Brand Safety Alliance, LLC - Global Privacy Notice

---

This Global Privacy Notice describes the core privacy practices of Brand Safety Alliance LLC, a GoDaddy Registry company (“BSA”) and applies to all individuals regardless of where they live. We also provide customized local privacy notices for certain jurisdictions with unique privacy requirements, which can be accessed through the following links:

• Europe (EEA/EU, UK, and Switzerland)
• United States (California and other States)
• Canada
• Australia

We encourage you to review your local customized notice if you live in one of these areas.

Data Covered by this Global Privacy Notice

This global privacy notice covers personal data when we act as the data controller.

• Personal Data includes data that identifies or could be used to identify a specific person, and any data about that person. For example, your name, address, and payment details are personal data.
• We act as a controller when we process personal data for our own use. For example, we act as a controller when you provide your personal data to open an account.

This notice does not apply when our customers or another person processes personal data for their own benefit. For example, when you send email for your business purposes that includes personal data, you are acting as the “controller”. When you act as the controller, we act as the “processor” and process personal data only in accordance with your instructions or as required by law.

This notice also does not apply to business information or other information about a legal entity unless that business information is linked to a specific identifiable person. For example, the name, contact information, and phone number of a business are not personal data.

This notice also does not apply to third-party applications offered through our services or linked through our website. For information about the privacy practices of any third-party offerings, please review the privacy notice applicable to that third-party offering before using it.

Core Privacy Rights

We recognize several core privacy rights for all individuals:

• the right to know what personal data we hold about them
• the right to access, correct, or delete their personal data
• the right to transfer your personal data (data portability)
• the right to set your individual marketing and advertising preferences

You can exercise your privacy rights by emailing us at privacy@brandsafetyalliance.co  or by contacting us at any of the addresses listed below.

We promptly review requests to exercise privacy rights. If we need more information to process a request, we will contact the requestor by email or, if we do not have an email address on file for the requestor, by the same method the request was made.

If we do not honor a request for legal or other reasons, we will explain why we did not honor the request, the right to appeal, and the right to file a complaint (if available where the individual making the request lives).

Personal Data We Collect

1. Personal Data You Provide
   We collect personal data when a customer or another person sets up an account, uses our services, or contacts us. Examples of personal data we may collect from a customer include the person’s name, email address, phone number, physical address, and payment details.
2. Personal Data We Collect Automatically
       We collect personal data automatically when a person visits our websites,uses our services, contacts us, opensn our emails, or views our advertising. Examples of personal data we may collect include device ID, IP address,      information about web pages and other websites visited, and other similar details.
3. Personal Data from Other Sources
       We may collect personal data from other sources. Examples of personal data obtained from other sources include publicly available data, social media information, information gathered by providers (e.g., registrars or agents) when a customer registers or completes an order, and information lawfully gathered by third party data providers.
4. Personal Data We Generate
       We process data in connection with our business and services to generate inferences and insights that may be linked to a specific person, including through the use of data analytics, machine learning, and artificial intelligence.

Use of Personal Data

We use personal data to operate our business and provide services. Examples of how we use personal data include:

• Managing customer accounts
• Processing purchase requests
• Provisioning products and services
• Providing customer support
• Securing, updating, and improving our services
• Marketing and advertising of our services
• Contacting customers, prospective customers, and others by telephone, text or messaging applications to offer our services
• Website traffic measurement
• Complying with contractual obligations, and applicable laws and regulations
• Investigating and responding to complaints and inquiries, including complaints about abusive and illegal conduct
• Enforcing BSA policies, including but not limited to use of trademark verification services, limitations on orders, and intellectual property restrictions
• Other uses consistent with the purposes for which the personal data was collected or provided to us

No “Sale” of Personal Data

We do not sell, lease, or rent personal data to third parties for monetary or other consideration.

Disclosures to Others

We disclose Personal Data:

• to processors to operate our business and provide services, including but not limited to providing blocking services, data storage, security services, payment processing and customer support; conducting contests and surveys; generating insights; and performing other activities related to our business and services.
• to marketers and advertisers, including for the purpose of creating and delivering personalized marketing and advertising messages.
• to comply with law enforcement and other legal requests, protect our legal rights, prevent harm to us or others, and enforce our policies and contracts.

In addition, if we sell some or all of our assets or merge with a third-party we may transfer relevant personal data to the buyer or new company.

Cookies, Web Beacons, and Other Online Identifiers

We use three main “identifiers” on our website and in our services: cookies, web beacons, and scripts.

• Cookies are text files placed on a device when a person visits our webpages or view messages from us. Some cookies are      “session cookies” that expire at the end of a browser session, while others are “persistent cookies” that allow us to remember user preferences and settings over multiple visits and across other websites.
• Web Beacons are image files placed in our web pages and emails that we use for such purposes as determining if an email has been opened or an advertisement has been viewed.
• Scripts are small pieces of computer code that power customer service tools, deliver video, provide interactive experiences,      and help us measure service use.

We manage some identifiers directly. Other identifiers are managed by third parties. For example, we use Google Analytics to monitor site performance and visitor engagement.

We use identifiers to provide customized services, measure website performance, provide customer support, deliver personalized advertising, and generate data insights, including through the use of machine learning and artificial intelligence. Specific examples of how we use identifiers include, but are not limited to:

• Setting your service preferences
• Guarding against fraud
• Delivering relevant advertisements
• Measuring website use
• Conducting research on product features to improve our services

Identifier Management

We use optional and mandatory identifiers. Optional identifiers are used for support, website performance, and advertising. Mandatory identifiers are used for account, verification, service continuity, security, and other essential functions necessary to provide our website and services

We offer several methods for managing optional identifier settings. Individuals using our websites can manage identifier settings by clicking on [Manage Privacy Settings Link] though the link in this notice. In the alternative, you can contact us at the address in “Contact Us” below to request changes to your identifier settings. We do not offer the ability to manage mandatory identifiers, because such identifiers are essential to providing our products and services.

In addition, many web browsers allow users to block cookies (directly or through plugins and extensions). Some cookies, however, are essential for our website and services to function. If you set your browser to block all cookies, you may not be able to use our services.

"Do Not Track" and other Preference Signals

Some web browsers provide a “Do Not Track” feature. There are no generally accepted standards for this feature and we do not respond to “Do Not Track” signals.

Marketing and Advertising Preferences

You can manage your marketing and advertising preferences by contacting us by email at privacy@brandsafetyalliance.co or by mail at the addresses listed in the “Contact Us” section below. 

Storage

We store personal data on our own systems and with trusted service providers, including Amazon Web Services.

International Transfers

We transfer personal data internationally to operate our business and provide services. We comply with applicable law when making international transfers.

For transfers of PII from the European Union/European Economic Area, Switzerland, and the United Kingdom, we have certified our compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. DPF, collectively (the “DPF”). Please see our DATA PRIVACY FRAMEWORK NOTICE for more information on our participation in the DPF Program.

Please see our EUROPEAN SUPPLEMENTAL PRIVACY NOTICE for more information pursuant to the DPF and other transfer mechanisms we use to transfer PII from the EU/EEA, Switzerland, and the UK.

Please see our Canadian and Australian Privacy Disclosures for more information on transfer of personal data from Canada and Australia. 

Length of Retention

We retain personal data for our business needs and to comply with law. If we no longer need personal data, we may delete it or de-identify it so that it no longer identifies a specific person. Factors we consider when deciding when to delete or de-identify your personal data include: (1) if you still have an account, (2) if we are required to retain personal data to comply with law, or (3) if the personal data is needed for tax other business purposes.

Security

We use risk-based measures to protect personal data, including appropriate security controls and employee training. We also require that our service providers, business partners, and advertisers use appropriate risk-based controls to protect personal data.

No Collection of Personal Data about Children

We do not knowingly collect personal data about anyone under 18 without permission from their legal guardian. Please contact us at privacy@brandsafetyalliance.co if you believe we have collected information from a child without permission from their legal guardian.

Legal Basis for Processing

We process personal data upon an individual’s request, with consent, to fulfill our contracts, based on our legitimate interest, or other lawful bases. The specific basis of processing depends on the services used, the data being processed, the place where the processing occurs, and the place where the data subject lives. If you have questions about our basis for processing your personal data, please contact us at privacy@brandsafetyalliance.co. 

Non-Discrimination

We will not discriminate against an individual for exercising their privacy rights.

No Financial Incentives

We do not provide any financial incentives for providing personal data to us.

Policy Changes

We may revise this Global Privacy Notice by posting a revised statement at the same location as this Notice, on another location on our website, or by contacting customers directly. If we change this Notice, it will apply to personal data collected prior to adoption of the new statement only to the extent as the new statement does not reduce the rights of affected data subjects.

Contact Us

If you have any questions, you can contact at or by mail at:

• United States: Attn: Office of the Data Privacy Officer, 100 S. Mill Ave, Suite 1600, Tempe, AZ 85281 USA
• United Kingdom: Attn: Legal, Office of the Data Privacy Officer, 5th Floor, The Shipping Building, Old Vinyl Factory, 252-254 Blyth Road,      Hayes, UB3 1HA.
• European Union (EEA) / Switzerland: Attn: Legal, Office of the Data Privacy Officer, c/o WeWork, Pilgrimstrasse 6, 50674 Cologne, Germany
• Asia: Attn: Office of the Data Privacy Officer, 80 Robinson Road #02-00 Singapore 068898

We respond to all questions or concerns within 30 days.