Last Updated May16, 2016
The following policy describes the privacy practices for Demandware, Inc. and its affiliates ("Demandware").
This privacy statement applies to all Personal Information collected via our web sites http://www.demandware.com, www.demandware.de, http://www.demandware.cn, http://www.demandware.jp, http://www.demandware.hk, http://www.demandware.fr, http://www.demandware.it and http://www.futurereadyretail.com (the "Corporate Sites"). It also provides information about processing operations related to Demandware's Commerce Cloud services (the "Commerce Cloud Services") which we make available to our customers. Because we want to demonstrate our commitment to your privacy, we have agreed to disclose our information practices and have our privacy practices reviewed for compliance by TRUSTe, an independent third party privacy assessor.
The TRUSTe program covers only information that is collected through our Corporate Sites, and does not cover information that may be collected through any software downloaded from our sites or our Commerce Cloud Services.
Demandware has been awarded the TRUSTe’s Privacy seal. In order to view our relationship with TRUSTe please visit the validation page visible by clicking on the TRUSTe seal. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe at https://feedback-form.truste.com/watchdog/request.
Safe Harbor / EU-US Data Transfers
Demandware has self certified compliance with the US-EU Safe Harbor Privacy Framework and US-Swiss Safe Harbor Framework as set forth by the United States Department of Commerce regarding the transfer of Personal Information from European Union member countries and Switzerland, respectively, to the United States. Demandware has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. More information about the U.S. Department of Commerce's Safe Harbor program and Demandware's certification can be found at http://www.export.gov/safeharbor.
As part of our participation in the Safe Harbor Frameworks, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Frameworks. Please click here for fax and postal mail information for TRUSTe. TRUSTe's Dispute Resolution process is available only in English.
While we have certified compliance with these Frameworks, we do not rely on these Frameworks as the legal basis for the transfer of data to the United States. Demandware recognizes that the EU-US Safe Harbor Frameworks no longer provides a sufficient legal basis for data transfers from the EU. For such personal data transfers, Demandware ensures an adequate level of protection for personal data by providing for other safeguards, including the EU Standard Contractual Clauses.
Any questions, comments or complaints about the data practices (including compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity or enforcement) of our Commerce Cloud Services customers or partners for which Demandware processes data should be addressed to that customer or partner.
How Personal Information is Collected
On our Corporate Sites, we may collect the following Personal Information from prospective clients, prospective business partners, job applicants and other visitors: name, email, phone number and address. We collect this information only for the purpose of contacting individuals who have identified themselves as prospects or applicants for our activities, services and job openings. We may transfer this information to or receive this information in the United States. We may share this information with third party service providers for email processing and related services. These third parties are prohibited from using the Personal Information for any other purpose.
IP Address and Other Standard Information
As is true of many websites, we or our third party web analytics partners may gather certain information automatically and store it in log files or systems used by us. This information may include internet protocol (IP) addresses, device type, browser type, internet service provider (ISP), referring/exit pages, operating system, geo location, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you as well as our marketing, analytics and site functionality and to analyze trends and gather demographic information about our user base as a whole. We may also receive reports based on the use of these technologies by our web analytics partners on an individual as well as aggregated basis.
We collect your location based (geo-location) information for the purpose of optimizing your web site experience. We will share this information with our mapping provider for the purpose of providing and optimizing this service for our visitors. You may opt-out of location based services at any time by editing the setting on your device.
Technologies such as cookies and other similar technologies are used by Demandware and our marketing partners, affiliates, and email and analytics service providers. These technologies are used in analyzing trends, administering, securing and optimizing the site, tracking users’ movements around the site and gathering demographic information about our user and visitor base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We partner with one or more third parties to display advertising on our Web site or to manage our advertising on other sites. Our third party partners may use technologies such as cookies and LSOs to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of seeing generic ads on our Corporate Sites.
Use of Your Personal Information
We use your Personal Information to provide you with information about Demandware and its products and services, including but not limited to webinars, newsletters, and job openings. You have the option at any time to opt-out of any secondary communications such as promotional communications by clicking on "unsubscribe" on the bottom of any promotional emails.
We do not share, sell, rent or trade your Personal Information to third parties for promotional purposes. However, we may disclose your Personal Information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or with legal process including court orders, subpoenas or bankruptcy proceedings; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our Corporate Sites or Commerce Cloud Services; or (4) protect the personal safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).
We may also disclose your Personal Information if we are involved in a merger, acquisition, or sale of all or a portion of our assets. We will notify you via email and/or a prominent notice on our Web site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Links to Third-Party Web Sites
To protect your privacy and security, we also take reasonable steps to verify your identity before granting access to your Personal Information. In addition, we may limit or deny access to Personal Information when providing such access would be unreasonably burdensome or expensive in the circumstances or as otherwise permitted by applicable law or regulation. We will respond to your request for access to your Personal Information within 30 days after the original email request.
We will retain your Personal Information for as long as your account is active or as needed to provide you services. We will retain and use your Personal Information including your geolocation information as we in good faith believe it necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our web sites or Commerce Cloud Services; or (4) protect the personal safety or property of our users or the public.
When you enter sensitive information on our order forms (including when we collect geolocation information), we encrypt the transmission of that information using Transport Layer Security (TLS). We utilize industry standard physical, technical, and administrative controls and procedures to safeguard the information we collect, to prevent unauthorized access or disclosure, to maintain data accuracy, and to allow only the appropriate use of your Personal Information. As no method of transmission over the Internet or method of electronic storage is completely secure, we cannot guarantee its absolute security.
Demandware will take reasonable steps to ensure that Personal Information is accurate, complete, and current to its intended use. Demandware will only use Personal Information in ways that are compatible with the purposes for which it was collected or subsequently authorized by you.
Enforcement and Verification
Written questions may also be submitted to:
Attention: General Counsel
5 Wall Street
Burlington, MA 01803 USA
DEMANDWARE COMMERCE SERVICES
Web Visitors (Commerce Cloud Services Customers)
Demandware processes personal information about a visitor to our customers' websites ("Visitors") on behalf of our customers for the purposes of providing the Commerce Cloud Services and on behalf of itself to optimize its services. On certain pages, for example, a Visitor may be required by our customers to provide his/her personal information such as his/her name, address, phone number and e-mail address in order to complete a transaction or perform a requested service.
Demandware may process personal information from our customers' employees for, among other things, application access and authentication.
Sharing of Visitors' Personal Information
We may contract with third-party providers to perform certain functions on behalf of our customers to enhance our existing product and service offerings, such as product and service support.
These third parties may have access to Visitors' personal information as necessary to permit them to perform their functions. They are bound by confidentiality agreements or similar contractual restrictions with respect to any information that is provided to them and they are prohibited from using the information for other purposes.
Web Site / Cookies
In order to improve the content and format of our platform and applications, our Commerce Cloud Services use web site tracking software which allows our customers to automatically capture technical information that is then stored in our servers' log files. This information may include, but is not limited to, internet protocol (IP) addresses, user domain, the device type, the browser type, which of our customers' Web pages are visited, which products are viewed and added to a shopping cart, what products are purchased and the amount of time spent on our customers' sites. Our customers may combine this automatically collected log information with other information they collect about you as may be disclosed to you in our customers’ privacy policies. We may use this information to improve the Commerce Cloud Services we offer our customers as well as our marketing, analytics and site functionality and to analyze trends and gather demographic information about our user base as a whole.
To protect the confidentiality, integrity, and availability of Visitors' personal information that is processed by our services, Demandware utilizes a variety of industry standard physical and logical access controls, firewalls, intrusion detection/prevention systems, network and database monitoring, and backup systems. We use SSL encrypted sessions when processing or transferring sensitive data through platform and applications.
We limit access to Visitors' personal information and data to those persons and entities who have a specific business purpose for maintaining and processing such information. Demandware employees who have been granted physical access to a Visitor's personal information have been made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.
Our customers are responsible to ensure that Visitor's Personal Information is accurate, complete, and current to its intended use. Our customers have reasonable access to the personal information that they provide to us, as well as the ability to review, correct or request the deletion of such information.