SITECORE TRUST CENTER
At Sitecore, we understand the value of data and the importance of protecting it.
- How Your Information is collected
- How we use Your Information and why
- Who we share Your Information with and why
- How we transfer information across borders
- Your privacy rights
- How we keep Your Information secure
- How you can contact us with any questions
The changes we have made
- More choices and expanded rights – We have included new privacy rights that may be applicable in your jurisdiction, but we have also included more detail on how you can make informed choices and disable features that you may not want. We have given you the option to control your cookies on Sitecore webpages.
- Security - More detail on the security measures we utilize to keep your data secure.
What we have not changed
- We have not changed our commitment to your privacy –We want you to be able to make informed choices that enable you to direct the use of your own information.
- We have not changed the why we collect your information and how we share it – But we have provided you with more details, so you can understand who you are sharing your information with and why, we explain who Sitecore is and what our company uses data for.
- We do not rent or sell your data – We only share your data with third parties, such as vendors, service providers or partners, when we need to do so to enhance your experience of our product and services. These third parties will only have access to personal information if it is necessary for them to complete their service supporting our efforts and will be contractually required to keep it secure.
Your trust is important to us so if you have any questions or comments, we’d like to hear from you. Please reach out to us.
EFFECTIVE DATE: May 18, 2022
SITECORE AND YOU
- How we Process and Handle Data. This section gives general information on how we handle data, including information we receive from you.
- Sitecore Websites. This section describes the type of data collected from the Sitecore Sites.
- Marketing Activities. This section explains that from time to time, Sitecore will reach out to you in a variety of ways to tell you about products, services and other information we believe is relevant to you.
- Our Customer Relationships. This section describes the type of data collected through the services that we provide to our customers and users. In order to use certain services, including our product support services, as a representative of an organization which is a Sitecore customer you might need to have a user account and password.
- Processing Your Personal Information. This section details the lawful basis on which we process the information we collect.
- How We Keep Your Information Secure. This section details how Sitecore secures the data that it collects, processes and stores.
- Storage and Retention of Your Information. This section explains how Sitecore stores data and how long we will keep it.
- Cross-Border Transfers of Information and the Privacy Shield. This section explains how Sitecore is a global company and how we transfer data that is shared internationally.
- Your Choices. This section outlines your choices about certain information we collect and how we communicate with yous.
- Your Privacy Rights. This section outlines how you may exercise any rights you may have under the applicable law of your jurisdiction
SECTION 1. WHO WE ARE
We collect and use information about our website visitors (Section 3) and those that interact with our products and services (Sections 4 and 5) in order to manage your relationship with Sitecore and to better serve you by personalizing your experience and how you connect with us.
SECTION 2. HOW WE PROCESS AND HANDLE DATA
The information we collect from you depends on the nature of your relationship with us or your interaction with Sitecore’s products, services, websites and marketing events and communications. The information we collect from You (“Your Information”) may include both Personal Information and Other Information, as detailed below.
Personal Information. “Personal Information” follows the definitions under applicable law and includes “Personal Data" and includes contact and business information (such as name, title, email address), account information, license information, payment information, information from third parties, inferences drawn from the personal information provided to us, social media data and any other unique identifying information. For a detailed understanding, please see Your Information.
In some instances, we may combine Other Information with Personal Information, such as deriving geographical location from your IP address and combining website browsing data about your usage of the Sitecore services with your name. If we combine Other Information with Personal Information, we will treat the combined information as Personal Information.
You are not required to share the Personal Information that we request. However, if you choose not to share such information, in some cases we might not be able to provide you with the Sitecore services, allow you to access certain specialized features of the Sitecore services or be able to effectively respond to any queries you may have. You are entitled to withhold your Personal Information and exercise Your Privacy Rights free from discrimination. This means that Sitecore will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you for exercising your rights.
Sitecore will never collect more of your Personal Information than is necessary for the intended purpose of processing that information. Some of the uses of Personal Information listed in sections 2, 3 and 4 may not be mandatory and can be controlled by you.
Please see the Your Privacy Rights section below to learn more about how you can control the information Sitecore processes about you.
SECTION 3: SITECORE WEBSITES
Details of the information we collect through our Sites, and how we process it, are below:
Information you provide to us. We may collect identifiers and Personal Information about you, for example, when you request a free trial or demo or contact us via our Sites, through our:
- online forms
- online chat and
When you communicate with Sitecore, we will store all communications we receive unless otherwise requested by you.
If you are submitting information on behalf of another individual, you are responsible for obtaining appropriate consent, including consent to share and transfer any Personal Information across borders.
Information we collect automatically. We may collect internet or other electronic network activity, geolocation data and draw inferences based on the information collected to personalize your experience with the Sites.
- Log data. As with most internet technology services, our servers automatically collect information when you access or use our Sites and record it in log files. This log may include IP address, usage data, browser type, the date and time the Site was accessed, and language preferences cookies (if enabled).
- Device Information. Sitecore collects data about devices accessing the Sites, which may include the type of device, device settings, application IDs, and unique identifiers. Whether we collect any or all of this information will depend on the type of device used and how it has been configured by you.
- Location Information. We receive data from you and other third parties that helps us to track an approximate device location. We may use, for example, an IP address detected by your browser or device to determine device location. We may also collect information from devices in accordance with the consent process provided by your device.
- Third Parties We use and permit select third parties to use automatic data collection tools to collect information using website tracking technologies such as cookies, web beacons, embedded URS, pixels, widgets, buttons or other similar technologies. These can be disabled by you.
How we use that data. We may use the information collected for the following purposes:
- To improve the operation of the Sites
- To engage in research and development of the Sites and Sitecore’s product offerings
- To conduct ordinary business operations such as sales, marketing, support, education and training
- To engage in corporate reporting and management
- To recruit employees for Sitecore
- To conduct market research
- To maintain a safe and trusted environment for Sitecore employees, customers, Site visitors and members of the public
- To conduct other similar uses pertaining to the Sitecore Sites.
How we share that data. We may share the information collected for the following purposes:
- Sharing with third-party service providers. We retain third-party service providers to manage or support certain aspects of our business. These third-party service providers may be located globally and may provide services to us such as website hosting, data analysis, advertising and marketing services, data hosting, live-chat and helpdesk services, providing information technology infrastructure, customer service, email delivery, credit card processing, auditing and other similar services. Our third-party service providers are contractually bound to safeguard any Personal Information they receive from us and they are prohibited from using such Personal Information for any purpose other than to perform the services as instructed by Sitecore.
- Sharing with ad technology providers. We may provide information we collect to ad technology providers so that they may recognize your devices and deliver interest-based content to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or anonymized form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in an anonymized form. Additionally, we allow direct advertisers and other third parties (such as select retail partners) to place cookies on our Sites to allow them to show you advertisements both on and off the Sitecore Sites. We may use remarketing tags (e.g., Google, DoubleClick, Twitter) to allow our partners to advertise products which you have browsed on our site. However, we do not share any information with these advertisers and third parties that will directly identify you. By clicking on those advertisements, you are communicating with those advertisers and other third parties directly (including the ad networks, ad-serving companies, and other service providers they may in turn use).
- Complying with law / protecting legal rights. We may be required to disclose your information to comply with applicable laws (including laws outside of your country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection and prevention.
SECTION 4: MARKETING ACTIVITIES
Sitecore maintains control of the data provided to, or collected by or for, or processed in connection with certain marketing activities, such as email communications, webinars, conferences and events. We and our third-party service providers may collect information in the following ways:
Details of the information we collect through our marketing activities, and how we process it, are below:
Information you provide to us. In addition to information submitted to Sitecore through our Sites, for example when you register for a webinar, subscribe to our email newsletter or download content (such as Sitecore whitepapers), we may also collect information from you offline, such as when you attend our events in person or during phone calls with sales representatives. This may include identifiers, your voice or image, contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information.
Information we acquire from a third party. To enhance Sitecore's ability to provide relevant marketing, offers, and services to you, we may receive information about you from third parties, such as public databases, partners, lead generation services, and social media platforms. We also collect information from other sources to help us correct or supplement our records such as customer enrichment services, improve the quality or personalization of our services to you and to verify your identification in instances of suspected fraud or identity theft. This may include identifiers and contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information. In each instance we will only accept information from third parties where those third parties can demonstrate they have received all necessary consents to share such information with us.
How we use that data. We may use information that is collected through our marketing activities in the same way we use information collected through our Sites, as well as for the following purposes:
- To verify your identity if required (for example, for payment of a ticket to a Sitecore event);
- To tailor marketing to your interests, or to recommend products and services that may be of interest to you;
- To contact you with business, marketing and sales communications that you have agreed to receive such as newsletters, announcements, and special offers;
- To contact you to notify you of upcoming events that you have registered for (via email, text message or other communication channel where you have agreed to receive notifications);
- To update and improve Sitecore services and product offerings;
- To engage in corporate reporting and management;
- To conduct market research; and
- To conduct other similar uses pertaining to Sitecore’s Marketing Activities.
How we share that data. We may share information that is collected through our marketing activities in the same way we share information collected through our Sites, as well as for the following purposes:
- Communicating with you regarding a Sitecore Event. We or our partners may communicate with you about events hosted or co-sponsored by Sitecore or one or more of our partners. These communications may include information about the event's content, logistics, payment, updates, or requests for additional information related to your event registration. After the event, Sitecore may contact you about the event and our related products and services and may share information about your attendance with other third parties. Sitecore may also share your information with designated event sponsors or partners who may then send you communications related to your event attendance. Please note that, during events, our partners or conference sponsors may directly request that you provide them with information about you at their conference booths or presentations. You should review their privacy policies to learn how they use information they collect. Each event may include additional privacy protection practices and terms unique to that event, included in attendee guidebooks, the event website or sponsorship agreements.
SECTION 5: OUR CUSTOMER RELATIONSHIPS
Sitecore provides direct training and technical support through our existing customer relationships, as well as educational and marketing services to certain partners and prospective customers through secure, password-protected portals. In these relationships, where the data is still controlled by you (the customer, partner, prospective customer), Sitecore is a processor. Sitecore collects, processes and stores information throughout these processes, as follows:
Details of the information we collect through our customer relationships, and how we process it, are below:
What data we collect and how we collect it. The information we collect from you through our customer relationships may include Personal Information:
Account and Profile Information. We collect information about you when you register to create an account. For example, you provide your contact information, such as your name, email address, password, and address when you register for the Services.
- Information you provide through our support channels. As part of the product support process, customers must consent to the processing and transfer by our support team of the data they submit, including any of the customer’s end user data they may submit in the support process. This may include identifiers and contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, commercial information and any inferences drawn from the above information.
- Payment Information. We collect payment and billing information, such as credit card numbers, when you register for certain paid Services.
- Information we collect automatically when you use the Services. We collect information about you when you use our services, including browsing history, search history, and your interactions with our Sites and within the Services.
- Device Information. We collect information about your device, including the operating system and version, browser type, IP address, referring URLs, device configuration, and device identifiers.
- Information you provide through our Sites and Services. We may collect other information that you submit to our Sites and Services.
Sensitive Data: Sitecore does not collect Sensitive Data or Protected Health Information (“PHI”) (as such terms are defined under applicable Data Protection Laws and Regulations) unless otherwise agreed upon between Sitecore and you by way of applicable Agreement or Order Form.
Anonymized, aggregated data. In addition to the information you provide to us and which we collect automatically, Sitecore also collects anonymous and aggregated information about how Sitecore's services are used, to better design and operate our Sites. As part of our operations we might also anonymize or pseudonymize your information for regulatory compliance, market analysis and other Sitecore business purposes.
How we use that data. Sitecore collects and uses customer information as necessary for the adequate performance of the contract between you as a customer and Sitecore, and in accordance with any instructions received and the applicable contract terms. We use customer, partner and prospective customer information collected through our password-protected portals in a number of ways.
Using account generated data. Sitecore will use account generated data in furtherance of our legitimate interests in operating the Sitecore Sites. We may use information that is collected through our customer relationships in the same way we use information collected through our Sites and Marketing Activities, as well as for the following purposes:
- To verify your identity if required (for example, for security reasons to gain access to an account)
- To prevent fraudulent activities, such as fraudulent purchases
- To provide customer support services, problem solution support and enhancing your customer experience – we use the data (which can include communications with Sitecore employees through our Customer Success team) to investigate, respond to and resolve complaints and service issues
- To monitor license compliance
- To provide transaction support, including fulfilment of purchased licenses and to communicate with you about those requests
- To provide notification of bug fixes and security patches
- To personalize service offerings and advertise to you any products which may be relevant and of interest
- To review and respond to queries or feedback that you may provide to us
- Credit Card information using third-party processors for purchased training/events
- To monitor and record calls for training, quality assurance and support purposes
- To conduct market research
- To conduct other similar uses pertaining to our relationships with Sitecore’s customers
How we share that data. We may share information that is collected through our customer relationships in the same way we share information collected through our Sites, as well as for the following purposes:
- Sharing with Sitecore partners. Sitecore regularly engages third-party technology and implementation partners for joint sales or product promotions. Such activities will always reference the partners involved. We contract with our partners for these activities and our partners may have access to your Personal Information, and either Sitecore or our partners may use that information to provide you with sales or product promotion information, further subject to such partners’ own privacy policies.
SECTION 6. PROCESSING YOUR PERSONAL INFORMATION
- Consent (where you have given consent). We process certain Personal Information based on the consent you provided when you submitted your information. Where we rely on your consent, you have the right to withdraw or decline your consent at any time, such as consenting to receive marketing communications.
- Contract (where processing is necessary for the performance of a contract with you, i.e. to deliver the Sitecore product or services you or your organization have purchased). When information is processed under contract, you are able to terminate the contract at any time and request that information be returned to you and/or deleted.
- Legitimate interests of Sitecore or any third parties. Legitimate interests include enabling us to conduct internal business services, such as audits, mergers and acquisitions, reporting, and improving our products and services. Personal Information will only be processed on these grounds when doing so does not outweigh your rights.
Where we rely on legitimate interests, you have the right to object at any time.
- Compliance with laws (where we are required to process information to comply with applicable laws). If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide your information).
SECTION 7. HOW WE KEEP YOUR INFORMATION SECURE
We have implemented and maintain technical, administrative and physical security measures designed to protect Your Information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. To demonstrate our commitment to protecting Your Information, Sitecore maintains a number of compliance certifications in accordance with strict regulatory and industry standards. To learn more about current practices and policies regarding security and confidentiality of the Services, please visit our Trust Center.
We regularly review our security procedures to maintain the confidentiality, integrity, availability and resilience of all data both online and offline. These security procedures and measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology but include firewalls, data encryption, physical access controls and information access authorization controls. We take steps to regularly monitor our systems for vulnerabilities and to ensure that we only share information with those who need to know it.
However, no website or internet transmission is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us. You are responsible for securing and maintaining the privacy of any password(s) and account registration information uses with Sitecore and verifying that the information we maintain about you is accurate and current. We are not responsible for protecting any information that we share with a third party based on an account connection that you have authorized.
We require that our third-party service providers and partners agree to keep the information we share with them confidential and to use the information only to perform their obligations in the agreements we have in place with them. Sitecore has implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are at least as consistent with our own policies and practices.
SECTION 8. STORAGE AND RETENTION OF YOUR INFORMATION
Sitecore is a global company and your information is stored on regional servers depending on your location and the locations of the servers of the companies we hire to provide services to us based on contractual requirements.
SECTION 9. CROSS-BORDER TRANSFERS OF INFORMATION AND THE PRIVACY SHIELD
Sitecore has entered into and executed an agreement for the international transfer of personal information within the Sitecore group of companies ("Intra-Company Agreement") which governs the processing of your Personal Information by Sitecore entities. The Intra-Company Agreement also incorporates the European Union Model Clauses requirements for transfers of your Personal Information.
SECTION 10. WHAT IS NOT COVERED IN THIS POLICY
Sitecore Partners who provide implementation and other solution services may also gather information. As a result, you may want to consult those parties' privacy policies as they may be applicable to you.
Please note that in using our services, we may provide links to other websites or third parties to directly provide information relevant to your use of Sitecore products. We will provide notice of when we do this. Any interactions you have with these websites are beyond the control of Sitecore. The Site provides links to websites and access to content, products and services of third parties, including users, advertisers, partners and sponsors of the Site, and such third-party websites, content, products or services are governed by the respective third-party’s website terms and conditions of use.
SECTION 11. YOUR CHOICES
You have choices about certain information we collect about you, how we communicate with you, and how we process certain information. Please be aware that, if you do not allow us to collect your information from you, we may not be able to deliver certain products and services to you, and some of the Sitecore services may not be able to take account of your interests and preferences.
Your choices. In accordance with applicable law, you may be entitled to exercise your rights and choices as follows:
- Account settings. You may update your profile, your account and any related information at any time to ensure that information is up-to-date or delete inaccuracies, further details here.
- Devices and browsers. Some of our mobile services use your device’s location information. You can adjust the setting of your mobile device at any time to control whether your device communicates this location information.
- Communications from Sitecore. We may use your information to communicate with you by email, including sending you transactional or marketing emails. Sitecore enables you to opt out of marketing communications. Some communications you may receive from us are not considered marketing emails, such as communications related to product download, sales transactions, software updates and other support-related information, patches and fixes, security alerts, events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Such transactional emails are not subject to general opt-out. Some additional communications you may receive from our partners may also not be subject to general-opt out, including product alerts, updates, and other notices related to partner status. You can tell us to stop sending you marketing emails by clicking the unsubscribe link included at the bottom of Sitecore’s marketing emails. If you have any issues unsubscribing, you may contact us directly through here.
SECTION 12. YOUR PRIVACY RIGHTS
You have certain privacy rights regarding our collection and processing of your Personal Information. You may exercise these rights, to the extent they apply to you. Your privacy rights may vary depending on where you are located. See “Your European and UK Privacy Rights” and “Your U.S. Privacy Rights” for more information about certain legal rights.
YOUR EUROPEAN AND UK PRIVACY RIGHTS
European Union and UK privacy law provide individuals with enhanced rights in respect of their Personal Information. These rights may include, depending on the circumstances surrounding the processing of Personal Information:
- Data Access. You may request access to the Personal Information we hold about you and request that we edit or delete them.
- Data Portability. You are entitled to request copies of Personal Information that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
- Deletion or “Right to be Forgotten.” You may be able to have your Personal Information deleted or erased.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Manage your Information. You may choose whether you wish to receive material from us or some of our partners. Please let us know by contacting us.
- Withdrawing consent. If the processing of your Personal Information is based on your consent, you may withdraw your consent at any time as to future processing.
- Objecting to or restricting use of Personal Information. You can ask us to stop using all or some of your Personal Information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your Personal Information is inaccurate or unlawfully held).
YOUR U.S. PRIVACY RIGHTS
In addition to the above-listed rights, you can exercise your privacy rights under applicable US privacy laws, such as the California Consumer Privacy Act (“CCPA”).
- Information. You have a right to request information about our collection, use, and disclosure of your Personal Information over the prior 12 months, and ask that we provide you with the following information:
- The categories of Personal Information we have collected about you.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting, using, or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Access. You have a right to request a copy of all the Personal Information that we have collected about you during the past 12 months.
- Deletion. You have a right to request that we delete the Personal Information that we have collected about you during the past 12 months.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
Personal Information Collected and Processed
Household Data. Please note that we do not currently collect household data. Any such requests will be treated as individual requests.
Sale of Personal Information
Under the CCPA, a “sale” means providing to a third-party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the CCPA. We will continue to monitor the regulations and clarifying guidance once available so that we can evolve our update our business practices as may be appropriate.
To exercise your privacy rights above, please submit a request by emailing us at [email protected]. We will need to verify your identity to process your request and we reserve the right to confirm residency in the applicable jurisdiction granting such rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You may also designate an authorized agent to exercise these rights on your behalf. Please note that in such cases, we will require the agent to provide proof that you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. In certain cases, we may be required or permitted by law to deny your request.
Privacy relating to minors. As a company focused on serving the needs of businesses, Sitecore does not promote or market the Sitecore services to minors and we do not knowingly collect information from minors as defined by applicable law.
If you believe we have any information from or about anyone under the age of 13, please contact us so that we can take steps to delete that information as quickly as possible.
SECTION 13. UPDATES AND HOW TO CONTACT US
Updates to this privacy statement
Written inquiries may be addressed to our Chief Privacy and Cyber Compliance Officer at:
Chief Privacy and Cyber Compliance Officer
101 California Street
San Francisco, CA 94111
Phone: +1 415 380 0600
Fax: +1 415 380 0730
Complaints and dispute resolution
For European residents, we have chosen the EU Data Protection Authorities (EU DPAs), and for United Kingdom residents, we have chosen the Information Commissioner’s Office to serve as an independent recourse mechanism for dispute resolution arising from collection, use, and retention of Personal Information transferred from EU member countries and the United Kingdom to the United States.
In compliance with the Privacy Shield Principles, Sitecore commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield certification or privacy practices should first contact us at [email protected]
Sitecore has further committed to cooperating and complying with relevant authorities with regard to the transfer of data from the UK, EU and Switzerland. If you feel that you have not received a timely or satisfactory response from us to your question or complaint, you may contact your UK ICO here, local EU DPA here or, for Swiss individuals, the Swiss Federal Data Protection and Information Commissioner (FDPIC) here (at no cost to you) for more information or to file a complaint.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.