Data Transfer

Your personal information may be transferred to countries other than your own to process and store data in accordance with our Privacy Policy and to provide you with products and services. We may transfer your data to affiliates or partners, including for outsourced data processing undertaken on Yahoo’s behalf. Privacy and data protection standards in these countries may not be equivalent to standards in your country. We are committed to ensuring your information is protected and apply safeguards in accordance with applicable law. To learn more about security, including the security steps we have taken and security steps you can take, please read Security at Yahoo.

Personal Data from the EU/EEA/UK/Switzerland

Yahoo may process personal information related to individuals in the EU/EEA/UK/Switzerland and may receive that information from the EU/EEA/UK/Switzerland through various compliance mechanisms, as appropriate.

The EU-U.S. and Swiss-US Data Privacy Frameworks and UK DPF Extension

Yahoo (and the US affiliates listed here as covered entities) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding our processing of personal data received from the EEA, UK and Switzerland as described in our Privacy Policy. We have certified to the U.S. Department of Commerce that we adhere to the Data Privacy Framework Principles (DPF Principles). We will not rely on the Swiss-U.S DPF for the transfer of personal data from Switzerland to the US until the date of entry into force of Switzerland’s recognition of adequacy.

Yahoo is also liable for onward transfers to third parties that process personal information in a manner that is inconsistent with the DPF Principles unless we can prove that we were not responsible for the event giving rise to any alleged damage.

If there is any conflict between the terms in this notice and the EU-U.S. and/or the Swiss DPF Principles, the DPF Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Yahoo’s compliance with the DPF is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We invite you to contact us at [email protected] with any questions or concerns about our processing of your personal data under the DPF. You have the right to access personal data about you, and in some cases you are also allowed to correct, amend, or delete that personal data where it is inaccurate, or has been processed in violation of the DPF principles. In addition, you have the choice to limit the use and disclosure of your personal data. If you believe that Yahoo is processing your personal data within the scope of its DPF program, you can submit your request to: [email protected]. Please be aware that in specific situations where fulfilling access or other requests might impose a disproportionate burden or expense, or potentially infringe upon the rights of others, we may be required to carefully review and, if permissible under applicable law, respectfully decline your request. You may also, free of charge, contact JAMS, an alternative dispute resolution provider, at https://www.jamsadr.com/DPF-Dispute-Resolution. In certain cases where neither Yahoo nor JAMS have resolved your complaint, you may also invoke binding arbitration as described in Annex 1 of the DPF.

Standard Contractual Clauses

Where required, we rely on data processing agreements based on the EU/EEA Standard Contractual Clauses or another appropriate transfer mechanism under the applicable law.