Privacy Policy
BigCommerce Company Store Privacy Policy
Date of Last Revision: March 4, 2021
BigCommerce wants to help you better understand how we collect, use, protect, and share your Personal Data. This BigCommerce Company Store Privacy Policy (“Store Privacy Policy”) is designed to help you understand your privacy choices when you visit our BigCommerce Company Store website (“Store Website” or “Company Store”) or purchase BigCommerce branded products through the Store Website (“Products”). This Store Privacy Policy is incorporated into, and forms an integral part of, the BigCommerce Company Store Agreement (“Agreement”). The meaning of any capitalized term can be found in the Definitions section below. Other terms may be defined in the Agreement. Please note, this Store Privacy Policy does not apply to any third-party websites, products, or information that we do not own or control. We encourage you to read this Store Privacy Policy carefully and take the time to get to know our practices. If you have questions about this Store Privacy Policy or our privacy practices, please contact us at privacy@bigcommerce.com.
Privacy Shield Notice: BigCommerce complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. BigCommerce has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and will do so with respect to transfers of Personal Data from the United Kingdom to the United States. If there is any conflict between the terms in this Store Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce site at https://www.privacyshield.gov/. BigCommerce is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
1. Definitions.
Privacy Shield Notice: BigCommerce complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. BigCommerce has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and will do so with respect to transfers of Personal Data from the United Kingdom to the United States. If there is any conflict between the terms in this Store Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce site at https://www.privacyshield.gov/. BigCommerce is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
1. Definitions.
1.1. “Account Information” means information provided when creating a Company Store account, as well as when the account is accessed and the features used.
1.2. “Automated Decision Making” means a decision made solely by automated means without human involvement.
1.3. “Browser Information” means information provided by a browser, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
1.4. “Contact Information” means basic personal details, including such information as first and last name, company name, email address, postal address, phone number, and may include social media account information.
1.5. “Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
1.6. “Cookie” means a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier that is accessible by the website that placed it there, but is not accessible by other sites.
1.7. “Device Information” means information collected from any device used to access our Store Website, such as device ID number, model, and manufacturer, version of your operating system, and geographical region.
1.8. “Payment Information” means, for example, credit card, ACH, or other payment information.
1.9. “Personal Data” or “Personal Information” means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
1.10. “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, alteration, collection, organization, recording, retrieval, storage, transmission, and use.
1.11. “Processor” means the entity which processes Personal Data on behalf of the Controller.
1.12. “Security Information” means user ID, password and password hints, and other security information used for authentication and account access.
1.13. “Support Information” includes authentication information, chat session contents, emails, and other communications with our personnel.
1.14. “Transaction Information” means information related to transactions that occur on the Store Website, including product, order, and shipping information, Contact Information, and Payment Information.
1.15. “Usage Information" means information collected when you interact with the Store Website, including functionalities accessed, pages visited, and other interaction related information.
1.2. “Automated Decision Making” means a decision made solely by automated means without human involvement.
1.3. “Browser Information” means information provided by a browser, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
1.4. “Contact Information” means basic personal details, including such information as first and last name, company name, email address, postal address, phone number, and may include social media account information.
1.5. “Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
1.6. “Cookie” means a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier that is accessible by the website that placed it there, but is not accessible by other sites.
1.7. “Device Information” means information collected from any device used to access our Store Website, such as device ID number, model, and manufacturer, version of your operating system, and geographical region.
1.8. “Payment Information” means, for example, credit card, ACH, or other payment information.
1.9. “Personal Data” or “Personal Information” means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
1.10. “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, alteration, collection, organization, recording, retrieval, storage, transmission, and use.
1.11. “Processor” means the entity which processes Personal Data on behalf of the Controller.
1.12. “Security Information” means user ID, password and password hints, and other security information used for authentication and account access.
1.13. “Support Information” includes authentication information, chat session contents, emails, and other communications with our personnel.
1.14. “Transaction Information” means information related to transactions that occur on the Store Website, including product, order, and shipping information, Contact Information, and Payment Information.
1.15. “Usage Information" means information collected when you interact with the Store Website, including functionalities accessed, pages visited, and other interaction related information.
2. Information Collected. When you visit the Store Website, purchase Products on the Store Website, or engage in communications with us online or offline, we may collect and control information such as Account Information, Browser Information, Contact Information, Payment Information, Support Information, Device Information, Security Information, Usage Information, and set a Cookie.
3. Information Usage. We use this information to confirm identities, support, process, and fulfill Product purchases and payment for such purchases, improve and personalize our services, manage risk and fraud, and to comply with legal requirements. We may use this information in other cases where we have received express consent.
4. Account Communications. We send certain required communications, such as receipts, shipping notifications, and other required notices and information regarding the Products you have purchased. You may not opt out of receiving legally required communications if you purchase Products from us.
6. Information Sharing. We may access, transfer, disclose, share, and/or preserve Personal Data consistent with the collection and usage of information identified above, and in the following circumstances:
3. Information Usage. We use this information to confirm identities, support, process, and fulfill Product purchases and payment for such purchases, improve and personalize our services, manage risk and fraud, and to comply with legal requirements. We may use this information in other cases where we have received express consent.
4. Account Communications. We send certain required communications, such as receipts, shipping notifications, and other required notices and information regarding the Products you have purchased. You may not opt out of receiving legally required communications if you purchase Products from us.
6. Information Sharing. We may access, transfer, disclose, share, and/or preserve Personal Data consistent with the collection and usage of information identified above, and in the following circumstances:
5.1. Compliance. If we have a good faith belief that doing so is necessary to: (i) comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; or (ii) protect the rights or property of BigCommerce, including enforcing the terms of the Agreement.
5.2. Protection. If we have a good faith belief that doing so is necessary to: (i) prevent spam or attempts to defraud us or users of our services, or in response to threats to the safety of any person; (ii) operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
5.3. Affiliates. We share Personal Data among BigCommerce-controlled affiliates and subsidiaries.
5.4. Service Providers. BigCommerce may from time to time use third-party service providers, data processors, contractors, and other businesses to assist us to confirm identities, support, process, and fulfill Product purchases and payments for such purchases, manage risk and fraud, manage the Store Website, and for other purposes consistent with this Store Privacy Policy.
5.5. Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
5.6. Merger; Sale. We may also disclose Personal Data as part of a corporate transaction, such as a merger or sale of assets.
5.2. Protection. If we have a good faith belief that doing so is necessary to: (i) prevent spam or attempts to defraud us or users of our services, or in response to threats to the safety of any person; (ii) operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
5.3. Affiliates. We share Personal Data among BigCommerce-controlled affiliates and subsidiaries.
5.4. Service Providers. BigCommerce may from time to time use third-party service providers, data processors, contractors, and other businesses to assist us to confirm identities, support, process, and fulfill Product purchases and payments for such purchases, manage risk and fraud, manage the Store Website, and for other purposes consistent with this Store Privacy Policy.
5.5. Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
5.6. Merger; Sale. We may also disclose Personal Data as part of a corporate transaction, such as a merger or sale of assets.
6. Automated Decision-Making. Some Personal Data may be used in Automated Decision Making to help us screen accounts for risk, fraud, or abuse concerns. You can contest or dispute such a decision by reaching out to our 24/7 customer support team here. Subject to applicable law, we can provide you with details underlying the automated decision-making review and rectification of any inaccuracies.
7. Cookies.
7. Cookies.
7.1. Usage. BigCommerce and its third-party service providers use cookies, web beacons, and similar tracking technologies to recognize you when you visit our website, remember your preferences, and give you a personalized experience. When you visit our websites, we, or an authorized third-party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
7.2. Persistence. We use both session-based and persistent cookies on our websites. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. A website may set a cookie if the browser’s preferences allow it. A browser only permits a website to access the cookies that it has set, not those set by other websites.
7.3. Types.
7.2. Persistence. We use both session-based and persistent cookies on our websites. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. A website may set a cookie if the browser’s preferences allow it. A browser only permits a website to access the cookies that it has set, not those set by other websites.
7.3. Types.
i. Essential. These cookies are necessary for our website to work as intended.
ii. Functional. These cookies enable enhanced functionality, like videos and live chat. Without these cookies, certain functions may become unavailable.
iii. Analytics. These cookies provide statistical information on site usage. For example, these cookies enable web analytics that allow us to improve our website over time.
iv. Targeting and Advertising. These cookies are used to create profiles or personalize content to enhance your experience.
v. Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings. Please use the following links for further instructions:
a. Apple Safari
b. Google Chrome
c. Microsoft Internet Explorer
d. Microsoft Edge
e. Mozilla Firefox
ii. Functional. These cookies enable enhanced functionality, like videos and live chat. Without these cookies, certain functions may become unavailable.
iii. Analytics. These cookies provide statistical information on site usage. For example, these cookies enable web analytics that allow us to improve our website over time.
iv. Targeting and Advertising. These cookies are used to create profiles or personalize content to enhance your experience.
v. Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings. Please use the following links for further instructions:
a. Apple Safari
b. Google Chrome
c. Microsoft Internet Explorer
d. Microsoft Edge
e. Mozilla Firefox
8. Information Protection. We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. These security measures include access controls, encryption, and firewalls. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by independent third-party qualified security assessors against the ISO 27001 security standard. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data. While we are dedicated to securing our website and services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a third party based on an account connection that you have authorized.
9. Accountability for Onward Transfer (EEA and UK visitors).
9. Accountability for Onward Transfer (EEA and UK visitors).
9. 1. Privacy Shield. We provide services around the world. To provide our services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. As a participant in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
9.2. Standard Contractual Clauses. For third-country transfer outside the EU/EEA we also use the Standard Contractual Clauses adopted by the EU Commission as an adequate level of protection.
9.3. Data Processors. We will only share or disclose Personal Data with Processors that are contractually obligated to provide at least the same level of privacy protection required by the principles underlying the Privacy Shield and the Standard Contractual Clauses. Furthermore, we will obligate any Processor to the specified, explicit and legitimate purposes consistent with your consent.
9.4. Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
9.5. Lawful Basis. We generally collect personal data from you only where (i) we need the personal information to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
9.6. Notice. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
9.7. Legitimate Interest. If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities (e.g. checking your identity or fraud prevention).
9.8. Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided below.
9.2. Standard Contractual Clauses. For third-country transfer outside the EU/EEA we also use the Standard Contractual Clauses adopted by the EU Commission as an adequate level of protection.
9.3. Data Processors. We will only share or disclose Personal Data with Processors that are contractually obligated to provide at least the same level of privacy protection required by the principles underlying the Privacy Shield and the Standard Contractual Clauses. Furthermore, we will obligate any Processor to the specified, explicit and legitimate purposes consistent with your consent.
9.4. Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
9.5. Lawful Basis. We generally collect personal data from you only where (i) we need the personal information to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
9.6. Notice. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
9.7. Legitimate Interest. If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities (e.g. checking your identity or fraud prevention).
9.8. Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided below.
10. California Consumer Privacy Act.
10.1. CCPA Rights. The California Consumer Privacy Act (the “CCPA”) provides certain rights to California consumers, including the following:
a. Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
b. Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you.
c. Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
d. These rights are not absolute, and there may be cases when we decline your request as permitted by law.
b. Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you.
c. Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
d. These rights are not absolute, and there may be cases when we decline your request as permitted by law.
10.2. Disclosures. BigCommerce does not sell Personal Information. We share Personal Information with authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information.
10.3. Information Collected. We collect the following types of information from you, your device(s), or from third parties:
10.3. Information Collected. We collect the following types of information from you, your device(s), or from third parties:
a. identifiers, such as Browser Information, Device Information, and Security Information;
b. commercial information, such as Account Information, Contact Information, Transaction Information, and Usage Information;
c. internet or network information, such as Browser Information and Device Information;
d. geolocation data, such as Browser Information and Device Information;
e. financial information, such as Payment Information;
f. other Personal Information, such as Support Information; and
g. information derived from other categories, which could include your preferences, interests, and other information used to personalize your experience.
b. commercial information, such as Account Information, Contact Information, Transaction Information, and Usage Information;
c. internet or network information, such as Browser Information and Device Information;
d. geolocation data, such as Browser Information and Device Information;
e. financial information, such as Payment Information;
f. other Personal Information, such as Support Information; and
g. information derived from other categories, which could include your preferences, interests, and other information used to personalize your experience.
10.4. We may disclose this Personal Information for the business purposes described in this Privacy Policy, such as disclosures to service providers that assist us with securing our services or marketing our products.
10.5. Right to Know; Deletions. To exercise your “right to know” or your “right to request deletion,” contact us here. To protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.
10.5. Right to Know; Deletions. To exercise your “right to know” or your “right to request deletion,” contact us here. To protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.
11. Access to Your Personal Data. We understand that you have rights over your Personal Data, and provide reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your Personal Data. This includes the right to withdraw, at any time, your consent for our collection and use of your Personal Data; however, we may continue to use, process, and retain Personal Data until completion of your purchase transaction(s), and as otherwise required or permitted by law or governmental authority. You are able to update many types of collected Personal Data directly within your account. Please contact us if you are unable to access or otherwise change your Personal Data within your account, or if you are concerned about other data collected.
12. Enforcement; Recourse. In compliance with the Privacy Shield Principles, BigCommerce commits to resolve complaints about our collection or use of your Personal Data. BigCommerce will respond to any such inquiries or complaints within forty-five (45) days. If BigCommerce fails to respond, or its response is insufficient or does not address the concern, BigCommerce has registered with the Association of National Advertisers (ANA) to provide independent third-party dispute resolution at no cost to the complaining party. To contact ANA and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please either write ANA at the address below, or visit https://thedma.org/resources/consumer-resources/privacyshield-consumers/.
Association of National Advertisers
Attn: Privacy Shield
225 Reinekers Lane, Suite 325
Alexandria, Virginia 22314
Complaining parties may also, in absence of a resolution by BigCommerce and ANA, seek to engage in binding arbitration through the Privacy Shield Panel. Additionally, you may have the right to make a complaint with the Data Protection Authority in your country.
13. Compliance Review. BigCommerce commits to periodically reviewing and verifying the accuracy of this Store Privacy Policy, the company’s compliance with the Privacy Shield Principles, and remedying any issues identified. All employees of BigCommerce that have access to Personal Data covered by this Store Privacy Policy are responsible for conducting themselves in accordance with this Privacy Policy. Failure of a BigCommerce employee to comply with this Privacy Policy may result in disciplinary action.
14. Contacting Us. For any inquiries or complaints regarding this Store Privacy Policy, please email us at privacy@bigcommerce.com, or write us at:
BigCommerce, Inc.
Attention: General Counsel
11305 Four Points Drive
Austin, TX 78726 U.S.A.
12. Enforcement; Recourse. In compliance with the Privacy Shield Principles, BigCommerce commits to resolve complaints about our collection or use of your Personal Data. BigCommerce will respond to any such inquiries or complaints within forty-five (45) days. If BigCommerce fails to respond, or its response is insufficient or does not address the concern, BigCommerce has registered with the Association of National Advertisers (ANA) to provide independent third-party dispute resolution at no cost to the complaining party. To contact ANA and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please either write ANA at the address below, or visit https://thedma.org/resources/consumer-resources/privacyshield-consumers/.
Association of National Advertisers
Attn: Privacy Shield
225 Reinekers Lane, Suite 325
Alexandria, Virginia 22314
Complaining parties may also, in absence of a resolution by BigCommerce and ANA, seek to engage in binding arbitration through the Privacy Shield Panel. Additionally, you may have the right to make a complaint with the Data Protection Authority in your country.
13. Compliance Review. BigCommerce commits to periodically reviewing and verifying the accuracy of this Store Privacy Policy, the company’s compliance with the Privacy Shield Principles, and remedying any issues identified. All employees of BigCommerce that have access to Personal Data covered by this Store Privacy Policy are responsible for conducting themselves in accordance with this Privacy Policy. Failure of a BigCommerce employee to comply with this Privacy Policy may result in disciplinary action.
14. Contacting Us. For any inquiries or complaints regarding this Store Privacy Policy, please email us at privacy@bigcommerce.com, or write us at:
BigCommerce, Inc.
Attention: General Counsel
11305 Four Points Drive
Austin, TX 78726 U.S.A.