GoDaddy - United States Supplemental Privacy Notice

GoDaddy and certain of its affiliates ("GoDaddy") maintains a global privacy program as described in our Global Privacy Notice. This US Privacy Notice supplements our Global Privacy Notice by providing additional disclosures required by US state law. For disclosures specific to your state, please click the relevant link below:

• California
• Colorado, Connecticut, Montana, Oregon, Texas, and Virginia

If your state is not listed above, please see our Global Privacy Notice for a description of your rights.

Our Global Privacy Notice applies to all California residents. If you a resident of California and applying for a job with us, our Applicant Privacy Notice also applies to you.

The following additional California-specific disclosures are required by California law and relate to both our online and offline practices for handling “Personal Information” (as defined below) of California residents.

The California Consumer Privacy Act (CCPA) regulates the processing of Personal Information, which is defined as “information that identifies, relates to, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household.” For purposes of honoring rights of California residents, all references to "Personal Data" in our Global Privacy Notice include personal information as defined in the CCPA.

Categories of Personal Information Collected

In the last 12 months, we have collected the following categories of personal information for the business purposes described below.

Categories of Sensitive Personal Information Collected

Users of some services are required by applicable laws, contracts, and other requirements (including requirements imposed by ICANN) to supply certain information that is defined as "Sensitive Personal Information" under California law.

In the past 12 months, we have collected the following categories of Sensitive Personal Information from some individuals:

• Identifiers: Social security numbers, driver’s license numbers, state identification card numbers, or passport numbers
• Personal Information Categories listed in California Consumer Records Statute
• Financial and Account Information: account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password or credentials allowing access to an account
• Employment Information: health, sexual orientation, and racial or ethnic origin

Categories of Personal Information Disclosed

In the past 12 months, we have disclosed the following categories of Personal Information regarding one or more specific infdividuals for the business purposes described above (see, Categories of Personal Information Collected) to the following categories of third parties:

No Sale of Personal Information

We do not sell, lease, rent, or transfer personal information for monetary or other consideration.

Sharing of Personal Information

The CCPA defines “sharing” personal information to include providing personal information to third parties for certain online behavioral advertising purposes. Pursuant to this CCPA definition, we “shared” personal information with third parties for customized and personalized marketing and advertising in the past 12 months, including identifiers, internet or other similar network activity, and inferences drawn from other personal information. The recipients of this personal information are prohibited from using this shared personal information except to provide services to us or as otherwise required by law.

We recognize the right for California residents (and all other individuals regardless of where they live) to opt-out of the “sharing” of personal information by clicking on the Do Not Share My Personal Information link in this notice and on our website. You can also request that we not share your personal information by emailing us at privacy@godaddy.com.

Use of Sensitive Personal Information

GoDaddy does not use sensitive personal information, as defined in the CCPA, for any purpose other than:

• providing the services or goods requested by our customers
• preventing, detecting, and investigating security incidents
• detecting and responding to malicious, deceptive, fraudulent, or illegal actions
• to ensure the physical safety of natural persons
• for short term, transient use, including but not limited to, nonpersonalized advertising shown as part of a consumer’s interaction with us
• to service accounts
• to verify or maintain the quality or safety of products, services, and/or devices that are owned, manufactured, manufactured for, or controlled by us
• for employment purposes

As a result, the right to limit use of sensitive personal information under the CCPA does not apply to our activities.

How to Exercise Your Rights

You can make a request to exercise your rights to know, access, correct, delete, transfer (portability), opt-out of marketing, or restrict sharing of your personal information by emailing us at privacy@godaddy.com. You also can send your request by mail to:

Attn: Legal – Privacy
100 S. Mill Ave
Suite 1600
Tempe. AZ 85281 USA

If we require additional information to process your request, we will contact you by email or mail.

Use of Authorized Agents

The CCPA allows authorized agents to make requests on behalf of California residents to exercise their personal information rights. To exercise rights on behalf of a California resident, authorized agents must provide us with evidence they are authorized to make the request.

To make an authorized request, please email us at privacy@godaddy.com. Authorized agents can also send their requests to Attn: Legal – Privacy, 100 S. Mill Ave, Suite 1600, Tempe, AZ 85281 USA.

Please note that we will confirm the authorized agent’s authority and send any personal information directly to the California resident on whose behalf the agent is acting. No personal information will be provided to the authorized agent.

Time To Respond

We will acknowledge your request to exercise your rights within 10 business days after receiving the request. Under California law, we have 45 days to respond to your inquiry and may add an additional 45 days depending on the complexity of your request. Please note, however, that as a general rule we normally respond to requests within 30 days as set forth in our global privacy notice.

Our Global Privacy Notice applies to all residents of Colorado, Connecticut, Montana, Oregon, Texas, and Virginia. The following supplemental disclosures are specifically required by state law.

We recognize all requests to exercise state privacy rights as including personal data, personal information, and personally identifiable information ("PII") under applicable state law and as defined in our Global Privacy Notice.

Mandatory Disclosures

• We process the following categories of personal data: identifiers/contact information, demographic information (including gender and age), payment card information, commercial information (such as information about your business), internet activity, audio and electronic information, and inferences.
• The purposes for processing your personal data are described in our global privacy notice.
• We may disclose all of the categories of personal data described above to the third parties described in our Global Privacy Notice.
• We process the following categories of personal data for targeted advertising purposes: identifiers, demographic information, commercial information, internet activity, and inferences.

The Right to Opt-Out of Marketing and Advertising

We recognize the right to opt-out of targeted marketing and advertising communications. If you are a customer, you can also opt-out of targeted marketing and advertising communications by setting your advertising and marketing preferences in your account. You can also exercise this right by sending your request to via email to privacy@godaddy.com or by mail to: Attn: Legal – Privacy, 100 S. Mill Ave, Suite 1600 Tempe, Arizona 85281.

Where available under applicable state law, we also recognize the right to opt-out of the processing of personal data for targeted advertising through a third party authorized by you to act on your behalf. We reserve the right to use commercially reasonable methods to authenticate your identity and the authorized agent’s authority to act your behalf. Authorized agents may make such requests by sending us an email, or mailing the request to Attn: Legal – Privacy, 100 S. Mill Ave, Suite 1600 Tempe, Arizona 85281.

How to Exercise Your Rights

You, or an authorized agent, may make a request to exercise your rights to know, access, correct, delete, transfer (portability), or opt-out of marketing by emailing us at privacy@godaddy.com. You, or an authorized agent, can also send your request by mail to:

Attn: Legal – Privacy
100 S. Mill Ave
Suite 1600
Tempe. AZ 85281 USA

We reserve the right to use commercially reasonable methods to verify your identity and the authority of any authorized agent to act on your behalf.

Time To Respond

Under state law, we have 45 days to respond to your inquiry and may add an additional 45 days depending on the complexity of your request. Please note, however, that as a general rule we normally respond to requests within 30 days as set forth in our Global Privacy Notice.

Right of Appeal

If we reject your request, you have the right to appeal that denial by notifying us that you disagree with our decision by email at privacy@godaddy.com or by mail at: Attn: Legal – Privacy, 100 S. Mill Ave, Suite 1600, Tempe, AZ 85281.

If you choose to appeal, please explain why you believe you are entitled to receive the information requested despite our denial. We will respond to any appeal within 45 days.

Right to Complain to Attorney General

If we deny any request you made under our Global Privacy Notice or this state supplemental notice, you may file a complaint with your state’s attorney general.