Verisign Privacy Statement

Version 3.0 – Last updated on 30 December 2019, and effective as of that date

VeriSign, Inc. and its subsidiaries (collectively, “Verisign”) are committed to processing your personal information in a fair and lawful manner. We have developed this Privacy Statement to inform you about the way we handle personal information and our privacy practices currently, and during the past 12 months, including for the verisign.com website and any other Verisign websites that direct you to this Privacy Statement (the “Covered Sites”) and our other Verisign products and services, including but not limited to our Registry services (the “Covered Products and Services”).

This Privacy Statement is organised into three primary sections:

  • The first section describes our general practices and applies to any individual about whom we collect personal information. This section covers:
    • What information we gather and from whom.
    • How we use this personal information.
    • When, why, and with whom we share personal information.
    • Use of cookies.
    • Our security procedures.
    • Changes to this privacy statement.
  • The second section describes specific rights for individuals located in the European Union (“EU”), and other information that is specific to the EU and required under the General Data Protection Regulation (“GDPR”).
  • The third section provides notices to California residents, and describes specific rights for California residents and other information that is required under the California Consumer Privacy Act (“CCPA”).

Should you have any questions or complaints regarding our Privacy Statement or privacy practices, please refer to one of the options listed in the “CONTACT VERISIGN” section at the end of this Privacy Statement.

I. GENERAL PRIVACY PRACTICES

A. WHAT INFORMATION WE GATHER AND FROM WHOM.

We may collect, use, store and transfer different kinds of personal information about you. We collect personal information directly from you and indirectly about you as described below. We may collect the following types of personal information from or about you, which we have grouped into categories as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, e-mail address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Websites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and our third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed home town and current city, profile photos, personal description and “likes.”
  • Sensitive personal information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise), on our Covered Sites or when interacting with our Covered Products and Services, may include sensitive personal information.

We may collect the categories of personal information described above either directly or indirectly from different sources, including the following:

  • Our business partners, such as registrars of domain names.
  • Our customers, such as registrars or independent resellers of domain names or businesses using our Covered Products and Services.
  • You, when you interact with us through the Covered Sites or in connection with Covered Products and Services.
  • Internet cookies, analytics programs, pixels, web beacons, and other technologies that help our Covered Sites operate effectively and efficiently.
  • Third-party social media applications such as Facebook, Instagram, or Twitter (each, a “Social Media Application”).

Please note that our Covered Sites may contain links to other unaffiliated third-party websites. Verisign is not responsible for the privacy practices, privacy statements, or content contained in or regarding these other unaffiliated third-party websites that do not include this Privacy Statement. You should consult the privacy statements associated with these unaffiliated third-party websites should you decide to visit them.

Social Media Applications may use buttons displayed on our Covered Sites that you may click on to “like” or “share” or “link” content available on our Covered Sites, or “follow” Verisign or any of our product or service offerings made available on our Covered Sites. These buttons may record your IP address, browser type and language, access time and referring website addresses. When you are logged in to those Social Media Applications, they also may link this collected information with your profile information on that Social Media Application. We do not control these third-party tracking technologies and you understand and agree that any Social Media Application’s use of information collected from you (or as authorised by you) is governed by the Social Media Application’s privacy policies, terms or service and your settings on the applicable Social Media Application(s).

If you respond in a blog forum on our Covered Sites, you should be aware that any personal information you submit there will be stored on our servers and can be read, collected or used by other users of these blog forums, and could be used to send you unsolicited messages. Verisign is not responsible for the actions that other users of the blog forums take in relation to personal information you choose to submit in the forums. You are also responsible for using these forums in a manner consistent with the Rules of Engagement or other terms and conditions set forth on the relevant forum website.

B. HOW WE USE PERSONAL INFORMATION

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • For the provision of our Covered Products and Services or the operation of our business or a third-party’s business. Personal information may be made available to Verisign businesses around the world for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All our employees and contractors are required to follow our data privacy and security policies whenever they handle personal information.
  • In order to perform a contract we have entered into with you or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and services, or Covered Sites.
  • In order to protect your interests (or someone else's interests).
  • Whenever it is needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganisation of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • In order to comply with Verisign’s legal obligations and protect the company and others. We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • For marketing purposes. We may use your personal information (including cookies –for more information on how we use cookies, please see Section 1.D below) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You may receive marketing communications from us if you have purchased products or services from us. Similarly, if we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing. We will get your express opt-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt-out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers or independent resellers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.

California residents, please review Section 3 for additional disclosures about how we may use your personal information.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

C. WHEN, WHY, AND WITH WHOM WE SHARE PERSONAL INFORMATION

We may disclose the following categories of personal information to entities other than Verisign for any the business purposes set out in above. When we disclose personal information, we do so in accordance with our data privacy and security requirements.

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, e-mail address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Websites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed home town and current city, profile photos, personal description and “likes.”
  • Sensitive Personal Information. Occasionally, we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise), on our Covered Sites or when interacting with our Covered Products and Services, may include sensitive personal information.

Below are listed the categories of entities to whom we may disclose personal information and why.

  • Business partners. We may provide your personal information to a Verisign business partner, such as a registrar of domain names, so that they can facilitate the provision, support, renewal, and/or purchase of Covered Products and Services. Please be assured that these Verisign business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you have asked, or for sending updates or providing services on our behalf.
  • Service providers. We partner with, and are supported by, service providers around the world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; order fulfilment and delivery; and services to assist us in managing and responding to consumer privacy and other requests. Our service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.
  • Third parties for legal reasons. We will share personal information where we believe it is required: (i) in order to comply with our legal and contractual obligations, such as making certain disclosures through the WHOIS database; (ii) to protect Verisign and others; and (iii) in the context of a business transition, such as a merger or acquisition.
  • Research entities. We will share personal information for DNS research activities.
  • Government entities. We will share personal information for information sharing and other security purposes.

We currently do not sell personal information to third parties. During the preceding 12 months, Verisign offered an Internet Profile Service, which gathered and sold information from public websites to provide customers intelligence about .com and .net domain names. We no longer offer this service.

California residents, please review Section 3 for additional disclosures about how we may disclose your personal information.

D. USE OF COOKIES, OTHER TRACKING TECHNOLOGIES AND GATHERING OF STATISTICAL DATA

In addition to the personal information identified above, we use "cookies" and other statistical and tracking technologies as described in this Section in connection with the operation of our Covered Sites. A cookie is a piece of information that our Covered Sites send to your browser, which then stores the cookie information on your system. Other statistical and tracking technologies, such as web beacons, clear gifs, HTTP headers, also work in ways that collect information about your visit and use of our Covered Sites. We may use both temporary and persistent cookies based on the cookie’s purpose. Some cookies are deleted when you close your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor to our Covered Sites.

We use these technologies in four ways:

  • To provide a product or service: When you enable their use, a cookie may be used to provide you with a specific product or service. For instance, if you request our Covered Sites to remember your login password or remember your profile in a response to a blog post, we deposit a cookie on your computer to facilitate that request. If you are logging into an access-controlled section of our Covered Sites, we set a temporary session cookie to establish that you have been authenticated. The information contained in these cookies consists of random data that is used by our server to authenticate the browser requests to the server for that particular session. These cookies do not include any type of personal information. This bit of information is erased when you close the relevant browser window. If you choose not to accept a temporary cookie, you will not be able to navigate through these online applications. We also use a cookie when you visit our Covered Sites and request documentation or a response from us. When you are filling out a form, you may be given the option of having our Covered Sites deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time when filling out forms and/or revisiting our Covered Sites. We only send this type of cookie to your browser when you have clicked on the box labelled "Please remember my information" or another box with equivalent content when submitting information or communicating with us.
  • To facilitate website use: If a cookie is used, our Covered Sites will be able to remember information about your preferences and movement either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. For instance, we may deposit a cookie to remember which of Verisign’s regional Covered Sites you have selected to access or to save your password if you create an account. Many users prefer to use cookies in order to help them navigate a website as seamlessly as possible. If you are accessing our services through one of our online applications, our web server may automatically send your browser a temporary cookie which is used to help your browser navigate our Covered Sites. The information contained in these temporary cookies is a direction value that lets our software determine which page to display when you hit the back button in your browser. This bit of information is erased when you close the relevant browser window.
  • To understand our visitors: When you visit our Covered Sites, if you have enabled analytics cookies our systems may automatically collect statistics in aggregate about visitor behaviour. We may monitor statistics and other data, such as how many people visit our site, the user's IP address, which pages people visit, how users interact with page content and functionality, from which domains our visitors come, which browsers people use and how they move about our Covered Sites. We use this data about your visit for aggregation purposes only. These statistics are used to help us understand our visitors’ interests and improve the content and performance of our Covered Sites. If you come to our site from one of our business partners, our web server may also send your browser a temporary cookie that reflects an origination code for that business partner. We use this information for statistical and marketing purposes.

    Analytic cookies also allow us to track traffic patterns on our Covered Sites. Analysis of the collected information by our tracking technologies allows us to improve our Covered Sites and the user experience. If you choose not to accept a persistent cookie, you will still be able to use our Covered Sites. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent. We may supplement this unidentified user data with other data to understand our users better. For instance, we may relate a user’s IP address to the company to which it relates to better understand our visitors’ interests.
  • To advertise: If you enable targeting cookies, this allows us to allow our ad partners to tailor the advertisements you receive on our Covered Sites based on the unidentified user data and related information. These cookies allow us to receive information on unidentified users’ movements on other websites to tailor advertisements to them on our Covered Sites and, likewise, provide unidentified user information to service providers, such as an ad agency, who places our advertisements on other websites to market to these users that visit them. Even if you do not opt in to this cookie, you may still see Verisign advertisements on other websites you visit, but these ads are not user specific and are not placed because of your past visits to our Covered Sites.

To opt out of advertising which utilises cookies, access the following link:

http://www.networkadvertising.org/choices/

All major Internet browsers allow you to control cookies. You can learn more about adjusting browser controls at the following website: http://www.aboutcookies.org. (Note that Verisign does not control this website and is not responsible for its content. It is provided as information only. For the most current browser-specific information, please consult your browser’s manufacturer).

Do Not Track

We do not respond to Do Not Track signals.

E. OUR SECURITY PROCEDURES

We consider the protection of all personal information we receive from our Covered Sites’ visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information.

Our security procedures are subject to at least an annual SOC Type II audit by an internationally recognised accounting firm.

CHANGES TO THIS PRIVACY STATEMENT

It is important that you check back often for updates to this Privacy Statement. If a material change is made to this Privacy Statement and/or the way we use our customers' personal information, we will post a prominent notice on the Covered Sites and/or by means of other methods of contact such as email.

G. CONTACT VERISIGN

If you have questions or complaints about this Privacy Statement, you may contact us in the following ways:

  • You may e-mail us at privacystatement@verisign.com. Please include "Privacy Statement" in the subject line of your e-mail.
  • You may call us at +1 703-948-3350
  • You may write to us at:

    VeriSign, Inc.
    Verisign Law Department
    12061 Bluemont Way
    Reston, VA 20190
    Privacy Committee

II. THE GENERAL DATA PROTECTION REGULATION (GDPR) PRACTICES

Whenever we collect, process, use or disclose personal information that is subject to the General Data Protection Regulation (GDPR), we are committed to processing your personal information in a fair and lawful manner. This section describes our privacy practices specific to personal information covered by the GDPR and your rights in relation to your personal information.

A. THE INFORMATION WE GATHER

The information that we collect and process is described in Section I.A above. Pursuant to GDPR, we will explain the legal basis which allows us to do so.

We will only process sensitive personal information on the basis that (i) it has manifestly been made public by you, or (ii) the processing is necessary (a) in relation to legal claims, (b) for reasons of substantial public interest, or (c) where we need to carry out certain legal obligations and/or exercise certain rights relating either to Verisign or you. We do not collect any information about criminal convictions and offences.

B. PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL INFORMATION

An explanation of how we may use your personal information is described in Section I.B above. If you are located in the EU, you have the right to know what legal basis we rely upon to process your personal information. The chart below describes all the ways in which we plan to use your personal information and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us (using the contact details above) if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your order (including renewals) including:
(a) Managing payments, fees and charges
(b) Collecting and recovering money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to submit a review or take a survey
(c) Interacting with you (and enabling you to interact with others) on or using our Covered Sites
(d) Your use of our products/services (including facilitating and supporting such use)
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(e) Social media application
(f) Usage
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to facilitate the use of our products/services, to develop them and grow our business)
To enable you to partake in a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
Necessary for our legitimate interests (to monitor/improve the use of and satisfaction with the Covered Sites, and improving our customer service and product offerings)
To administer and protect our business and Covered Sites including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
(g) Social Media Application Data
Necessary for our legitimate interests (to develop our products/services and grow our business)
Consent (in limited circumstances only – please see the Marketing section below for further details)

C. HOW LONG WE KEEP PERSONAL INFORMATION

We will only retain your personal information in identifiable form for as long as needed for the purposes for which it is gathered and processed. In determining retention periods, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer need personal information, we either anonymise, securely delete or destroy it.

D. YOUR GDPR RIGHTS

We respect the rights that you have in relation to your personal information, and we will respond to requests for information and, where applicable, will correct, amend or delete your personal information.

Access to your personal information. We will give you access to your personal information upon written request, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing information to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. Except where it is not permissible under applicable law, we may also charge you a fee for providing you with a copy of your data.

Correction and deletion. You have the right to correct or amend your personal information if it is inaccurate or requires updating. You have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors.

Data portability. You may have the right to (i) obtain personal information concerning you, which you have provided to Verisign, and (ii) transmit such information to another data controller. The information may be transmitted directly from Verisign to the other data controller where feasible.

Direct marketing. We may send you marketing communications as set out above. Whenever your personal information is processed for direct marketing purposes, you have the right to object at any time to such processing, which includes profiling to the extent that it is related to such direct marketing. All of Verisign’s direct marketing communications include an “unsubscribe” link to enable you to easily opt-out of future communications.

Withdrawal of consent. Whenever Verisign is processing your personal information on the basis that you have consented to such processing, you have the right to withdraw that consent at any time. Once we have received written notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Objection to and/or restriction of processing of personal information. You have the right to (i) restrict the processing of your personal information in certain circumstances (e.g., where you contest the accuracy of your personal information); and (ii) object to certain types of processing of personal information.

Lodging a complaint. If you are not satisfied with how Verisign manages your personal information, you have the right to lodge a complaint to a data protection regulator. A list of National Data Protection Authorities (“DPA”) can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Before filing a complaint with a DPA, we ask that you contact us to provide us with an opportunity to resolve your complaint.

E. COOKIES

If you are in the EU, you may opt out of certain third-party cookies that we and other websites may use for targeting through http://www.youronlinechoices.eu or www.aboutads.info. Opting out of one or more ad networks only means that those particular members no longer will deliver targeted content or ads to you. It does not mean you will stop receiving any targeted content or ads on our Covered Sites or other third-party websites. If your browser is configured to reject cookies when you visit one of the above referenced opt-out pages, and you later erase your cookies, use a different computer or change web browsers, your preference may no longer be active. Since all these cookies are managed by third parties, you should refer to the third parties' own website privacy notifications and policies for further information.

Can I withdraw my consent?

If you wish to withdraw your consent at any time, you will need to delete your cookies using your Internet browser settings and disable cookies. Please note that disabling cookies will affect the functionality of our Covered Sites, and may prevent you from being able to access certain features on our Covered Sites.

F. DATA TRANSFER

Verisign is a global organisation and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.

Verisign has networks, databases, servers, systems, support, help desks and offices located around the world, including outside the EU.

We use third-party service providers located around the world, including outside the EU, to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Verisign or to third parties in areas outside of your home country (including areas outside the EU).

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.), we will protect that information as described in this Privacy Statement and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries other than the one in which you provided the information.

If you are located in the European Economic Area (“EEA”) or Switzerland, with respect to transfers of personal information to the U.S., VeriSign, Inc. is certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks developed by the U.S. Department of Commerce, and the European Commission and Swiss Federal Data Protection and Information Commissioner, respectively, regarding the transfer of personal information from the EEA and Switzerland to the U.S. Click here to view our EU/Swiss-U.S. Privacy Shield Privacy Policy.

III. CCPA NOTICES AND RIGHTS

This section only applies to California residents. Whenever we collect, process, use, or disclose personal information that is subject to the CCPA, we are committed to processing your personal information in a transparent and fair manner and in compliance with the CCPA. This section describes the rights California residents have in relation to their personal information and provides the notices required by the CCPA.

A. YOUR CCPA RIGHTS

The CCPA grants California residents the rights described below.

Right to Know General Collection and Use of Personal Information (Access Request). Under the CCPA, California residents have the right to request that Verisign disclose what information we have collected, used, disclosed, or sold over the past 12 months. Once we receive and confirm your verifiable consumer request for such information, we will disclose the information to you, based on your specific request:

  • The categories of personal information we collected about you over the past 12 months;
  • The categories of sources from which the personal information is collected over the past 12 months;
  • The business or commercial purpose for collecting or selling that personal information over the past 12 months;
  • The categories of third parties with whom we shared your personal information over the past 12 months;
  • If we disclosed your personal information for a business purpose, the personal information categories that each category of recipients obtained; and/or
  • If we sold your personal information for a business purpose, the personal information categories that each category of recipients purchased.

Right to Know Specific Pieces of Personal Information (Data Portability). Upon your verified request for such information, we will disclose to you certain specific pieces of personal information we have collected about you over the past 12 months.

Right to Request Deletion. You have the right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, and direct our service providers to do the same, unless an exception applies.

Some of the exceptions that would allow us to deny a request for deletion include if the information is necessary for us or our service provider(s) to do the following:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract we have with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise any other right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt-Out of Sale of Personal Information. You have the right to direct businesses that sell personal information to not sell your personal information (the "right to opt-out"). Verisign does not sell any personal information, including the personal information of California residents who are under 16 years of age with or without affirmative authorisation.

Right to Non-Discrimination. You have the right not to be discriminated for having exercised the rights established by the CCPA. We will not discriminate you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

B. EXERCISING YOUR CCPA RIGHTS

This section of our Privacy Statement explains how a California resident can exercise their rights.

To exercise your right to know or your right to deletion, you or your authorised agent may submit a verifiable consumer request in one of the following ways:

  • Call us toll free at 1-800-255-2218.
  • Fill out this form.

Upon receipt of your request to know or request for deletion, we will confirm receipt within 10 days. Should we be able to verify your request, we will make our best effort to respond within forty-five (45) days of us receiving your request. Should we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

Additional Information About Requests to Know

When responding to a request to know, we will not disclose information to you if we cannot verify your identity.

The CCPA allows a California resident to make a verifiable consumer request to know only twice within a 12-month period. Additionally, the verifiable consumer request must:

  • 1. Provide sufficient information that allows us to reasonably verify that you really are: (i) the person about whom we collected personal information, or (ii) an authorised representative.
  • 2. Describe your request with sufficient detail in order to allow us to properly understand, evaluate, and respond to it.

Additional Information About Requests to Delete

When responding to a request for deletion, we will specify the manner in which we have deleted your personal information, in accordance with the CCPA. We will not delete your information if we cannot verify your identity.

C. DESIGNATING AN AUTHORISED AGENT

Only you as a California resident, or a person registered with the California Secretary of State that you authorise to act on your behalf (Authorised Agent), may make a verifiable request to know or a request for deletion. Should you be using an Authorised Agent to exercise your CCPA rights, we require the Authorised Agent to provide us with written confirmation that you have authorised them to act on your behalf. We may also verify the identity of the Authorised Agent.

D. HOW WE VERIFY CALIFORNIA RESIDENTS’ REQUESTS TO KNOW AND REQUESTS FOR DELETION

We will not respond to requests to know or requests for deletion unless we can verify your identity to a reasonable degree of certainty. To verify your identity, when feasible, we will use information about you that we already have; however, on occasion we may need to request additional information, which we will use only for the purposes of verification. We may also use a third-party identify verification service.

The information we need to verify your request will depend on the type of request, the sensitivity of the personal information requested, and/or the risk of harm to you. Upon receipt of your request, we will notify you if we need additional information from you to verify your request.

E. NOTICE AT COLLECTION OF PERSONAL INFORMATION (FOR CALIFORNIA RESIDENTS)

This Notice at Collection of Personal Information (“Notice at Collection”) is part of Verisign's Privacy Statement and includes details about the personal information we collect from California residents and the purposes for which that personal information will be used. This Notice at Collection applies solely to California residents ("California consumers" or "you"). We adopt this Notice at Collection in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice at Collection.

Personal Information We Collect About You

Verisign collects personal information, which the CCPA defines as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular California consumer or household. In particular, we may collect the following categories of personal information from or about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, e-mail address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Websites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed home town and current city, profile photos, personal description and “likes.”
  • Sensitive Personal Information. Occasionally, we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise), on our Covered Sites or when interacting with our Covered Products and Services, may include sensitive personal information.

How We Use Your Personal Information

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • For the provision of our Covered Products and Services or the operation of our business or a third-party’s business. Personal information may be made available to Verisign businesses around the world if necessary for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All our employees and contractors are required to follow our data privacy and security policies whenever they handle personal information.
  • In order to perform a contract we have entered into with you or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and services, or Covered Sites.
  • In order to protect your interests (or someone else's interests).
  • Whenever it is needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganisation of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • In order to comply with Verisign’s legal obligations and protect the company and others. We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • For marketing purposes. Specifically, we may use your personal information (including cookies – for more information on how we use cookies, please see Section IX below) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
    • Whenever it is necessary for the purposes of our legitimate interests or those of a third party (e.g., for the provision of our services or products, the operation of our business or a third party’s business, or the marketing of products or services by us to you in circumstances where you have already bought or subscribed for similar Verisign products or services) and your interests and fundamental rights and freedoms do not override our legitimate interests.
    • You may receive marketing communications from us if you have purchased products or services from us. Similarly, if we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing.
    • We will get your express opt-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes.
    • You can ask us or third parties to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt-out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers or independent resellers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.
  • We may disclose your personal information to entities other than Verisign for business purposes. When we disclose personal information, we do so in accordance with our data privacy and security requirements. Please see Section I.C. for more information about these types of disclosures.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.