Sitecore Privacy Policy
SITECORE PRIVACY POLICY
EFFECTIVE DATE: September 11, 2024
SITECORE AND YOU
At Sitecore, we understand the value of data and the importance of protecting it. This Sitecore Privacy Policy (“Privacy Policy”) sets out details about the information that we collect, and how we process, store and share it, both online and offline.
We urge you to read this Privacy Policy so you can understand Sitecore’s use of your information, Sitecore’s commitment to protecting all data that it receives and how you can be involved in this process. However, if this does not answer all of your questions, or if you have any feedback, we’d like to hear from you here.
This Privacy Policy should be read alongside the Sitecore Terms of Use (“Terms”) and the Sitecore Cookie Policy (“Cookie Policy”) which are both incorporated here by reference. Unless otherwise defined in this Privacy Policy, defined terms used have the same meaning as in the Terms.
WHAT THIS PRIVACY POLICY COVERS
This Privacy Policy is separated into the following sections to help you easily find the information you are looking for.
- Who We Are. This section details the Sitecore entities, subsidiaries and affiliates governed by this Privacy Policy and how information is shared internally at Sitecore.
- How we Process and Handle Data. This section gives general information on how we handle data, including information we receive from you.
- Sitecore Websites. This section describes the type of data collected from the Sitecore Sites.
- Marketing Activities. This section explains that from time to time, Sitecore will reach out to you in a variety of ways to tell you about products, services and other information we believe is relevant to you.
- Our Customer Relationships. This section describes the type of data collected through the services that we provide to our customers and users. In order to use certain services, including our product support services, as a representative of an organization which is a Sitecore customer you might need to have a user account and password.
- Processing Your Personal Information. This section details the lawful basis on which we process the information we collect.
- How We Keep Your Information Secure. This section details how Sitecore secures the data that it collects, processes and stores.
- Storage and Retention of Your Information. This section explains how Sitecore stores data and how long we will keep it.
- Cross-Border Transfers of Information and the Data Privacy Framework. This section explains how Sitecore is a global company and how we transfer data that is shared internationally.
- What is Not Covered in This Policy. This section identifies the areas that are outside the scope of this Privacy Policy and are addressed in other Sitecore policies.
- Your Choices. This section outlines your choices about certain information we collect and how we communicate with you.
- Your Privacy Rights. This section outlines how you may exercise any rights you may have under the applicable law of your jurisdiction.
- Updates and How to Contact Us. This section outlines how we communicate changes to this Privacy Policy, as well as how you may contact us regarding any questions or issues with respect to anything contained within this Privacy Policy, including how to initiate a complaint or dispute about how your information is being processed or handled by Sitecore.
SECTION 1. WHO WE ARE
In this Privacy Policy, the words “our,” “us,” “we,” and “Sitecore” refer to Sitecore Holding II A/S, a Danish limited liability company (CVR. No. 37624071) and our subsidiaries and affiliate entities worldwide., including Stylelabs, Inc., Hedgehog Development LLC, Boxever Ltd, Reflektion Inc., Four 51 Inc., and Moosend Ltd. Sitecore is a global leader in experience management software tools that combine content management, commerce, and customer insights. Sitecore products are used to empower marketers to deliver personalized content in real time and at scale across every channel in the consumer lifecycle.
We collect and use information about our website visitors (Section 3) and those that interact with our products and services (Sections 4 and 5) in order to manage your relationship with Sitecore and to better serve you by personalizing your experience and how you connect with us.
SECTION 2. HOW WE PROCESS AND HANDLE DATA
The information we collect from you depends on the nature of your relationship with us or your interaction with Sitecore’s products, services, websites and marketing events and communications. The information we collect from You (“Your Information”) may include both Personal Information and Other Information, as detailed below.
Personal Information. “Personal Information” follows the definitions under applicable law and includes “Personal Data” which, in turn, means contact and business information (such as name, title, email address), account information, license information, payment information, information from third parties, inferences drawn from the personal information provided to us, social media data and any other unique identifying information. For a detailed understanding, please see Your Information.
Other Information. For the purposes of this Privacy Policy, “Other Information” is any information that does not independently reveal your specific identity or does not directly relate to an identifiable individual. Examples include an IP address, browser type, browser language, browsing data, device information, time and date of requests, login activity and cookies. Gathering this information helps us to ensure that our websites and other services work correctly and support our visitor and customer analysis.
Cookies and Similar Technologies. As further described in our Cookie Policy, cookies are small text files containing information that is sent to us from your computer or mobile device. They are unique to your account or browser. We use cookies and similar technologies (such as web beacons, device identifiers, pixels and ad tags) to recognize you and track your activity across different Sitecore services and devices. We use cookies to collect information about the way that visitors use Sitecore Sites, to support the features and functionality of those Sites, and to personalize your experience when you use them. We use pixel tags and cookies so that we can determine interest in particular topics on our Site and improve the effectiveness of our communications.
You can control cookies and other technologies in your browser settings. You can also disable or block the use of cookies and similar technologies that track your behavior on the websites of others for third-party advertising. You may choose to consent to our use of cookies and other technologies, reject non-essential cookies, or further manage your preferences at any time by clicking on the cookie icon on the side of the screen on all our Websites.
In some instances, we may combine Other Information with Personal Information, such as deriving geographical location from your IP address and combining website browsing data about your usage of the Sitecore services with your name. If we combine Other Information with Personal Information, we will treat the combined information as Personal Information.
You are not required to share the Personal Information that we request. However, if you choose not to share such information, in some cases we might not be able to provide you with the Sitecore services, allow you to access certain specialized features of the Sitecore services or be able to effectively respond to any queries you may have. You are entitled to withhold your Personal Information and exercise Your Privacy Rights free from discrimination. This means that Sitecore will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you for exercising your rights.
Sitecore will never collect more of your Personal Information than is necessary for the intended purpose of processing that information. Some of the uses of Personal Information listed in sections 2, 3 and 4 may not be mandatory and can be controlled by you.
Please see Section 12, Your Privacy Rights (below) to learn more about how you can control the information Sitecore processes about you.
SECTION 3: SITECORE WEBSITES
Sitecore maintains control of the data provided to, collected by or for, or processed in connection to the Sitecore Sites, as defined in the Terms. We gather information about visitors to both our password-protected websites and our various publicly accessible websites, including the Sitecore.com website, various Sitecore blogs, event pages and other websites where this Privacy Policy is posted.
Details of the information we collect through our Sites, and how we process it, are below:
INFORMATION YOU PROVIDE TO US |
We may collect identifiers and Personal Information about you, such as:
We may collect this information, for example, when you request a free trial or demo or contact us via our Sites, through our Websites, online forms, online chat, and email, or when you communicate with Sitecore (we will store all communications we receive unless otherwise requested by you). If you are submitting information on behalf of another individual, you are responsible for obtaining appropriate consent, including consent to share and transfer any Personal Information across borders. |
INFORMATION WE COLLECT AUTOMATICALLY |
We may collect internet or other electronic network activity, geolocation data and draw inferences based on the information collected to personalize your experience with the Sites.
|
HOW WE USE THAT DATA |
We may use the information collected for the following purposes:
|
HOW WE SHARE THAT DATA |
We may use the information collected for the following purposes:
|
SECTION 4: MARKETING ACTIVITIES
Sitecore maintains control of the data provided to, or collected by or for, or processed in connection with certain marketing activities, such as email communications, webinars, conferences and events. We and our third-party service providers may collect information in the following ways:
Details of the information we collect through our marketing activities, and how we process it, are below:
INFORMATION YOU PROVIDE TO US |
In addition to information submitted to Sitecore through our Sites, for example when you register for a webinar, subscribe to our email newsletter or download content (such as Sitecore whitepapers), we may also collect information from you offline, such as when you attend our events in person or during phone calls with sales representatives. This may include identifiers, your voice or image, contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information. |
INFORMATION WE ACQUIRE FROM A THIRD PARTY |
To enhance Sitecore’s ability to provide relevant marketing, offers, and services to you, we may receive information about you from third parties, such as public databases, partners, lead generation services, and social media platforms. We also collect information from other sources to help us correct or supplement our records such as customer enrichment services, improve the quality or personalization of our services to you and to verify your identification in instances of suspected fraud or identity theft. This may include identifiers and contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information. In each instance we will only accept information from third parties where those third parties can demonstrate they have received all necessary consents to share such information with us. |
HOW WE USE THAT DATA |
We may use information that is collected through our marketing activities in the same way we use information collected through our Sites, as well as for the following purposes:
|
HOW WE SHARE THAT DATA |
We may share information that is collected through our marketing activities in the same way we share information collected through our Sites, as well as for the following purposes: Communicating with you regarding a Sitecore Event. We or our partners may communicate with you about events hosted or co-sponsored by Sitecore or one or more of our partners. These communications may include information about the event's content, logistics, payment, updates, or requests for additional information related to your event registration. After the event, Sitecore may contact you about the event and our related products and services and may share information about your attendance with other third parties. Sitecore may also share your information with designated event sponsors or partners who may then send you communications related to your event attendance. Please note that, during events, our partners or conference sponsors may directly request that you provide them with information about you at their conference booths or presentations. You should review their privacy policies to learn how they use information they collect. Each event may include additional privacy protection practices and terms unique to that event, included in attendee guidebooks, the event website or sponsorship agreements.
|
SECTION 5: OUR CUSTOMER RELATIONSHIPS
Sitecore provides direct training and technical support through our existing customer relationships, as well as educational and marketing services to certain partners and prospective customers through secure, password-protected portals. In these relationships, where the data is still controlled by you (the customer, partner, prospective customer), Sitecore is a processor in relation to such data.
Please note that Sitecore collects, processes and stores certain customer relationship information throughout these processes where Sitecore remains a controller, as follows:
WHAT DATA WE COLLECT AND HOW WE COLLECT IT |
The information we collect from you through our customer relationships may include the following Personal Information: Account and Profile Information. We collect information about you when you register to create an account. For example, you provide your contact information, such as your name, email address, password, and address when you register for the Services.
Sensitive Data: Sitecore does not collect Sensitive Data or Protected Health Information (“PHI”) (as such terms are defined under applicable Data Protection Laws and Regulations) unless otherwise agreed upon between Sitecore and you by way of applicable Agreement or Order Form. |
ANONYMIZED,DEIDENTIFIED, AND AGGREGATED DATA |
In addition to the information you provide to us and which we collect automatically, Sitecore also collects anonymous, deidentified, and/or aggregated information about how Sitecore’s services are used, to better design and operate our Sites. As part of our operations we might also anonymize, deidentify, or pseudonymize your information for regulatory compliance, market analysis and other Sitecore business purposes. For clarity, personal information does not include aggregated or deidentified information that is maintained in a form that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. Where we maintain anonymized or deidentified information, we will maintain and use the information in anonymized or deidentified form and not attempt to reidentify the information except as required or permitted by law. |
HOW WE USE THAT DATA |
Sitecore collects and uses customer information as necessary for the adequate performance of the contract between you as a customer and Sitecore, and in accordance with any instructions received and the applicable contract terms. We use customer, partner and prospective customer information collected through our password-protected portals in a number of ways. Using Account Generated Data. Sitecore will use account generated data in furtherance of our legitimate interests in operating the Sitecore Sites. We may use information that is collected through our customer relationships in the same way we use information collected through our Sites and Marketing Activities, as well as for the following purposes:
|
HOW WE SHARE THAT DATA |
We may share information that is collected through our customer relationships in the same way we share information collected through our Sites, as well as for the following purposes:
|
To the extent Sitecore uses or otherwise processes Personal Information for business operations incident to providing the Products and Services to Customer, Sitecore will comply with the obligations of an independent data controller, accepting the added responsibilities of a data “controller” under the GDPR to: (a) act consistent with regulatory requirements, to the extent required under GDPR; and (b) provide increased transparency to Customers and confirm Sitecore’s accountability for such processing. Sitecore employs safeguards to protect Personal Information in such processing, including those identified in this Privacy Policy and those contemplated in Article 6(4) of the GDPR.
SECTION 6. PROCESSING YOUR PERSONAL INFORMATION
We will only collect and process your Personal Information in the ways described in this Privacy Policy when we have a reason to do so.
In accordance with applicable laws, Sitecore relies on the following reasons for processing Personal Information:
- Consent (where you have given consent) We process certain Personal Information based on the consent you provided when you submitted your information. Where we rely on your consent, you have the right to withdraw or decline your consent at any time, such as consenting to receive marketing communications.
- Contract (where processing is necessary for the performance of a contract with you, i.e. to deliver the Sitecore product or services you or your organization have purchased). When information is processed under contract, you are able to terminate the contract at any time and request that information be returned to you and/or deleted.
- Legitimate interests of Sitecore or any third parties. Legitimate interests include enabling us to conduct internal business services, such as audits, mergers and acquisitions, reporting, and improving our products and services. Personal Information will only be processed on these grounds when doing so does not outweigh your rights. Where we rely on legitimate interests, you have the right to object at any time.
- Compliance with laws (where we are required to process information to comply with applicable laws) If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide your information).
SECTION 7. HOW WE KEEP YOUR INFORMATION SECURE
We have implemented and maintain technical, administrative and physical security measures designed to protect Your Information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. To demonstrate our commitment to protecting Your Information, Sitecore maintains a number of compliance certifications in accordance with strict regulatory and industry standards. To learn more about current practices and policies regarding security and confidentiality of the Services, please visit Sitecore’s Legal Hub.
We regularly review our security procedures to maintain the confidentiality, integrity, availability and resilience of all data both online and offline. These security procedures and measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology but include firewalls, data encryption, physical access controls and information access authorization controls. We take steps to regularly monitor our systems for vulnerabilities and to ensure that we only share information with those who need to know it.
However, no website or internet transmission is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us. You are responsible for securing and maintaining the privacy of any password(s) and account registration information uses with Sitecore and verifying that the information we maintain about you is accurate and current. We are not responsible for protecting any information that we share with a third party based on an account connection that you have authorized.
We require that our third-party service providers and partners agree to keep the information we share with them confidential and to use the information only to perform their obligations in the agreements we have in place with them. Sitecore has implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are at least as consistent with our own policies and practices.
We maintain a list of our current sub-processors of Personal Information and keep Sitecore’s Legal Hub updated with security and related information.
SECTION 8. STORAGE AND RETENTION OF YOUR INFORMATION
Sitecore is a global company and your information is stored on regional servers depending on your location and the locations of the servers of the companies we hire to provide services to us based on contractual requirements.
We will retain your Personal Information for the length of time needed to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law, or unless the information is deleted pursuant to the exercise of your rights. We may also retain cached or archived copies of information provided to us. The deletion of your Personal Information and other use of our Sites may result in the deletion and/or de-identification of Other Information that is retained by us.
SECTION 9. CROSS-BORDER TRANSFERS OF INFORMATION AND THE DATA PRIVACY FRAMEWORK
Sitecore has entered into and executed an agreement for the international transfer of personal information within the Sitecore group of companies ("Intra-Company Agreement") which governs the processing of your Personal Information by Sitecore entities. The Intra-Company Agreement also incorporates the European Union Model Clauses requirements for transfers of your Personal Information.
Sitecore is a global company with business processes, management structures and technical systems that cross-national borders. This means that your Personal Information may be transferred internally to Sitecore Affiliates and externally to third parties (including partners and service providers) across international borders for the purposes described in this Privacy Policy. Sitecore transfers data only in accordance with legally approved transfer mechanisms that are appropriate under applicable data protection laws, including the European Union Model Clauses, the United Kingdom International Data Transfer Addendum, the Swiss Addendum to EU Model Clauses and, if applicable, the Data Privacy Framework. Click here to learn more about how Sitecore complies with the Data Privacy Framework.
SECTION 10. WHAT IS NOT COVERED IN THIS POLICY
Please note that this Privacy Policy applies only to your relationship with Sitecore through your use of Sitecore’s Sites, products, services, events, trainings, communications, and marketing and advertising activities.
Sitecore Partners who provide implementation and other solution services may also gather information. As a result, you may want to consult those parties’ privacy policies as they may be applicable to you.
Please note that in using our services, we may provide links to other websites or third parties to directly provide information relevant to your use of Sitecore products. We will provide notice when we do this. Any interactions you have with these websites are beyond the control of Sitecore. The Site provides links to websites and access to content, products and services of third parties, including users, advertisers, partners and sponsors of the Site, and such third-party websites, content, products or services are governed by the respective third-party’s website terms and conditions of use.
If you are a Sitecore employee, please refer to our Employee Privacy Notice available on the Sitecore intranet.
SECTION 11. YOUR CHOICES
You have choices about certain information we collect about you, how we communicate with you, and how we process certain information. Please be aware that, if you do not allow us to collect your information from you, we may not be able to deliver certain products and services to you, and some of the Sitecore services may not be able to take account of your interests and preferences.
Your choices. In accordance with applicable law, you may be entitled to exercise your rights and choices as follows:
- Account settings. You may update your profile, your account and any related information at any time to ensure that information is up-to-date or delete inaccuracies, further details here.
- Devices and browsers. Some of our mobile services use your device’s location information. You can adjust the setting of your mobile device at any time to control whether your device communicates this location information.
- Communications from Sitecore. We may use your information to communicate with you by email, including sending you transactional or marketing emails. Sitecore enables you to opt out of marketing communications. Some communications you may receive from us are not considered marketing emails, such as communications related to product download, sales transactions, software updates and other support-related information, patches and fixes, security alerts, events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Such transactional emails are not subject to general opt-out. Some additional communications you may receive from our partners may also not be subject to general-opt out, including product alerts, updates, and other notices related to partner status. You can tell us to stop sending you marketing emails by clicking the unsubscribe link included at the bottom of Sitecore’s marketing emails or updating your preferences here. If you have any issues unsubscribing, you may contact us directly through here.
- Cookies. You may choose to consent to our use of cookies and other technologies, reject non-essential cookies, or further manage your preferences at any time by clicking on the cookie icon on the side of the screen on all our Sites. Some web browsers (including mobile web browsers) also provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features or functionalities available through our services. For more information, please see our Cookie Policy, which includes information on how to control or opt-out of these cookies and tracking technologies.
SECTION 12. YOUR PRIVACY RIGHTS
You have certain privacy rights regarding our collection and processing of your Personal Information. You may exercise these rights, to the extent they apply to you. Your privacy rights may vary depending on where you are located. See “Your European and UK Privacy Rights” and “Your U.S. Privacy Rights” for more information about certain legal rights.
YOUR EUROPEAN AND UK PRIVACY RIGHTS
European Union and UK privacy law provide individuals with enhanced rights in respect of their Personal Information. These rights may include, depending on the circumstances surrounding the processing of Personal Information:
- Data Access. You may request access to the Personal Information we hold about you and request that we edit or delete them.
- Data Portability. You are entitled to request copies of Personal Information that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
- Deletion or “Right to be Forgotten.” You may be able to have your Personal Information deleted or erased.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Manage your Information. You may choose whether you wish to receive material from us or some of our partners. Please let us know by contacting us.
- Withdrawing consent. If the processing of your Personal Information is based on your consent, you may withdraw your consent at any time as to future processing.
- Objecting to or restricting use of Personal Information. You can ask us to stop using all or some of your Personal Information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your Personal Information is inaccurate or unlawfully held).
YOUR U.S. PRIVACY RIGHTS
In addition to the above-listed rights, you can exercise your privacy rights under applicable U.S. privacy laws. For residents of the States of California, Colorado, Connecticut, Nevada, Utah and Virginia, these additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Policy by providing additional information about our personal data processing practices relating to individual residents of these States. For a detailed description of how we collect, use, disclose, and otherwise process personal data in connection with our services, please visit our Privacy Policy. Unless otherwise expressly stated, all terms defined in our Privacy Policy retain the same meaning in these U.S. Disclosures.
Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
- Information. You have a right to request information about our collection, use, and disclosure of your Personal Information over the prior 12 months, and ask that we provide you with the following information:
- The categories of Personal Information we have collected about you.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting, using, or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Access and Portability. You have a right to request a copy of all the Personal Information that we have collected about you during the past 12 months.
- Opt-out. You have the right to direct us not to “sell” personal information we have collected about you to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
- Deletion. You have a right to request that we delete the Personal Information that we have collected about you during the past 12 months.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Right to Appeal. In the event that we decline to take action on a request exercising one of your rights set forth above, you have the right to appeal our decision.
- Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
- Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
- Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.
- Non-discrimination.You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
HOW TO EXERCISE YOUR PRIVACY RIGHTS
To submit a request to exercise one of the privacy rights identified above, please submit a request by:
- Filling our Privacy Rights Form
- Emailing privacy@sitecore.com with the subject line “Data Subject Rights Request”
- Calling toll-free 1 (800) 461-9330.
We may need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. We will only use personal information provided in connection with a Consumer Rights Request to review and comply with the request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising
Unless you have exercised your Right to Opt-Out, and as detailed in the Your Privacy Choices section of these U.S. Disclosures, we may disclose or “sell” your personal information to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies.
You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
To exercise the Right to Opt-Out, you may submit a request by clicking the links below:
- Cookies-based Opt-Out (Do Not Sell or Share My Personal Information). To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please click here. Please note this opt out is browser specific. You must reset your preferences if you clear cookies or use a different browser or device.
- Opt-Out of “Selling” of Personal Information. In limited circumstances we may share your personal information (such as your name, e-mail address, postal address, and phone number) with third parties who may use such information for their own commercial or business purposes. To opt out of such sharing, please fill out our Privacy Rights Form.
Authorized Agents
In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the applicable privacy law) to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.
For requests to know, delete, or correct personal information, we require the following for verification purposes: (a) a power of attorney valid under the laws of the state where you reside from you or your authorized agent; or (b) sufficient evidence to show that you have: (i) provided the authorized agent signed permission to act on your behalf; and (ii) verified your own identity directly with us pursuant to the instructions set forth in these U.S. Disclosures; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.
For requests to opt-out of personal information “sales” or “sharing”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted using the Privacy Rights Form
CALIFORNIA-SPECIFIC DISCLOSURES
The following disclosures only apply to residents of the State of California.
- Personal Information Collection. In the last twelve (12) months, we may have collected the following categories of personal information: identifiers, contact information, account information, log data, device information, location information and inferences generated from your use of our sites. For more information about our collection of personal information, the sources of personal information, and how we use this information, please see Sections 1 – 6 of our Privacy Policy.
- Disclosure of Personal Information. In the last twelve (12) months, we may have disclosed all of the categories of information we collect with third parties for a business purpose, as described in Section 3 – Sitecore Websites: How We Share Your Data section of the Privacy Policy. The categories of third parties to whom we sell or disclose your personal information for a business purpose include:
- Sharing with Sitecore Affiliates;
- Sharing with third-party service providers;
- Sharing with ad technology providers; and
- Advertising networks and media platforms;
- Social media networks.
- Any entity we engaging in corporate transactions which includes any potential merger or acquisition.
- Sales of Personal Information and Sharing for Targeted Advertising. In the previous twelve (12) months, we may have sold or shared for targeted advertising purposes the following categories of personal information to third parties, subject to your settings and preferences and your Right to Opt-Out:
- Online identifiers
- Commercial or transactions information
- Internet / network Information
- Geolocation data
- Inferences data (e.g., consumer information or preferences)
- Minors. We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under 16 years of age. If we wish to do so in the future, we will first seek affirmative authorization form either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us at [email] to inform us if you, or your minor child, are under the age of 16. If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at privacy@sitecore.com. We may not be able to modify or delete your information in all circumstances. If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal information and you are authorized to submit the request on your child’s behalf (i.e., you are the child’s legal guardian or authorized representative).
- “Shine the Light”. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at privacy@sitecore.com. We have determined that the value of these programs and other incentives are reasonably related to the value of the personal data we receive and otherwise process in connection with these programs and offerings, based on our reasonable but sole determination. We estimate the value of the personal data we receive and otherwise process in connection with these programs and offerings by considering the expense we incur in collecting and processing the personal data, as well as the expenses related to facilitating the program or offering. The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer. Participating in any financial incentive program is entirely optional and participants may withdraw from the program at any time. To opt-out of the program and forgo any ongoing incentives, please follow the instructions in the program’s terms and conditions or contact us using the contact information below.
SECTION 13. UPDATES AND HOW TO CONTACT US
Updates to this privacy statement
From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or to reflect any changes in how we process information. Any changes to this Privacy Policy will be effective when we post the revised Privacy Policy on this website. The Effective Date at the top of this Privacy Policy states when this Privacy Policy came into effect and serves as notice of any updates. Your use of the Sitecore Site or Content provided following these changes means you accept the revised Privacy Policy.
To see prior versions of our privacy policy, please click here.
Contact us
If you believe your Personal Information has been used in a way that is not consistent with this Privacy Policy or your specified preferences, or if you have further questions related to this Privacy Policy or Sitecore’s Data Privacy Framework certification, we encourage you to please contact our Data Protection team at the address below or by emailing: privacy@sitecore.com.
Written inquiries may be addressed to our Data Protection Officer at:
Data Protection Officer
Sitecore
44 Montgomery Street
Suite 3340
San Francisco, CA
94104
Complaints and dispute resolution
For European residents, we have chosen the EU Data Protection Authorities (EU DPAs), and for United Kingdom residents, we have chosen the Information Commissioner’s Office to serve as an independent recourse mechanism for dispute resolution arising from collection, use, and retention of Personal Information transferred from EU member countries and the United Kingdom to the United States.
In compliance with the Data Privacy Framework Principles, Sitecore commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework certification or privacy practices should first contact us at privacy@sitecore.com.
Sitecore has further committed to cooperating and complying with relevant authorities with regard to the transfer of data from the UK, EU and Switzerland. If you feel that you have not received a timely or satisfactory response from us to your question or complaint, you may contact your UK ICO here, local EU DPA here or, for Swiss individuals, the Swiss Federal Data Protection and Information Commissioner (FDPIC) here (at no cost to you) for more information or to file a complaint.
In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.
APPENDIX A
ADDITIONAL PRIVACY INFORMATION
1. YOUR INFORMATION
- Account information. Information related to the account you create, such as account ID and password.
- Registration information. Information you submit to us when you sign up for or attend a Sitecore training, conference, webinar, or other such educational or promotional event (collectively “Event”).
- License information. Information regarding your licensed Sitecore product or software, such as license ID, support and maintenance levels, license usage reports and other license data.
- Payment information. Information necessary to process payment such as billing address, transaction history, payment and financial information which may include credit card information is collected only in relation to purchased tickets for marketing events and training. Sitecore uses a third-party service to do this and does not store any payment information.
- Information from third parties. Information we may obtain from third parties about your interests or your company. For instance, to keep our databases current and to provide you with relevant content and experiences, we may combine your personal information with other sources, in accordance with applicable law. For example, we may learn about the name, size, industry and location of the company your work for from these sources.
- Social media data. We may provide social media features that enable you to share information through your social networks and to interact with us on social media sites. Additionally, in order to use some features of Sitecore’s websites, you must first complete the registration process, which may also occur via your single sign on social media account. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites. Further, you acknowledge that when you provide credentials to access or authenticate your single sign on social media account such as Facebook.com, LinkedIn.com, or other third-party services, Sitecore is not responsible for the security of your password, credentials, or other Personal Information stored or provided by such services.
OTHER UNIQUE IDENTIFYING INFORMATION
Examples include information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of the Sitecore Services and to respond to your inquiries.
2. HOW SITECORE COMPLIES WITH THE DATA PRIVACY FRAMEWORK
Sitecore complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sitecore has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sitecore has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in Sitecore’s Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Sitecore has certified to the Department of Commerce that it adheres to the Data Protection Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. If there is any conflict between the terms of any Sitecore privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.
As required under the principles, when Sitecore receives information under the Data Privacy Framework and then transfers it to a third party service provider acting as an agent on behalf of Sitecore, Sitecore has certain liability for the onward processing of Personal Data under the Data Privacy Framework if both (i) the agent processes the information in a manner inconsistent with the Data Privacy Framework and (ii) Sitecore is responsible for the event giving rise to the damage.
If you have an inquiry regarding our privacy practices in relation to our Data Privacy Framework, we encourage you to contact us to respond or resolve your query.
The Federal Trade Commission has jurisdiction over Sitecore’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.