About VeriSign

Version 2.13 - Effective May 23, 2005

VeriSign is committed to providing you with excellent service for all of our products and services. Because we respect your right to privacy, we have developed this Privacy Statement to inform you about our privacy practices for the entire VeriSign.com site and about special privacy practices related to our Safe Harbor Participation (see below section on “EU Safe Harbor Participation”). This Privacy Statement is not applicable to any of our other privacy practices, including, without limitation, data collected from other VeriSign sites or offline. VeriSign services may be hosted on partner sites on behalf of VeriSign, and if this VeriSign Privacy Statement is listed on that site, then it will also apply.

VeriSign is a licensee of the TRUSTe Privacy Program and is authorized to use the TRUSTe trustmark. TRUSTe is an independent, non-profit organization whose mission is to build users' trust and confidence in the Internet by promoting the principles of disclosure and informed consent. VeriSign has agreed to disclose its privacy, practices and have them reviewed and audited for compliance by TRUSTe. Members of the TRUSTe Privacy Program agree to adhere to TRUSTe's established privacy principles of disclosure, choice, access, and security. Members of the TRUSTe Privacy Program also agree to comply with ongoing TRUSTe oversight and its alternative dispute resolution process. In keeping with TRUSTe's Privacy Program, this Privacy Statement will inform you of:

Questions regarding this Privacy Statement should be directed to practices@verisign.com. Please specify "Privacy Statement" in the subject line of your e-mail. You may also call us at 1-650-426-5555. If you do not receive a reply from us or if you believe that your inquiry has not been satisfactorily resolved, please contact TRUSTe. The TRUSTe program covers only information that is collected through this Web site, and does not cover information that may be collected through software downloaded from this Web site.

VeriSign adheres to the EU Safe Harbor Privacy Principles with respect to certain personal data that it receives about European Union residents in the course of providing certain services. Information about VeriSign’s participation in Safe Harbor can be found in the section below entitled “Safe Harbor Participation”.”

Overview

Privacy is of great concern to most users of the Internet, and is a critical part of an enjoyable and satisfactory user experience. We at VeriSign are acutely aware of and sensitive to the privacy concerns of our subscribers and other visitors to our Web site. Whether you are a customer of our various products and services or a visitor to our site, we assure you that we do not collect personal information from you unless you provide it to us. If you are enrolling for a VeriSign digital certificate ("Digital ID"), you may be asked to provide certain personal information. Please note, however, that we are asking for this information for the limited purposes of creating your Digital ID, providing the services that may be part of your Digital ID, and authenticating your identity in order to issue you a Digital ID. If you are enrolling in VeriSign’s Digital Brand Management Services, you may be asked to provide certain personal information in order for us to create your company’s account with us. You should be assured that we do not provide or sell personal information about our customers or site visitors to vendors that are not involved in the provision of VeriSign's public certification and other services.

VeriSign has a service involving authentication of individuals in the healthcare sector (the “Healthcare Authentication Service”) which allows certain individuals to obtain a Digital ID and provide additional personal and professional information in an electronic profile (the “Subscriber Profile”) for the purpose of permitting that individual to access the Web site or use the services of a third party that would be relying on the information in that Digital ID and Subscriber Profile (the “Relying Third Party”). In VeriSign’s Healthcare Authentication Service, the Digital ID and the ability to create the Subscriber Profile are offered by a third party such as the American Medical Association (the “Non-VeriSign Digital ID Provider”). If you are providing personal information using the Healthcare Authentication Service, the information is used by VeriSign to issue you a Digital ID, to authenticate you, and also to permit the Relying Third Party to access your Subscriber Profile to authenticate you.

This Privacy Statement applies to the verisign.com site. Many of our subsidiaries maintain their own privacy policies that may be viewed on their Web sites. For our Public Certification Services and for our payment services, VeriSign has a "network" of domestic and international "Affiliates" that provide certain certification and payment services on a worldwide basis. We strive to provide our visitors and subscribers with the highest level of privacy possible, and therefore require that our Affiliates offer no less protection than that offered in this Privacy Statement. In addition, each of our Affiliates must meet the data protection requirements of their relevant national laws.

Please note that our site contains links to other sites. VeriSign is not responsible for the privacy practices, privacy statements, or content regarding these other sites.

VeriSign supports TRUSTe's comprehensive assurance process. In order to ensure compliance with its Privacy Program, TRUSTe monitors our site by conducting initial and periodic reviews and "seeding" (tracking unique identifiers in our site's database). TRUSTe also relies on online users to report violations of posted privacy statements or specific privacy concerns. If a TRUSTe participant is suspected of not conforming to the TRUSTe principles, TRUSTe will investigate the issue, which could result in penalties, additional audits, or revocation of the participant's right to use the TRUSTe trustmark. Extreme violations may even be escalated to the Federal Trade Commission ("FTC"). These enforcement measures are intended to provide some assurances that you can rely on our representations in this Privacy Statement. For more information on the TRUSTe assurance process, see http://www.truste.org/consumers/compliance.php

If you feel that we are violating this Privacy Statement, please contact us at practices@verisign.com. Please specify "Privacy Statement" in the subject line of your e-mail. You may also call us at 1-650-426-5555. If you feel that we do not provide you with an appropriate response, you may file a report with TRUSTe at http://www.truste.org/consumers/watchdog_complaint.php

Information We Gather from You

Personal Information

There are two ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:

E-mail Request for Information or Registrations for Guides or Seminars - We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides or seminars, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our products or services. To do so, we may request additional personal information from you, such as your name and telephone number, to help us satisfy your request.

Enrollment - If you choose to enroll for one of our products or services, we will request certain information from you. Depending on the type of product or service that you request, you may be asked to provide different personal information. For certain products and services, we may require your name, address, telephone number, e-mail address, credit card number, bank account information, IP address, and/or social security number. Other products and services may require different or supplemental information from you in order to apply. For a detailed listing of the type of personal information requested for our various products, please refer to the enrollment page for the particular product or service.

Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life.

Statistical Information About Your Visit

When you visit our site, our computers may automatically collect statistics about your visit. This information does not identify you personally, but rather identifies information about a visit to our site. We may monitor statistics such as how many people visit our site, the user's IP address, which pages people visit, from which domains our visitors come and which browsers people use. We use these statistics about your visit for aggregation purposes only. These statistics are used to help us improve the performance of our Web site.

Use of Cookies

We only use "cookies" as described in this Section. A "cookie" is a piece of information that our Web site sends to your browser, which then stores this information on your system. If a cookie is used, our Web site will be able to "remember" information about you and your preferences either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a Web site as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to "invade" your hard drive and return to the sender personal or other information from your computer.

Our uses of "cookies" are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our software determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business partners, our Web server may also send your browser a temporary cookie that reflects an "origination code" for that business partner. We use this information for statistical and marketing purposes. Second, if you are using VeriSign's Personal Trust Agent to log into an access-controlled section of our site, we set a temporary session cookie to establish that you have been authenticated. The information contained in these cookies consists of random data that is used by the server to authenticate the browser requests to the server for that particular session. It does not include any type of personally identifiable information. This bit of information is erased when you close your current browser window. If you choose not to accept a temporary cookie, you will not be able to navigate in these online applications or use the Personal Trust Agent .

The second situation in which we may use cookies is with respect to permanent cookies. This type of cookie remains on your system, although you can always delete or disable it through your browser preferences. There are two instances in which we use a permanent cookie. First, when you visit our Web site and request documentation or a response from us. When you are filling out a form you may be given the option of having our Web site deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Web site. We only send this type of cookie to your browser when you have clicked on the box labeled "Please remember my profile information" when submitting information or communicating with us The second instance where we use a permanent cookie is where we track traffic patterns on our site. Analysis of the collected information by our tracking technologies allows us to improve our web site and the user experience. In both instances of a persistent cookie, if you choose not to accept the cookie, you will still be able to use our Web site. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent.

Bulletin Boards, Chat Rooms and Forums

If you use a forum, bulletin board, chat room or other chat tool on this Web site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. VeriSign is not responsible for the personally identifiable information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the Rules of Engagement or other terms and conditions set forth on the relevant forum site.

How We Use and With Whom We Share the Personal Information We Gather

We assure you that the personal information we gather from you is used by us only as explained below.

Sending you responses and updates

We generally respond to any e-mail questions, requests for product or service information, and other inquiries that we receive. We may also retain this correspondence to improve our products, services, and Web site, and for other disclosed purposes. Frequently we retain contact information so that we can send individuals updates or other important information about our services and products. Occasionally these updates or other important information may be sent out by third parties on our behalf. Please be assured that any third party who contacts you in this capacity has executed a confidentiality agreement with us that contains a provision ensuring the privacy and security of any transferred information and limits the third party's use of the shared information to sending updates or providing services on our behalf. Our subsidiary companies may also send you information about their services and products. In situations where you have supplied your information in connection with a question or request for information about a product or service offered by a VeriSign business partner, we may also send the information you have supplied to the VeriSign business partners that offer such products or services. Please be assured that these VeriSign business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you asked.

Facilitating the support, renewal, and purchase of our products and services (except if you are using our Healthcare Authentication Service)

If you are using VeriSign's Healthcare Authentication Service this paragraph does not apply. We may use the information you submit to contact you to discuss the support, renewal, and purchase of our products and services. We may provide our subsidiary companies with your information so that they may send you information about their services and products. We may also provide the information you have submitted to us to a VeriSign subsidiary, business partner, or independent reseller (either within or outside the United States) so that the subsidiary, business partner, or independent reseller can contact you and facilitate the support, renewal, and purchase of VeriSign products and services. You may receive a communication directly from one of our subsidiaries, business partners, or independent resellers. Please be assured that any subsidiary, business partner, or independent reseller who contacts you for one of these purposes has agreed to use the information we supply only in accordance with a confidentiality agreement. To find out the names and locations of the subsidiaries, business partners, and/or independent resellers to whom we have provided your information, please contact us at the address given at the end of this Privacy Statement.

Facilitating the support and renewal of our products and services (for our Healthcare Authentication Service)

If you are using VeriSign's Healthcare Authentication Service where there is a Non-VeriSign Digital ID Provider (such as the Physician Authentication Service which is offered by the American Medical Association), this paragraph applies to you. We may use the information you submit when enrolling for your Digital ID to contact you to discuss the support and renewal of our products and services. We may also provide the information you have submitted to us to a VeriSign business partner so that the business partner can contact you and facilitate the support and renewal of VeriSign products and services. You may receive a communication directly from one of our business partners. Please be assured that any business partner who contacts you for one of these purposes has agreed to use the information we supply only in accordance with a confidentiality agreement. To find out the names and locations of the business partners to whom we have provided your information, please contact us at the address given at the end of this Privacy Statement.

Facilitating the provision of certain included products and services (if you are applying for certain types of Digital IDs or certain of our Digital Brand Management Services)

Certain types of Digital IDs come with additional third-party services or products that are included with the Digital ID. If you purchase one of these Digital IDs, we may forward some or all of the information in your application to third party providers so that they can provide you with the service or product and follow up with you directly regarding their service or product or an upgrade. Please be assured that we have agreements with these third-party service or product providers that prevent them from disclosing the information to other parties.

Likewise, certain of our Digital Brand Management Services will involve the disclosure of some or all of your information to a registrar or registry of domain names or to a third party service provider so that they can provide you with the service you have requested. For further explanation about this disclosure or the types of third party services available in Digital Brand Management Services, please refer to your contract with VeriSign for the purchase of these services.

Validating your identity (if you are applying for certain types of Digital IDs)

Certain types of Digital IDs require that we compare some of the information in your application to information contained in a third-party database or with some other third party source. We do this in order to authenticate your identity and other attributes, and also to prevent identity theft. We have confidentiality agreements in place with these third-party databases restricting the disclosure of your information. In certain limited situations, we have contracts in place permitting the third-party database to disclose the information to its subcontractors or affiliates, but only for authenticating your identity and only in accordance with confidentiality agreements.

Forming the contents of a Digital ID

The exact information that appears in our different types of Digital IDs is set forth in the relevant enrollment page and this Privacy Statement. Generally this information is limited to e-mail address and name, but certain classes of Digital IDs contain additional information. For example, SSL Certificates may contain the organization's Dun and Bradstreet number. Please note that all information that you provide us that forms the content of a Digital ID will be "published." Publication of Digital IDs in an accessible location (a repository) is an integral part of enabling the widespread use of Digital IDs. Your Digital ID will be published in our repository so that a third party may access, review, and rely upon your Digital ID. You should have no expectation of privacy regarding the content of your Digital ID.

Permitting a Non-VeriSign Digital ID Provider or a Relying Third Party to access the information you provide (if you are using the Healthcare Authentication Service)

If you are using the Healthcare Authentication Service, we may permit your Non-VeriSign Digital ID Provider to review the information you provide. For example, if you are using the Physician Authentication Service provided by the American Medical Association, we would permit the American Medical Association to review the information you provide. The use of your information by such Non-VeriSign Digital ID Provider should be governed by your agreement with that Non-VeriSign Digital ID Provider.

In all cases where you are using the Healthcare Authentication Service, we may permit Relying Third Parties to review the information you provide.

Processing payments (if you are using our payment service)

If you use the VeriSign Payment Services payment gateway for online transactions, we may provide your personal information to appropriate financial institutions, processors, and third parties under contract with VeriSign or our independent resellers for providing a subset of the payment services (for example, credit authorization and fraud screening). For financial institutions and processors, the use of personally identifiable consumer information is governed by federal and state privacy laws. For other third parties under contract with VeriSign, the use and distribution of your personal information will be used by such entity for its internal use related to fulfilling the transaction services for VeriSign, will be treated as confidential by this entity, and will be transferred between VeriSign and this entity only via encrypted means. We may also permit the merchant through which you placed your order to review the personal information you provide. The merchant's use of your personal information should be governed by your agreement with the merchant.

Disclosure by Law and Protection of VeriSign and Others

If we are required by law to disclose certain information to local, state, federal, national or international government or law enforcement authorities, we will do so (for example, we may disclose the identity of purchasers of certain software products to the U.S. Department of Commerce, Bureau of Export Administration, as required under the terms of our export licenses). We will also disclose information to third parties as necessary in order to comply with applicable laws and regulations. In addition, VeriSign may share information in order to investigate, prevent, or take action regarding illegal activities or suspected fraud, or enforce or apply VeriSign's agreements.

Surveys

From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for purposes of monitoring or improving the use of and satisfaction with this Web site, and improving our customer service and product offerings.

Your Ability to Opt-Out of Further Notifications

From time-to-time, we notify our subscribers of new products, announcements, upgrades and updates. (In the case of the VeriSign Healthcare Authentication Service, we will not notify you of new products, announcements, upgrades and updates, and therefore, you do not need to opt out of receiving these notices.) If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.

If you would like to change your preferences online, please visit http://www.verisign.com/compref/. If you receive a marketing communication from our subsidiaries, business partners or independent resellers, you should opt-out with that entity directly. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our Digital IDs or other products or services.

Our Security Procedures

We consider the protection of all personal information we receive from our Web site visitors and subscribers as critical to our corporate mission. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering one of our products or services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to at least an annual SAS-70 Type II audit by an internationally-recognized accounting firm.

How You Can Update or Correct Your Personal Information

If you need to update or correct information contained in a Digital ID you will need to revoke your Digital ID and obtain a new one because we digitally sign each subscriber's Digital ID as a part of the Digital ID issuance process. If we were to subsequently modify or remove any information listed in a Digital ID, our digital signature would not verify the Digital ID's new content. Furthermore, if a subscriber (sender) then digitally signed a message with his or her private key, a third party would not be able to properly verify the sender's signature (created using the sender's private key) because the sender's Digital ID would have been altered after the key pair's creation. For more information and tutorials on digital signatures, Digital IDs, keys, and related subjects, click here http://www.verisign.com/repository

If you would like to update or correct any personal information in our records that is not contained in your Digital ID, please contact us via e-mail at id-support@verisign.com (for Class 1 and Class 2 Digital IDs) at support@verisign.com (for Class 3 Digital IDs)), at vps-support@verisign.com (for payment transaction services), or at the address given at the end of this Privacy Statement. You may correct or update any information that you have supplied in using Digital Brand Management Services by logging into the Digital Brand Manager and making the necessary changes to your information or, alternatively, contacting our customer service group at dbms-support@verisign.com to request these changes.

If you are using the VeriSign Healthcare Authentication Service and you would like to update or correct any information in your Subscriber Profile, you would need to contact the Non-VeriSign Digital ID Provider.

How You Can Revoke (Deactivate) Your Digital ID

When a third party wants to rely on a Digital ID, it is important for the third party to know its status (for example, whether it is valid, suspended (where available) or revoked). The third party may do this by accessing our repository and querying for the status of the Digital ID. We do not generally delete Digital IDs (and their content) from our on-line repository because a third party might not then be able to check its status. You may, however, revoke (deactivate) your Digital ID. A revoked Digital ID will still appear in our repository with an indication that it has been revoked. If you are a Digital ID subscriber and would like to have your Digital ID revoked (deactivated) from our database, please visit our site at http://www.verisign.com/products-services/security-services/ssl/revoke.html and follow the listed instructions or contact us via e-mail at id-support@verisign.com (for Class 1 and Class 2 Digital IDs) or at support@verisign.com (for Class 3 Digital IDs) or at the address given at the end of this Privacy Statement.

Email this Page

If you use VeriSign’s “Email this page” feature to send a copy of that page to someone else, your email address will appear as the sender of the email. Both your email address and the recipient's email address will not be used for any other purpose.

Changes to this Privacy Statement

If a material change is made to this Privacy Statement and/or the way we use our customers' personally identifiable information then, with the prior written approval from TRUSTe, we will post prominent notice of the nature of such change on the first page of this Privacy Statement and also on our home page.

EU Safe Harbor Participation

This Section of the Privacy Statement describes how VeriSign, Inc. (“VeriSign”) handles personal data of representatives of, and event data related to, certain customers from the European Union in connection with the following Managed Security Services: Managed Firewall and VPN Services, Managed Intrusion Prevention Services, Managed Intrusion Detection Services, Managed Vulnerability Protection Services, Managed Vulnerability Alerting Services, and Managed Incident Response and Forensics Services (the “Covered Services”). Specifically, VeriSign adheres to the US-EU Safe Harbor Privacy Principles (“EU Safe Harbor”) with respect to certain personally identifiable information that it receives from customers in the European Union related to the Covered Services (“EU Personal Data”). VeriSign has various other business units, service offerings, and data collections which are not covered by this Section of the Privacy Statement, nor by VeriSign’s participation in the EU Safe Harbor and VeriSign makes no EU Safe Harbor representations with respect to any data collected or used in these business units, service offerings or data collections. For further background about the EU Safe Harbor, please refer to the U.S. Department of Commerce’s website at http://www.export.gov/safe harbor.

Collection and Use of EU Personal Data

From its customers of the Covered Services, VeriSign may collect name, title, address, phone, fax, pager number, and other contact information (“Contact Data”) for purposes of contacting customers as necessary or appropriate to provide or support the Covered Services. Where permitted by law, VeriSign may also use this Contact Data to communicate regarding VeriSign products or services, and disclose such data to subsidiaries, business partners and independent resellers of VeriSign services for the same purposes.

With respect to any sharing of EU Personal Data for purposes of marketing VeriSign products and services, VeriSign obtains promises from its subsidiaries, business partners and independent resellers that such entities will use and disclose the EU Personal Data for purposes of marketing VeriSign products and services only. Individuals may opt-out of further disclosures of their EU Personal Data from VeriSign to subsidiaries, business partners and independent resellers, and further uses of their data by VeriSign for marketing, by contacting VeriSign at http://www.verisign.com/compref/. If you receive a marketing communication from one our subsidiaries, business partners or independent resellers, you should opt-out with that entity directly.

In connection with providing the Covered Services VeriSign may collect passwords, user names, and other data from customer networks (“Event Data”) for the exclusive purposes of monitoring the customers’ networks and systems, and otherwise performing the Covered Services to customers. At all times with respect to this Event Data, VeriSign acts as a mere “data processor” on behalf of its customers.

Data Integrity and Access

VeriSign makes reasonable efforts to keep EU Personal Data reliable for its intended use, accurate, current, and complete. VeriSign also provides customer contacts with the opportunity to access, review and correct their own Contact Data, and otherwise provides customers access in accordance with the EU Safe Harbor. Individuals may contact VeriSign as indicated below in order to review their EU Personal Data. However, customer contacts may first wish to contact their company’s representative (i.e., VeriSign’s customer), as that might be the most efficient means of addressing their issues. VeriSign will respond to the request within 30 days.

Other Disclosures

VeriSign may also disclose EU Personal Data as necessary in connection with the sale or transfer of all or part of its business, provided that it will notify affected customers in accordance with the procedure for changing this Privacy Statement as noted above. In situations where VeriSign discloses EU Personal Data to any third parties acting as “agents” on behalf of VeriSign, VeriSign will require the recipient to protect the data in accordance with the relevant principles in the EU Safe Harbor, or otherwise take steps to ensure that the EU Personal Data is appropriately protected. VeriSign may also disclose EU Personal Data where required or permitted by law, where VeriSign believes that such disclosures are appropriate in connection with a law enforcement request or otherwise permitted by the EU Safe Harbor, or in order to investigate, prevent, or take action regarding illegal activities or suspected fraud, or enforce or apply VeriSign’s agreements.

Questions

If you have any questions about this EU Safe Harbor Privacy Statement, or if you would like to request access to EU Personal Data that VeriSign may maintain about you, please contact us as follows:

Rebecca Matthias
Senior Corporate Counsel, Legal Department
VeriSign, Inc.
487 East Middlefield Road
Mountain View, California 94043
Email: EUsafeharbor@verisign.com
Telephone: 1-650-426-5555 (specify Safe Harbor)

Any questions regarding VeriSign’s EU Safe Harbor Participation should first be directed to the VeriSign contact above. If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you may then contact TRUSTe for further information.

Dec	FEB	Mar
	02
2005	2006	2007

Privacy Statement