Other Covered Entities



  • Information and Communications Technology


EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 5/12/2017
Next Certification Due Date: 4/21/2021
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 5/12/2017
Next Certification Due Date: 4/21/2021
Data Collected: NON-HR

Purpose of Data Collection

Our WordPress.com VIP service provides website hosting, support and professional services to enterprises and other high profile, high traffic online publishers. The WordPress.com VIP service is primarily an online publishing system, built on the popular WordPress open source platform. VIP clients use the WordPress.com VIP service to build, publish, maintain, and support websites that often serve as the face of their business or publication. In the course of using the service, WordPress.com VIP clients may create and upload data for public dissemination, such as articles and other website content, much of which is ultimately published publicly to their site. VIP clients may also create or collect other types of data, in the course of the operation and use of their site. In connection with our WordPress.com VIP service, our VIP clients may provide personal data to Automattic Inc. and our U.S. subsidiary WPVIP Inc. about their own customers and end users in participating EU countries, the United Kingdom, and/or Switzerland that the VIP clients (the data controllers) collect through the operation and use of their websites (“VIP Services Personal Data”). VIP clients may collect VIP Services Personal Data when, for example, (1) an end user creates an account with the VIP client (for clarity, not a WordPress.com account); (2) a VIP client administrator adds content to the site that may include VIP Services Personal Data, or (3) a VIP client provides directory or other information about its end users as part of an intranet (i.e., a website that is only accessible to authorized, internal personnel) used by that VIP client. The type of VIP Services Personal Data varies by each VIP client, but typically includes personal data that allows our VIP clients’ customers and end users to access and use the VIP client’s website, such as a username and e-mail address. We adhere to the principles of the EU-U.S. and Swiss-U.S Privacy Shield frameworks with respect to VIP Services Personal Data. We process VIP Services Personal Data as a data processor for the purpose of providing VIP services to our VIP clients--for example, to allow VIP clients’ customers to interact with and use the VIP clients’ websites, follow the instructions from our VIP clients, and fulfill obligations that we have under our contracts with our VIP clients. We may transfer VIP Services Personal Data to third party service providers who help us provide our VIP services to our VIP clients. This Privacy Shield Certification applies to our core WordPress.com VIP services, and does not include any plug-ins provided by third parties or Automattic (e.g., Jetpack and WooCommerce), or any other software or services, that our VIP clients elect to use on their websites. The certification also does not cover personal data related to WordPress.com user accounts or our standard WordPress.com service, but you can read more about our privacy policy for that personal data here: https://automattic.com/privacy/

Privacy Policy

Non-HR Data


Automattic's EU-U.S. and Swiss-U.S. Privacy Shield Notice describes our participation in these frameworks and provides the information required by the Notice Principle.

Effective Date: 5/2/2017

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Automattic Inc. at:

Catherine Scheer
Legal Operations Wrangler
Automattic Inc.
60 29th Street #343
San Francisco, California 94110

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Automattic Inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against Automattic Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission