Date of Last Revision: September 10, 2019
BigCommerce is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
- Information Types.
- “Account Information” means data about how and when a BigCommerce account is accessed and the features used.
- “Browser Information” means provided by a browser, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
- “Contact Information” means basic personal details, including such information as first and last name, company name, email address, postal address, phone number, and may include social media account information.
- “Device Information” means information about your device, such as device ID number, model, and manufacturer, version of your operating system and geographical region, collected from any devices when accessing our website, using the Mobile App, or any of our Services.
- “Mobile App” means the BigCommerce Mobile Application available through third-party app stores for mobile devices.
- “Payment Information” means, for example, credit card, ACH or other payment information.
- “Security Information” means user ID, password and password hints, and other security information used for authentication and account access.
- “Support Information” includes hardware, software, authentication data, chat session contents, error reports, performance data, and other communication or technical information and may, with express permission, include remote access to facilitate troubleshooting.
- “Usage Information" means information collected when you interact with the BigCommerce website, mobile application or any of our services, including functionalities accessed, pages visited, and other interaction data.
- “Transaction Information” means the data related to transactions that occur on our platform, including product, order, shipping information, Contact Information, and Payment Information.
- “Automated Decision Making” means a decision made solely by automated means without human involvement.
- “Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
- “Cookie” a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier that is accessible by the website that placed it there, but is not accessible by other sites.
- “Merchant” means an entity that has used or is using Services the for ecommerce.
- “Partner” means a separate legal entity that is a participant in our Agency Partner Program, our Technology Partner Program or other third-party technology integration with the BigCommerce platform, a theme designer, reseller, or referrer of the Services.
- “Personal Data” means any information relating to an identified or identifiable natural person identifiable information under applicable data protection laws and regulations.
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, alteration, collection, organization, recording, retrieval, storage, transmission, and use.
- “Processor” means the entity which processes Personal Data on behalf of the Controller
- “Sensitive Personal Data” means any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health or a natural person’s sex life and/or sexual orientation.
- “Shopper” means an entity that interacts with the ecommerce offering of a Merchant through the BigCommerce platform.
- Merchant Policies. Merchants should help Shoppers understand how the Merchant, BigCommerce and relevant third parties collect and process Shoppers’ Personal Data. To that end, Merchants must:
- process Personal Data in accordance with applicable laws and, to the extent required under such laws, provide notice to and obtain informed consent from Shoppers for the use and access of their Personal Data by BigCommerce and other third parties; and
- if the Merchant is collecting any Sensitive Personal Data from Shoppers, obtain affirmative, explicit, and informed consent and allow such Shoppers to revoke their consent to the use and access of Sensitive Personal Data at any time.
- Information Collected.
- When a Merchant interacts with our Website, for example, by signing up for a trial, a subscription, or a newsletter, or performing transactions, BigCommerce may collect and control information such as Account Information, Browser Information, Contact Information, Payment Information, Support Information, Device Information, Security Information, Usage Information and set a Cookie.
- When a Merchant interacts with our Mobile App, BigCommerce may collect and control information such as Account Information, Contact Information, Device Information, Usage Information and Security Information.
- Information Usage. We use this information to provide Merchants with our Services, confirm identities, provide support such as debugging, troubleshooting, automated decision making such as the detection of fraudulent account creation when signing up for our service, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and Services, to improve and personalize our Services, such as push notifications regarding your store activities, and to comply with legal requirements. We may use this information in other cases where we have received express permission.
- Information Collected. When a Partner signs up for a partner account or signs up a Merchant for our Services, BigCommerce may collect and control information such as Account Information, Browser Information, Contact Information, Payment Information, Support Information, Security Information, and Usage Information.
- Information Usage. We use this information to provide Partners with our Services, confirm identities, provide support, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and Services, to improve and personalize our Services, and to comply with legal requirements. We may use this information in other cases where we have received express permission.
- Information Collected. When Shoppers interact with a Merchant’s ecommerce offering through the BigCommerce platform, we may collect and process Browser Information and Transaction Information of the Shopper on behalf of the Merchant.
- Information Usage. We use this information as a Processor to provide our Services to Merchants, support and process orders, improve and personalize our Services, and manage risk and fraud.
- Information Collected. When visitors browse our Website, or engage in communications with us online or offline, we may collect and control, as applicable, Browser Information, Support Information, Contact Information, and Usage Information submitted or communicated to us.
- Information Usage. We use this information to provide our Services, and improve and personalize communications, interactions, our Services, and provide support if needed.
- Promotional. We may deliver and personalize our communications with Merchants, Partners, and visitors. For example, we may notify a Merchant by email or other means when a subscription is ending, or invite the recipient to participate in a survey. For information about managing email subscriptions and promotional communications, please go to our email preferences page.
- Account. We send certain required communications, such as account notices or information, to users of our Services. You may not opt out of receiving these communications if you have an active storefront.
- Information Sharing.
Our Services are possible because of a variety of third parties and service providers. Sometimes it is necessary to share Merchant, Partner, or Shopper Personal Data with them to support our Services. We may access, transfer, disclose, and/or preserve that Personal Data with consent or in the following circumstances.
- Compliance. If we have a good faith belief that doing so is necessary to: (i) comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; or (ii) protect the rights or property of BigCommerce, including enforcing the terms governing the use of the Services.
- Protection. If we have a good faith belief that doing so is necessary to: (i) protect Merchants, Partners, Shoppers, or visitors; for example, to prevent spam or attempts to defraud us or users of our Services, or in response to threats of safety of any person; (ii) operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
- Affiliates. We share Personal Data among BigCommerce-controlled affiliates and subsidiaries.
- Functional SDKs: these are software libraries we use to enhance the end user experience and functionality within the application, such as graphics and display of images within the app, and in-app notifications according to preferences.
- Analytics SDKs: these are external third-party sub processors’ libraries we use in collecting device and usage data for application performance monitoring.
- Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
- Apps. Upon receiving a Merchant’s consent to install an application, we will share the Merchant’s Contact Information and other information requested by the app with the app Partner.
- Merger; Sale. We may also disclose Personal Data as part of a corporate transaction such as a merger or sale of assets.
- Automated Decision-Making.
Some Personal Data may be used in Automated Decision Making to help us screen accounts for risk, fraud, or abuse concerns. You can contest or dispute such decision by reaching out to our 24/7 customer support team.
- AdRoll. BigCommerce works with AdRoll retargeting, which uses technology including web beacons and Cookies to collect data about our website usage and to improve the effectiveness of our marketing. Data recorded through the use of this technology is aggregated and shared with us. For more information or to opt-out of AdRoll and their partners, please visit this link.
- Information Protection.
- We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. These security measures include access controls, encryption, and firewalls. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by independent third-party qualified security assessors against the ISO 27001 security standard. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data.
- While we are dedicated to securing our Website and Services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a third-party based on an account connection that you have authorized.
- Accountability for Onward Transfer.
- Privacy Shield. We provide services around the world. To provide our Services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. As a participant in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
- Data Processors. We will only share or disclose Personal Data to the Processors identified here, which are contractually obligated to provide at least the same level of privacy protection required by the principles underlying the Privacy Shield. Furthermore, we will obligate any Processor to the specified, explicit and legitimate purposes consistent with your consent.
- Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
- Access to Your Personal Data.
- We understand that you have rights over your Personal Data, and provide reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your Personal Data. This includes the right to withdraw, at any time, your consent for our collection and use. Additionally, you may have the right to make a complaint with the Data Protection Authority in your country.
- Merchants, Shoppers, and Partners are able to update many types of collected Personal Data directly within their accounts. Please contact us if you are unable to access or otherwise change your Personal Data within your account, or if you are concerned about other data collected.
- Shoppers, we are a Processor to your Merchant. You may also wish to contact your Merchant(s) directly regarding your Personal Data they have collected. We can only forward your request to them. Any deletion or limitation on the use of your Personal Data may negatively affect your use of our Services.
- Enforcement; Recourse.
In compliance with the Privacy Shield Principles, BigCommerce commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BigCommerce at:
11305 Four Points
Austin, TX 78726
Attention: General Counsel
BigCommerce will respond to any such inquiries or complaints within forty-five (45) days. If BigCommerce fails to respond or its response is insufficient or does not address the concern, BigCommerce has registered with the Association of National Advertisers (ANA) to provide independent third party dispute resolution at no cost to the complaining party. To contact ANA and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit https://thedma.org/resources/consumer-resources/privacyshield-consumers/. Complaining parties may also, in absence of a resolution by BigCommerce and ANA, seek to engage in binding arbitration through the Privacy Shield Panel.
ANA Contact Information:
BigCommerce is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Attn: Privacy Shield
225 Reinekers Lane, Suite 325
Alexandria, Virginia 22314