Back to Legal

Data Privacy Framework Notice

Effective as of May 28, 2025

This Data Privacy Framework Notice (the “Notice”) supplements the GoTo privacy policy that directly links to, or incorporates by reference, this Notice. The GoTo privacy policy provides details about the what personal data we collect, why we collect it, and how we process it.

GoTo complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. GoTo has certified to the U.S. Department of Commerce that it adheres to:

  • the EU-U.S. Data Privacy Framework Principles (the EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF;
  • the EU-U.S. DPF Principles and UK Extension to the EU-U.S. DPF Principles with regard to the processing of personal data received from the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF (the UK Extension Principles); and
  • the Swiss-U.S. Data Privacy Framework Principles (the Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

In this Notice, we collectively refer to the foregoing as the “Principles.” If there is any conflict between the terms in this Notice and Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

GoTo is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).

As they are used in this Notice, the terms “GoTo,” “we,” “us” and “our” shall mean, collectively, the following US-based GoTo entities:

  • GoTo Group, Inc.
  • Grasshopper Group, LLC
  • GoTo Technologies USA, LLC
  • GoTo Communications, Inc.

Third Party Transfers

As provided in our privacy policies, GoTo may disclose personal data to third-party service providers who process personal data in the course of providing services to us (sub-processors). GoTo remains responsible and liable under the Principles for any onward transfers of your personal data to these third parties. Further, it is GoTo’s practice to maintain contracts with these third parties that restrict their access, use and disclosure of personal data in compliance with our DPF obligations, including the onward transfer provisions.

Your Right to Opt-Out

Except as noted in the Sensitive Personal Data section of this Notice or as may be otherwise permitted by law, GoTo will provide you with the right to opt-out where such data will be (i) disclosed to a third party other than a sub-processor, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.

Sensitive Personal Data

Except as may be otherwise permitted by law, where GoTo Processes Sensitive Personal Data such as information that specifies medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual, GoTo will obtain your express consent where such data will be (i) disclosed to a third party other than a sub-processor, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.

Compelled Disclosure

As explained in our Government Request Policy, GoTo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GoTo will only provide customer information if the Government has appropriate authority under applicable law to request such information. We will review all international Government requests on a country-by-country and case-by-case basis to consider and balance our local legal obligations against our commitments to promote users’ safety and privacy.

Inquiries and Complaints; Dispute Resolution

You may direct any inquiries or complaints concerning our DPF compliance to privacy@goto.com. We will respond to your inquiry promptly.

For Non-HR Related Personal Data – In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, GoTo commits to refer unresolved complaints concerning our handling of non-HR related personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.

For HR Related Personal Data – In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, GoTo commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Binding Arbitration

Please note that if your concern is not resolved through these channels, under certain conditions, you may also have the option to pursue binding arbitration under the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

Your Rights and Contacting GoTo

Our privacy policies explain how you may have certain rights with respect to your personal data, such as the rights of access, correction, deletion, and limiting the use and disclosure of your personal data. You can submit a request to us regarding data we maintain about you by visiting our Individual Rights Management Portal here or contacting us at privacy@goto.com.

Individuals whose personal data is collected and processed by GoTo on behalf of its customers should direct their request to the GoTo customer (the data controller). GoTo will assist customers in responding to these requests, as appropriate.

If you have any questions regarding this Notice, please contact the GoTo Privacy Team at privacy@goto.com or write to us via postal mail at: Attn: Legal and Privacy Team, GoTo, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Republic of Ireland.

Changes to this Notice

This Notice may be amended or modified from time to time consistent with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF frameworks, or as required by applicable law.

 

 

To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/.

To view GoTo's certification, please visit https://www.dataprivacyframework.gov/s/participant-search.