Last Updated March 3, 2014
The following policy describes the privacy practices for Demandware, Inc. and its affiliates ("Demandware").
The TRUSTe program covers only information that is collected through our Corporate Sites, and does not cover information that may be collected through any software downloaded from our sites.
Demandware participates in the US-EU Safe Harbor Privacy Framework and US-Swiss Safe Harbor Framework as set forth by the United States Department of Commerce regarding the transfer of Personal Information from European Union member countries and Switzerland to the United States. Demandware has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. More information about the U.S. Department of Commerce's Safe Harbor program and Demandware's certification can be found at http://www.export.gov/safeharbor.
As part of our participation in the Safe Harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us by email at firstname.lastname@example.org. If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet here, fax to 415-520-3420, or mail to TRUSTe Safe Harbor Compliance Dept., click for mailing address. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, click here or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English. For human resources data we will cooperate with data protection authorities in relevant jurisdictions.
Any questions, comments or complaints about the data practices (including without limitation compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of one or our eCommerce Services customers or partners for whom Demandware processes data should be addressed to that customer or partner.
How Personal Information is Collected
On our Corporate Sites, we may collect the following Personal Information from prospective clients, prospective business partners, and job applicants: name, email, phone number and address. We collect this information only for the purpose of contacting individuals who have identified themselves as prospects or applicants for our activities, services and job openings. We may share this information with third party service providers for email processing and related services. These third parties are prohibited from using your Personal Information for any other purpose.
Web Site / Cookies
In order to improve the content and format of our site, Demandware uses Web site tracking services to automatically capture technical information that may be stored in our servers' log files. This information may include, but is not limited to, user domain, the type of Internet browser being used, which of our Web pages is visited, and the amount of time spent on our site.
Use of Your Personal Information
We use your Personal Information to provide you with information about Demandware and its products and services, including but not limited to webinars, newsletters, and job openings. You have the option to opt-out of any secondary communications such as promotional communications by clicking on "unsubscribe" on the bottom of any promotional emails.
We do not share, sell, rent or trade your Personal Information to third parties for promotional purposes. However, we may disclose your Personal Information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our Web sites or eCommerce Services; or (4) protect the personal safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).
We may also disclose your personal information if we are involved in a merger, acquisition, or sale of all or a portion of our assets. We will notify you via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Links to Non-Demandware Web Sites and Third Parties
Demandware will take reasonable steps to ensure that your Personal Information is accurate, complete and current to its intended use. We provide individuals with reasonable access to the Personal Information that they provide to us, as well as the ability to review and correct such information. If you wish to access the Personal Information you have submitted to our Corporate Sites for the purpose of updating or deleting it, you may do so by sending us an email at email@example.com.
To protect your privacy and security, we also take reasonable steps to verify your identity before granting access to your Personal Information. In addition, we may limit or deny access to Personal Information when providing such access would be unreasonably burdensome or expensive in the circumstances or as otherwise permitted by the Safe Harbor Framework. We will respond to your request for access to your Personal Information within 30 days after the original request.
We will retain your Personal Information for as long as your account is active or as needed to provide you services. We will retain and use your Personal Information as we in good faith believe it necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our Web sites or eCommerce Services; or (4) protect the personal safety or property of our users or the public.
We utilize industry standard physical, technical, and administrative controls and procedures to safeguard the information we collect, to prevent unauthorized access or disclosure, to maintain data accuracy, and to allow only the appropriate use of your Personal Information. As no method of transmission over the Internet or method of electronic storage, is 100% secure, we cannot guarantee its absolute security.
We may post testimonials on our Corporate Sites for the benefit of our prospective clients and employees. We receive express consent from the individuals whose Personal Information is posted along with the testimonials before it is posted to our Web sites. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Blogs, Forums and Directories
We provide the Demandware Forums and Blogs as a means for our customers and other users of our Web sites and eCommerce Services to communicate. If you use a bulletin board, blog, or chat room on this Web site, you should be aware that any Personal Information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information that you choose to submit in these forums. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Tell a Friend and Share Features
If you choose to use our referral service to tell a friend about a job or to share information with a colleague or another individual, we will ask you for the individual's name and email address. The individual will receive a one-time email with the requested information. Demandware does not store this information and the individual will not be added to our database.
As set forth above, Demandware will take reasonable steps to ensure that Personal Information is accurate, complete, and current to its intended use. Demandware will only use Personal Information in ways that are compatible with the purposes for which it was collected or subsequently authorized by you.
Enforcement and Verification
Written responses may also be submitted to:
Attention: General Counsel
5 Wall Street
Burlington, MA 01803 USA
DEMANDWARE COMMERCE SERVICES
Web Visitors (eCommerce Customers)
Demandware processes Personal Information about a visitor to our customers' websites ("Visitors") only when the Visitor chooses to provide such information. On certain pages, for example, a Visitor may be required to provide his/her personal information such as his/her name, address, phone number and e-mail address in order to complete a transaction or perform a requested service.
Demandware employees may process Personal Information from our customers' employees for, among other things, application access and authentication.
Sharing of Visitors' Personal Information
We may contract with third-party providers to perform certain functions on behalf of our customers to enhance our existing product and service offerings, such as product and service support.
These third parties may have access to Visitors' Personal Information as necessary to permit them to perform their functions. They are bound by confidentiality agreements or similar contractual restrictions with respect to any information that is provided to them and they are prohibited from using the information for other purposes.
Web Site / Cookies
In order to improve the content and format of our platform and applications, our eCommerce Services use Web site tracking software to automatically capture technical information that is then stored in our servers' log files. This information may include, but is not limited to, user domain, the type of Internet browser being used, which of our customers' Web pages are visited, and the amount of time spent on our customers' sites.
To protect the confidentiality, integrity, and availability of Visitors' Personal Information that is processed by our services, Demandware utilizes a variety of industry standard physical and logical access controls, firewalls, intrusion detection/prevention systems, network and database monitoring, and backup systems. We use SSL encrypted sessions when processing or transferring sensitive data through platform and applications.
We limit access to Visitors' Personal Information and data to those persons who have a specific business purpose for maintaining and processing such information. Demandware employees who have been granted physical access to a Visitor's Personal Information have been made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.
Demandware will support our customers in taking reasonable steps to ensure that Visitor's Personal Information is accurate, complete, and current to its intended use. We provide our customers with reasonable access to the Personal Information that they provide to us, as well as the ability to review, correct or request the deletion of such information.
Links to Non-Demandware Web Sites and Third Parties