SITECORE TRUST CENTER
- Account information. Information related to the account you create, such as account ID and password.
- Registration information. Information you submit to us when you sign up for or attend a Sitecore training, conference, webinar, or other such educational or promotional event (collectively “Event”).
- License information. Information regarding your licensed Sitecore product or software, such as license ID, support and maintenance levels, license usage reports and other license data.
- Payment information. Information necessary to process payment such as billing address, transaction history, payment and financial information which may include credit card information is collected only in relation to purchased tickets for marketing events and training. Sitecore uses a third-party service to do this and does not store any payment information.
- Information from third parties. Information we may obtain from third parties about your interests or your company. For instance, to keep our databases current and to provide you with relevant content and experiences, we may combine your personal information with other sources, in accordance with applicable law. For example, we may learn about the name, size, industry and location of the company your work for from these sources.
- Social media data. We may provide social media features that enable you to share information through your social networks and to interact with us on social media sites. Additionally, in order to use some features of Sitecore’s websites, you must first complete the registration process, which may also occur via your single sign on social media account. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites. Further, you acknowledge that when you provide credentials to access or authenticate your single sign on social media account such as Facebook.com, LinkedIn.com, or other third-party services, Sitecore is not responsible for the security of your password, credentials, or other Personal Information stored or provided by such services.
OTHER UNIQUE IDENTIFYING INFORMATION
Examples include information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of the Sitecore Services and to respond to your inquiries.
HOW WE COMPLY WITH THE PRIVACY SHIELD
Sitecore complies with the EU-US Privacy Shield and Swiss – US Privacy Shield Frameworks (together referred to as “Privacy Shield”) as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information from data subjects who reside in the EU and Switzerland, respectively. Sitecore’s Privacy Shield certification relates only to data transferred by Sitecore USA, Inc. from the EU, the United Kingdom and Switzerland to the US.
As required under the principles, when Sitecore receives information under the Privacy Shield and then transfers it to a third party service provider acting as an agent on behalf of Sitecore, Sitecore has certain liability for the onward processing of Personal Data under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Sitecore is responsible for the event giving rise to the damage. To learn more about the Privacy Shield program, and to view Sitecore’s certification, please visit the Privacy Shield website.
Recently, in July 2020, the Privacy Shield has been declared invalid by the European Court of Justice. As a result, the US Department of Commerce and EU data protection authorities have been working on a solution to adapt the current framework to meet the objectives of the Court’s decision. Sitecore is committed to adapting to the new regulations and remaining Privacy Shield certified demonstrates our strong commitment to protecting Personal Information.
If you have an inquiry regarding our privacy practices in relation to our Privacy Shield certification, we encourage you to contact us to respond or resolve your query.
For residents of the United States, Sitecore is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
YOUR PRIVACY RIGHTS
Sitecore adheres to applicable data protection laws in Europe which, where they apply, provides you with the following rights:
- Data Access. You may request access to the Personal Information we hold about you and request that we edit or delete them.
- Data Portability. You are entitled to request copies of Personal Information that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
- Deletion or "Right to be Forgotten." You may be able to have your Personal Information deleted or erased.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Manage your Information. You may choose whether or not you wish to receive material from us or some of our partners. Please let us know by contacting us.
- Withdrawing consent. If the processing of your Personal Information is based on your consent, you may withdraw your consent at any time as to future processing.
- Objecting to or restricting use of Personal Information. You can ask us to stop using all or some of your Personal Information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your Personal Information is inaccurate or unlawfully held).
If you are a California resident, the processing of certain Personal Information about you may be subject to applicable state privacy laws, including the California Consumer Privacy Act (“CCPA”). Please note that these rights are not absolute and we may decline your request as permitted by law.
Personal Information collected and processed
Your Privacy Rights in California
- Information. You have a right to request information about our collection, use, and disclosure of your Personal Information over the prior 12 months, and ask that we provide you with the following information:
- The categories of Personal Information we have collected about you.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting, using, or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Access. You have a right to request a copy of all the Personal Information that we have collected about you during the past 12 months.
- Deletion. You have a right to request that we delete the Personal Information that we have collected about you during the past 12 months.
- Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
Household data. Please note that we do not currently collect household data. Any such requests will be treated as individual requests.
Sale of Personal Information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the CCPA. We will continue to monitor the regulations and clarifying guidance once available so that we can evolve our update our business practices as may be appropriate.