Data Privacy Framework Notice
Effective as of January 3, 2024
This Data Privacy Framework Notice (the "Notice") supplements the GoTo Privacy Policy where you will find details about the types of personal data we collect, as well as the purposes for which we collect personal data. GoTo and its U.S. affiliates comply with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF ("Swiss-U.S. DPF"), as set forth by the U.S. Department of Commerce. GoTo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles, the Swiss-US DPF Principles, and the UK Extension to the EU-U.S. DPF (the "Principles") with respect to such data.
If there is any conflict between the terms in this Notice and Principles, the Principles shall govern. To learn more about the Data Privacy Framework ("DPF") program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Third Party Transfers
To the extent GoTo uses its affiliates or third-party providers in the provision and operation of its Services and processing of any Content, including any personal data therein, it discloses those parties in the applicable Affiliate and/or Sub-processor Disclosure in its Trust & Privacy Center (see the "Product Resources" section). GoTo maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our DPF obligations, including the onward transfer provisions, and GoTo shall remain liable if they fail to meet those obligations unless we are not responsible for the events giving rise to the damage.
U.S. Federal Trade Commission Enforcement and Compelled Disclosure
With respect to personal data received or transferred pursuant to the DPF, GoTo is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. As explained here, GoTo may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GoTo will only provide customer information if the Government has appropriate authority under applicable law to request such information. We will review all international Government requests on a country-by-country and case-by-case basis to consider and balance our local legal obligations against our commitments to promote users' safety and privacy.
Inquiries and Complaints
You may direct any inquiries or complaints concerning our DPF compliance to privacy@goto.com. We will respond to your inquiry promptly. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, GoTo commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
Please note that if your concern is not resolved through these channels, under certain conditions, you may also have the option to pursue binding arbitration under the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.
Your Rights and Contacting GoTo
Our Privacy Policy explains how you may have certain rights with respect to your personal data, such as the rights of access, correction, deletion, and limiting the use and disclosure of your personal data. You can submit a request to us regarding data we maintain about you by visiting our Individual Rights Management Portal here or contacting us at privacy@goto.com.
Individuals whose personal data is collected and processed by GoTo on behalf of its customers should direct their request to the GoTo customer (the data controller). GoTo will assist customers in responding to these requests, as appropriate.
If you have any questions regarding this Notice, please contact the GoTo Privacy Team at privacy@goto.com or write to us via postal mail at: Attn: Legal and Privacy Team, GoTo, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Republic of Ireland.
Changes to this Notice:
This Notice may be amended or modified from time to time consistent with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/.
To view GoTo's certification, please visit https://www.dataprivacyframework.gov/s/participant-search.