Key Legal Concepts and FAQs

Please see below some of the contract specific questions you may have about our Agreement and delivery of our products and services.

1 minute read

Who are the contractual parties to the Agreement?

The contractual parties to the Agreement are you and your local Sitecore entity, respectively. The local Sitecore entity is set out in the Order.

Your affiliates may place Orders with other Sitecore entities based on the same terms and conditions, but this will be considered a separate agreement between the parties thereto.

What is the order of precedence of the Agreement documents?

The Agreement documents will have the following order of precedence:

  • the Data Processing Addendum;
  • the MSTC; and
  • the applicable Order.

The wording of the higher order document will take precedence, but where specific exceptions or amendments to the Master Terms or the DPA may be agreed upon in writing by Customer and Sitecore under a particular Order by specifically referencing the language that the parties agree to override or amend, in which case such specific exceptions or amendments in the Order will take precedence over the DPA and/or these Master Terms.

How can I place an Order/New Orders?

With an MSTC in place we can enter into Orders from time to time for any new products or services you may wish to purchase. Please note that the commercial terms of each Order must be mutually agreed and the Order signed by both of us, otherwise it does not constitute a binding Order (e.g. a purchase order sent by you does not constitute a binding Order).

Please contact your Sitecore sales account executive if you wish to place an Order. 

Can I terminate our Agreement or an Order for convenience?

All Orders have a minimum commitment period built into the subscription term and cannot be terminated for convenience during that period.

Sitecore’s prices are based on a committed term as set forth in our Order.

The Agreement or an Order may still be terminated for cause as set forth in the Agreement – e.g., due to material breach.

Liability and Indemnity – what is Sitecore’s approach?

Liability and indemnity provisions are important elements of our Agreement. 

We have adopted a balanced approach to liability and indemnity limiting both your and Sitecore’s risk exposure. For example, we exclude indirect and similar damages for both parties and include a liability cap for direct damages equal to twelve months’ fees (see specific wording), which also applies to both parties. 

Our Agreement also includes relevant indemnities, including, for your benefit, in case a third party claims that you have infringed on their IP rights as a result of using Sitecore’s products or services. (see specific wording).

Our pricing and product/service delivery are based on this contractual approach, which reflects our risk profile and vice versa.

What is Sitecore’s Service Level Agreement (“SLA”)?

We provide SLAs for our SaaS Products and Hosted Services. The SLAs define the level of service you can expect from us as well as an explanation of the metrics by which the services are measured. You can find the Sitecore SLAs here.

Given that all our customers are on the same version of the platform and/or we apply the same standardised services across our business, we cannot modify SLAs for each individual customer, as scaling our operations without uniformity across our customer base would be impossible. 

What is the Sitecore Usage Policy?

This policy sets forth what can and cannot be done with our Cloud Products. Much of this is required by applicable law or the underlying service providers of the cloud computing platforms on which our solutions are deployed. As a result, this is required to be accepted by our customers without modification. You can find the Sitecore Usage Policy here.

Where can I find information about Generative AI functionality in Sitecore products?

You can find information about Gen AI Functionality here.

What are the different types of data?

In our Agreement, we describe two main classifications of data. They are:

  • Customer Data

Customer Data is defined as any data, including personal data, provided to Sitecore through the use of the Sitecore SaaS Products or Hosted Services. 

You own the Customer Data.

Sitecore Obligations: Sitecore stores, manages, and processes all Customer Data in accordance with the DPA.

Your Obligations: It is your responsibility to ensure that you have all necessary rights, title, interest and consent to allow Sitecore to use the Customer Data for the purposes of fulfilling our obligations under the Agreement. 

It is also your responsibility to ensure that the Customer Data provided by you does not include any Restricted Data. Restricted Data is defined as data requiring a higher standard of protection than as described in the DPA. Restricted Data includes for example financial records, credit card data and personal health information.

Sitecore’s default position is that it will not process Restricted Data and Sitecore does not have the requisite infrastructure to do so generally. 

  • Usage Data

Usage Data is defined as the data which Sitecore collects or gains access to as a result of your use of the Sitecore Products and Hosted Services, which is separate from the Customer Data provided directly by you as part of the Agreement. 

Examples include login frequency or durations, feature or functionality usage, successful connections, configuration, and page views.

Usage Data does not include Customer Data.

Sitecore Rights: Sitecore owns the Usage Data.

Sitecore will use the Usage Data for two purposes: (i) to provide the Sitecore products and services to you, and (ii) for our internal purposes to improve these products and services, provided that any such use will not disclose the identity of any of our customers or their users.

Where is Customer Data located?

Sitecore offers product-specific availability in a number of data centers across the globe to give our customers flexibility on where their data is located. Your data (defined as Customer Data in the Agreement) resides in the data center(s) selected by you. Your data within the Cloud Product will be processed, transferred to and stored wherever you choose to have your data hosted and your data will not be transferred from the data center location chosen by you without your prior consent/instruction.

Why does the DPA allow for transfers of Personal Data?

This is to allow for transfers in situations where you ask us to do so in order to provide the purchased services. If applicable, Sitecore ensures that any such transfer is via adequate transfer mechanisms, and where applicable Sitecore has put in place supplemental technical and organisational measures to ensure an adequate level of protection in the destination country in compliance with applicable law. In the DPA we make reference to the Standard Contractual Clauses as an adequate transfer mechanism to e.g., the United States (for example, if another line of business/affiliate/location is later opened and you desire to make use of a data center in the US).

What happens to my data at termination/expiration?

Sitecore will retain Customer Data in its systems for 30 days (the “Retrieval Period”) after termination of any Order for Cloud Products and make the Customer Data available for retrieval during such 30-day period.

This means, that you can access and retrieve your data for 30 days after your termination. Further information on how you can retrieve data by Sitecore product offering is available here.

After the Retrieval Period the Customer Data will be deleted (except to the limited extent we are required to keep any data – e.g., to comply with applicable law).

You can also ask Sitecore to destroy Customer Data before the end of the Retrieval Period and we will do so (except to the limited extent we are required to keep any data – e.g., to comply with applicable law).