Privacy Policy

Effective Date: October 12th, 2021
To view previous versions, click here

Protecting your privacy is crucial for our business and we at commercetools are committed being a responsible, trustworthy custodian of our personal information. With this Privacy Policy we want you to better understand how we collect, use, protect, and share your personal data.  It describes the manner in which we collect, use, maintain, and may disclose personal data, within the contexts of visiting our websites, using our offerings through our website, and managing our relationships with prospects, customers, partners, suppliers, and other business partners.

 

Summary of Contents                                                            

1 General Information

1.1  Responsible Data Controller

1.2  Contact and Data Protection Officer

1.3  Data we are processing

1.4  Purpose of processing

1.5  Legal Basis (for EU/EEA data subjects)

1.6  Recipients of Data/Data Sharing

1.7  Transfer to third countries

1.8  Security

1.9  Duration of storage

1.10 Your Rights

2 Special Data Protection Notices

2.1  For Visitors to our Websites

2.1.1  Access Data and Log Files

2.1.2  Third Party Tools

2.1.3  Downloads of white papers and other publications

2.1.4  Event Application and Online Events

2.1.5  Online Job Applications

2.2  For Customers, Partners and Prospects

2.3  For Suppliers and Business Partners

3 Cookies and Similar Technology

3.1  General

3.2  Usage-based online marketing

3.3  Cookie List

4 Reservation of changes

1   General Information

As used in this Privacy Policy (“Policy”), ‘personal data’ or ‘personal information’ means information that relates to an identified or identifiable individual. For example, this could include among other things a name, address, email address, business contact details, or information gathered through interactions with us via our websites or through other channels. Personal data is also referred to as ‘information about you.

For purposes of this Policy, the terms “user,” “customer,” “you,” and “your” are meant to refer to the individuals whose personal information we may process or use, and at times may be used within the Policy interchangeably.

1.1 Responsible Data Controller

The responsible data controller for our websites (as defined in section 2.1.) is commercetools GmbH, located at Adams-Lehman-Str. 44 in 80979 Munich, Germany.

The responsible data controller may vary, however, depending on the actual offering or the purpose of the data collection, and a different one of our commercetools Group companies may be the responsible data controller. A list of our commercetools Group companies can be found here.

1.2  Contact and Data Protection Officer

If you have any questions concerning your privacy, please contact us at:

privacy@commercetools.com

If you have inquiries concerning personal data processed from individuals within Europe,  you may also contact our Data Protection Officer:

Martin Holzhofer
Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 München – Planegg
datenschutzbeauftragter-commercetools@holzhofer-consulting.de
Internet: https://www.holzhofer-consulting.de/

1.3  Data we are processing

commercetools may process information about you collected directly from you while visiting our websites, while using any of our offerings, while accessing our products and services, or during any other interaction with you. Information about you may also be collected by commercetools through selected third-party sources, such as official registries or service providers such as data aggregators who may not have a direct relationship with you.

Such information about you may include:

  • name and physical address, email addresses, and telephone number;

  • demographic attributes, when tied to personal information that identifies you;

  • photographs that identify you;

  • testimonials;

  • transactional data, including products and services ordered, financial details and payment methods;

  • company data such as the name, size and location of the company you work for and your role within the company, publicly available company information, and activity associated with company data;

  • data from surveys conducted by commercetools or by third parties on behalf of commercetools, and publicly available information such as social media posts; and

  • chat transcript data from sales and customer support calls and live chat sessions or interviews.

Certain information about you collected online is information about the device you use to access the internet and may originate from the use of cookies and similar technologies (for example, pixel tags and device identifiers) on our sites or sites of third parties. For more information on cookies and similar technologies, please see Section 3 below.

1.4  Purpose of processing

We may process information about you to: 

  • communicate and respond to your requests in inquiries and engage in transactions with customers, partners, suppliers, and business partners;

  • market our products, services, events, or related products and services and to tailor marketing and sales activities;

  • manage security of our websites, facilities, networks, and systems;

  • analyze, develop, improve, and optimize the use, function, and performance of our websites, products, and services, including conducting surveys for quality assurance, training, and marketing and sales campaigns; and

  • administer subscriptions to products, services, and newsletters.

Specific purposes for processing are described below in Section 2 (Special Data Protection Notices).

1.5  Legal Basis (for EU/EEA data subjects)

We collect and process information about you only in accordance with applicable European data protection law (such as the General Data Protection Regulation or “GDPR”) if:

  • necessary for the performance of a contract with you or in order to take steps prior to entering into a contract (Art 6 (b) GDPR);

  • necessary for the purposes of our legitimate interests or such legitimate interest of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art.6 (1) lit (f) GDPR; or

  • we have your explicit consent to do so (Art.6 (1) lit (a) GDPR).

In some cases, we may also collect and process such information if necessary for compliance with legal obligations or to protect your vital interests or those of another person.

1.6  Recipients of Data/Data Sharing

Contract Processing by third parties (Service Providers)

We engage certain trusted third party service providers, including without limitation cloud services, hosting and maintenance services, customer relationship management services including database storage and management, and services for direct marketing campaigns. More detailed information can be found below under Section 2 (Special Data Protection Notices).

These service providers process information about you on our behalf, based on our instructions, and are contractually required to comply with applicable data protection laws.

Affiliated entities within commercetools Group companies

As a global company we also share information about you with affiliated companies within the commercetools Group. A list of commercetools Group companies can be found here.

Public bodies, pursuant to legal requirements

commercetools may transfer personal data to courts of law, supervisory authorities or law practices where such is legally permissible and necessary for compliance with applicable law or in order to assert, exercise or defend against legal claims.

commercetools may also share data with third parties in the course of transfer of function in which case the recipient will act as controller.

1.7  Transfer to third countries

Cross-border transfer of information about you to countries outside the European Union or the European Economic Area (EU/EEA) will be made based on one of the following mechanisms:

  • an adequacy decision of the European Commission, in which it has decided that the third country in question ensures adequate level of protection

  • European Commission Standard Contractual Clauses under the GDPR

  • Any applicable certification mechanism in accordance with GDPR Art. 42

Data transfers to countries outside of the EU/EEA may take place within the context of our global sales, marketing and support services, our customer relationship management via commercetools Group companies located outside the EU/EEA, or in the course of using our central IT services  at the commercetools Group as well as use of third party service providers (detailed information provided below in section 2). If no other transfer mechanism is applicable, such transfer is based on the European Commission Standard Contractual Clauses.

1.8  Security

commercetools takes suitable technical and organisational measures to protect personal data from loss, destruction, manipulation, and unauthorised access.

Information about our security measures can be found here

1.9  Duration of storage

Personal data will only be processed for as long as is necessary to satisfy the specific purposes, or as stipulated by the mandatory retention periods under applicable law. After the specific purpose no longer applies or after the expiry of the mandatory retention periods, the data will be erased in accordance with the statutory provisions.

1.10 Your Rights

You have the right at any time to exercise your rights as a data subject, which include:

  • Right to information according to Art. 15 GDPR.

  • Right to rectification according to Art. 16 GDPR.

  • Right to erasure according to Art. 17 GDPR.

  • Right to restriction of processing according to Art. 18 GDPR.

  • Right to data portability according to Art. 20 GDPR.

  • Right to object according to Art. 21 GDPR.

Should you wish to exercise your rights, please submit your requests by email to privacy@commercetools.com or by post to the address stated under above section 1 (General).

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77(1) GDPR. For further information, contact the competent supervisory authority in your region.

For commercetools GmbH the applicable supervisory authority is:

The Data Protection Authority of Bavaria
Postfach 606, 91511 Ansbach; phone: +49 (0) 981 53 1300,
Email: poststelle@lda.bayern.de

Your California Privacy Rights: 

In addition to any other rights provided for herein, if you live in California and have an established business relationship with us, you can request a list of third parties with which we have shared information about you for their marketing purposes. You can make such request one time each year. To exercise your rights, you can email us at privacy@commercetools.com or write to us at the address here. We will respond within 30 days.

You may also request that we provide you with an accounting of your personal information held by commercetools. You may also request that commercetools delete your personal information. You may submit such requests to privacy@commercetools.com. Upon verification of your identity and within 45 days, we will provide you with a paper copy of your personal information via the United States Postal Service.

commercetools will not discriminate against any end user for exercising their rights under the California Consumer Privacy Act. commercetools does not sell your personal information, as those terms are defined under the California Consumer Privacy Act.

2   Special Data Protection Notices

2.1  For Visitors to our Websites

commercetools GmbH operates several websites, including but not limited to commercetools.com or modern-commerce-day.com  (hereafter „the Websites“) and wants to inform you in the following sections of the Privacy Policy of the extent to which information about you is processed through the Websites and the purposes for which such information is used.

Websites also include various sub-domains (for instance docs.commercetools.com) or other domains, and many of these are governed by this Policy. In the case of websites which are not governed by this Policy, their own respective data protection provisions apply.

Your personal data will not be processed to execute automated case-to-case decisions, including profiling pursuant to Art. 22 (1) and (4) GDPR.

2.1.1 Access Data and Log Files

For technical reasons, commercetools processes a limited amount of data for every instance of access to a website (so-called connection data).

In doing so, the following data or data categories can be collected:

  • Name of the website or file accessed

  • Date and time of access

  • Volume of data transferred

  • Access status (file transferred, file not found, e.g.)

  • Browser type and version

  • The user’s operating system

  • Referrer URL (the website visited previously)

  • IP address

These data are technically required in order to establish and execute a connection between your end device and our servers. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG (the German law pertaining to telemedia). After the connection has ended, these data are erased or made anonymous and are not used to generate user profiles.

2.1.2 Third Party Tools

Our websites enable you as a visitor to learn more about our business, download content, and provide us with your contact and other demographic information.

In order for us to provide the best possible services in line with your interests in our business, we share information about you with third party service providers. They can be used by us to determine your interest in our services and to connect with you.

Our legitimate interest in using these services is the optimization of our marketing efforts and the improvement of our service quality on the websites. Such third-party service providers include but are not limited to:

Hubspot

On our websites we use HubSpot for our online marketing activities. HubSpot is a US-based software company with a presence in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. Hubspot is an integrated software solution that covers various aspects of our online marketing. These include: E-mail marketing (newsletters and automated mailings, e.g. for the provision of event details), social media publishing & reporting, reporting (e.g. traffic sources, access, etc.), contact management (e.g. user segmentation & CRM), and landing pages and contact forms.

This information and contents of our website are stored on servers of our software partner HubSpot.  HubSpot is certified under the terms of the “EU – US. Privacy Shield Framework ” and governed by the TRUSTe’s Privacy Seal as well as the  “U.S. – Swiss Safe Harbor“ Framework.

More about the HubSpot Privacy Policy.

More information from HubSpot regarding the EU Privacy Policy.

More information about the cookies used by HubSpot can be found here and here.

Showpad

Among the service providers we use is Showpad, a sales enablement and marketing tool.

If you have requested to receive content presented to you via Showpad, certain information will be required to provide you with access to the Showpad platform and the requested content. Showpad will log your email address and track your activity regarding the Content you receive – in particular your interactions with the content (e.g., clicks, time spent, downloads and sharing). Tracking occurs only for our use and benefit, so we understand how the content is used, allowing us to have a more personalized interaction with you. To review how Showpad uses any personal information it collects when you access any content, see https://www.showpad.com/privacy-policy.

2.1.3 Downloads of white papers and other publications

Our Websites enable you to learn more about our business and download content. In doing so, we ask you to provide us with you contact information and other demographic information about you. The following information about you will be collected and processed in accordance with this Policy:

Contact information such as first names and surnames, business addresses, business phone numbers, business mobile phone numbers, business fax numbers and business email addresses.

2.1.4 Event Application and Online Events

On our website, www.modern-commerce-day.com we use the third-party service offered by Bizzabo Inc., registered office at 31 W 27th St 10th Floor, New York, NY 10001.
Our legitimate interest in using this online platform for online events and event registration is the improvement of the quality and availability of our service and event experience. Bizzabo is processing our personal data only on our behalf to the extent necessary for the provision of the service. The platform (Bizzabo) may use cookies. More information about Bizzabo´s data privacy policies can be found under https://www.bizzabo.com/privacy and https://www.bizzabo.com/cookie-policy.

2.1.5 Online Job Applications

It is particularly important to us to ensure the highest possible protection of your personal data when you apply for a job. All personal data collected and processed as part of an application process are protected against unauthorized access and manipulation by technical and organizational measures.

We need your personal data in the application documents in order to consider you as an applicant in the application process and to check whether you can be considered as an employee of our company. If you provide information that goes beyond this required information, you are providing it to us voluntarily and agree to its processing.

The legal bases for the processing are Art. 6 (1), a and b GDPR as well as § 26 seq. 1 sent. 1 BDSG. The withdrawal of any consent provided to us is possible at any time by sending an email e-mail to privacy@commercetools.com.

After completion of the application process, we will store your documents for another 180 days for evidence purposes.

For a possible conclusion of a contract, it is necessary that you provide us with your personal data in the application documents. Otherwise, we will not be able to consider you in the application process.

Greenhouse

In order for us to provide you with the best possible services during an application process, we use the HR tool of Greenhouse Software, Inc. (18 West 18th Street, 11th Floor, New York, NY 10011 USA). We have concluded a data processing agreement for this purpose. Therefore, Greenhouse Software, Inc. may only process the data according to our instructions and not for its own purposes. We have also entered into the European Commission’s standard contractual clauses with Greenhouse Software, Inc.

More information about Greenhouse and its data privacy policy can be found here.

2.2  For Customers, Partners and Prospects

In order to carry out sales and marketing activities with prospects, customers and partners, we, as well as contracted third-party service providers, process the following data:

  • Contact information such as first names and surnames, business addresses, business phone numbers, business mobile phone numbers, business fax numbers, and business email addresses;

  • Other information that needs to be processed in the course of the project or for the performance of a contractual relationship with commercetools, or that has been provided voluntarily by our contacts, e.g. orders, requests, or project details; and

  • information obtained from public sources, information databases, or credit rating agencies.

In the case of a contract with you, the legal basis for data processing is Article 6(1) lit. b) GDPR.

The legal basis for data processing in case of you having given us consent is Article 6(1) lit. a) GDPR. According to Article 7 GDPR, you can always revoke your given consent with effect for the future under the e-mail address specified above.

Without a separate consent, the legal basis may also be our legitimate interest for the purpose of direct addressing (pursuant to Article 6(1) lit. (f) GDPR and Article 95 GDPR, Section 7 (3) UWG) unless your fundamental rights and freedoms are in conflict. You may object to such processing at any time with future effect by contacting us at the e-mail address specified above.

In order to improve of our service quality we use third party service providers such as but not limited to:

Salesforce

We use the CRM system of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, a subsidiary of salesforce.com, Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA (“Salesforce”) to process personal information related to sales (name, contact information, company, job title, and other information) in order to follow up on inquiries and sales to our customers or potential customers. We use it to collect information for sales and marketing purposes, to make customer communications relevant, and to help us understand the performance of our marketing campaigns.

Outreach

Among the service providers to optimize our relationship with prospects we use is Outreach, a customer engagement platform provided by Outreach Corporation, 333 Elliott Ave W #500 Seattle, WA 98119. We have concluded a data processing agreement for this purpose. Therefore, information about you is processed according to our instructions. We have also entered into the European Commission’s standard contractual clauses with Outreach.

More information about Outreach data security and its data privacy policy can be found here and here.

Strikedeck

We use the CRM system of Strikedeck (a Medallia company) located at Medallia, Inc., 575 Market St., Suite 1850, San Francisco, CA 94105, USA (“Strikedeck”) to process personal information related our customer relationship with you (name, contact information, company, job title and others). We have concluded a data processing agreement for this purpose. Therefore, information about you is processed according to our instructions. We have also entered into the European Commission’s standard contractual clauses with Strikedeck. More information about Strikedeck´s data security and its data privacy policy can be found here and here.

2.3  For Suppliers and Business Partners

In order to maintain relationships with our suppliers and business partners, we, as well as contracted third-party service providers, process the following data:

  • Contact information such as first names and surnames, business addresses, business telephone numbers, business mobile telephone numbers, business fax numbers, and business email addresses;

  • Payment data such as details that are necessary for the processing of payment transactions or for the prevention of fraud;

  • Other information that needs to be processed in the course of the project or for the performance of a contractual relationship with commercetools, or that has been provided voluntarily by our contacts, e.g. orders, requests or project details, and information obtained from public sources, information databases or credit rating agencies.

The processing of personal data is necessary for the fulfilment of the aforementioned purposes, including the contractual business relationships with the supplier or business partner. In general, you are required to provide the above-mentioned information about you if you submit or make a contractual offer, otherwise it will not be possible to enter into or perform a contract.

In the case of a contract with you, the legal basis for data processing is Article 6(1) lit. b) GDPR, in order to contact you in the context of contract execution.

The legal basis for data processing in case of you having given us consent is Article 6(1) lit. a) GDPR. According to Article 7 GDPR, you can always revoke your given consent with effect for the future under the e-mail address specified above.

Without a separate consent, the legal basis may also be our legitimate interest for the purpose of direct addressing (pursuant to Article 6(1) lit. f) GDPR and Article 95 GDPR, Section 7 (3) UWG) unless your fundamental rights and freedoms are in conflict. You may object to such processing at any time with future effect by contacting us under the e-mail address specified above.

 

3   Cookies and Similar Technology

3.1  General

On our websites, we use cookies to improve the quality of the websites and services provided to you. Cookies are text files which enable device-specific information to be stored on the end device used. This information is necessary in order to offer the products of the information society on our websites as well as to be able to provide proper functioning of the website. This includes the localisation of errors as well as their correction. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG (the German law pertaining to telemedia).

First-Party Cookies + Third-Party Cookies

  • Strictly necessary

  • Functional

  • Performance

  • Marketing

  • Social-Media

If you would like to stop the use of cookies, all current browsers offer corresponding settings to block and erase cookies. Blocking cookies can however mean that the website cannot be used or cannot be used in full. Generally, you can stop cookies from being stored on your hard drive by choosing the browser setting “block cookies”. You can set up your browser so that it asks you whether you wish to accept cookies before they are installed. Ultimately, you can delete installed cookies at any time. To see how this works, please consult your browser’s help pages. If you block all cookies, this can restrict some of the website’s functions. Please note that if you delete all cookies, you may have to re-install previously installed cookies.

You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the “cookie settings” button below:

3.2  Usage-based online marketing

At this point we wish to inform you in detail about usage-based online marketing. Our websites record and process your user behaviour anonymously. As a user, you benefit from this because you receive advertising that matches your fields of interest and thus, less random advertising is delivered to you. To record your user behavior, a cookie is stored on your computer. To improve our marketing activities according to your interests, we use the following tools:

  • Google AdWords Conversion

  • Google Dynamic Remarketing

  • Twitter Advertising

  • Facebook Advertising

  • LinkedIn Advertising

  • Hubspot

  • Google Analytics

  • Google Tag Manager

  • Google Ad Manager

Information on your activities on our website (e.g. surfing behavior, the sub-pages of the internet offer that you visited) is recorded.

Google Analytics

For the needs-based design of our website, we create pseudonymous user profiles with the aid of Google Analytics.

Google Analytics uses cookies, text files stored on your computer that enable analysis of your use of the website. Normally, the information generated by the cookie about your use of this website is transmitted to a Google server in the United States and stored there. Since we have activated IP anonymization on this website, your IP address will however be abbreviated beforehand within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address conveyed to a Google server in the United States and only abbreviated there. Google uses this information to evaluate your use of our website for us, to compile reports on the activities of website operators, and to provide us with other services in conjunction with the use of websites and the Internet.

The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG (the German law pertaining to telemedia). You may object to the creation of user profiles using a pseudonym at any time. To exercise your right to object, click the cookie settings:

Facebook Custom Audiences

We also use Facebook communications tools for usage-based online advertising, especially Custom Audiences and Website Custom Audiences.

Basically, a non-reversible and non-personal related hash value is generated from your user data, which can be conveyed to Facebook for analysis and marketing purposes. The Facebook cookie is targeted for Website Custom Audiences. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG (the German law pertaining to telemedia). You will find more information on the purpose and scope of data collection and on the further processing and use of data by Facebook, as well as about the possible settings options to protect your privacy, from Facebook’s data privacy guidelines which you may review here.

3.3  Cookie List

4   Reservation of Changes

This Policy is subject to an on-going review and commercetools reserves the right to make changes at any time. Such changes will be published accordingly on this website.