Privacy Policy

Last Updated March 3, 2015

The following policy describes the privacy practices for Demandware, Inc. and its affiliates ("Demandware").

We self-certify compliance with:

TRUSTe European Safe Harbor certification

Demandware respects the privacy of our customers, partners, employees, Web site visitors, and job applicants. We believe it is important for you to understand the type of information we collect about you and how that information is used. We recognize the need for appropriate safeguards and management of personal information you provide to us or that we gather from your visit ("Personal Information"). This Privacy Policy sets forth the privacy principles Demandware follows with respect to your Personal Information.

This privacy statement covers the Web sites http://www.demandware.com, www.demandware.de, http://www.demandware.cn, http://www.demandware.jp, http://www.demandware.hk, http://www.demandware.fr (the "Corporate Sites") and http://www.futurereadyretail.com as well as Demandware's Commerce Cloud services (the "Demandware Commerce Cloud Services") we make available to our customers. Because we want to demonstrate our commitment to your privacy, we have agreed to disclose our information practices and have our privacy practices reviewed for compliance by TRUSTe.

Demandware has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions.

If you have questions or concerns regarding this Privacy Policy, you should first contact us by email at .(JavaScript must be enabled to view this email address).

The TRUSTe program covers only information that is collected through our Corporate Sites, and does not cover information that may be collected through any software downloaded from our sites such as our Demandware Commerce Cloud Services.

Safe Harbor
Demandware participates in the US-EU Safe Harbor Privacy Framework and US-Swiss Safe Harbor Framework as set forth by the United States Department of Commerce regarding the transfer of Personal Information from European Union member countries and Switzerland to the United States. Demandware has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. More information about the U.S. Department of Commerce's Safe Harbor program and Demandware's certification can be found at http://www.export.gov/safeharbor.

As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. 

Please click here for fax and postal mail information. TRUSTe's Dispute Resolution process is only available in English.

Any questions, comments or complaints about the data practices (including without limitation compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of one or our Commerce Cloud Services customers or partners for whom Demandware processes data should be addressed to that customer or partner.

Scope
This Privacy Policy applies to all Personal Information received by Demandware via our Corporate Sites as well as via our Commerce Cloud Services. Please see the "Demandware Cloud Commerce Services" section below for specific privacy practices regarding our Commerce Cloud Services.

Notice
How Personal Information is Collected

Web Visitors
On our Corporate Sites, we may collect the following Personal Information from prospective clients, prospective business partners, and job applicants: name, email, phone number and address. We collect this information only for the purpose of contacting individuals who have identified themselves as prospects or applicants for our activities, services and job openings. We may share this information with third party service providers for email processing and related services. These third parties are prohibited from using your Personal Information for any other purpose.

IP Address and Other Standard Information
As is true of many websites, we or our web analytics partners (such as Optimizely or Demand Base) may gather certain information automatically and store it in log files or systems used by us. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, geo location, date/time stamp, and/or clickstream data.  We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you as well as our marketing, analytics and site functionality and to analyze trends and gather demographic information about our user base as a whole. We may also receive reports based on the use of these technologies by our web analytics partners on an individual as well as aggregated basis.

We collect your location based (geo-location) information for the purpose of optimizing your web site experience. We will share this information with our mapping provider for the purpose of providing and optimizing this service for our visitors. You may opt-out of location based services at any time by editing the setting at the device level.

Tracking Technologies
Technologies such as: cookies, beacons, tags and scripts are used by Demandware and our marketing partners, affiliates, and email and analytics service providers. These technologies are used in analyzing trends, administering, securing and optimizing the site, tracking users’ movements around the site and gathering demographic information about our user and visitor base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies for our shopping cart, to remember users’ settings (e.g. language preference) and for authentication and personalization. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use local storage objects such as HTML 5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies and LSOs to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.  If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads.  You will continue to receive generic ads.

Our Web site includes Social Media Features, such as the Facebook Like button, Tweet button, and other Widgets which are interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

Choice
Use of Your Personal Information
We use your Personal Information to provide you with information about Demandware and its products and services, including but not limited to webinars, newsletters, and job openings. You have the option to opt-out of any secondary communications such as promotional communications by clicking on "unsubscribe" on the bottom of any promotional emails.

We do not share, sell, rent or trade your Personal Information to third parties for promotional purposes. However, we may disclose your Personal Information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our Web sites or Commerce Cloud Services; or (4) protect the personal safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).

We may also disclose your personal information if we are involved in a merger, acquisition, or sale of all or a portion of our assets. We will notify you via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Other than as stated in this Privacy Policy, we will endeavor not to release your Personal Information to unknown or unaffiliated third parties, and we will not cross-reference your Personal Information with that of any other customer or entity.

Links to Non-Demandware Web Sites and Third Parties
Demandware's Web sites may contain links to third-party sites for your convenience and/or information. If you access those links, you will leave Demandware's Web site and be re-directed to a third-party site. Demandware does not control those sites or the privacy practices of those third-party sites, which may differ from Demandware's privacy practices. We do not endorse or make any representations about third-party Web sites, and the personal data you choose to provide to third-party Web sites is not covered by this Privacy Policy. We encourage you to review the privacy policy of any Web site or company before submitting your Personal Information to them.

Access
Demandware will take reasonable steps to ensure that your Personal Information is accurate, complete and current to its intended use. We provide individuals with reasonable access to the Personal Information that they provide to us, as well as the ability to review and correct such information. If you wish to access the Personal Information you have submitted to our Corporate Sites for the purpose of updating or deleting it, you may do so by sending us an email at .(JavaScript must be enabled to view this email address).

To protect your privacy and security, we also take reasonable steps to verify your identity before granting access to your Personal Information. In addition, we may limit or deny access to Personal Information when providing such access would be unreasonably burdensome or expensive in the circumstances or as otherwise permitted by the Safe Harbor Framework. We will respond to your request for access to your Personal Information within 30 days after the original request.

Data Retention
We will retain your Personal Information for as long as your account is active or as needed to provide you services. We will retain and use your Personal Information including your geolocation information as we in good faith believe it necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our Web sites or Commerce Cloud Services; or (4) protect the personal safety or property of our users or the public.

Security
When you enter sensitive information (including geolocation information) on our order forms, we encrypt the transmission of that information using Transport Layer Security (TLS). We utilize industry standard physical, technical, and administrative controls and procedures to safeguard the information we collect, to prevent unauthorized access or disclosure, to maintain data accuracy, and to allow only the appropriate use of your Personal Information. As no method of transmission over the Internet or method of electronic storage, is 100% secure, we cannot guarantee its absolute security.

Testimonials
We may post testimonials on our Corporate Sites for the benefit of our prospective clients, partners and employees. We receive express consent from the individuals whose Personal Information is posted along with the testimonials before it is posted to our Web sites.  If you wish to update or delete your testimonial, you can contact us at .(JavaScript must be enabled to view this email address).

Blogs/ Forums
We provide the Demandware Forums and Blogs as a means for our customers and other users of our Web sites and Commerce Cloud Services to communicate. If you use a bulletin board, blog, or chat room on this Web site, you should be aware that any Personal Information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information that you choose to submit in these forums. To request removal of your personal information from our blog or community forum, contact us at .(JavaScript must be enabled to view this email address). In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Our blog is also managed by a third party application that may require you to register to post a comment. We may not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want the personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.

Data Integrity
As set forth above, Demandware will take reasonable steps to ensure that Personal Information is accurate, complete, and current to its intended use. Demandware will only use Personal Information in ways that are compatible with the purposes for which it was collected or subsequently authorized by you.

Enforcement and Verification
Demandware regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or Demandware's treatment of Personal Information by contacting us by email at .(JavaScript must be enabled to view this email address).

Contact Information
At any time you may contact Demandware with questions or concerns about this Privacy Policy at .(JavaScript must be enabled to view this email address).

Written responses may also be submitted to:

Demandware, Inc.
Attention: General Counsel
5 Wall Street
Burlington, MA 01803 USA

 

Changes to This Privacy Policy
The practices described in this Privacy Policy are the current Personal Information protection policies as of March 3, 2014. Demandware, Inc. reserves the right to modify or amend this Privacy Policy at any time. If we make changes to this Privacy Policy that we believe to be material regarding our collection, use or disclosure of Personal Information, we will endeavor to post a prominent notice on our Corporate Sites at least thirty (30) days prior to our implementation of such material changes.

DEMANDWARE COMMERCE SERVICES
Demandware provides our customers with a hosted Commerce Cloud platform and application suite of services that facilitate functionality to support the development and management of Commerce Cloud services. The Commerce Cloud services are not a part of our corporate web site. Demandware serves as a Data Processor for our customers who use these services. More specifically, Demandware does not own the information that is submitted to our customers' websites. The information that is submitted to a Web site of one of our customers will be subject to that customer's privacy policy. The following information discloses how information is submitted to these websites and how Demandware will handle the information for our customers who are the owners of this data.

Web Visitors (Commerce Cloud Customers)
Demandware processes Personal Information about a visitor to our customers' websites ("Visitors") only when the Visitor chooses to provide such information. On certain pages, for example, a Visitor may be required to provide his/her personal information such as his/her name, address, phone number and e-mail address in order to complete a transaction or perform a requested service.

Employees
Demandware employees may process Personal Information from our customers' employees for, among other things, application access and authentication.

Onward Transfer
Sharing of Visitors' Personal Information

We may contract with third-party providers to perform certain functions on behalf of our customers to enhance our existing product and service offerings, such as product and service support.

These third parties may have access to Visitors' Personal Information as necessary to permit them to perform their functions. They are bound by confidentiality agreements or similar contractual restrictions with respect to any information that is provided to them and they are prohibited from using the information for other purposes.

Web Site / Cookies
In order to improve the content and format of our platform and applications, our Commerce Cloud Services use Web site tracking software to automatically capture technical information that is then stored in our servers' log files. This information may include, but is not limited to, user domain, the type of Internet browser being used, which of our customers' Web pages are visited, and the amount of time spent on our customers' sites.

Our customers' website pages may contain "cookies." A cookie is a small amount of data which a Web site stores on a Visitor's computer, and which we or our customers can later retrieve. The cookie cannot be read by a site other than ours or our customer's. We and our customers use cookies for a number of administrative purposes, such as to store Visitors' preferences for certain kinds of information. Any use of cookies by our customers will be governed by our customers' privacy policies. Visitors can monitor use of cookies on their computers by setting their Web browser to inform them when cookies are set, or Visitors can prevent the cookies from being set entirely. The "help" portion of the toolbar on most browsers explains how to prevent the browser from accepting new cookies, how to have the browser provide notice when a new cookie is received, or how to disable cookies altogether. Please understand that if a Visitor disables the use of cookies, the Visitor may be unable to access certain portions or services in our applications or those of our customers.

Security
To protect the confidentiality, integrity, and availability of Visitors' Personal Information that is processed by our services, Demandware utilizes a variety of industry standard physical and logical access controls, firewalls, intrusion detection/prevention systems, network and database monitoring, and backup systems. We use SSL encrypted sessions when processing or transferring sensitive data through platform and applications.

We limit access to Visitors' Personal Information and data to those persons who have a specific business purpose for maintaining and processing such information. Demandware employees who have been granted physical access to a Visitor's Personal Information have been made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.

Access
Demandware will support our customers in taking reasonable steps to ensure that Visitor's Personal Information is accurate, complete, and current to its intended use. We provide our customers with reasonable access to the Personal Information that they provide to us, as well as the ability to review, correct or request the deletion of such information.

Data Retention
We and our customers may retain your information for as long as your account is active or as needed to provide you services and as otherwise set forth in our respective customer's privacy policy. We and our customers may retain and use your information as reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our rights and as otherwise set forth in our respective customer's privacy policy.

Links to Non-Demandware Web Sites and Third Parties
Demandware Customer Web sites may contain links to third-party sites for Visitors' convenience and/or information. If a Visitor accesses those links, he/she will leave the Demandware customer's website and be re-directed to a third-party site. Demandware does not control those sites or the privacy practices of those third-party sites, which may differ from Demandware's privacy practices and those of our customer. We do not endorse or make any representations about third-party Web sites, and the personal data Visitors choose to provide to third-party Web sites is not covered by this Privacy Policy. We encourage Visitors to review the privacy policy of any Web site or company before submitting their Personal Information to it.