Privacy Policy

Last Updated June 15, 2018

The following policy describes the privacy practices for Salesforce Commerce Cloud (formerly  Demandware, Inc.) and its affiliates ("Salesforce").




Salesforce respects the privacy of our customers, partners, employees, web site visitors, and job applicants. We believe it is important for you to understand the type of information we collect about you and how that information is used. We recognize the need for appropriate safeguards and management of personal information you provide to us or that we gather from your visit ("Personal Data").

This Privacy Policy sets forth the privacy principles Salesforce follows with respect to your Personal Data, including how Salesforce collects, uses, shares and secures the Personal Information you provide, and your choices regarding use, access and correction of your Personal Data.

This Privacy Policy applies to all Personal Data collected via our web sites, including,,,,,, and (the "Corporate Sites"). It also provides information about processing operations related to Salesforce's Commerce Cloud services (the "Commerce Cloud Services") which we make available to our customers. 

EU-U.S. Privacy Shield Framework and U.S.-Swiss Privacy Shield Framework

The Commerce Cloud Services comply with the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively. Salesforce has certified to the Department of Commerce that the Commerce Cloud Services adhere to the Privacy Shield Principles. You can view a description of how we comply with the Privacy Shield Principles in our Privacy Shield Notice. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website here.

If you have questions or complaints regarding Salesforce’s Privacy Statement or associated practices, please contact us .(JavaScript must be enabled to view this email address).

Any questions, comments or complaints about the data practices (including compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity or enforcement) of our Commerce Cloud Services customers or partners for which Salesforce processes data should be addressed to that customer or partner.

How Personal Data is Collected

Web Visitors
On our Corporate Sites, we may collect the following Personal Data from prospective clients, prospective business partners, job applicants and other visitors: name, email, phone number and address. We collect this information only for the purpose of contacting individuals who have identified themselves as prospects or applicants for our activities, services and job openings. We may transfer this information to or receive this information in the United States.  We may share this information with third party service providers for email processing and related services. These third parties are prohibited from using the Personal Data for any other purpose.    

IP Address and Other Standard Information
As is true of many websites, we or our third party web analytics partners may gather certain information automatically and store it in log files or systems used by us. This information may include internet protocol (IP) addresses, device type, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.  We may combine this automatically collected log information with other information we collect about you, including information we receive from third parties. We do this to improve services we offer you as well as our marketing, analytics and site functionality and to analyze trends and gather demographic information about our user base as a whole. We may also receive reports based on the use of these technologies by our web analytics partners on an individual as well as aggregated basis.

We collect your location based (geo-location through IP address) information for the purpose of optimizing your web site experience. We will share this information with our mapping provider for the purpose of providing and optimizing this service for our visitors.

Tracking Technologies
Technologies such as cookies and other similar technologies are used by Salesforce and our marketing partners, affiliates, and email and analytics service providers. These technologies are used in analyzing trends, administering, securing and optimizing the site, tracking users’ movements around the site and gathering demographic information about our user and visitor base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies for our Corporate Sites to remember users’ settings (e.g. language preference) and for authentication and personalization. Users can control and as the case may be consent to the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

We partner with one or more third parties to display advertising on our Corporate Sites or to manage our advertising on other sites. Our third party partners may use technologies such as cookies and LSOs to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.  If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of seeing generic ads on our Corporate Sites.

Our Corporate Sites include social media features, such as the Facebook Like button, Tweet button, and other widgets which are interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Corporate Site. Your interactions with these features are governed by the privacy policy of the social media company.

The following sets out how we use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:

Type of cookie:

Required Cookies
Required cookies enable you to navigate our websites and use their features, such as accessing secure areas of the websites.

If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.

Manage Settings: Because required cookies are essential to operate the websites there is no option to opt out of these cookies.

Functional Cookies
Functional cookies allow us to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.

Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant messages, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.

We may use our own technology or third party technology to track and analyze usage and volume statistical information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.

In particular, we use Google Analytics ("Google Analytics"), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as our processor. Google Analytics uses cookies to help us analyze how our websites are used, including the number of visitors, the websites visitors have come from, and the pages they visit. This information is used by us to improve our websites.

Salesforce may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.

Manage Settings: To manage the use of functional cookies on our websites, consult your individual browser settings for cookies. Note that opting out may impact the functionality you receive when using our websites.

  • To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.
  • To learn how to control functional cookies using your browser settings click here.
  • To learn how to manage privacy and storage settings for Flash cookies click here.

Targeting or Advertising cookies
We sometimes use cookies delivered by us or third parties to show you ads for our products that we think may interest you on any devices you may use and to track the performance of our advertisements. For example, in these cases, cookies may collect and remember information such as which browsers have visited our websites. The information provided to third parties does not include Personal Data, but this information may be re-associated with Personal Data after the Company receives it.

Salesforce also contracts with third party advertising networks that collect IP addresses and other information from web beacons (see below) on our websites, from emails, and on third-party websites. Advertising networks follow your online activities over time and across different sites or other online services by collecting device and usage data through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use, such as a desktop or laptop computer, smartphone or tablet. Third parties use this information to provide advertisements about products and services tailored to your interests. You may see their advertisements on other websites or mobile applications on any of your devices. This process also helps us manage and track the effectiveness of our marketing efforts.

Manage Settings: See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.

Data Retention

We will retain your Personal Data for as long as your account is active or as needed to provide you services. We will retain and use your Personal Data including your geolocation information as we in good faith believe it necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our web sites or Commerce Cloud Services; or (4) protect the personal safety or property of our users or the public.

The security of your Personal Data is important to us.  When you enter sensitive information on our order forms (including when we collect geolocation information), we encrypt the transmission of that information using Transport Layer Security (TLS). We utilize industry standard physical, technical, and administrative controls and procedures to safeguard the information we collect, to prevent unauthorized access or disclosure, to maintain data accuracy, and to allow only the appropriate use of your Personal Data. As no method of transmission over the Internet or method of electronic storage is completely secure, we cannot guarantee its absolute security.

We may post testimonials on our Corporate Sites for the benefit of our prospective clients, partners and employees. We receive express consent from the individuals whose Personal Data is posted along with the testimonial before it is posted to our Corporate Sites.  If you wish to update or delete your testimonial, you can contact us by filling out this form.

We provide forums and blogs as a means for our customers and other users of our Corporate Sites and Commerce Cloud Services to communicate. If you use a bulletin board, blog, forum or chat room on our Corporate Sites, you should be aware that any Personal Data you submit there can be read, collected or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information that you choose to submit in these forums. To request removal of your Personal Data from our blog or community forum, contact us by filling out this form. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

Our blog is also managed by a third party application that may require you to register to post a comment. We may not have access or control of the information posted to the blog. You may need to contact or login into the third party application if you want the Personal Data that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.

Data Integrity
Salesforce will take reasonable steps to ensure that Personal Data is accurate, complete, and current to its intended use. Salesforce will only use Personal Data in ways that are compatible with the purposes for which it was collected or subsequently authorized by you.

Enforcement and Verification
Salesforce regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or Salesforce's treatment of Personal Data filling out this form.

Changes to This Privacy Policy
The practices described in this Privacy Policy are the current Personal Data protection policies as of the date specified above. Salesforce reserves the right to modify or amend this Privacy Policy at any time. If we make any material changes to this Privacy Policy regarding our collection, use or disclosure of Personal Data, we will notify you by email or by means of a prominent notice on our Corporate Sites at least thirty (30) days prior to our implementation of such material changes.

Salesforce provides our customers with a hosted Commerce Cloud platform and application suite of services that facilitate functionality to support the development and management of Commerce Cloud Services. The Commerce Cloud Services are not a part of our Corporate Sites. Salesforce serves as a data processor for our customers who use these services as the data controllers. More specifically, Salesforce does not own the information that is submitted to our customers' websites. The information that is submitted to a web site of one of our customers will be subject to that customer's privacy policy. The following section of this policy discloses how Salesforce will process information for our customers. 

Commerce Cloud Services Customers’ Website Visitors
Salesforce processes Personal Data about a visitor to our customers' websites ("Visitors") on behalf of our customers for the purposes of providing the Commerce Cloud Services. Salesforce also processes that Personal Data on our own behalf to optimize our services. On certain pages, for example, a Visitor may be required by our customers to provide his/her Personal Data such as his/her name, address, phone number and e-mail address in order to complete a transaction or perform a requested service.

Salesforce may process Personal Information from our customers' employees for, among other things, application access and authentication.

Sharing and Onward Transfer
Sharing of Visitors' Personal Data
We may contract with third-party service providers to perform certain functions on behalf of our customers to enhance our existing product and service offerings, such as product and service support.

These third parties may have access to Visitors' Personal Information as necessary to permit them to perform their functions. They are bound by confidentiality agreements or similar contractual restrictions with respect to any information that is provided to them and they are prohibited from using the information for other purposes.

We do not share, sell, rent or trade Visitors’ Personal Data to third parties for their own marketing purposes. However, we may share or transfer your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites or services, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with a judicial proceedings, court order or legal process, and/or to respond to lawful requests.

Web Site / Cookies
In order to improve the content and format of our platform and applications, our Commerce Cloud Services use web site tracking software which allows our customers to automatically capture technical information that is then stored in our servers' log files. This information may include, but is not limited to, internet protocol (IP) addresses, user domain, the device type, the browser type, which of our customers' Web pages are visited, which products are viewed and added to a shopping cart, what products are purchased and the amount of time spent on our customers' sites. Our customers may combine this automatically collected log information with other information they collect about you as may be disclosed to you in our customers’ privacy policies. We may use this information to improve the Commerce Cloud Services we offer our customers as well as our marketing, analytics and site functionality and to analyze trends and gather demographic information about our user base as a whole. 

Our customers' website pages may contain "cookies." A cookie is a small amount of data which a Web site stores on a Visitor's computer, and which we or our customers can later retrieve. The cookie cannot be read by an entity other than us, our customer or one of our or our customers’ service providers. We and our customers use cookies for a number of administrative purposes, such as to store Visitors' preferences for certain kinds of information. Any use of cookies by our customers will be governed by our customers' privacy policies. 

To protect the confidentiality, integrity, and availability of Visitors' Personal Data that is processed by our services, Salesforce utilizes a variety of industry standard physical and logical access controls, firewalls, intrusion detection/prevention systems, network and database monitoring, and backup systems. We use SSL encrypted sessions when processing or transferring sensitive data through platform and applications.

We limit access to Visitors' Personal Information and data to those persons and entities who have a specific business purpose for maintaining and processing such information. Salesforce employees who have been granted physical access to a Visitor's Personal Information have been made aware of their responsibilities to protect the confidentiality, integrity, and availability of that information and have been provided training and instruction on how to do so.

Your Rights Relating to Customer Data

As described above, we may also process Visitors’ Personal Information in the role of a processor through our Commerce Cloud Services.  If your data has been submitted to us by a Salesforce customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with our customer directly. Because we may only access our customer’s data upon instruction from the respective customer, if you wish to make your request directly to us, please provide the name of the Salesforce customer who submitted your data when you contact us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

Data Retention
We retain your information for as long as instructed by our customers. We and our customers may retain and use your information as reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our rights and as otherwise set forth in our respective customer's privacy policy.

Contact Information

At any time you may contact Salesforce with questions or concerns about this Privacy Policy by filling out this form.
Written questions may also be submitted to:

Salesforce Data Protection Officer  
The Landmark @ One Market Street, Suite 300
San Francisco, CA 94105

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at or, if you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.  

Search terms must be at least 3 characters long