GoDaddy Operating Company, LLC (“GoDaddy”) has self-certified its compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and the UK Extension to the EU-U.S. DPF (“UK Extension”), collectively (the “DPF”).

This Data Privacy Framework Notice describes our compliance with the specific requirements of the DPF. For a complete statement of our privacy practices, please see our Global Privacy Notice. For the purposes of this Data Privacy Framework Notice, all references to PII and personal information in our Global Privacy Notice and its supplements are deemed to be references to personal data.

Certifications

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program please visit www.dataprivacyframework.gov.

Several other GoDaddy affiliates also have certified their compliance with the DPF Principles, including:

GoDaddy.com, LLC GoDaddy Media Temple, Inc. GoDaddy Corporate Domains LLC GoDaddy Sellbrite, Inc. Starfield Technologies, LLC Domains by Proxy, LLC Blue Razor Domains, LLC

To view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search/.

Scope

This DPF Notice applies to our processing of personal data transferred to the United States from the European Union/European Economic Area (“EU/EEA”), Switzerland, and the United Kingdom in reliance upon the DPF. If there is any conflict between this notice and the DPF Principles, the DPF Principles govern.

We process personal data as a controller (who determines the purpose and means of processing) or processor (who acts upon the written instructions of the controller)

Notice of Privacy Practices: Controller

Our privacy practices when we act as a data controller are set forth in our Global Privacy Notice, including:

• the types of personal data collected
• the purposes for which we collect personal data
• the type of third parties to whom we disclose personal data,
• our practices relating to the collection and use of personal data,
• the right