Question 1

Accountability

Accepted Answer

Accountability is a foundation to GoTo’s privacy program. Accountability means that we take steps to demonstrate our efforts to comply with applicable data privacy laws and allocate resources to facilitate this compliance. For example:

People: GoTo has a designated privacy team who helps GoTo comply with its obligations under data privacy law. In addition, we have appointed Data Protection Officers and similar roles in jurisdictions where they are required, such as the EU, the UK, Brazil, Singapore, and Canada. We also provide training to associates at the time of hire and annually thereafter. You can reach our privacy team and our DPOs here.
Policies: We maintain internal privacy policies that establish the conduct expectations of GoTo employees regarding the protection of personal data.
Procedures: We have developed internal procedures that help GoTo demonstrate it complies with applicable laws. We review our products and processes to help us understand how we process personal data.

Question 2

Transparency

Accepted Answer

Being transparent means that GoTo strives to tell individuals and our customers where, how, and why we process personal data.

As a controller: When GoTo makes the decision about how personal data is handled we strive to be transparent by providing transparency notices, such as our privacy policy, that inform individuals how we process their data. Our privacy notice does not apply to how we process customer data. Our undertakings with our customers are defined in our customer contracts.
As a service provider: It is GoTo’s practice to enter into appropriate agreements with its customers and suppliers that define the parties’ rights and obligations with respect to personal data. For example, you can review a copy of our DPA, which is incorporated into our agreements, here. We also strive to be transparent about our sub-processors. You can find a list of our sub-processors for your service here.

Question 3

Responsiveness

Accepted Answer

GoTo wants to hear from the customers and individuals whose data we process. Your questions and feedback help us improve our program and let us know what information is important to you.

GoTo provides a privacy mailbox to raise questions and concerns about our data handling practices. Please note, this mailbox does not handle bug bounty reports or security incident reports, which should be directed here.
We also provide an individual rights management portal for individuals who have engaged with us may exercise their privacy rights. If you have engaged with a GoTo customer, we cannot fulfill your request. Please contact the customer directly.

Question 4

Vigilance

Accepted Answer

Being vigilant involves both proactive review of our processes and reactive response to addressing potential privacy and security concerns.

Our privacy team undertakes periodic reviews of our processes and procedures in an effort to align them with data privacy requirements.

We partner with information security to address potential security concerns and other data issues. If you have a report of a security concern, please report it here.

Privacy

Program Overview

Cross-Border Data Transfers