Automattic Inc. and its wholly owned subsidiary WPVIP Inc. (together referred to herein as “WordPress VIP”) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) with respect to the processing of the WordPress VIP Services Personal Data (as defined below). WordPress VIP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of WordPress VIP Services Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. WordPress VIP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of WordPress VIP Services Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .

Scope of Personal Data Covered by WordPress VIP’s Privacy Framework Certification

WordPress VIP provides website hosting, support, and professional services to enterprises and other high profile, high traffic online publishers.

The WordPress VIP service is primarily an online publishing system, built on the popular WordPress open source platform. WordPress VIP clients use the WordPress VIP service to build, publish, maintain, and support websites that often serve as the face of their business or publication. In the course of using the service, WordPress VIP clients may create and upload data for public dissemination, such as articles and other website content, much of which is ultimately published publicly to their site. WordPress VIP clients may also create or collect other types of data in the course of operating and using their hosted websites.

In connection with our WordPress VIP website hosting service, our WordPress VIP clients may provide us with personal data about their own customers and end-users in participating EU countries, the United Kingdom and Switzerland that the WordPress VIP clients (the data controllers) collect through the operation and use of their websites (“Hosting Services Personal Data”). WordPress VIP clients may collect Hosting Services Personal Data when, for example, (1) an end-user creates an account with the WordPress VIP client (for clarity, not a WordPress account); (2) a WordPress VIP client administrator adds content that includes Hosting Services Personal Data to a site hosted by WordPress VIP; or (3) a WordPress VIP client provides directory or other information about its end users as part of an intranet (i.e., a website that is only accessible to authorized, internal personnel) used by that WordPress VIP client. The type of Hosting Services Personal Data varies for each WordPress VIP client, but typically includes personal data that allows customers and end-users to access and use the VIP customer’s website, such as a username and email address.

The WordPress VIP service also includes Parse.ly which is a content analytics service that allows customers to track user engagement with the content on their sites and applications. In the course of providing the Parse.ly service, WordPress VIP processes personal data regarding such users including, but not limited to, names, addresses, email addresses, IP addresses, unique user IDs, and browsing history (“Parse.ly Personal Data”).

Parse.ly Personal Data and Hosting Services Personal Data are referred to herein together as “WordPress VIP Services Personal Data”.

Our certification and this notice apply only to our core WordPress VIP services, and not to any plug-ins provided by Automattic (e.g., Jetpack and WooCommerce) or any third parties, or any other software or services that WordPress VIP clients choose to use on their websites. Our certification also does not cover personal data related to WordPress.com user accounts or Automattic’s standard WordPress.com service, all of which is addressed in Automattic’s privacy policy.

Our Collection, Use and Sharing of WordPress VIP Services Personal Data

Why WordPress VIP Collects and Uses WordPress VIP Services Personal Data

Our WordPress VIP services include hosting, support, content analytics, and other professional services to optimize WordPress.com for security, performance, and scalability. We process WordPress VIP Services Personal Data as a data processor for the purpose of providing WordPress VIP services to our WordPress VIP clients.

Sharing of WordPress VIP Services Personal Data with Third Parties

We may transfer WordPress VIP Services Personal Data to third-party service providers who help us provide our services. Under certain circumstances, we may be liable for the acts of those third-party service providers with respect to the WordPress VIP Services Personal Data.

Compelled Disclosure

We may be required to disclose WordPress VIP Services Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your Rights with Respect to WordPress VIP Services Personal Data

Requests for Access, Correction, or Deletion of WordPress VIP Services Personal Data

Individuals in the EU, the United Kingdom, and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. If you are an individual in the EU, the United Kingdom or Switzerland who believes that you are a customer or end-user of one of our WordPress VIP clients, and wish to request access to (or to limit use or disclosure of) any WordPress VIP Services Personal Data that we may have about you, you can submit a written request to us at privacy@wpvip.com.

Since we act as a service provider to our WordPress VIP clients, we will direct the inquiry to the applicable WordPress VIP client(s), who can respond to your request. Please include the name of the applicable WordPress VIP client(s) in your request, if known, so that we can refer the request to them.

Dispute Resolution

If you are an individual in the EU, the United Kingdom or Switzerland who believes that your personal data is included in the WordPress VIP Services Personal Data, you may direct any concerns or complaints to us at privacy@wpvip.com.

If we do not resolve your complaint, you may contact JAMS, our designated independent dispute resolution provider for Data Privacy Framework related inquiries. You can contact JAMS, which is based in the United States, free of charge through its website at the following link:

https://www.jamsadr.com/dpf-dispute-resolution

If neither WordPress VIP nor JAMS resolves your complaint, you may, in certain circumstances, be able to seek binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

Other Things You Should Know

Our commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.