Verisign Privacy Statement

Version 3.2 – Last Updated and Effective 8 July, 2021

VeriSign, Inc. and its subsidiaries (collectively, “Verisign”) are committed to processing your personal information in a fair and lawful manner. We have developed this Privacy Statement to inform you about how we handle personal information and about our current and past 12 months privacy practices, including those for the verisign.com website and any other Verisign websites that direct you to this Privacy Statement (the “Covered Sites”) and our other Verisign products and services, including but not limited to our Registry services (the “Covered Products and Services”).

This Privacy Statement is organised into three primary sections:

  • The first section describes our general practices and applies to any individual about whom we collect personal information. This section covers:
    • Which information we gather and from whom.
    • How we use personal information.
    • When, why, and with whom we share personal information.
    • Use of cookies.
    • Our security procedures.
    • Changes to this privacy statement.
  • The second section describes specific rights for individuals located in the European Union (“EU”), and other information that is specific to the EU and required under the General Data Protection Regulation (“GDPR”).
  • The third section provides notices to California residents, and describes specific rights for California residents and other information that is required under the California Consumer Privacy Act (“CCPA”).

Should you have questions regarding our Privacy Statement or privacy practices, please use one of the options listed in the “CONTACT VERISIGN” section at the end of this Privacy Statement.

I. GENERAL PRIVACY PRACTICES

A. WHICH INFORMATION WE GATHER AND FROM WHOM

We may collect, use, store and transfer different kinds of personal information about you. We collect personal information directly from you and indirectly about you as described below. We may collect the following types of personal information from or about you, which we have grouped into categories as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected metadata), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”
  • Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise) on our Covered Sites or when interacting with our Covered Products and Services may include sensitive personal information.

We may collect the categories of personal information described above either directly or indirectly from different sources, including the following:

  • Our business partners, such as registrars of domain names.
  • Our customers, such as registrars or independent resellers of domain names or businesses using our Covered Products and Services.
  • You, when you interact with us through the Covered Sites or in connection with Covered Products and Services.
  • Internet cookies, analytics programs, pixels, web beacons, and other technologies that help our Covered Sites operate effectively and efficiently.
  • Third-party social media applications such as Facebook, Instagram, or Twitter (each, a “Social Media Application”).

Please note that our Covered Sites may contain links to other unaffiliated third-party websites. Verisign is not responsible for the privacy practices, privacy statements, or content contained in or regarding these other unaffiliated third-party websites that do not include this Privacy Statement. You should consult the privacy statements associated with these unaffiliated third-party websites should you decide to visit them.

Social Media Applications may use buttons displayed on our Covered Sites that you may click to “like” or “share” or “link” content available on our Covered Sites, or “follow” Verisign or any of our product or service offerings made available on our Covered Sites. These buttons may record your IP address, browser type and language, access time, and referring website addresses. When you are logged into those Social Media Applications, they also may link this collected information with your profile information on that Social Media Application. We do not control these third-party tracking technologies and you understand and agree that any Social Media Application’s use of information collected from you (or as authorised by you) is governed by the Social Media Application’s privacy policies, terms of service, and your settings on the applicable Social Media Application(s).

If you respond in a blog forum on our Covered Sites, you should be aware that any personal information you submit there will be stored on our servers and can be read, collected, or used by other users of these blog forums, and could be used to send you unsolicited messages. Verisign is not responsible for the actions that other users of the blog forums take in relation to personal information you choose to submit in the forums. You are also responsible for using these forums in a manner consistent with the Rules of Engagement or other terms and conditions set forth on the relevant forum website.

B. HOW WE USE PERSONAL INFORMATION

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • The provision of our Covered Products and Services or the operation of our business or a third party’s business. Personal information may be made available to Verisign businesses around the world for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
  • To execute a contract that we have entered into with you, or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and services, or Covered Sites.
  • To protect your interests (or someone else's interests).
  • When needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganisation of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • Compliance with legal obligations and protection of Verisign and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss; or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • Marketing purposes. Specifically, we may use your personal information (including cookies – for more information on how we use cookies, please see Section 1.D below) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing). You may receive marketing communications from us if you have purchased products or services from us, we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing. We will get your express opting-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes. You can ask us or any third party to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.

California residents, please review Section 3 for additional disclosures on how we may use your personal information.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. Should we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

C. WHEN, WHY, AND WITH WHOM WE SHARE PERSONAL INFORMATION

We may disclose the following categories of personal information to entities other than Verisign for any of the business purposes set forth above. When we disclose personal information, we do so in accordance with our data privacy and security requirements.

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments made to you and from you, and other details of products and services you have purchased from us or our business partners.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected metadata), and/or our products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”
  • Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise) on our Covered Sites or when interacting with our Covered Products and Services may include sensitive personal information.

Below are the categories of entities to whom we may disclose personal information and the reasons why.

  • Business partners. We may provide your personal information to a Verisign business partner, such as a registrar of domain names, so that they can facilitate the provision, support, renewal, and/or purchase of Covered Products and Services. Please be assured that these Verisign business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information regarding products or services you asked about, or to send updates or provide services on our behalf.
  • Service providers. We partner with, and are supported by, service providers around the world. Personal information will be made available to these parties only when it is necessary to fulfil the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; order fulfilment and delivery; and services to assist us in the management and answer of consumer privacy and other requests. Our service providers are not allowed to share or use personal information we make available to them for any purpose other than to provide services to us.
  • Third parties for legal reasons. We will share personal information where we believe it is required: (i) in order to comply with our legal and contractual obligations, such as making certain disclosures through the WHOIS database; (ii) to protect Verisign and others; and (iii) in the context of a business transition, such as a merger or acquisition.
  • Research entities. We will share personal information for DNS research activities.
  • Government entities. We will share personal information for information sharing and other security purposes.

California residents, please review Section 3 for additional information regarding how we may disclose your personal information.

D. USE OF COOKIES, OTHER TRACKING TECHNOLOGIES AND GATHERING OF STATISTICAL DATA

Our Covered Sites use different types of cookies and other statistical and tracking technologies. We use strictly necessary cookies, which are enabled by default so that our Covered Sites function properly. We also use optional first party and third-party cookies to improve our websites, customise your experience and provide personalised advertising. If you access our Covered Sites outside Europe, both strictly necessary and analytic cookies are enabled by default, and all other cookies are disabled. When you visit our Covered Sites, you have the option to customise your cookie settings, either by selecting the “cookie settings” button on the cookie banner or by clicking on the “cookie settings” link on the homepage. All cookies, except those strictly necessary for the Covered Sites to function, may be enabled or disabled depending on your preference.

While the best way for you to exercise choice about your cookie settings is to use the cookie setting feature on our Covered Sites, you may also opt out of certain other advertising which utilises cookies through the following link:

http://www.networkadvertising.org/choices/

All major internet browsers allow you to control cookies. You can learn more about adjusting browser controls at the following website: http://www.aboutcookies.org. (Note that Verisign does not control this website and is not responsible for its content. It is provided as information only. To get the most current browser-specific information, please consult your browser’s manufacturer).

Do Not Track

We do not respond to Do Not Track signals.

E. OUR SECURITY PROCEDURES

We consider the protection of all personal information we receive offline and online from our Covered Sites’ visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As it occurs with any transmission over the internet, there is always some element of risk involved when sending personal information.

Our security procedures are subject to at least an annual SOC Type II audit by an internationally recognised accounting firm.

F. CHANGES TO THIS PRIVACY STATEMENT

It is important that you often check back for updates to this Privacy Statement. If a material change is made to this Privacy Statement and/or the way we use our customers' personal information, we will post a prominent notice on the Covered Sites and/or by means of other methods of contact such as email.

G. CONTACT VERISIGN

Should you have questions about this Privacy Statement, you may contact us in the following ways:

  • You may email us at privacystatement@verisign.com. Please specify "Privacy Statement" in the subject line of your email.
  • You may call us at +1 703-948-3350
  • You may write to us at:

    VeriSign, Inc.
    Verisign Law Department
    12061 Bluemont Way
    Reston, VA 20190
    Attn: Privacy Committee

II. THE GENERAL DATA PROTECTION REGULATION (GDPR) PRACTICES

Where we collect, process, use or disclose personal information that is subject to the General Data Protection Regulation (GDPR), we are committed to processing your personal information in a fair and lawful manner. This section describes our privacy practices which are specific for personal information covered by the GDPR and your rights in relation to your personal information.

A. THE INFORMATION WE GATHER

The information that we collect and process is described in Section I.A above. Pursuant to GDPR, we will explain the legal basis which allows us to do so.

We will only collect or process sensitive personal information on the basis that: (i) it has manifestly been made public by you; or (ii) the processing is necessary: (a) in relation to legal claims; (b) for reasons of substantial public interest; or (c) where we need to carry out certain legal obligations and/or exercise certain rights relating either to Verisign or you. We do not collect any information about criminal convictions and offences.

B. PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL INFORMATION

An explanation of how we may use your personal information is provided in Section I.B above. If you are located in the EU, you have the right to know on which legal basis we rely upon to process your personal information. The chart below describes all the ways in which we plan to use your personal information and the legal bases we rely on to do so. We have also identified which are our legitimate interests where appropriate.

Note that we may process your personal information for more than one lawful purpose depending on the specific business purpose for which we are using your information. Please contact us (using the contact details above) if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing, including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact		 Performance of a contract with you
To process and deliver your order (including renewals), which includes:
(a) Managing payments, fees and charges
(b) Collecting and recovering money owed to us		 (a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, which will include:
(a) Notifying you about changes in our terms or Privacy Statement
(b) Asking you to submit a review or take a survey
(c) Interacting with you (and enabling you to interact with others) on our Covered Sites or through them
(d) Your use of our products/services (including facilitating and supporting such use)		 (a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(e) Social media application
(f) Usage		 (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to facilitate the use of our products/services, to develop them and grow our business)
To enable you to partake in a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications		 Necessary for our legitimate interests (to monitor/improve the use and satisfaction with the Covered Sites, and to improve our customer service and product offerings)
To administer and protect our business and Covered Sites, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical		 (a) Necessary for our legitimate interests (to run our business, to provide administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage		 Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
(g) Social Media Application Data		 Necessary for our legitimate interests (to develop our products/services and to grow our business)
Consent (in limited circumstances only – please see the Marketing section below for further details)

C. HOW LONG WE KEEP PERSONAL INFORMATION

We will only retain your personal information in identifiable form for as long as it is needed for the purposes for which it is gathered and processed. In determining retention periods, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from the unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer need personal information, we either anonymise, securely delete, or destroy it.

D. YOUR GDPR RIGHTS

We respect the rights that you have in relation to your personal information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

Access to personal information. We will give you access to your personal information upon written request, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing information to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. Except where it is not permissible under applicable law, we may also charge you a fee for providing you with a copy of your data.

Correction and deletion. You have the right to correct or amend your personal information if it is inaccurate or requires updating. You have the right to request the deletion of your personal information; however, this is not always possible due to legal requirements, as well as other obligations and factors.

Data portability. You may have the right to (i) obtain personal information concerning you, which you have provided to Verisign, and (ii) transmit such information to another data controller. The information may be transmitted directly from Verisign to the other data controller where feasible.

Direct marketing. We may send you marketing communications as set forth above. Where your personal information is processed for direct marketing purposes, you have the right to object such processing at any time, this includes profiling to the extent that it is related to such direct marketing. All of Verisign’s direct marketing communications include an “unsubscribe” link to enable you to easily opt out of future communications.

Withdrawal of consent. Where Verisign is processing your personal information on the basis that you have consented to such processing, you have the right to withdraw that consent at any time. Once we have received written notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Objection to and/or restriction of processing of personal information. You have the right to: (i) restrict the processing of your personal information in certain circumstances (e.g., where you contest the accuracy of your personal information); and (ii) object certain types of processing of personal information.

Lodging a complaint. If you are not satisfied with how Verisign manages your personal information, you have the right to lodge a complaint to a data protection regulator. A list of National Data Protection Authorities (“DPA”) can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Before filing a complaint with a DPA, we ask you to contact us to give us an opportunity to solve your complaint.

E. COOKIES

If you are in the EU, you may opt out of certain third-party cookies that we and other websites may use for targeting through http://www.youronlinechoices.eu or www.aboutads.info. Opting out of one or more ad networks only means that those particular members will no longer deliver targeted content or ads to you. It does not mean you will stop receiving any targeted content or ads on our Covered Sites or other third-party websites. If your browser is configured to reject cookies when you visit one of the above referenced opting-out pages, and you later erase your cookies, use a different computer or change web browsers, as your preference may no longer be active. Since all of these cookies are managed by third parties, you should refer to the third parties' own website privacy notifications and policies for further information.

Can I withdraw my consent?

If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings, and disable cookies. Please note that disabling cookies will affect the functionality of our Covered Sites, and may prevent you from being able to access certain features on our Covered Sites.

F. DATA TRANSFER

Verisign is a global organisation, and your personal information may be stored and processed outside your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.

Verisign has networks, databases, servers, systems, support, help desks, and offices located around the world, including outside the EU.

We use service providers located around the world, including outside the EU to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Verisign or to third parties in areas outside your home country (including areas outside the EU).

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws that the country where you initially provided the information. When we transfer your information outside the EU to recipients in other countries (such as the US), we will either use specific contractual terms approved by the European Commission (“Standard Contractual Clauses”) or another approved data transfer mechanism, such as your consent, which will provide your personal data with equivalent protection as that afforded by the GDPR.

VeriSign, Inc. is certified under the EU-US and Swiss-US Privacy Shield frameworks developed by the US Department of Commerce, and the European Commission and Swiss Federal Data Protection and Information Commissioner. Verisign does not rely upon the Privacy Shield frameworks as a cross-border data transfer mechanism. However, Verisign continues to comply with the Privacy Shield principles governing the use and treatment of personal information received from individuals in the EEA and Switzerland. Click here to view our EU/Swiss-US Privacy Shield Privacy Policy.

III. CCPA NOTICES AND RIGHTS

This section only applies to California residents. Where we collect, process, use, or disclose personal information that is subject to the CCPA, we are committed to processing your personal information in a transparent and fair manner and in compliance with the CCPA. This section describes the rights California residents have in relation to your personal information and provides the notices required by the CCPA.

A. YOUR CCPA RIGHTS

The CCPA grants California residents the following rights.

Right to Know General Collection and Use of Personal Information (Access Request). Under the CCPA, California residents have the right to request that Verisign disclose which information we have collected, used, disclosed, or sold over the past 12 months. Once we receive and confirm your verifiable consumer request for such information, we will disclose to you, based on your specific request:

  • The categories of personal information we collected about you over the past 12 months;
  • The categories of sources from which the personal information was collected over the past 12 months;
  • The business or commercial purpose for collecting or selling that personal information over the past 12 months;
  • The categories of third parties with whom we shared your personal information over the past 12 months;
  • If we disclosed your personal information for a business purpose, the personal information categories each category of recipients obtained; and/or
  • If we sold your personal information for a business purpose, the personal information categories each category of recipients purchased.

Right to Know Specific Pieces of Personal Information (Data Portability). Upon your verified request for such information, we will disclose to you certain specific pieces of personal information we have collected about you over the past 12 months.

Right to Request Deletion. You have the right to request that we delete any of your personal information we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, and direct our service providers to do the same, unless an exception applies.

Some of the exceptions that would allow us to deny a request for deletion include if the information is necessary for us or our service provider(s) to do the following:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise execute a contract we have with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt Out of the Sale of Personal Information. You have the right to direct businesses that sell personal information not to sell your personal information (the "right to opt out"). Verisign currently does not sell personal information of California residents to third parties, including the personal information of California residents who are under 16 years old. During the preceding 12 months, Verisign offered an Internet Profile Service, which gathered and sold information from public websites to provide customers intelligence about .com and .net domain names. We no longer include information about California residents as part of this service.

Right to Non-Discrimination. You have the right not to be discriminated against for having exercised the rights established by the CCPA. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

B. EXERCISING YOUR CCPA RIGHTS

This section of our Privacy Statement explains how a California resident can exercise their rights.

To exercise your right to know or your right to deletion, you or your authorised agent may submit a verifiable consumer request in one of the following ways:

  • Call us toll free at 1-800-255-2218.
  • Fill out this form.

Upon receipt of your request to know or request for deletion, we will confirm receipt within 10 business days. If we are able to verify your request, we will make our best effort to respond within forty-five (45) calendar days of our receipt of your request. If we require more time (up to 45 additional calendar days), we will inform you of the reason and extension period in writing.

Additional Information About Requests to Know

When responding to a request to know, we will not disclose information to you if we cannot verify your identity.

The CCPA allows a California resident to make a verifiable consumer request to know only twice within a 12-month period. Additionally, the verifiable consumer request must:

  • 1. Provide sufficient information that allows us to reasonably verify you are: (i) the person about whom we collected personal information, or (ii) an authorised representative.
  • 2. Describe your request with sufficient detail allowing us to properly understand, evaluate, and respond to it.

Additional Information About Requests to Delete

When responding to a request for deletion, we will specify the manner in which we have deleted your personal information, in accordance with the CCPA. We will not delete your information if we cannot verify your identity. In order for us to verify your identity, you must provide sufficient information that allows us to reasonably verify you are: (i) the person about whom we collected personal information, or (ii) an authorised representative.

C. DESIGNATING AN AUTHORISED AGENT

Only you as a California resident, or a person registered with the California Secretary of State that you authorise to act on your behalf (Authorised Agent), may make a verifiable request to know or a request for deletion. If you are using an Authorised Agent to exercise your CCPA rights, we require the Authorised Agent to provide us with written confirmation that you have authorised them to act on your behalf. We may also verify the identity of the Authorised Agent.

D. HOW WE VERIFY CALIFORNIA RESIDENTS’ REQUESTS TO KNOW AND REQUESTS FOR DELETION

We will not respond to requests to know or requests for deletion unless we can verify your identity to a reasonable degree of certainty. To verify your identity, when feasible, we will use information about you that we already have; however, on some occasions we may need to request additional information, which we will use only for the purposes of verification. We may also use a third-party identify verification service.

The information we need to verify your request will depend on the type of request, the sensitivity of the personal information requested, and/or the risk of harm to you. Upon receipt of your request, we will notify you if we need additional information from you to verify your request.

E. NOTICE AT COLLECTION OF PERSONAL INFORMATION (FOR CALIFORNIA RESIDENTS)

This Notice at Collection of Personal Information (“Notice at Collection”) is part of Verisign's Privacy Statement and includes details about the personal information we collect from California residents and the purposes for which that personal information will be used. This Notice at Collection applies solely to California residents ("California consumers" or "you"). We adopt this Notice at Collection in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice at Collection.

Personal Information We Collect About You

Verisign collects personal information, which the CCPA defines as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular California consumer or household. In particular, we may collect the following categories of personal information from or about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected metadata), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”
  • Sensitive Personal Information. Occasionally we may collect sensitive personal information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation. For example, we may collect certain information made available through Social Media Applications. This information may contain sensitive personal information if you have made that information available on your Social Media profile. In addition, the information that you submit in blog forums (or otherwise) on our Covered Sites or when interacting with our Covered Products and Services may include sensitive personal information.

How We Use Your Personal Information

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • The provision of our Covered Products and Services or the operation of our business or a third party’s business. Personal information may be made available to Verisign businesses around the world if necessary for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
  • To execute a contract that we have entered into with a third party or you or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and Services, or Covered Sites.
  • To protect your interests (or someone else's interests).
  • When needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganisation of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • Compliance with legal obligations and protection of Verisign and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss, or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • Marketing purposes. Specifically, we may use your personal information (including cookies – for more information on how we use cookies, please see Section IX below) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing).
    • Where it is necessary for the purposes of our legitimate interests or those of a third party (e.g., for the provision of our services or products, the operation of our business or a third party’s business, or the marketing of products or services by us to you in circumstances where you have already bought or subscribed for similar Verisign products or services) and your interests and fundamental rights and freedoms do not override our legitimate interests.
    • You may receive marketing communications from us if you have purchased products or services from us, we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing.
    • We will get your express opting-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes.
    • You can ask us or any third party to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.
  • We may disclose your personal information to entities other than Verisign for business purposes. When we disclose personal information, we do so in accordance with our data privacy and security requirements. Please see Section I.C. for more information about these types of disclosures.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. Should we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.