We collect various information relating to your purchase, use and/or interactions with our Services. We utilize this information to:
- Provide, support, enhance, improve and optimize our Services and the operation and performance of our Services (again, including our websites and mobile applications); diagnose problems with and identify any security and compliance risks, errors, or needed enhancements to the Services;
- Detect, prevent and respond to cybersecurity threats as well as fraud and abuse of our Services and systems;
- Collecting aggregate statistics about use of the Services;
- Understand and analyze how you use our Services and what products and services are most relevant to you;
- Comply with contractual requirements, ICANN policy requirements, laws and regulations;
- Investigate and respond to complaints and inquiries, including complaints about abusive and/or illegal conduct; and
Enforce registry policies related to, without limitation, reviewing the accuracy of submitted information, the use of proxy and/or privacy registration services, limitations on registration, and prohibitions against the use of domain names to distribute malware, operate botnets, or engage in phishing, piracy, intellectual property infringement, fraudulent or deceptive practices, counterfeiting or other activity that is contrary to applicable law. Much of the data collected is aggregated or statistical data about how individuals use our Services and is not linked to any personal information.
Sharing with third parties. We may share your personal information with affiliated companies within our corporate family, with third parties that we have partnered to allow you to integrate their services into our own Services, and with our affiliates or trusted third party service providers as necessary for them to perform services on our behalf, such as:
- Processing credit card payments
- Serving advertisements
- Conducting contests or surveys
- Performing analysis of our Services and customers demographics
- Communicating with you, such as by way email or survey delivery
- Customer relationship management
- Security, risk management and compliance
- Recruiting support and related services
These third parties (and any subcontractors they may be permitted to use) have agreed not to share, use or retain your personal information for any purpose other than as necessary for the provision of Services.
We will also disclose your information to third parties:
- in the event that we sell or buy any business or assets (whether a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets; or
- if we sell, buy, merge, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your information may be among the transferred assets.
Registrant Data or “WHOIS”
As the Registry Operator for certain TLDs and as the registry service provider for other TLDs, we collect this registrant data from registrars. We use this data to provide registry services, to enforce our policies and our customers’ policies, prevent, detect, and respond to malicious behaviour and/or misuse of our services, and provide “WHOIS” services described below. We also make this information available online, in accordance with applicable law and/or policy or contractual requirements imposed by the ICANN and/or our registry customers. For example, registrant data may include personal information in relation to:
- the .us TLD is publicly available in accordance with United States government policy; and
- the .biz TLD is available upon request to third parties with a legitimate and proportionate interest in using the data for non-marketing purposes such as consumer protection, crime detection, intellectual property protection, etc.
Availability of data for other TLDs that we support (either country-code or generic TLDs) is determined by our customers in accordance with their regulatory and/or contractual requirements.
We may from time to time collect and aggregate demographic data or statistical analysis and other research but does not disclose personal information in that process.
We prohibit use of registrant data:
- except in compliance with applicable law;
- to allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone;
- in contravention of any applicable data and privacy protection laws; or
- to enable high volume, automated, electronic processes that interact with domain name registry systems.
Communicating with you. We may contact you directly or through a third-party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:
- Text (SMS) messages
- Telephone calls
- Messenger applications (e.g. WhatsApp, etc.)
- Automated phone calls or text messages.
If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any choice options you have in regard to the use and/or sharing of your personal information with a co-branded partner, as well as how to exercise those options. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit.
If you make use of a service that allows you to import contacts (ex. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested service. If you believe that anyone has provided us with your personal information and you would like to request that it be removed from our database, please contact us at privacy@registry.godaddy.
Transfer of personal information abroad. If you utilize our Services from a country other than the country where our servers are located, your personal information may be transferred across international borders, which will only be done when necessary for the performance of our contract with you, when we have your consent to do so, or when the appropriate standard contractual clauses are in place. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin.
Compliance with legal, regulatory and law enforcement requests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as lawful requests) ) in connection with US or foreign civil, criminal, or investigative matters, to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
We will also share your data to the extent necessary to comply with any ICANN, country-code or generic TLDs rules, regulations and policies when you register a domain name with us, or to comply with US or foreign laws. For reasons critical to maintaining the security, stability and resiliency of the Internet, this includes the transfer of domain name registration information to the underlying Registry Operator and escrow provider, and publication of that information as required by ICANN or with other third parties that demonstrate a legitimate legal interest to such information.
How we secure, store and retain your data.
We follow generally accepted standards to store and protect the personal information we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal information only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal information, you can contact us at privacy@registry.godaddy.
How you can access, update or delete your data.
To easily access, view, update, delete or port your personal information that we collect from you, you may contact us by email at privacy@registry.godaddy or by one of the other methods described in the “Contact Us” section below.
If you make a request to delete your personal information and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.
To submit a request to know or delete Registrant Data collected by your Registrar, you will need to contact your Registrar to fulfill the request.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
The following applies where Privacy Shield is used as the mechanism to transfer data from the EU or Switzerland to the U.S.:
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Nonetheless, the U.S. Department of Commerce continues to administer the Privacy Shield program. Registry Services, LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Registry Services, LLC has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Frameworks, and to view our certification, visit https://www.privacyshield.gov.
Residents of the European Union and Switzerland may have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information about this, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Registry Services, LLC is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Registry Services, LLC complies with the Privacy Shield Principles for all onward transfers of personal information from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Registry Services, LLC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Registry Services, LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Registry Services, LLC commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us in any manner provided in the “CONTACT US” section below in this Privacy Policy.
Registry Services, LLC has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If you have not received a timely or satisfactory response from Registry Services, LLC to your question or complaint, please contact the independent recourse mechanism provided by the DPAs or FDPIC, as applicable.
Information for California Residents
If you are a consumer residing in California, you may have the right to make certain requests under the California Consumer Privacy Act (CCPA):
- You may have the right to know about Personal Information that we have collected or disclosed, including:
- The categories of personal information we have collected or shared about you in the preceding 12 months,
- The categories of sources from which we have collected that information in the preceding 12 months,
- The commercial or business reason(s) we have collected or shared that information, and
- The categories of third parties with whom we have shared that information in the preceding 12 months.
Under limited circumstances, you may have the right to request deletion of personal information about you. To submit a request to know or delete personal information we collect from you, you can send an email to privacy@registry.godaddy. Please note that, depending on the nature of your request, we may need additional information to verify your identity including, without limitation, name, address, telephone number, and/or email addresses. We will use any information you submit only to fulfill your request. If you would like to designate an authorized agent, we will require you to submit an email or letter with that information, including information that allows us to verify your identity as well as the identity of your agent.
We do not sell Registrant Data or knowingly process personal information about children under 18. To submit a request to know or delete Registrant Data collected by your Registrar, you will need to contact your Registrar to fulfill the request.
We are prohibited by law from treating you in a discriminatory fashion as a result of your election to exercise any rights you have under CCPA. Please be advised, however, that our contract with the US Department of Commerce requires us to collect, use, and publish Registrant Data in the manner described in this Privacy Policy.
If you would like to know more about how we process personal information about registrants, please contact us in any manner provided in the “CONTACT US” section below in this Privacy Policy.
‘Do Not Track’ notifications.
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com.
Age restrictions.
Our Services are available for purchase only for those over the age of 18. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 18. If you know of or have reason to believe anyone under the age of 18 has provided us with any personal information, please contact us.
Non-Discrimination.
We will not discriminate against you for exercising any of your privacy rights. Unless permitted under applicable laws, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to this policy.
We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.
Contact us.
If you have any questions, concerns or complaints about our Privacy Policy, or how we handle your personal data, you may contact our Office of the Data Protection Officer by email at privacy@registry.godaddy.
In the alternative, you may contact us by mail:
Attn: Office of the Data Protection Officer, 2155 E GoDaddy Way, Tempe, Arizona 85284, USA, or for customers established in the EEA, Attn: Legal, Office of the DPO, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road, Hayes, UB3 1HA.
We will respond to all requests, inquiries or concerns within thirty (30) days of receipt.
If you are not satisfied with our response, you may direct privacy complaints to your local data protection authority. Registry Services, LLC is the data controller for www.registry.godaddy.