Sitecore Privacy Policy

SITECORE PRIVACY POLICY
EFFECTIVE DATE: September 11, 2024

SITECORE AND YOU

At Sitecore, we understand the value of data and the importance of protecting it. This Sitecore Privacy Policy (“Privacy Policy”) sets out details about the information that we collect, and how we process, store and share it, both online and offline.

We urge you to read this Privacy Policy so you can understand Sitecore’s use of your information, Sitecore’s commitment to protecting all data that it receives and how you can be involved in this process. However, if this does not answer all of your questions, or if you have any feedback, we’d like to hear from you here.

This Privacy Policy should be read alongside the Sitecore Terms of Use (“Terms”) and the Sitecore Cookie Policy (“Cookie Policy”) which are both incorporated here by reference. Unless otherwise defined in this Privacy Policy, defined terms used have the same meaning as in the Terms.

WHAT THIS PRIVACY POLICY COVERS

This Privacy Policy is separated into the following sections to help you easily find the information you are looking for.

  1. Who We Are. This section details the Sitecore entities, subsidiaries and affiliates governed by this Privacy Policy and how information is shared internally at Sitecore.
  2. How we Process and Handle Data. This section gives general information on how we handle data, including information we receive from you.
  3. Sitecore Websites. This section describes the type of data collected from the Sitecore Sites.
  4. Marketing Activities. This section explains that from time to time, Sitecore will reach out to you in a variety of ways to tell you about products, services and other information we believe is relevant to you.
  5. Our Customer Relationships. This section describes the type of data collected through the services that we provide to our customers and users. In order to use certain services, including our product support services, as a representative of an organization which is a Sitecore customer you might need to have a user account and password.
  6. Processing Your Personal Information. This section details the lawful basis on which we process the information we collect.
  7. How We Keep Your Information Secure. This section details how Sitecore secures the data that it collects, processes and stores.
  8. Storage and Retention of Your Information. This section explains how Sitecore stores data and how long we will keep it.
  9. Cross-Border Transfers of Information and the Data Privacy Framework. This section explains how Sitecore is a global company and how we transfer data that is shared internationally.
  10. What is Not Covered in This Policy. This section identifies the areas that are outside the scope of this Privacy Policy and are addressed in other Sitecore policies.
  11. Your Choices. This section outlines your choices about certain information we collect and how we communicate with you.
  12. Your Privacy Rights. This section outlines how you may exercise any rights you may have under the applicable law of your jurisdiction.
  13. Updates and How to Contact Us. This section outlines how we communicate changes to this Privacy Policy, as well as how you may contact us regarding any questions or issues with respect to anything contained within this Privacy Policy, including how to initiate a complaint or dispute about how your information is being processed or handled by Sitecore.

SECTION 1. WHO WE ARE

In this Privacy Policy, the words “our,” “us,” “we,” and “Sitecore” refer to Sitecore Holding II A/S, a Danish limited liability company (CVR. No. 37624071) and our subsidiaries and affiliate entities worldwide., including Stylelabs, Inc., Hedgehog Development LLC, Boxever Ltd, Reflektion Inc., Four 51 Inc., and Moosend Ltd. Sitecore is a global leader in experience management software tools that combine content management, commerce, and customer insights. Sitecore products are used to empower marketers to deliver personalized content in real time and at scale across every channel in the consumer lifecycle.

We collect and use information about our website visitors (Section 3) and those that interact with our products and services (Sections 4 and 5) in order to manage your relationship with Sitecore and to better serve you by personalizing your experience and how you connect with us.

SECTION 2. HOW WE PROCESS AND HANDLE DATA

The information we collect from you depends on the nature of your relationship with us or your interaction with Sitecore’s products, services, websites and marketing events and communications. The information we collect from You (“Your Information”) may include both Personal Information and Other Information, as detailed below.

Personal Information. “Personal Information” follows the definitions under applicable law and includes “Personal Data” which, in turn, means contact and business information (such as name, title, email address), account information, license information, payment information, information from third parties, inferences drawn from the personal information provided to us, social media data and any other unique identifying information. For a detailed understanding, please see Your Information.

Other Information. For the purposes of this Privacy Policy, “Other Information” is any information that does not independently reveal your specific identity or does not directly relate to an identifiable individual. Examples include an IP address, browser type, browser language, browsing data, device information, time and date of requests, login activity and cookies. Gathering this information helps us to ensure that our websites and other services work correctly and support our visitor and customer analysis.

Cookies and Similar Technologies. As further described in our Cookie Policy, cookies are small text files containing information that is sent to us from your computer or mobile device. They are unique to your account or browser. We use cookies and similar technologies (such as web beacons, device identifiers, pixels and ad tags) to recognize you and track your activity across different Sitecore services and devices. We use cookies to collect information about the way that visitors use Sitecore Sites, to support the features and functionality of those Sites, and to personalize your experience when you use them. We use pixel tags and cookies so that we can determine interest in particular topics on our Site and improve the effectiveness of our communications.

You can control cookies and other technologies in your browser settings. You can also disable or block the use of cookies and similar technologies that track your behavior on the websites of others for third-party advertising. You may choose to consent to our use of cookies and other technologies, reject non-essential cookies, or further manage your preferences at any time by clicking on the cookie icon on the side of the screen on all our Websites.

In some instances, we may combine Other Information with Personal Information, such as deriving geographical location from your IP address and combining website browsing data about your usage of the Sitecore services with your name. If we combine Other Information with Personal Information, we will treat the combined information as Personal Information.

You are not required to share the Personal Information that we request. However, if you choose not to share such information, in some cases we might not be able to provide you with the Sitecore services, allow you to access certain specialized features of the Sitecore services or be able to effectively respond to any queries you may have. You are entitled to withhold your Personal Information and exercise Your Privacy Rights free from discrimination. This means that Sitecore will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you for exercising your rights.

Sitecore will never collect more of your Personal Information than is necessary for the intended purpose of processing that information. Some of the uses of Personal Information listed in sections 2, 3 and 4 may not be mandatory and can be controlled by you.

Please see Section 12, Your Privacy Rights (below) to learn more about how you can control the information Sitecore processes about you.

SECTION 3: SITECORE WEBSITES

Sitecore maintains control of the data provided to, collected by or for, or processed in connection to the Sitecore Sites, as defined in the Terms. We gather information about visitors to both our password-protected websites and our various publicly accessible websites, including the Sitecore.com website, various Sitecore blogs, event pages and other websites where this Privacy Policy is posted.

Details of the information we collect through our Sites, and how we process it, are below:

INFORMATION YOU PROVIDE TO US

We may collect identifiers and Personal Information about you, such as:

  • Contact Information, including first and last name, email address and physical address to communicate with you directly, and to send you marketing communications in accordance with your preferences.
  • Account Information, including first and last name, email address, physical address, user ID profile information, account balances, payment and purchase history information, and any other information you provide to us.
  • Inquiry and Communications Information, including information provided in custom messages sent through the forms, in chat messages, to one of our email addresses, or via phone.

We may collect this information, for example, when you request a free trial or demo or contact us via our Sites, through our Websites, online forms, online chat, and email, or when you communicate with Sitecore (we will store all communications we receive unless otherwise requested by you).

If you are submitting information on behalf of another individual, you are responsible for obtaining appropriate consent, including consent to share and transfer any Personal Information across borders.

INFORMATION WE COLLECT AUTOMATICALLY

We may collect internet or other electronic network activity, geolocation data and draw inferences based on the information collected to personalize your experience with the Sites.

  • Log data. As with most internet technology services, our servers automatically collect information when you access or use our Sites and record it in log files. This log may include IP address, usage data, browser type, the date and time the Site was accessed, and language preferences cookies (if enabled).
  • Device Information. Sitecore collects data about devices accessing the Sites, which may include the type of device, device settings, application IDs, and unique identifiers. Whether we collect any or all of this information will depend on the type of device used and how it has been configured by you.
  • Location Information. We receive data from you and other third parties that helps us to track an approximate device location. We may use, for example, an IP address detected by your browser or device to determine device location. We may also collect information from devices in accordance with the consent process provided by your device.
  • Third Parties. We use and permit select third parties to use automatic data collection tools to collect information using website tracking technologies such as cookies, web beacons, embedded URLs, pixels, widgets, buttons or other similar technologies. These can be disabled by you.
HOW WE USE THAT DATA

We may use the information collected for the following purposes:

  • To improve the operation of the Sites;
  • To engage in research and development of the Sites and Sitecore’s product offerings;
  • To conduct ordinary business operations such as sales, marketing, support, education and training;
  • To engage in corporate reporting and management;
  • To recruit employees for Sitecore;
  • To conduct market research;
  • To maintain a safe and trusted environment for Sitecore employees, customers, Site visitors and members of the public; and
  • To conduct other similar uses pertaining to the Sitecore Sites.
HOW WE SHARE THAT DATA

We may use the information collected for the following purposes:

  • Sharing with Sitecore Affiliates. We may share your information with our Sitecore entities worldwide for the purposes described in this Privacy Policy. As part of our company, our Sitecore entities are subject to this Privacy Policy, and our internal privacy policies and data protection requirements are regularly communicated to all of our employees as part of our mandatory compliance training.
  • Sharing with third-party service providers. We retain third-party service providers to manage or support certain aspects of our business. These third-party service providers may be located globally and may provide services to us such as website hosting, data analysis, advertising and marketing services, data hosting, live-chat and helpdesk services, providing information technology infrastructure, customer service, customer support, email delivery, credit card processing, auditing and other similar services. Sitecore's third-party service providers may also utilize artificial intelligence and generative artificial intelligence capabilities to analyze data, determine trends, make predictions and create AI-generated responses or other content for the purposes and pursuant to the legal bases described in Section 9 below. Our third-party service providers are contractually bound to safeguard any Personal Information they receive from us and they are prohibited from using such Personal Information for any purpose other than to perform the services as instructed by Sitecore. Click here for a list of Sitecore’s support-related third-party service providers.
  • Sharing with ad networks and advertising providers. We may provide information we collect to ad technology providers so that they may recognize your devices and deliver interest-based content to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or anonymized form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in an anonymized form. Additionally, we allow direct advertisers and other third parties (such as select retail partners) to place cookies on our Sites to allow them to show you advertisements both on and off the Sitecore Sites. We may use remarketing tags (e.g., Google, DoubleClick, Twitter) to allow our partners to advertise products which you have browsed on our site. However, we do not share any information with these advertisers and third parties that will directly identify you. By clicking on those advertisements, you are communicating with those advertisers and other third parties directly (including the ad networks, ad-serving companies, and other service providers they may in turn use).
  • Engaging in corporate transactions. Circumstances may arise where we may buy or sell assets or businesses as part of a sale, merger or change in control of Sitecore. In such transactions, we may disclose or transfer your information, in accordance with this Privacy Policy, to prospective or actual purchasers or receive your information from sellers. Any entity which buys us, or part of our business will have the right to continue to use the information we have collected and stored, but only in the manner set out in this Privacy Policy.
  • Complying with law / protecting legal rights. We may be required to disclose your information to comply with applicable laws (including laws outside of your country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection and prevention.

 

SECTION 4: MARKETING ACTIVITIES

Sitecore maintains control of the data provided to, or collected by or for, or processed in connection with certain marketing activities, such as email communications, webinars, conferences and events. We and our third-party service providers may collect information in the following ways:

Details of the information we collect through our marketing activities, and how we process it, are below:

INFORMATION YOU PROVIDE TO US

In addition to information submitted to Sitecore through our Sites, for example when you register for a webinar, subscribe to our email newsletter or download content (such as Sitecore whitepapers), we may also collect information from you offline, such as when you attend our events in person or during phone calls with sales representatives. This may include identifiers, your voice or image, contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information.

INFORMATION WE ACQUIRE FROM A THIRD PARTY

To enhance Sitecore’s ability to provide relevant marketing, offers, and services to you, we may receive information about you from third parties, such as public databases, partners, lead generation services, and social media platforms. We also collect information from other sources to help us correct or supplement our records such as customer enrichment services, improve the quality or personalization of our services to you and to verify your identification in instances of suspected fraud or identity theft. This may include identifiers and contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, and any inferences which may be drawn from the above information. In each instance we will only accept information from third parties where those third parties can demonstrate they have received all necessary consents to share such information with us.

HOW WE USE THAT DATA

We may use information that is collected through our marketing activities in the same way we use information collected through our Sites, as well as for the following purposes:

  • To verify your identity if required (for example, for payment of a ticket to a Sitecore event);
  • To tailor marketing to your interests, or to recommend products and services that may be of interest to you;
  • To contact you with business, marketing and sales communications that you have agreed to receive such as newsletters, announcements, and special offers;
  • To contact you to notify you of upcoming events that you have registered for (via email, text message or other communication channel where you have agreed to receive notifications);
  • To update and improve Sitecore services and product offerings;
  • To engage in corporate reporting and management;
  • To conduct market research; and
  • To conduct other similar uses pertaining to Sitecore’s Marketing Activities.
HOW WE SHARE THAT DATA

We may share information that is collected through our marketing activities in the same way we share information collected through our Sites, as well as for the following purposes:

Communicating with you regarding a Sitecore Event. We or our partners may communicate with you about events hosted or co-sponsored by Sitecore or one or more of our partners. These communications may include information about the event's content, logistics, payment, updates, or requests for additional information related to your event registration. After the event, Sitecore may contact you about the event and our related products and services and may share information about your attendance with other third parties. Sitecore may also share your information with designated event sponsors or partners who may then send you communications related to your event attendance. Please note that, during events, our partners or conference sponsors may directly request that you provide them with information about you at their conference booths or presentations. You should review their privacy policies to learn how they use information they collect. Each event may include additional privacy protection practices and terms unique to that event, included in attendee guidebooks, the event website or sponsorship agreements.

  • Engaging in advertising. We may provide you with personalized promotional offers (in accordance with your privacy preferences regarding Sitecore services and other selected partner websites). For example, you might see an advertisement on a partner site for a product that you have recently viewed on a Sitecore Site. This may involve the use of cookies. We also partner with third parties to display advertising within the Sitecore services and we contract with service providers to place advertisements on websites owned by third parties. Sometimes this will be achieved by sharing your Personal Information as described in the Cookie Policy.

 

SECTION 5: OUR CUSTOMER RELATIONSHIPS

Sitecore provides direct training and technical support through our existing customer relationships, as well as educational and marketing services to certain partners and prospective customers through secure, password-protected portals. In these relationships, where the data is still controlled by you (the customer, partner, prospective customer), Sitecore is a processor in relation to such data.

Please note that Sitecore collects, processes and stores certain customer relationship information throughout these processes where Sitecore remains a controller, as follows:

WHAT DATA WE COLLECT AND HOW WE COLLECT IT

The information we collect from you through our customer relationships may include the following Personal Information:

Account and Profile Information. We collect information about you when you register to create an account. For example, you provide your contact information, such as your name, email address, password, and address when you register for the Services.

  • Information you provide through our support channels. As part of the product support process, customers must consent to the processing and transfer by our support team of the data they submit, including any of the customer’s end user data they may submit in the support process. This may include identifiers and contact information, Personal Information, professional or employment-related information, internet or other electronic network activity information, commercial information and any inferences drawn from the above information.
  • Payment Information. We collect payment and billing information, such as credit card numbers, when you register for certain paid Services.
  • Information we collect automatically when you use the Services. We collect information about you when you use our services, including browsing history, search history, and your interactions with our Sites and within the Services.
  • Device Information. We collect information about your device, including the operating system and version, browser type, IP address, referring URLs, device configuration, and device identifiers.
  • Information you provide through our Sites and Services. We may collect other information that you submit to our Sites and Services. 
  • Cookies and other Tracking Technologies. Sitecore uses cookies and other tracking technologies (e.g., web beacons, device identifiers, and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookie Policy, which includes information on how to control or opt-out out of these cookies and tracking technologies.

Sensitive Data: Sitecore does not collect Sensitive Data or Protected Health Information (“PHI”) (as such terms are defined under applicable Data Protection Laws and Regulations) unless otherwise agreed upon between Sitecore and you by way of applicable Agreement or Order Form.

ANONYMIZED,DEIDENTIFIED, AND AGGREGATED DATA

In addition to the information you provide to us and which we collect automatically, Sitecore also collects anonymous, deidentified, and/or aggregated information about how Sitecore’s services are used, to better design and operate our Sites. As part of our operations we might also anonymize, deidentify, or pseudonymize your information for regulatory compliance, market analysis and other Sitecore business purposes. For clarity, personal information does not include aggregated or deidentified information that is maintained in a form that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. Where we maintain anonymized or deidentified information, we will maintain and use the information in anonymized or deidentified form and not attempt to reidentify the information except as required or permitted by law.

HOW WE USE THAT DATA

Sitecore collects and uses customer information as necessary for the adequate performance of the contract between you as a customer and Sitecore, and in accordance with any instructions received and the applicable contract terms. We use customer, partner and prospective customer information collected through our password-protected portals in a number of ways.

Using Account Generated Data. Sitecore will use account generated data in furtherance of our legitimate interests in operating the Sitecore Sites. We may use information that is collected through our customer relationships in the same way we use information collected through our Sites and Marketing Activities, as well as for the following purposes:

  • To verify your identity if required (for example, for security reasons to gain access to an account)
  • To prevent fraudulent activities, such as fraudulent purchases
  • To monitor use of the product to ensure compliance with Sitecore’s Terms of Use
  • To provide customer support services, problem solution support and enhancing your customer experience – we use the data (which can include communications with Sitecore employees through our Customer Success team) to investigate, respond to and resolve complaints and service issues
  • To monitor license compliance
  • To provide transaction support, including fulfilment of purchased licenses and to communicate with you about those requests
  • To provide notification of bug fixes and security patches
  • To personalize service offerings and advertise to you any products which may be relevant and of interest
  • To review and respond to queries or feedback that you may provide to us
  • Credit Card information using third-party processors for purchased training / events
  • To monitor and record calls for training, quality assurance and support purposes
  • To conduct market research
  • To conduct other similar uses pertaining to our relationships with Sitecore’s customers
HOW WE SHARE THAT DATA

We may share information that is collected through our customer relationships in the same way we share information collected through our Sites, as well as for the following purposes:

  • Sharing with Sitecore partners. Sitecore regularly engages third-party technology and implementation partners for joint sales or product promotions. Such activities will always reference the partners involved. We contract with our partners for these activities and our partners may have access to your Personal Information, and either Sitecore or our partners may use that information to provide you with sales or product promotion information, further subject to such partners’ own privacy policies.

To the extent Sitecore uses or otherwise processes Personal Information for business operations incident to providing the Products and Services to Customer, Sitecore will comply with the obligations of an independent data controller, accepting the added responsibilities of a data “controller” under the GDPR to: (a) act consistent with regulatory requirements, to the extent required under GDPR; and (b) provide increased transparency to Customers and confirm Sitecore’s accountability for such processing. Sitecore employs safeguards to protect Personal Information in such processing, including those identified in this Privacy Policy and those contemplated in Article 6(4) of the GDPR.

 

SECTION 6. PROCESSING YOUR PERSONAL INFORMATION

We will only collect and process your Personal Information in the ways described in this Privacy Policy when we have a reason to do so.

In accordance with applicable laws, Sitecore relies on the following reasons for processing Personal Information:

  • Consent (where you have given consent) We process certain Personal Information based on the consent you provided when you submitted your information. Where we rely on your consent, you have the right to withdraw or decline your consent at any time, such as consenting to receive marketing communications.
  • Contract (where processing is necessary for the performance of a contract with you, i.e. to deliver the Sitecore product or services you or your organization have purchased). When information is processed under contract, you are able to terminate the contract at any time and request that information be returned to you and/or deleted.
  • Legitimate interests of Sitecore or any third parties. Legitimate interests include enabling us to conduct internal business services, such as audits, mergers and acquisitions, reporting, and improving our products and services. Personal Information will only be processed on these grounds when doing so does not outweigh your rights. Where we rely on legitimate interests, you have the right to object at any time.
  • Compliance with laws (where we are required to process information to comply with applicable laws) If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide your information).

SECTION 7. HOW WE KEEP YOUR INFORMATION SECURE

We have implemented and maintain technical, administrative and physical security measures designed to protect Your Information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. To demonstrate our commitment to protecting Your Information, Sitecore maintains a number of compliance certifications in accordance with strict regulatory and industry standards. To learn more about current practices and policies regarding security and confidentiality of the Services, please visit Sitecore’s Legal Hub.

We regularly review our security procedures to maintain the confidentiality, integrity, availability and resilience of all data both online and offline. These security procedures and measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology but include firewalls, data encryption, physical access controls and information access authorization controls. We take steps to regularly monitor our systems for vulnerabilities and to ensure that we only share information with those who need to know it.

However, no website or internet transmission is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us. You are responsible for securing and maintaining the privacy of any password(s) and account registration information uses with Sitecore and verifying that the information we maintain about you is accurate and current. We are not responsible for protecting any information that we share with a third party based on an account connection that you have authorized.

We require that our third-party service providers and partners agree to keep the information we share with them confidential and to use the information only to perform their obligations in the agreements we have in place with them. Sitecore has implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are at least as consistent with our own policies and practices.

We maintain a list of our current sub-processors of Personal Information and keep Sitecore’s Legal Hub updated with security and related information.

SECTION 8. STORAGE AND RETENTION OF YOUR INFORMATION

Sitecore is a global company and your information is stored on regional servers depending on your location and the locations of the servers of the companies we hire to provide services to us based on contractual requirements.

We will retain your Personal Information for the length of time needed to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law, or unless the information is deleted pursuant to the exercise of your rights. We may also retain cached or archived copies of information provided to us. The deletion of your Personal Information and other use of our Sites may result in the deletion and/or de-identification of Other Information that is retained by us.

SECTION 9. CROSS-BORDER TRANSFERS OF INFORMATION AND THE DATA PRIVACY FRAMEWORK

Sitecore has entered into and executed an agreement for the international transfer of personal information within the Sitecore group of companies ("Intra-Company Agreement") which governs the processing of your Personal Information by Sitecore entities. The Intra-Company Agreement also incorporates the European Union Model Clauses requirements for transfers of your Personal Information.

Sitecore is a global company with business processes, management structures and technical systems that cross-national borders. This means that your Personal Information may be transferred internally to Sitecore Affiliates and externally to third parties (including partners and service providers) across international borders for the purposes described in this Privacy Policy. Sitecore transfers data only in accordance with legally approved transfer mechanisms that are appropriate under applicable data protection laws, including the European Union Model Clauses, the United Kingdom International Data Transfer Addendum, the Swiss Addendum to EU Model Clauses and, if applicable, the Data Privacy Framework. Click here to learn more about how Sitecore complies with the Data Privacy Framework.

SECTION 10. WHAT IS NOT COVERED IN THIS POLICY

Please note that this Privacy Policy applies only to your relationship with Sitecore through your use of Sitecore’s Sites, products, services, events, trainings, communications, and marketing and advertising activities.

Sitecore Partners who provide implementation and other solution services may also gather information. As a result, you may want to consult those parties’ privacy policies as they may be applicable to you.

Please note that in using our services, we may provide links to other websites or third parties to directly provide information relevant to your use of Sitecore products. We will provide notice when we do this. Any interactions you have with these websites are beyond the control of Sitecore. The Site provides links to websites and access to content, products and services of third parties, including users, advertisers, partners and sponsors of the Site, and such third-party websites, content, products or services are governed by the respective third-party’s website terms and conditions of use.

If you are a Sitecore employee, please refer to our Employee Privacy Notice available on the Sitecore intranet.

SECTION 11. YOUR CHOICES

You have choices about certain information we collect about you, how we communicate with you, and how we process certain information. Please be aware that, if you do not allow us to collect your information from you, we may not be able to deliver certain products and services to you, and some of the Sitecore services may not be able to take account of your interests and preferences.

Your choices. In accordance with applicable law, you may be entitled to exercise your rights and choices as follows:

  • Account settings. You may update your profile, your account and any related information at any time to ensure that information is up-to-date or delete inaccuracies, further details here.
  • Devices and browsers. Some of our mobile services use your device’s location information. You can adjust the setting of your mobile device at any time to control whether your device communicates this location information.
  • Communications from Sitecore. We may use your information to communicate with you by email, including sending you transactional or marketing emails. Sitecore enables you to opt out of marketing communications. Some communications you may receive from us are not considered marketing emails, such as communications related to product download, sales transactions, software updates and other support-related information, patches and fixes, security alerts, events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Such transactional emails are not subject to general opt-out. Some additional communications you may receive from our partners may also not be subject to general-opt out, including product alerts, updates, and other notices related to partner status. You can tell us to stop sending you marketing emails by clicking the unsubscribe link included at the bottom of Sitecore’s marketing emails or updating your preferences here. If you have any issues unsubscribing, you may contact us directly through here.
  • Cookies. You may choose to consent to our use of cookies and other technologies, reject non-essential cookies, or further manage your preferences at any time by clicking on the cookie icon on the side of the screen on all our Sites. Some web browsers (including mobile web browsers) also provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features or functionalities available through our services. For more information, please see our Cookie Policy, which includes information on how to control or opt-out of these cookies and tracking technologies.

SECTION 12. YOUR PRIVACY RIGHTS

You have certain privacy rights regarding our collection and processing of your Personal Information. You may exercise these rights, to the extent they apply to you. Your privacy rights may vary depending on where you are located. See “Your European and UK Privacy Rights” and “Your U.S. Privacy Rights” for more information about certain legal rights.

YOUR EUROPEAN AND UK PRIVACY RIGHTS

European Union and UK privacy law provide individuals with enhanced rights in respect of their Personal Information. These rights may include, depending on the circumstances surrounding the processing of Personal Information:

  • Data Access. You may request access to the Personal Information we hold about you and request that we edit or delete them.
  • Data Portability. You are entitled to request copies of Personal Information that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
  • Deletion or “Right to be Forgotten.” You may be able to have your Personal Information deleted or erased.
  • Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
  • Manage your Information. You may choose whether you wish to receive material from us or some of our partners. Please let us know by contacting us.
  • Withdrawing consent. If the processing of your Personal Information is based on your consent, you may withdraw your consent at any time as to future processing.
  • Objecting to or restricting use of Personal Information. You can ask us to stop using all or some of your Personal Information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your Personal Information is inaccurate or unlawfully held).

YOUR U.S. PRIVACY RIGHTS

In addition to the above-listed rights, you can exercise your privacy rights under applicable U.S. privacy laws. For residents of the States of California, Colorado, Connecticut, Nevada, Utah and Virginia, these additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Policy by providing additional information about our personal data processing practices relating to individual residents of these States. For a detailed description of how we collect, use, disclose, and otherwise process personal data in connection with our services, please visit our Privacy Policy. Unless otherwise expressly stated, all terms defined in our Privacy Policy retain the same meaning in these U.S. Disclosures.

Depending on your state of residency, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

  • Information. You have a right to request information about our collection, use, and disclosure of your Personal Information over the prior 12 months, and ask that we provide you with the following information:
    • The categories of Personal Information we have collected about you.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting, using, or selling Personal Information.
    • The categories of third parties with whom we share Personal Information.
    • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
    • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
  • Access and Portability. You have a right to request a copy of all the Personal Information that we have collected about you during the past 12 months.
  • Opt-out. You have the right to direct us not to “sell” personal information we have collected about you to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
  • Deletion. You have a right to request that we delete the Personal Information that we have collected about you during the past 12 months.
  • Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
  • Right to Appeal. In the event that we decline to take action on a request exercising one of your rights set forth above, you have the right to appeal our decision.
    • Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
    • Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
    • Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.
  • Non-discrimination.You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.

HOW TO EXERCISE YOUR PRIVACY RIGHTS

To submit a request to exercise one of the privacy rights identified above, please submit a request by:

We may need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. We will only use personal information provided in connection with a Consumer Rights Request to review and comply with the request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Exercise Your Right to Opt-Out of Personal Information Sales or Sharing for Targeted Advertising

Unless you have exercised your Right to Opt-Out, and as detailed in the Your Privacy Choices section of these U.S. Disclosures, we may disclose or “sell” your personal information to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies.

You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

To exercise the Right to Opt-Out, you may submit a request by clicking the links below:

  • Cookies-based Opt-Out (Do Not Sell or Share My Personal Information). To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please click here. Please note this opt out is browser specific. You must reset your preferences if you clear cookies or use a different browser or device.
  • Opt-Out of “Selling” of Personal Information. In limited circumstances we may share your personal information (such as your name, e-mail address, postal address, and phone number) with third parties who may use such information for their own commercial or business purposes. To opt out of such sharing, please fill out our Privacy Rights Form.

Authorized Agents

In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the applicable privacy law) to submit requests on your behalf through the designated methods set forth in these U.S. Disclosures where we can verify the authorized agent’s authority to act on your behalf.

For requests to know, delete, or correct personal information, we require the following for verification purposes: (a) a power of attorney valid under the laws of the state where you reside from you or your authorized agent; or (b) sufficient evidence to show that you have: (i) provided the authorized agent signed permission to act on your behalf; and (ii) verified your own identity directly with us pursuant to the instructions set forth in these U.S. Disclosures; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.

For requests to opt-out of personal information “sales” or “sharing”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted using the Privacy Rights Form

CALIFORNIA-SPECIFIC DISCLOSURES

The following disclosures only apply to residents of the State of California.

  • Personal Information Collection. In the last twelve (12) months, we may have collected the following categories of personal information: identifiers, contact information, account information, log data, device information, location information and inferences generated from your use of our sites. For more information about our collection of personal information, the sources of personal information, and how we use this information, please see Sections 1 – 6 of our Privacy Policy.
  • Disclosure of Personal Information. In the last twelve (12) months, we may have disclosed all of the categories of information we collect with third parties for a business purpose, as described in Section 3 – Sitecore Websites: How We Share Your Data section of the Privacy Policy. The categories of third parties to whom we sell or disclose your personal information for a business purpose include:
    • Sharing with Sitecore Affiliates;
    • Sharing with third-party service providers;
    • Sharing with ad technology providers; and
    • Advertising networks and media platforms;
    • Social media networks.
    • Any entity we engaging in corporate transactions which includes any potential merger or acquisition.
  • Sales of Personal Information and Sharing for Targeted Advertising. In the previous twelve (12) months, we may have sold or shared for targeted advertising purposes the following categories of personal information to third parties, subject to your settings and preferences and your Right to Opt-Out:
    • Online identifiers
    • Commercial or transactions information
    • Internet / network Information
    • Geolocation data
    • Inferences data (e.g., consumer information or preferences)
  • Minors. We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under 16 years of age. If we wish to do so in the future, we will first seek affirmative authorization form either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us at [email] to inform us if you, or your minor child, are under the age of 16. If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at privacy@sitecore.com. We may not be able to modify or delete your information in all circumstances. If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal information and you are authorized to submit the request on your child’s behalf (i.e., you are the child’s legal guardian or authorized representative).
  • “Shine the Light”. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at privacy@sitecore.com. We have determined that the value of these programs and other incentives are reasonably related to the value of the personal data we receive and otherwise process in connection with these programs and offerings, based on our reasonable but sole determination. We estimate the value of the personal data we receive and otherwise process in connection with these programs and offerings by considering the expense we incur in collecting and processing the personal data, as well as the expenses related to facilitating the program or offering. The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer. Participating in any financial incentive program is entirely optional and participants may withdraw from the program at any time. To opt-out of the program and forgo any ongoing incentives, please follow the instructions in the program’s terms and conditions or contact us using the contact information below.

SECTION 13. UPDATES AND HOW TO CONTACT US

Updates to this privacy statement
From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or to reflect any changes in how we process information. Any changes to this Privacy Policy will be effective when we post the revised Privacy Policy on this website. The Effective Date at the top of this Privacy Policy states when this Privacy Policy came into effect and serves as notice of any updates. Your use of the Sitecore Site or Content provided following these changes means you accept the revised Privacy Policy.

To see prior versions of our privacy policy, please click here.

Contact us
If you believe your Personal Information has been used in a way that is not consistent with this Privacy Policy or your specified preferences, or if you have further questions related to this Privacy Policy or Sitecore’s Data Privacy Framework certification, we encourage you to please contact our Data Protection team at the address below or by emailing: privacy@sitecore.com.

Written inquiries may be addressed to our Data Protection Officer at:

Data Protection Officer
Sitecore
44 Montgomery Street
Suite 3340 

San Francisco, CA 

94104

Complaints and dispute resolution
For European residents, we have chosen the EU Data Protection Authorities (EU DPAs), and for United Kingdom residents, we have chosen the Information Commissioner’s Office to serve as an independent recourse mechanism for dispute resolution arising from collection, use, and retention of Personal Information transferred from EU member countries and the United Kingdom to the United States.

In compliance with the Data Privacy Framework Principles, Sitecore commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework certification or privacy practices should first contact us at privacy@sitecore.com.

Sitecore has further committed to cooperating and complying with relevant authorities with regard to the transfer of data from the UK, EU and Switzerland. If you feel that you have not received a timely or satisfactory response from us to your question or complaint, you may contact your UK ICO here, local EU DPA here or, for Swiss individuals, the Swiss Federal Data Protection and Information Commissioner (FDPIC) here (at no cost to you) for more information or to file a complaint.

In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.

APPENDIX A
ADDITIONAL PRIVACY INFORMATION

1. YOUR INFORMATION

  • Account information. Information related to the account you create, such as account ID and password.
  • Registration information. Information you submit to us when you sign up for or attend a Sitecore training, conference, webinar, or other such educational or promotional event (collectively “Event”).
  • License information. Information regarding your licensed Sitecore product or software, such as license ID, support and maintenance levels, license usage reports and other license data.
  • Payment information. Information necessary to process payment such as billing address, transaction history, payment and financial information which may include credit card information is collected only in relation to purchased tickets for marketing events and training. Sitecore uses a third-party service to do this and does not store any payment information.
  • Information from third parties. Information we may obtain from third parties about your interests or your company. For instance, to keep our databases current and to provide you with relevant content and experiences, we may combine your personal information with other sources, in accordance with applicable law. For example, we may learn about the name, size, industry and location of the company your work for from these sources.
  • Social media data. We may provide social media features that enable you to share information through your social networks and to interact with us on social media sites. Additionally, in order to use some features of Sitecore’s websites, you must first complete the registration process, which may also occur via your single sign on social media account. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites. Further, you acknowledge that when you provide credentials to access or authenticate your single sign on social media account such as Facebook.com, LinkedIn.com, or other third-party services, Sitecore is not responsible for the security of your password, credentials, or other Personal Information stored or provided by such services.

OTHER UNIQUE IDENTIFYING INFORMATION

Examples include information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of the Sitecore Services and to respond to your inquiries.

2. HOW SITECORE COMPLIES WITH THE DATA PRIVACY FRAMEWORK

Sitecore complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sitecore has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sitecore has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in Sitecore’s Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Sitecore has certified to the Department of Commerce that it adheres to the Data Protection Framework Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. If there is any conflict between the terms of any Sitecore privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

As required under the principles, when Sitecore receives information under the Data Privacy Framework and then transfers it to a third party service provider acting as an agent on behalf of Sitecore, Sitecore has certain liability for the onward processing of Personal Data under the Data Privacy Framework if both (i) the agent processes the information in a manner inconsistent with the Data Privacy Framework and (ii) Sitecore is responsible for the event giving rise to the damage.

If you have an inquiry regarding our privacy practices in relation to our Data Privacy Framework, we encourage you to contact us to respond or resolve your query.

The Federal Trade Commission has jurisdiction over Sitecore’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.