- Personal Information We Collect
- Information Collected through Access and Use of our Properties
- How We Use and Share Information You Provide and We Collect
- Your Choices
- US-EU Privacy Shield and Consent to Transfer Information to the United States
- Service Providers and Onward Transfer
- Third-party Content and Links
- Data Integrity and Security
- Notice to Certain Residents
- Accessing and Correcting Your Personal Information
- Children’s Privacy
- Enforcement and Dispute Resolution
Last Updated: August 27, 2021
What’s been updated? We have clarified that this policy is applicable to CommerceHub and its affiliates.
This Policy is issued by Commerce Technologies, LLC dba CommerceHub, located at 201 Fuller Road, 6th Floor, Albany, NY 12203, United States of America (collectively with its affiliates CommerceHub, Inc. and Ds Co., “CommerceHub,” “we,” “us,” or “our”). It describes how we collect and use information, and the choices we provide with respect to our collection and use of information. This Policy applies to information collected (1) through the services we provide; (2) through websites owned by CommerceHub and its wholly owned subsidiaries, including CommerceHub (UK) Ltd.; (3) through our client portals (including those for our offerings such as OrderStream, ProductStream and DemandStream); (4) through any other websites, mobile applications, widgets, services, and interactive properties linking to this Policy or on which this Policy appears, regardless of how accessed or used; (5) and through email, electronic newsletters and other online means (hereinafter collectively, our “Services”).
Please read this Policy carefully. To the greatest extent permitted by applicable law, your use of the Services indicates your consent to this Policy and to CommerceHub’s use, collection, transmission and processing of data and information you or others provide to CommerceHub, in each case, in the manner described herein. If you disagree with the way we collect and process information, do not use the Services.
Personal Information We Collect
We may collect the following types of information about you which are described in more detail below: (1) information provided by you, (2) information provided by third-party services/platforms, and (3) information that is automatically collected (all collectively referred to as “Information”).
- Information Provided by You.
(a) We collect Information provided to us by visitors to, and users of, the Services, including, for example, through your use of our client or Participant (defined below) portals; through our requests to receive information; by completing a registration using the Services, such as registration for a webinar; through comments you post on our blogs; and through your contact with customer service. Examples of the types of Information we collect include (but are not limited to) names, email addresses, company addresses, and phone numbers. You are responsible for ensuring the accuracy of all personal and financial Information (such as your credit card number) or other Information you provide to us. We use third-party tools to collect Information from current and prospective users of our services, which may include personal information, but primarily consists of business contact information.
- Information Provided by Third Parties/Platforms.
(a) Order Data. Our retailer and merchant clients and their suppliers, and the marketplaces, carriers, marketing channels, and other third-party providers with whom they work (each, a “Participant”) use our Services to establish connections for the exchange and analysis of information relating to their e-commerce operations and transactions. Participants provide us with information regarding orders transmitted to or received from (or for) their customers and trading partners, including personal information necessary for Participants to ship orders to customers (“Order Data”). Order Data may include some of your Information. We organize that Order Data and transmit it to other Participants so they can fulfill or process those orders (including returns and order cancellations). Examples of the type of information in an Order Data record include, a consumer’s name, email address, physical address, phone number and items ordered.CommerceHub acts as a service provider to Participants, and is neither the seller of record, merchant of record, nor fulfiller of products sold to consumers. CommerceHub does not process consumer payments or handle any consumer payment account information.
(c) Information from Third-party Services. We may use third-party services to update or supplement Information in our systems, such as to validate or update address information. We may also receive Information from Participants or from service providers engaged to collect and/or process information on our behalf; for more information, see the “Service Providers and Onward Transfer” section below.
(b) Analytics Providers. We may use analytics information collected through third-party services, such as Google Analytics, which may include Information. Please review how Google uses data at: https://policies.google.com/technologies/partner-sites?hl=en-US for more information) to better understand the manner in which Participants and their users access and use our Properties, including for reporting, maintenance and development or enhancement purposes. You may manage how Google Analytics collects Information about you as described in the “Your Choices” section of this Policy.
(c) Cookies. We may place cookies, or other similar tracking technology, on your computer or device. A cookie is a small text file placed on your computer’s hard drive by a web server. Some cookies are used to assist you with your session on our Services. Depending on the cookie, the cookie may expire at the end of your browser session or may stay (or “persist”) on your computer until the expiration date specified in the cookie. Some cookies are necessary to operate our Services. You have the ability to accept or decline some cookies as further described in the “Your Choices” section below. Most web browsers automatically accept cookies, but you can usually modify your browser setting to request to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use certain features of our Services that depend on your web browser accepting cookies.
(e) Embedded Scripts. We use embedded scripts, which is programming code designed to collect, among other things Information about how visitors interact with the Services, such as identifying the website that referred and linked the visitor to the Services and the manner in which they use the Services. Embedded scripts are downloaded onto your device’s cache from our web server or a third-party service provider and are deactivated or deleted following the end of your session once your browser cache is cleared.
Information Collected Through Access and Use of Our Properties
Web Browser or Device Information. We and our service providers collect information sent by your web browser or device, including your IP address, geolocation, browser and operating system type, domain names, access times and referring website addresses. The information received depends on the settings on your web browser or device. Please review the settings of your web browser or device if you want to learn and change what information is sent by your browser or device. If you access a Property through a mobile device or application, certain of your information may be shared with the mobile carrier or application provider.
“Do Not Track” Headers. “Do Not Track” (DNT) is a web browser setting which lets the websites you visit know that you do not want them collecting information about you. We do not respond to DNT settings or signals.
Analytics Providers. We may use analytics information collected through third-party services, such as Google Analytics, to better understand the manner in which Participants and their users access and use our Properties, including without limitation for reporting, maintenance and development/enhancement purposes. You can manage how Google Analytics collects information about you as described in the “Your Choices” section of this Policy.
Cookies. We may place one or more cookies or other similar tracking technology on your computer. A cookie is a small text file placed on your computer’s hard drive by a web server. Some cookies are used to assist you with your session on our Property. Depending on the cookie, the cookie may expire at the end of your browser session or may stay (or “persist”) on your computer until the expiration date specified in the cookie. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies can only be accessed or read by the Internet domain (generally a web site) that placed them. You have the ability to accept or decline cookies as further described in the “Your Choices” section below. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use certain features of our Property that depend on your web browser accepting cookies.
Embedded Scripts. We use embedded scripts, which is programming code designed to collect information about how visitors interact with a Property, such as identifying the website that referred and linked the visitor to a Property and the manner in which they use a Property. Embedded scripts are downloaded onto your device’s cache from our web server or a third-party service provider and are deactivated or deleted following the end of your session once your browser cache is cleared.
How we Use and Share Information You Provide and We Collect
To Provide Our Services and Related Information. CommerceHub uses Information collected through our Properties and Services for purposes such as the following:
- to operate and provide users with access to our Services;
- to personalize and support your use (or your potential use) of the Services, our product and services offerings, and/or the products and services of our Participants and partners;
- to provide you with information on our products and When you provide us with your contact Information, such as your email address or phone number, to the fullest extent permitted by applicable law, you expressly consent to our communicating with you about our products or services by email, phone call, text message or fax;
- to measure and improve our Services and products;
- for security and fraud prevention purposes
- to refer you to a business partner, Participant or other third party that provides services in which you have expressed an interest on behalf of your company, or which we believe may benefit your business;
- to develop, use, publish and otherwise commercialize Anonymous Data as defined and described below; and
- for any other lawful purposes as disclosed to you at the time you provide your Information or use a Service, and as disclosed to you in this Policy.
Unless otherwise stated, we do not sell, rent or lease personal Information (other than as part of Anonymous Data, as defined below) provided by website visitors to third parties.
To Process Order Data. We receive Order Data from Participants on our network, organize that Order Data and transmit it to other Participants so they can process and/or fulfill those orders. We do not disclose or transmit Order Data (other than as part of Anonymous Data) to third parties other than our service providers (as described below), the Participants associated with that order, or as necessary to provide our Services, to comply with legal requirements, or to protect you, CommerceHub or others (as described below).
To Create and Use Anonymous Data for Research, Development, Analytics and Reporting. We may use Information collected by or provided to us (including Personal Information and Order Data), to generate anonymous data, by either (a) using it to generate anonymous transaction and performance data, or (b) “de-identifying” it to remove any information that identifies a person specifically, and use the resulting anonymous data and information (collectively, “Anonymized Data”) which we use for purposes such as the following:
- to support your use of the Services, our products and Services, and/or the services of our Participants and partners;
- to improve the Services, the user experience, and our products and Services;
- to identify actions or transactions as originating through a particular retailer, marketplace, or other channel;
- to market, sell, commercialize or otherwise provide Services that provide reporting, statistics, and insights to our current and prospective Participants, partners and service providers; and
- for other statistical, development, or research and analysis purposes.
To Comply with Legal or Administrative Requirements. To the extent permitted by applicable law, we may disclose Information when we, in good faith, believe disclosure is appropriate to comply with local or national security, law enforcement, or regulatory processes, requirements or orders, to cooperate with law enforcement or other governmental investigations, to prevent or investigate a possible crime, such as fraud or identity theft, to enforce a contract, to protect the legal rights, property, or safety of CommerceHub, its corporate affiliates, and their respective employees, clients, partners and agents, other users or the public in general, to protect the security of our systems, and the data and Information we process or control, or to protect your vital interests if determined necessary by us. In addition, from time to time we may review our server logs for security purposes, such as detecting intrusions into our network. If we suspect criminal or other unauthorized activity, we may share Information, which may include, among other things, our server logs – which may contain visitors’ IP addresses – with the appropriate investigative authorities or impacted Participants, each of whom may use that information to trace and identify individuals, to diagnose security vulnerabilities and/or to improve security measures. We also reserve the right, without notice, to report to appropriate law enforcement or government agencies any activities that we, in good faith, believe are in violation of applicable laws, rules or regulations.
In Connection with a Business Transfer. If one of our corporate affiliates or a third party has acquired, e.g., as the result of a sale, merger, reorganization, insolvency, dissolution, liquidation or distribution, all or part of our business, specific assets or the business of one of our operating divisions through which you have provided Information to us, ownership of our records and data (including your personal information within them) will be transferred to that successor company. In that event, you agree to any and all such conveyances of your Information.
- Information on our Products and Services. If you decide you no longer want to receive marketing information from us on our products and Services, such as marketing materials or promotional emails, click the “unsubscribe” link in the electronic marketing message you received. Alternatively, you can email us at firstname.lastname@example.org specify in your email which materials or communications you would no longer like to receive. These communications choices do not apply to mandatory service communications that are considered part of our Services, which a user receives periodically until he/she is no longer an active user of our Services.
- Google Analytics. You can install Google Analytics’ opt-out browser add-on by visiting http://tools.google.com/dlpage/gaoptout. You can opt out of receiving interest-based Google advertisements, or customize the ads you receive from Google, by visiting http://www.google.com/settings/ads.
- Cookies. If you accept a cookie, you can delete it at any time once you leave our Services through your web browser. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you can take steps such as setting your browser to reject cookies or to alert you when a cookie is placed on your computer. Your use of the features and functionality of the Services will be limited if you set your browser to reject cookies.
US-EU Privacy Shield and Consent to Transfer Information to the United States
The Federal Trade Commission (FTC) has jurisdiction over CommerceHub’s compliance with the Privacy Shield.
CommerceHub’s servers are currently located in the United States and we may also have servers in the United Kingdom or elsewhere in the European Union. If you are located anywhere outside of the United States, please be aware that Information we collect, including personal Information, may be transferred to, processed in, and stored in the United States. If you are located outside of the United States, be aware that data protection laws in the United States may differ from those of the country in which you are located, and your personal Information can be subject to access requests from governments, courts, or law enforcement in the United States in accordance with and subject to the laws of the United States. By using the Services or providing us with any Information, to the fullest extent permitted by applicable law, you consent to the transfer, processing, and storage of your Information in the United States and to the application and jurisdiction of United States federal and New York state law in all matters concerning the Services and this Policy.
Service Providers and Onward Transfer
We use third-party service providers to perform and provide certain services in connection with our business, such as but not limited to verifying and validating information, hosting all or part of the Services, providing usage analytics, sending communications, customer support, log storage, providing marketing assistance and data analysis, and providing other administrative services. We provide service providers access to Information only for the purpose of carrying out services on our behalf. Information provided through a portion of the Services that is hosted by a CommerceHub service provider may be stored on the systems of our service provider and processed by that service provider in accordance with our agreement with that services provider.
We may provide Information to service providers that act as our agent, consultant, or contractor to perform tasks on behalf of and under our instructions. For example, we may store Information in the facilities operated by a service provider or use a third-party provider to perform data analysis. Such service providers must agree to use such Information only for the purposes for which they have been engaged by CommerceHub, and they must comply with applicable law (including data security and privacy laws) and, with respect to Information protected by the GDPR, either:
- comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or
- agree to provide adequate protections for the Information that are no less protective than those set out in this Policy.
Under the US-EU Privacy Shield, CommerceHub is liable for its onward transfer of personal Information to its service providers.
Third-party Content and Links
Data Integrity and Security
We have implemented reasonable and appropriate safeguards, security technologies and procedures designed to protect your personal Information from unauthorized access, acquisition, deletion or disclosure. It is important that you understand, however, that no website, application, database or system is completely secure or “hacker proof.” We do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure. We do not guarantee that your Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. In using our Services, you agree that we will not have any liability for unauthorized access, acquisition, deletion, or disclosure of your Information.
Notice to Certain Residents
(A) Persons in the European Union or European Economic Area
- Restrict the way that we process and share your personal data;
- Transfer your personal data to a third party;
- Revoke your consent for processing of your personal data;
- Provide you with access to your personal data;
- Remove your personal data if no longer necessary for the purposes collected;
- Update your personal data so it is correct and not out of date; and/or
- Object to our processing of your personal data.
- Lawful Basis for Processing Your Information. As described throughout this Policy, we believe the foregoing handling of your Information, which may include your personal data, furthers our legitimate interests in commercial activities that are not overridden by the interest or fundamental rights and freedoms of the individuals at issue. Depending on what personal data we collect from you and how we collect it, we rely on various grounds for processing your personal data, including the following reasons:
- In order for us to administer our contractual relationship, including setting up any services you may request;
- Because it is in our legitimate interest to effectively and efficiently operate our business and provide you with the services offered through the Services and other useful content and for other marketing, design, and advertising purposes;
- In order for us to process employee data, prevent against fraud, provide technology security, and other necessary company operational matters;
- In order to fulfill any legal obligations, we may have to collect this Information from you; and/or
- Because you have provided your consent for us to do so.
(B) California Residents
If you would like to submit a Data Subject Request, you can call us, toll-free, at 844-HUB-HELP. If you choose to submit a Data Subject Request, you must provide us with enough information to identify you and enough specificity on the requested data. We will only use the information we receive for verification. We will not be able to disclose information if we cannot verify that the person making the Data Subject Request is the person about whom we collected Information, or someone authorized to act on such person’s behalf.
If you are a California resident, you may submit a Data Subject Request to receive information about our data collection practices as it relates to your data. By submitting this request, you are declaring that you are a California resident availing yourself of the rights afforded to you under the California Consumer Privacy Act (CCPA).
You may request information on the categories of personal information (as defined by California law) we have collected about you; the categories of data collection sources; any business or commercial purpose for collecting or selling personal information; the categories of third parties with whom we share personal information, if any; and the specific pieces of personal information we have collected about you. If you would like to also receive information about our data disclosure for business purposes, then please include that in the Data Subject Request. We will clarify whether the Information was collected and disclosed or simply collected and kept internally.
California residents may also utilize the “Do Not Sell My Personal Information” hyperlink located on our website to facilitate their opt-out of the sale of certain personal information.
You may request that we delete your personal information. Your deletion request should be submitted through a Data Subject Request. Subject to certain exceptions set out below we will, on receipt of a verifiable Data Subject Request, delete your personal information from our records and direct any service providers to do the same.
Please note that we reserve the right to not delete your personal information if it is necessary to:
- complete the transaction for which the personal information was collected;
- provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
- detect security incidents, protect against malicious, deceptive activity, and take all necessary and appropriate steps to mitigate current and future risk;
- debug and repair internal information technology as necessary;
- undertake internal research for technological development and demonstration;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the Information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
- enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
- comply with an existing legal obligation; or
- otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the Information.
We may not, and will not, treat you differently because of your Data Subject Request activity. As a result of your Data Subject Request activity, we may not and will not deny goods or services to you, charge different rates for goods or services, provide a different level quality of goods or services, or suggest any of the preceding will occur. However, we can and may charge you a different rate, or provide a different level of quality, if the difference is reasonably related to the value provided by your personal information.
In addition, if you are a California resident under the age of 18 and are a registered user, you or your parent or legal guardian may request us to remove content or information posted on our websites or stored on our servers by (a) submitting a request in writing to email@example.com and (b) clearly identifying the content or information you wish to have removed and providing sufficient information to allow us to locate the content or Information to be removed. However, please note that we are not required to erase or otherwise eliminate content or Information if (i) other state or federal laws require us or a third party to maintain the content or Information; (ii) the content or Information was posted, stored, or republished by another user; (iii) the content or Information is anonymized so that the minor cannot be individually identified; (iv) the minor or its parent or legal guardian does not follow the instructions posted in this Policy on how to request removal of such content or Information; and (v) the minor has received compensation or other consideration for providing the content. Further, nothing in this provision shall be construed to limit the authority of a law enforcement agency to obtain such content or Information.
Accessing and Correcting Your Personal Information
Our Services are intended only for users over the age of eighteen (18).
If we become aware that a user is under thirteen (13) (or a higher age threshold where applicable) and has provided us with Information, we will take steps to comply with any applicable legal requirement to remove such Information. Contact us if you believe that we have mistakenly or unintentionally collected Information from a child under the age of thirteen (13).
If you have any questions about our company or service, please visit our corporate website which includes links to company information, answers to frequently asked questions, and our current policies.
|By mail:||Commerce Technologies, LLC
ATTN: Privacy Officer
ZEN Building, 6th Floor
201 Fuller Road
Albany, NY 12203
United States of America
|By phone:||Toll-free phone number: 844-HUB-HELP|
Enforcement and Dispute Resolution
In compliance with the Privacy Shield Principles, CommerceHub commits to resolve complaints about our collection or use of your personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CommerceHub at using the contact information set forth above.
CommerceHub has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under the Privacy Shield Principals, there is the possibility, under certain conditions, for the individual to invoke binding arbitration. Under the US-EU Privacy Shield, CommerceHub is liable for its onward transfer of personal information to its service providers.