Verisign Privacy Statement

Version 3.3 – Last Updated and Effective August 3, 2023

VeriSign, Inc. and its subsidiaries (collectively, “Verisign”) are committed to processing your personal information in a fair and lawful manner. We have developed this Privacy Statement to inform you about how we handle personal information and about our privacy practices currently, and during the past 12 months, for the verisign.com website and any other Verisign websites that direct you to this Privacy Statement (the “Covered Sites”), and our other Verisign products and services, including but not limited to our registry services and when you may engage with us offline (the “Covered Products and Services”).

About Verisign

Verisign is the registry of all .com, .net, .name, and .cc top-level domains (“TLDs”). We also offer domain registry services for additional TLDs. Internet users who wish to register domain names in our TLDs (registrants) do so with registrars who connect to our registry systems to complete the transaction.

This Privacy Statement is organized into three primary sections:

  • The first section describes our general practices and applies to any individual about whom we collect personal information. This section covers:
    • What information we gather and from whom.
    • How we use personal information.
    • When, why, and with whom we share personal information.
    • Use of cookies.
    • Our security procedures.
    • Changes to this privacy statement.
  • The second section describes specific rights for individuals subject to international privacy laws, including individuals located in the European Union (“EU”) and the People’s Republic of China (“China”).
  • The third section provides notices to California residents, and describes specific rights for California residents and other information that is required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).

If you have questions regarding our Privacy Statement or privacy practices, please use one of the options listed in the “CONTACT VERISIGN” section at the end of Section I of this Privacy Statement.

I. GENERAL PRIVACY PRACTICES

A. WHAT INFORMATION WE GATHER AND FROM WHOM

We may collect, use, store and transfer different kinds of personal information about you. We collect personal information directly from you and indirectly about you as described below. We may collect the following types of personal information from or about you, which we have grouped into categories as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an inquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”

We may collect the categories of personal information described above either directly or indirectly from different sources, including the following:

  • Our business partners, such as registrars of domain names.
  • Our customers, such as registrars or independent resellers of domain names or businesses using our Covered Products and Services.
  • You, when you interact with us through the Covered Sites or in connection with Covered Products and Services.
  • Internet cookies, analytics programs, pixels, web beacons, and other technologies that help our Covered Sites operate effectively and efficiently.
  • Third-party social media applications such as Facebook, Instagram, or Twitter (each, a “Social Media Application”).

Please note that our Covered Sites may contain links to other unaffiliated third-party websites. Verisign is not responsible for the privacy practices, privacy statements, or content contained in or regarding these other unaffiliated third-party websites that do not include this Privacy Statement. You should consult the privacy statements associated with these unaffiliated third-party websites should you decide to visit them.

Social Media Applications may use buttons displayed on our Covered Sites that you may click on to “like” or “share” or “link” content available on our Covered Sites, or “follow” Verisign or any of our product or service offerings made available on our Covered Sites. These buttons may record your IP address, browser type and language, access time, and referring website addresses. When you are logged into those Social Media Applications, they also may link this collected information with your profile information on that Social Media Application. We do not control these third-party tracking technologies and you understand and agree that any Social Media Application’s use of information collected from you (or as authorized by you) is governed by the Social Media Application’s privacy policies, terms of service, and your settings on the applicable Social Media Application(s).

If you respond in a blog forum on our Covered Sites, you should be aware that any personal information you submit there will be stored on our servers and can be read, collected, or used by other users of these blog forums, and could be used to send you unsolicited messages. Verisign is not responsible for the actions that other users of the blog forums take in relation to personal information you choose to submit in the forums. You are also responsible for using these forums in a manner consistent with the Rules of Engagement or other terms and conditions set forth on the relevant forum website.

B. HOW WE USE PERSONAL INFORMATION

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • For the provision of our Covered Products and Services or the operation of our business or a third party’s business. For ICANN-accredited TLDs, ICANN determines what personal information we must collect to register a domain name. For certain TLDs that we manage, including for .com and .net, we do not collect any personal information about the registrant. Other TLDs that we manage require additional information about the registrant, which is collected by the registrar and relayed to Verisign.
  • Personal information may be made available to Verisign businesses around the world for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
  • Where we need to perform a contract that we have entered into with you, or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and services, or Covered Sites.
  • Where we need to protect your interests (or someone else's interests).
  • Where it is needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganization of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • For compliance with legal obligations and protection of Verisign and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • For marketing purposes. Specifically, we may use your personal information (including cookies – for more information on how we may use cookies, please see Section 1.E below) to market to you. You may receive marketing communications from us if you have purchased products or services from us, we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing. We will get your express opt-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt-out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.

California residents, please review Section III for additional disclosures about how we may use your personal information.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

C. WHEN, WHY, AND WITH WHOM WE SHARE PERSONAL INFORMATION

We may disclose the following categories of personal information to entities other than Verisign for any the business purposes set out in above. When we disclose personal information, we do so in accordance with our data privacy and security requirements.

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or our business partners.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Social Media Application Data iincludes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”

Below are the categories of entities to whom we may disclose personal information and why.

  • Business partners. We may provide your personal information to a Verisign business partner, such as a registrar of domain names, so that they can facilitate the provision, support, renewal, and/or purchase of Covered Products and Services. Please be assured that these Verisign business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you asked, or for sending updates or providing services on our behalf.
  • Service providers. We partner with, and are supported by, service providers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; order fulfillment and delivery; and services to assist us in managing and responding to consumer privacy and other requests. Our service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.
  • Third parties for legal reasons. We will share personal information where we believe it is required: (i) in order to comply with our legal and contractual obligations, such as making certain disclosures through the WHOIS database; (ii) to protect Verisign and others; and (iii) in the context of a business transition, such as a merger, sale, or acquisition.
  • Research entities. We will share personal information for DNS research activities.
  • Government entities. We will share personal information for information sharing and other security purposes.

California residents, please review Section III for additional disclosures about how we may disclose your personal information.

D. HOW LONG WE KEEP PERSONAL INFORMATION

We will only retain your personal information in identifiable form for as long as needed for the purposes for which it is gathered and processed. In determining retention periods, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer need personal information, we either anonymize, securely delete, or destroy it.

E. USE OF COOKIES, OTHER DIGITAL TECHNOLOGIES AND GATHERING OF STATISTICAL DATA

Our Covered Sites may use different types of cookies and other statistical and digital technologies. We may use strictly necessary cookies, which are enabled by default in order for our Covered Sites to function properly. We may also use optional first party and third-party cookies, pixels, or other digital technologies to improve our websites, customize your experience and provide personalized advertising. If you access our Covered Sites outside of Europe, we may enable both strictly necessary and analytic cookies by default, and all other cookies are disabled unless you choose to enable them. When you visit our Covered Sites, you have the option to customize your cookie settings, either by selecting the “cookie settings” button on the cookie banner or by clicking on the “cookie settings” link on the homepage. If we use cookies, all cookies, except those strictly necessary for the Covered Sites to function, may be enabled or disenabled depending on your preference.

While the best way for you to exercise choice about your cookie settings is to use the cookie setting feature on our Covered Sites, you may also opt out of certain other advertising which utilizes cookies through the following link:

http://www.networkadvertising.org/choices/

All major internet browsers allow you to control cookies. You can learn more about adjusting browser controls at the following website: http://www.aboutcookies.org. (Note that Verisign does not control this website and is not responsible for its content. It is provided as information only. For the most current browser-specific information, please consult your browser’s manufacturer).

Do Not Track

We do not respond to Do Not Track signals.

F. OUR SECURITY PROCEDURES

We consider the protection of all personal information we receive offline and online from our Covered Sites’ visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the internet, however, there is always some element of risk involved in sending personal information.

Our security procedures are subject to at least an annual SOC Type II audit by an internationally recognized accounting firm.

G. CHANGES TO THIS PRIVACY STATEMENT

It is important that you check back often for updates to this Privacy Statement. If a material change is made to this Privacy Statement and/or the way we use our customers' personal information, we will post a prominent notice on the Covered Sites and/or by means of other methods of contact such as email.

H. CONTACT VERISIGN

If you have questions about this Privacy Statement, you may contact us in the following ways:

  • You may email us at contactprivacy@verisign.com. Please specify "Privacy Statement" in the subject line of your email.
  • You may call us at +1 703-948-3350 or toll free (in the United States) at 1-800-255-2218.
  • You may write to us at:

    VeriSign, Inc.
    Attn: Global Privacy Officer
    12061 Bluemont Way
    Reston, VA 20190

II. THE GENERAL DATA PROTECTION REGULATION (GDPR) AND PERSONAL INFORMATION PROTECTION LAW (PIPL) PRACTICES

Where we collect, process, use or disclose personal information that is subject to international privacy laws, including the GDPR or PIPL, we are committed to processing your personal information in a fair and lawful manner. This section describes our privacy practices specific to personal information covered by these laws and your rights in relation to your personal information.

A. THE INFORMATION WE GATHER

The information that we collect and process is described in Section I.A above. We explain the legal basis which allows us to do so below.

We will only collect or process sensitive personal information on the basis that: (i) we have obtained your consent; (ii) it has manifestly been made public by you; or (iii) the processing is necessary: (a) in relation to legal claims; (b) for reasons of substantial public interest; or (c) where we need to carry out certain legal obligations and/or exercise certain rights relating either to Verisign or you. We do not collect any information about criminal convictions and offenses.

B. PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL INFORMATION

An explanation of how we may use your personal information is described in Section I.B above. If you are subject to these laws, you have the right to know what legal basis we rely upon to process your personal information. The chart below describes all the ways in which we plan to use your personal information and the legal bases we rely on to do so. Where we identified our legitimate interests as our legal basis, this applies only to individuals located in the EU.

Note that we may process your personal information for more than one lawful purpose depending on the specific business purpose for which we are using your information. Please contact us (using the contact details above) if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing, including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your order (including renewals), which includes:
(a) Managing payments, fees and charges
(b) Collecting and recovering money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
(c) Consent
To manage our relationship with you, which will include:
(a) Notifying you about changes in our terms or Privacy Statement
(b) Asking you to submit a review or take a survey
(c) Interacting with you (and enabling you to interact with others) on our Covered Sites or through them
(d) Your use of our products/services (including facilitating and supporting such use)
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(e) Social media application
(f) Usage
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to facilitate the use of our products/services, to develop them and grow our business)
(d) Consent
To enable you to partake in a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(a) Necessary for our legitimate interests (to monitor/improve the use and satisfaction with the Covered Sites, and to improve our customer service and product offerings)
(b) Consent
To administer and protect our business and Covered Sites including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (to run our business, to provide administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
(b) Consent
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
(g) Social Media Application Data
(a) Necessary for our legitimate interests (to develop our products/services and grow our business)

(b) Consent (in limited circumstances only – please see the Marketing section below for further details)

C. PERSONAL INFORMATION WE SHARE

We share your information under various circumstances as mentioned in Section I.C above. We will share your information in accordance with the requirements of applicable laws, including the GDPR and PIPL. For users located in China, if we share your information with other personal information handlers, such as our business partners, research entities, etc., we will inform you of the name and contact information of such personal information handlers, the processing purposes and methods, and the categories of personal information to be shared. We will also obtain your consent before sharing your information with such personal information handlers.

D. YOUR RIGHTS

We respect the rights that you have in relation to your personal information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

Access to personal information. We will give you access to your personal information upon written request, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing information to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. Except where it is not permissible under applicable law, we may also charge you a fee for providing you with a copy of your data.

Correction and deletion. You have the right to correct or amend your personal information if it is inaccurate or requires updating. You have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors.

Data portability. You may have the right to (i) obtain personal information concerning you, which you have provided to Verisign, and (ii) transmit such information to another data controller. The information may be transmitted directly from Verisign to the other data controller where feasible.

Direct marketing. We may send you marketing communications as set out above. Where your personal information is processed for direct marketing purposes, you have the right to object at any time to such processing, which includes profiling to the extent that it is related to such direct marketing. All of Verisign’s direct marketing communications include an “unsubscribe” link to enable you to easily opt-out of future communications.

Withdrawal of consent. Where Verisign is processing your personal information on the basis that you have consented to such processing, you have the right to withdraw that consent at any time. Once we have received written notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Objection to and/or restriction of processing of personal information. You have the right to: (i) restrict the processing of your personal information in certain circumstances (e.g., where you contest the accuracy of your personal information); and (ii) object to certain types of processing of personal information.

E. EXERCISING YOUR GDPR OR PIPL RIGHTS

To exercise your rights under GDPR or PIPL you may submit a verifiable consumer request in one of the following ways:

  • Call us at +1 703-948-3350 or toll free (in the United States) at 1-800-255-2218.
  • Fill out this form.

Upon receipt of your consumer rights request. If we are able to verify your request, we will make our best effort to respond within thirty (30) calendar days of our receipt of your request. If we require more time (up to 30 additional calendar days), we will inform you of the reason and extension period in writing.

F. HOW WE VERIFY REQUESTS TO EXERCISE CONSUMER RIGHTS

We will not respond to consumer rights requests unless we can verify your identity to a reasonable degree of certainty. To verify your identity, when feasible, we will use information about you that we already have (such as your email address); however, on occasion we may need to request additional information, which we will use only for the purposes of verification. We may also use a third-party identify verification service.

The information we need to verify your request will depend on the type of request, the sensitivity of the personal information requested, and/or the risk of harm to you. Upon receipt of your request, we will notify you if we need additional information from you to verify your request.

Lodging a complaint. If you are not satisfied with how Verisign manages your personal information, you have the right to lodge a complaint to a data protection regulator. A list of National Data Protection Authorities (“DPA”) for the EU can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident of China, you may lodge a complaint with a relevant supervisory authority.

Before filing a complaint, we ask you to contact us to give us an opportunity to solve your complaint.

G. COOKIES

You may opt-out of certain third-party cookies that we and other websites may use for targeting through http://www.youronlinechoices.eu or www.aboutads.info. Opting out of one or more ad networks only means that those particular members no longer will deliver targeted content or ads to you. It does not mean you will stop receiving any targeted content or ads on our Covered Sites or other third-party websites. If your browser is configured to reject cookies when you visit one of the above referenced opt-out pages, and you later erase your cookies, use a different computer or change web browsers, your preference may no longer be active. Since all of these cookies are managed by third parties, you should refer to the third parties' own website privacy notifications and policies for further information.

If you wish to withdraw your consent to the use of third-party cookies, you will need to delete your cookies using your internet browser, and disable cookies in your settings. Please note that disabling cookies may affect the functionality of our Covered Sites, and may prevent you from being able to access certain features on our Covered Sites.

H. DATA TRANSFER

Verisign is a global organization, and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.

Verisign has networks, databases, servers, systems, support, help desks, and offices located around the world.

We use service providers located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Verisign or to third parties in areas outside of your home country.

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.

For users located in China, when we transfer your information to recipients in other countries (such as the U.S.), we will obtain your consent and provide to you the relevant information, such as the name and contact information of the data recipient, the purposes and methods of processing by the data recipient, the categories of personal information involved, and the method and procedure for you to exercise your rights under the PIPL with respect to the data recipient.

We will either use specific contractual terms approved by the appropriate authority (“Standard Contractual Clauses”) or another approved data transfer mechanism that will provide your personal data with equivalent protection as that afforded by the GDPR or PIPL, as appropriate.

For users located in China, when you visit our overseas Covered Sites, such as verisign.com, the information you provide through such websites will be directly transferred to our networks and servers outside of China, e.g., the U.S. The provision of your personal information to us via such overseas websites or your consent to the use of our cookie technology will be deemed your consent to our collection and processing of your personal information.

VeriSign, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. VeriSign, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Verisign, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov. Click here to view our EU/Swiss-U.S. Data Privacy Framework Privacy Policy.

III. CCPA NOTICES AND RIGHTS

This section only applies to California residents. Where we collect, process, use, or disclose personal information that is subject to the CCPA, we are committed to processing your personal information in a transparent and fair manner and in compliance with the CCPA. This section describes the rights California residents have in relation to your personal information and provides the notices required by the CCPA.

A. YOUR CCPA RIGHTS

The CCPA grants California residents the rights described below.

Right to Know General Collection and Use of Personal Information (Access Request). Under the CCPA, California residents have the right to request that Verisign disclose what information we have collected, used, disclosed, or sold over the past 12 months. Once we receive and confirm your verifiable consumer request for such information, we will disclose to you, based on your specific request:

  • The categories of personal information we collected about you over the past 12 months;
  • The categories of sources from which the personal information is collected over the past 12 months;
  • The business or commercial purpose for collecting or selling that personal information over the past 12 months;
  • The categories of third parties with whom we shared your personal information over the past 12 months;
  • If we disclosed your personal information for a business purpose, the personal information categories that each category of recipients obtained; and/or
  • If we sold your personal information for a business purpose, the personal information categories that each category of recipients purchased.

Right to Know Specific Pieces of Personal Information (Data Portability). Upon your verified request for such information, we will disclose to you certain specific pieces of personal information we have collected about you over the past 12 months.

Right to Correct Inaccurate Information. You have the right to request that we correct any of your personal information that we have collected from you and retained if it is inaccurate. Once we receive your verifiable consumer request, we will make reasonable efforts to correct your personal information.

Right to Request Deletion. You have the right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, and direct our service providers to do the same, unless an exception applies.

Some of the exceptions that would allow us to deny a request for deletion include if the information is necessary for us or our service provider(s) to do the following:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract we have with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt-Out of Sale or Sharing of Personal Information. You have the right to direct businesses that sell personal information or share personal information for the purpose of cross-context behavioral advertising to not sell or share your personal information (the "right to opt-out"). Verisign does not sell or share (as defined by the CCPA) personal information of California residents to third parties, including the personal information of California residents who are under 16 years of age.

Right to Limit the Use or Disclosure of Sensitive Personal Information. If we used your Sensitive Personal Information for certain purposes, you would have the right to request that we limit that use. Verisign does not use Sensitive Personal Information in a manner that would activate this right.

Right to Non-Discrimination. You have the right not to be discriminated against for having exercised the rights established by the CCPA. We will not discriminate against you for exercising any of your CCPA rights.

B. EXERCISING YOUR CCPA RIGHTS

This section of our Privacy Statement explains how a California resident can exercise their rights.

To exercise your rights, you or your authorized agent may submit a verifiable consumer request in one of the following ways:

  • Call us at +1 703-948-3350 or toll free (in the United States) at 1-800-255-2218.
  • Fill out this form.

Upon receipt of your request to exercise your rights, we will confirm receipt within 10 business days. If we are able to verify your identity, we will make our best effort to respond within forty-five (45) calendar days of our receipt of your request. If we require more time (up to 45 additional calendar days), we will inform you of the reason and extension period in writing.

The CCPA allows a California resident to make a verifiable consumer request to know only twice within a 12-month period.

C. DESIGNATING AN AUTHORIZED AGENT

Only you as a California resident, or a person registered with the California Secretary of State that you authorize to act on your behalf (Authorized Agent), may make a verifiable request to know or a request for deletion. If you are using an Authorized Agent to exercise your CCPA rights, we require the Authorized Agent to provide us with written confirmation that you have authorized them to act on your behalf. We may also verify the identity of the Authorized Agent.

D. HOW WE VERIFY CALIFORNIA RESIDENTS’ IDENTITY

We will not respond to requests to exercise your rights unless we can verify your identity (and your Authorized Agent’s identity if relevant) to a reasonable degree of certainty. To verify your identity, when feasible, we will use information about you that we already have (such as your email address); however, on occasion we may need to request additional information, which we will use only for the purposes of verification. We may also use a third-party identify verification service.

The information we need to verify your request will depend on the type of request, the sensitivity of the personal information requested, and/or the risk of harm to you. Upon receipt of your request, we will notify you if we need additional information from you to verify your request.

E. NOTICE AT COLLECTION OF PERSONAL INFORMATION (FOR CALIFORNIA RESIDENTS)

This Notice at Collection of Personal Information (“Notice at Collection”) is part of Verisign's Privacy Statement and includes details about the personal information we collect from California residents and the purposes for which that personal information will be used. This Notice at Collection applies solely to California residents ("California consumers" or "you"). We adopt this Notice at Collection in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (together, the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice at Collection.

Personal Information We Collect About You

Verisign collects personal information, which the CCPA defines as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular California consumer or household. In particular, we may collect the following categories of personal information from or about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, job title, company name, date of birth, and gender.
  • Contact Data includes billing address, delivery address, email address, and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (“IP”) address, cookies, java script, web beacons, clear gifs, HTTP headers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Covered Sites.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, survey responses, and any unsolicited personal information not otherwise covered by this Privacy Statement that you choose to submit in an enquiry or webchat, on a blog forum or otherwise on our Covered Sites or in person to a Verisign representative at an event.
  • Usage Data includes information about how you use the Covered Sites (for example time of day, duration of visit, pages visited, actions taken on pages, or other automatically collected meta-data), and/or our products and services.
  • Marketing and Communications Data includes your communication preferences in receiving marketing from us and third parties.
  • Social Media Application Data includes, without limitation, your public profile, social media relationships, listed work and education history, listed hometown and current city, profile photos, personal description, and “likes.”

How We Use Your Personal Information

We will only use your personal information in a manner that is consistent with applicable laws. Most commonly, we will use the categories of personal information identified above for the following business purposes:

  • For the provision of our Covered Products and Services or the operation of our business or a third party’s business. Personal information may be made available to Verisign businesses around the world if necessary for the provision of our Covered Products and Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
  • Where we need to perform a contract that we have entered into with a third party or you or in order to take steps at your request prior to entering into a contract.
  • To protect the security and integrity of our business, our Covered Products and Services, or Covered Sites.
  • Where we need to protect your interests (or someone else's interests).
  • Where it is needed in the public interest or for official purposes.
  • In connection with the sale, merger, acquisition, or other reorganization of our business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Verisign's practice to seek appropriate protection for information in these types of transactions.
  • For compliance with legal obligations and protection of Verisign and others. Specifically, we may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, or fraud. We may also use personal information to meet our internal and external audit requirements, and as we otherwise believe to be necessary or appropriate: (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce or apply our contractual rights; and (iv) to otherwise protect our rights, privacy, safety, or property, or those of other persons.
  • For marketing purposes. We do not use marketing cookies, pixels or other digital technologies to direct marketing to California residents.

You may receive marketing communications from us if you have purchased products or services from us, we have identified similar products or services that may be relevant for you and, in each case, you have not opted out of receiving that marketing. We will get your express opt-in consent before we market products or services to you that are not similar to products or services you have purchased from us before, or if we share your personal information with any company outside the Verisign group of companies for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time. If you receive a marketing communication from us, the communication will contain an option to opt out of further communications. If you receive a marketing communication from one of our business partners, or from social media providers, you should opt out with that entity directly. You can also contact us at any time to opt out using the details given at the end of this Privacy Statement.

  • We may disclose your personal information to entities other than Verisign for business purposes. When we disclose personal information, we do so in accordance with our data privacy and security requirements. Please see Section I.C for more information about these types of disclosures.

We will only use your personal information for the purposes for which we collected it, including where we reasonably consider that we need to use it for a reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you as required by law.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

How Long We Keep Your Personal Information

For more information on how long we keep your personal information, please see Section I.D above