Privacy and Security
Building Trust Through Transparency
At Sitecore, we recognize the immense value of data and the critical importance of safeguarding it. Our commitment to privacy and security is at the heart of every interaction with our customers, partners, service providers, and web visitors. We believe in being transparent about our data practices, ensuring you are fully informed about how your information is protected.
Privacy at the Core
Our approach to data privacy is comprehensive, extending from our detailed Privacy Policy to our specific Data Processing Addendum and Cookie Policy. Each document is crafted to provide clarity and confidence in how we handle, store, and protect your personal information.
- Data Processing Addendum (DPA): Tailored to meet stringent data processing standards, ensuring compliance and security in our handling of customer data.
- Privacy Policy: Outlining our practices in collecting, using, and safeguarding personal information.
- Cookie Policy: Explaining how and why we use cookies to improve your experience on our website.
- DPO: Sitecore retains Calligo Ltd to provide DPO services. They can be contacted by email at privacy@Sitecore.com.
Unwavering Security
Security is not just a program at Sitecore; it's an integral part of our culture. We maintain robust security measures and undergo regular assessments to ensure the integrity and confidentiality of your data.
- Security Programs Overview: Our comprehensive security strategies are designed to protect data across all touchpoints.
- Compliance and Certifications: Demonstrating our commitment to industry standards, our compliance and certifications reflect our dedication to maintaining the highest security levels.
- Status by Product: Detailed insights into the security status and updates for each Sitecore product.
Additional Resources
For in-depth information, access our privacy, security, and compliance datasheets, white papers, and brochures go to Downloads.
We continuously update our privacy and security practices to not only meet but exceed industry standards. This dedication to excellence in data protection and security is a cornerstone of the trust you place in Sitecore.
Frequently asked questions
Like all globally engaged companies, Sitecore took a number of steps to implement the various requirements of the General Data Protection Regulation (GDPR) and evolving global privacy laws into Sitecore’s business. This meant building our privacy, security and data governance teams and continuing to build our data strategy to ensure a robust data model for continuing adherence beyond the May 25th 2018 implementation dates of new laws.
These steps included:
- Building an accountable privacy team: With a Data Governance Committee comprised of Sitecore C-suite members from the Legal, HR, Finance, Marketing, Customer Operations, Product, and Sales teams, and supported by a Steering Group, Sitecore has implemented top-down awareness of our privacy and data governance framework to ensure accountability in all of our business processes.
- Transparency, notice and choice: We have updated our Privacy Policy to ensure that those whose data we collect understand how it will be processed and can make informed choices about whether to share their data with us.
- Organizational measures: We reviewed our internal processes to ensure that we have improved internal guidelines and thresholds on who we work with and engage as vendors, reviewing our contracts to ensure that appropriate contractual mechanisms are in place before sharing data, implementing structures that incorporate privacy by design in our product review cycles and establishing protocols for responding to data subject requests.
- Technical measures: We have improved our internal security measures to ensure greater asset management and encryption on portable devices, as well as updating our internal security policies to deal with new legal requirements. Refer to the security page for more information on Sitecore’s security framework.
- Reviews: We have built into our business model reviews and audits to ensure that we continue to assess.
The International Organization for Standardization (“ISO”) is an independent, non-governmental international organization that creates and develops global standards.
Sitecore has recently obtained a number of ISO certifications, detailed on the Trust Center security page.
ISO 27001 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance and continuous improvement of the ISMS.
ISO 27017 is a security standard that provides guidance on the information security aspects of cloud computing. Sitecore uses this standard to supplementing the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.
ISO 27018 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud. By providing cloud services, Sitecore acts as a data processor to its customers. Sitecore uses ISO 27018:2014 standard in order to protect the PII that it processes for its customers
These standards are internationally recognized and demonstrates to our customers, partners and vendors that we have adopted best practices to manage the infrastructure of Sitecore’s ISMS and cloud offerings
To contact Sitecore’s support team, please submit your support ticket via the Sitecore Support Portal at: support@sitecore.net.
Whether Sitecore is a Processor or Controller (as defined by applicable laws) will depend on your relationship with Sitecore and the purpose for which the data is being processed. Generally however, when Sitecore is entering into a relationship with our customers, Sitecore is a processor of personal information and a controller of Other Information. This will be detailed in the applicable Order Form or Agreement with Sitecore. When Sitecore is gathering the information on our website or for marketing activities, Sitecore is generally a controller of data.
Access more information, brochures and white papers about privacy and security at Sitecore.
- For questions, comments, or feedback regarding Sitecore’s privacy practices, contact us at privacy@sitecore.com.
- To report a security vulnerability in the product, or to get support on how to use a product security feature, please contact Sitecore’s support team here.
- For all other questions, please visit our company Contact us page.