Brand Safety Alliance - EU Supplemental Privacy Notice

---

Brand Safety Alliance LLC, a GoDaddy Registry company (“BSA”) maintains a global privacy and data protection program as described in our Global Privacy Notice.

This European Data Protection Notice supplements our Global Privacy Notice by providing additional disclosures required by law in the European Union/European Economic Area (EU/EEA), Switzerland, and the United Kingdom.

Controller

When you use services offered by BSA in the EU/EEA, Switzerland, or the United Kingdom, the data controller will be Brand Safety Alliance LLC.

Legal Basis for Individual Processing Activities

We use personal data to operate our business and provide the services requested, as described in our Global Privacy Notice. We also use personal data to comply with our legal obligations and protect our legitimate interests, including communicating with customers and others, improving our services, customizing and personalizing our services, and detecting fraudulent and illegal activity. With your prior consent, we also may use your personal data to send you marketing materials and offers.

Cookies and Other Online Identifiers

We use optional and mandatory (essential) cookies and other online identifiers (“Identifiers”) as part of our services. Please see our Global Privacy Notice section on Identifiers for more information. Please note that in cases where our optional identifiers involve processing personal data of data subjects in the EU/EEA, Switzerland, and the UK, we collect your consent before using those cookies.

International Data Transfers

We operate a global business and personal data you provide may be transferred from your country to the United States or to another country where we do business. We make these transfers when necessary to provide our services, to perform our contract with you, or when we have your consent to transfer your personal data to another country.

We transfer personal data outside the EU/EEA, Switzerland, and the UK to countries that have been determined by the European Commission to offer an adequate level of data protection. Such transfers are made pursuant to the requirements of applicable adequacy decisions.

For transfers from the EU/EEA and Switzerland to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum with standard contractual clauses and appropriate supplementary measures including, appropriate technical and organizational measures.

For transfers from the UK to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum consistent with the requirements of the UK International Data Transfer Agreement issued by the UK Information Commissioner, Version B1.0.

Transfers to the United States

For transfers to the United States, we transfer personal data pursuant to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.

We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. 

Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from 

Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in our privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/list.

For transfers to the United States where transfers via the DPF are not available, we transfer personal data pursuant to a data protection addendum with standard contractual clauses and appropriate supplementary measures including, appropriate technical and organizational measures.

Please see our Data Privacy Framework Notice for more information on our compliance with the DPF’s requirements.

Please see our [Data Privacy Framework Notice] for more information on our compliance with the DPF's requirements.

EU Article 27 Representative

Our EU Article 27 Representative is:

GoDaddy Deutschland GmbH
c/o WeWork
Pilgrimstrasse 6
50674 Cologne, Germany

Complaints to Data Protection Authorities

In the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority.

In Switzerland, you have the right to lodge a complaint with the Federal Data Protection Information Commissioner.

In the UK, you have the right to lodge a complaint with the Information Commissioner's Office.