Date of last revision: July 10, 2020
BigCommerce is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
“Account Information” means data about how and when a BigCommerce account is accessed and the features used, including Store Information.
“Browser Information” means provided by a browser, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
“Contact Information” means basic personal and business information, such as first and last name, company name, email address, postal address, phone number, and may include social media account information.
“Device Information” means information about your device, such as device ID number, model, and manufacturer, version of your operating system and geographical region, collected from any devices when accessing our website, using the Mobile App, or any of our services.
“Payment Information” means, for example, credit card, ACH or other payment information.
“Security Information” means user ID, password and password hints, and other security information used for authentication and account access.
“Store Information” means information about your store, its products, and its architecture.
“Support Information” includes information about your hardware and software, authentication data, chat session contents, error reports, performance data, and other communication or technical information and may, with express permission, include remote access to facilitate troubleshooting.
“Transaction Information” means the data related to transactions that occur on our platform, including product, order, shipping information, Contact Information, and Payment Information.
“Usage Information” means information collected when you interact with the BigCommerce website, mobile application or any of our services, including functionalities accessed, pages visited, and other interaction data.
“Automated Decision Making” means a decision made solely by automated means without human involvement.
“Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
“Cookie” a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier that is accessible by the website that placed it there, but is not accessible by other sites.
“Merchant” means an entity that has used or is using the services for ecommerce.
“Mobile App” means the BigCommerce Mobile Application available through third-party app stores for mobile devices.
“Partner” means a separate legal entity that is a participant in our Agency Partner Program, our Technology Partner Program or other third-party technology integration with the BigCommerce platform, a theme designer, reseller, or referrer of the services.
“Personal Data” or “Personal Information” means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, alteration, collection, organization, recording, retrieval, storage, transmission, and use.
“Processor” means the entity which processes Personal Data on behalf of the Controller.
“Sensitive Personal Data” means any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health or a natural person’s sex life and/or sexual orientation.
“Shopper” means an entity or natural person that interacts with the ecommerce offering of a Merchant through the BigCommerce platform.
- Merchant Policies. Merchants should help Shoppers understand how the Merchant, BigCommerce and relevant third parties collect and process Shoppers’ Personal Data. To that end, Merchants must:
- process Personal Data in accordance with applicable laws and, to the extent required under such laws, provide notice to and obtain informed consent from Shoppers for the use and access of their Personal Data by BigCommerce and other third parties; and
- if the Merchant is collecting any Sensitive Personal Data from Shoppers, obtain affirmative, explicit, and informed consent and allow such Shoppers to revoke their consent to the use and access of Sensitive Personal Data at any time.
When a Merchant interacts with our Website, for example, by signing up for a trial, a subscription, or a newsletter or other content, or performing transactions, BigCommerce may collect and control information such as Account Information, Browser Information, Contact Information, Payment Information, Support Information, Device Information, Security Information, Transaction Information, Usage Information and set a Cookie.
When a Merchant interacts with our Mobile App, BigCommerce may collect and control information such as Account Information, Contact Information, Device Information, Usage Information and Security Information.
Information Usage. We use this information as a Controller to provide Merchants with our services, confirm identities, provide support such as debugging, troubleshooting, automated decision making such as the detection of fraudulent account creation when signing up for our service, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and services, to improve and personalize our services, such as push notifications regarding your store activities, and to comply with legal requirements. We may disclose certain information, including Account Information, Contact Information, Support Information and Transaction Information, to Partners subject to confidentiality obligations that refer Merchants to us or are engaged by a Merchant to provide services, apps or products relating to the Merchant’s store(s) or use of our Website and services, or to confirm identities and improve and personalize our interactions and services. We may use this information in other cases where the Merchant has given express consent.
Information Collected. When a Partner signs up for a partner account or refers a Merchant to us, BigCommerce may collect and control information such as Account information, Browser Information, Contact Information, Payment Information, Support Information, and Usage Information.
We use this information as a Controller to provide Partners with our services, confirm identities, provide support, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and services, to improve and personalize our services, and to comply with legal requirements. We may use this information in other cases where the Partner has given express consent.
Information Collected. When visitors browse our Website, or engage in communications with us online or offline, we may collect and control, as applicable, Browser Information, Support Information, Contact Information, and Usage Information submitted or communicated to us.
Information Usage. We use this information as a Controller to provide our services, and improve and personalize communications, interactions, our services, and provide support if needed. We may use this information in other cases where the Visitor has given express consent.
Information Collected. When Shoppers interact with a Merchant’s ecommerce offering through the BigCommerce platform, we may collect and process Browser Information and Transaction Information of the Shopper on behalf of the Merchant.
Information Usage. We use this information as a Processor to provide our services to Merchants, support and process orders, and manage risk and fraud. The Merchant is the Controller of this information and Shoppers who have questions about our use of this information should contact the Merchant. We may also use certain information as a Controller to improve and personalize our services, and manage risk and fraud.
Legal Basis for Processing (EEA visitors only).
Lawful Basis. We generally collect personal data from you only where (i) we need the personal information to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Notice. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information.
Legitimate Interest. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities (e.g. checking your identity, fraud prevention).
Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
Promotional. We may send promotional communications to existing and prospective Merchants, Partners, and visitors by email, phone, and other channels, such as LinkedIn. For example, we may notify a Merchant when a subscription is ending, or invite the recipient to participate in a survey. You can opt-out of receiving promotional communications from us at any time. For information about managing email subscriptions and promotional communications, please go to our email preferences page.
Account. We send certain required communications, such as account notices or information, to users of our services. You may not opt out of receiving these communications if you have an active storefront.
Our services are possible because of a variety of third parties and service providers. Sometimes it is necessary to share Merchant, Partner, or Shopper Personal Data with them to support our services. We may access, transfer, disclose, and/or retain that Personal Data with consent or in the following circumstances.
Compliance. If we have a good faith belief that doing so is necessary to: (i) comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; or (ii) protect the rights or property of BigCommerce, including enforcing the terms governing the use of the services.
Protection. If we have a good faith belief that doing so is necessary to: (i) protect Merchants, Partners, Shoppers, or visitors; for example, to prevent spam or attempts to defraud us or users of our services, or in response to threats of safety of any person; or (ii) operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
Functional SDKs: these are software libraries we use to enhance the end user experience and functionality within the application, such as graphics and display of images within the app, and in-app notifications according to preferences.
Analytics SDKs: these are external third-party sub processors’ libraries we use in collecting device and usage data for application performance monitoring.
Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
Apps. Upon receiving a Merchant’s consent to install an application, we will share the Merchant’s Contact Information and other information requested by the app with the app Partner.
Merger; Sale. We may also disclose Personal Data as part of a corporate transaction such as a merger or sale of assets.
Some Personal Data may be used in Automated Decision Making to help us screen accounts for risk, fraud, or abuse concerns. You can object to profiling, including profiling for marketing purposes, or contest or dispute such decisions by contacting us here. Subject to applicable law, we can provide you with details underlying the automated decision-making review and rectification of any inaccuracies.
Persistence. We use both session-based and persistent cookies on our websites. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. A website may set a cookie if the browser’s preferences allow it. A browser only permits a website to access the cookies that it has set, not those set by other websites.
Essential. These cookies are necessary for our website to work as intended.
Functional. These cookies enable enhanced functionality, like videos and live chat. Without these cookies, certain functions may become unavailable.
Analytics. These cookies provide statistical information on site usage. For example, these cookies enable web analytics that allow us to improve our website over time.
Targeting and Advertising. These cookies are used to create profiles or personalize content to enhance your experience.
Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings. Please use the following links for further instructions:
- Google Chrome
- Apple Safari
- Mozilla Firefox
- Microsoft Internet Explorer
Other Resources. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org, or aboutcookies.org.
We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. These security measures include access controls, encryption, and firewalls. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by independent third-party qualified security assessors against the ISO 27001 security standard. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data.
While we are dedicated to securing our Website and services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a third-party based on an account connection that you have authorized.
Accountability and Safeguards for Onward Transfer.
Privacy Shield. We provide services around the world. To provide our services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. As a participant in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Standard Contractual Clauses.
For third-country transfer outside the EU/EEA we also use the Standard Contractual Clauses adopted by the EU Commission as an adequate level of protection.
We will only share or disclose Personal Data to the Processors identified here, which are contractually obligated to provide at least the same level of privacy protection required by the principles underlying the Privacy Shield. Furthermore, we will obligate any Processor to the specified, explicit and legitimate purposes consistent with your consent.
Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing.
Data Subject's Rights.
Generally. You can exercise rights over your Personal Data against the Controller. We provide reasonable steps to allow you to access, rectify, erase, port, or restrict the use of your Personal Data. You have the right to object to the use of your personal data at any time, subject to applicable law. When collection is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal by applicable law. If applicable by national law, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data relating infringes your rights.
Merchants, Partners, and Visitors. Merchants and Partners are able to update many types of collected Personal Data directly within their accounts. Please contact us if you are a Visitor or otherwise unable to access or otherwise change your Personal Data within your account.
Shoppers. We serve as a Processor for Merchants. Shoppers may wish to contact Merchants directly regarding their Personal Data. We can forward Shopper requests for access or deletion to Merchants, but we are unable to delete Merchant data. Requests for deletion of Personal Data may adversely affect our ability to serve you.
Contact Information; Enforcement; Recourse. In compliance with the Privacy Shield Principles, BigCommerce commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BigCommerce at:
firstname.lastname@example.org or the Controller:
11305 Four Points
Austin, TX 78726
Attention: General Counsel
or our Article 27 EU Representative:
BigCommerce Software Ireland Ltd.
32 Merrion Street Upper
BigCommerce will respond to any such inquiries or complaints without undue delay and in accordance with applicable law. If BigCommerce fails to respond or its response is insufficient or does not address the concern, BigCommerce has registered with the Association of National Advertisers (ANA) to provide independent third party dispute resolution at no cost to the complaining party. To contact ANA and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit https://thedma.org/resources/c.... Complaining parties may also, in absence of a resolution by BigCommerce and ANA, seek to engage in binding arbitration through the Privacy Shield Panel.
ANA Contact Information:
Attn: Privacy Shield
225 Reinekers Lane, Suite 325
Alexandria, Virginia 22314
California Consumer Privacy Act.
CCPA Rights. The California Consumer Privacy Act (the “CCPA”) provides certain rights to consumers, including the following:
- Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
- Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
These rights are not absolute, and there may be cases when we decline your request as permitted by law.
If you are a California resident and a Merchant, Partner or Visitor, we only collect and process Personal Information about you as a result of your business dealings with us. This means that the consumer rights under the CCPA do not apply to you. If you are a California resident and a Shopper, BigCommerce only processes your personal information as a service provider acting on behalf of a Merchant. You should contact the Merchant to exercise any rights under the CCPA.
Disclosures. BigCommerce does not sell Personal Information. We share Personal Information with authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information. We also share Personal Information if you use our services to interact with third parties or direct us to disclose your Personal Information to third parties.
Information Collected. We collect the following types of information from you, your device(s), or from third parties:
identifiers, such as Browser Information, Device Information, and Security Information;
commercial information, such as Account Information, Contact Information, Transaction Information, and Usage Information; internet or network information, such as Browser Information and Device Information; geolocation data, such as Browser Information and Device Information; financial information, such as Payment Information; other Personal Information, such as Support Information; and information derived from other categories, which could include your preferences, interests, and other information used to personalize your experience.
Right to Know; Deletions. To exercise your “right to know” or your “right to request deletion,” contact us here. To protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.
September 1, 2019
This policy explains:
- What data is collected during our application and recruitment process
- Why we collect your personal data
- How we use that data
- How to access and update your personal data
- Your privacy rights to control your personal data
- Consenting to the collection of personal data
By submitting your resume, cv, application, or interest in a position at BigCommerce, you are consenting to the following:
- Collection of your personal data including, but not limited to, the Types of Data disclosed below
- Processing of your personal data to determine position eligibility
- Retention of your personal data within our Applicant Tracking System and Candidate Relationship Management System
- Sharing of your personal data for processing with third parties who assist in the hiring process, for example, Social Security Number for purposes of a background check
- Receiving emails from recruiters regarding positions other than those applied for should we feel there is a potential match.
What if you do not provide your personal data?
You are under no statutory or contractual obligation to provide your personal data to BigCommerce. However, if you do not provide the data, we may not be able to process your application properly or not at all.
Types of data BigCommerce collects.
This policy covers the data you share with us and/or which may be acquired or produced by BigCommerce during the application or recruitment process including:
- Your name, address, email address, telephone number and other contact data
- Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other data you provide to us in support of an application and/or the application and recruitment process
- Data from interviews and phone-screenings you may have, if any
- Details of the type of employment you are or may be looking for, current and/or desired salary and other terms relating to compensation and benefits packages, willingness to relocate, or other job preferences
- Any sensitive personal data you volunteer, including gender, citizenship status, nationality, racial or ethnic origin, and/or criminal history
- Reference data and/or personal data received from background checks (where applicable), including data provided by third parties
- Data relating to any previous applications you may have made to BigCommerce and/or any previous employment history with BigCommerce.
Why does BigCommerce need to process personal data?
We need to process your personal data to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job comply with legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the country of employment. We may also need to process data from job applicants to respond to and defend against legal claims. BigCommerce may process special categories of data, such as data about ethnic origin, or religion or belief, to monitor recruitment statistics to improve our ability to develop a more diverse workforce. We may also collect data about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such data to fulfill our obligations and deliver specific rights in relation to employment.
How BigCommerce uses the personal data we collect
Your data will be used by BigCommerce for the purposes of carrying out its application and recruitment process which includes:
Assessing your skills, qualifications and interests against our career opportunities
Verifying your data and carrying out reference checks and/or conducting background checks (where applicable) if you are offered a job
Communications with you about the recruitment process and/or your application(s), including, in appropriate cases, informing you of other potential career opportunities at BigCommerce
Creating and/or submitting reports as required under any local laws and/or regulations, where applicable
Where requested by you, assisting you with obtaining an immigration visa or work permit where required
Making improvements to BigCommerce’s application and/or recruitment process including improving diversity in recruitment practices
Complying with applicable laws, regulations, legal processes or enforceable governmental requests.
If you are offered and accept employment with BigCommerce, the data collected during the application and recruitment process will become part of your employment record. We will maintain your personal data only so long as we have a legal basis to maintain it.
Who may have access to your data
If you have been referred for a job at BigCommerce by a current BigCommerce employee, with your consent, we may inform that employee about the progress of your application and let the BigCommerce employee know the outcome of the process. In some cases, if it is identified that you attended the same university/school or shared the same previous employer during the same period as a current BigCommerce employee, with your consent, we may consult with that employee for feedback on you.
BigCommerce may also use service providers acting on BigCommerce’s behalf to perform some of the services described above including for the purposes of the verification / background checks as necessary prior to the extension of an offer or during the onboarding process. These service providers may be located outside the country in which you live or the country where the position you have applied for is located. They include:
Applicant Tracking System
Candidate Relationship Management System
E-signatures for offer letters and other documents
Background check systems
BigCommerce may sometimes be required to disclose your data to external third parties such as to local labor authorities, courts and tribunals, regulatory bodies and/or law enforcement agencies for the purpose of complying with applicable laws and regulations, or in response to legal process.
We will also share your personal data with third parties listed above if we have your consent, or to detect, prevent or otherwise address fraud, security or technical issues, or to protect against harm to the rights, property or safety of BigCommerce, our users, applicants, candidates, employees or the public or as otherwise required by law.
It is your responsibility to obtain consent from references before providing their personal data to BigCommerce.
BigCommerce is a global company, which means your data may be stored and processed outside of the country or region where it was originally collected including in the United States.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Any EU to U.S. data transfer will be subject to appropriate additional safeguards under either the standard contractual clauses or the Privacy Shield. You can obtain a copy of the standard contractual clauses by contacting us at email@example.com.
How does BigCommerce protect data?
We take the security of your data seriously. BigCommerce takes appropriate steps to protect your personal data that is collected as part of the application and recruitment process. We have commercially reasonable internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Your rights under GDPR
When you apply to a job on this site, the personal data contained in your application will be collected by BigCommerce, a data controller, which is located at 11305 Four Points Drive Building II, Third Floor, Austin, TX 78726. All communications related to your privacy rights, this policy, or our privacy practices, can be sent to firstname.lastname@example.org. Such processing is legally permissible under Art. 6(1)(a) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Under the GDPR, you have the right to:
Request access to your personal data
Request to modify or erase your personal data. We may be required to retain some data for legal purposes, e.g., reporting to government agencies
Request to restrict or cease processing of your personal data. However, we may continue processing where required by law or other legitimate grounds.
Request to port your personal data. You may request a copy of your data for the purposes of transferring it to another system.
If you would like to exercise any of these rights, please contact us at email@example.com.
If you believe BigCommerce has not complied with your data protection rights, you can notify the European Data Protection Supervisor at this site:
Changes to this Policy