Last updated — 10.28.2020
Welcome to the website (the "Site") of Commerce Layer, Inc. ("Commerce Layer," "we," "us," or "our"). Commerce Layer provides a headless ecommerce platform and order management system (collectively, including the Site, the "Service").
1 — Personal information we collect
We collect information that alone or in combination with other information in our possession could be used to identify you ("Personal Information") as follows:
Personal information you provide
We collect the following categories of Personal Information from you when you provide it to us in connection with the Services:
- Account Information — We collect your name, email address, personal details and contact information when you register an account to use the Services.
- Communication Information — We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication information is optional to you.
Internet activity information
When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Log Information — Information that your browser automatically sends whenever you visit the Site. Log Information includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site.
- Device Information — Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage Information — We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
- Location Information — We may derive a rough estimate of your location from your IP address.
Personal information we process on behalf of our business customers
In order to provide the Service to our business customers, we may collect personal information on our business customers’ behalf. We process that information pursuant to our Terms of Service and other agreements with our business customers. We have no direct relationship with the individuals whose Personal Information we process on behalf of our business customers. If you are such an individual and would no longer like your information to be used by one of our business customers that use our Service or you would like to access, correct, or request deletion of your information, please contact the business customer that you interact with directly.
Online tracking and do not track signals
2 — How we use personal information
We may use Personal Information for the following purposes:
- to provide our headless ecommerce platform and order management system;
- to respond to your inquiries, comments, feedback, or questions;
- to send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies;
- to analyze how you interact with our Service;
- to maintain and improve the Service;
- to develop new products and services;
- to prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
We may use your Personal Information to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
3 — Sharing and disclosure of personal information
Commerce Layer does not sell your Personal Information. In certain circumstances we may share the categories of Personal Information described above without further notice to you, unless required by the law, with the following categories of third parties:
Vendors and service providers
To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Information with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Information in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Information. Some of the service providers that we currently use are:
- Intercom, Inc. — To allow users to interact via live chat. Further information here.
- Google and GitHub — To allow the users to log into the Services using external platforms' accounts. Further information here (Google) and here (GitHub).
- Stripe — To manage payments through external platforms that collect payment data without allowing Commerce Layer or our business customers to access it. Further information here.
- ConvertKit — To contact you using e-mails containing commercial and promotional information concerning our Services. Further information here.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a "Transaction"), your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability.
4 — Processing of personal information
The Processing of Personal Information is performed with paper, IT and/or digital tools, with methods of organizations and with logics strictly related to the indicated purposes.
In certain cases, subjects other than Commerce Layer who are involved in the organization of Commerce Layer (such as personnel management, sales personnel, system administrators employees, etc.) or who are not (as IT companies, service providers, postal couriers, hosting providers, etc.) may access to Personal Information. These subjects, will be appointed, where necessary, as Data Processors by Commerce Layer and will have access to Personal Information whenever required, and shall be contractually obliged to keep it confidential.
Personal Information is processed in our offices and in any other place in which the parties involved in the Data processing are located. For further information, you may contact the Us at noted below.
Personal Information may be transferred to Countries outside the EU to the United States of America. With respect to these Countries, an adequacy decision by the European Commission exists or, in the absence of such decision, it is possible to request further information to the Us regarding any adopted appropriate safeguards as well as the means to obtain a copy of Personal Information or the exact location where they have been stored.
5 — Data retention
6 California privacy rights disclosure
Where provided for by law and subject to any applicable exceptions, California residents may have the right:
- to know the categories of Personal Information that Commerce Layer has collected about you, the business purpose for collecting your Personal Information, and the categories of sources from which the Personal Information was collected;
- to access the specific pieces of Personal Information that Commerce Layer has collected about you;
- to know whether Commerce Layer has disclosed your Personal Information for business purposes, the categories of Personal Information so disclosed, and the categories of third parties to whom we have disclosed your Personal Information;
- to have Commerce Layer, under certain circumstances, delete your Personal Information;
- to instruct businesses that sell Personal Information to stop doing so – Commerce Layer, however, does not sell Personal Information; and
- to be free from discrimination related to the exercise of these rights.
If you would like to exercise any or all of these rights, you may do so by contacting us. After we receive your request, we may request additional information from you to verify your identity. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
7 — EU privacy rights disclosure
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide or operate the Services, including to provide customer support and process your orders, requests, questions and concerns;
- It satisfies another legitimate interest that is not overridden by your data protection interests, including our interest in:
- collecting product usage, analytics and performance data relating to our Site and the Services, in order to maintain, analyze, develop, update, and improve our products and services;
- maintaining records of bugs, customer support requests and similar requests you file, and our response to these requests;
- using information to personalize content and features on our Sites and the Services;
- detecting, investigating and preventing activities that may violate our policies or applicable laws (such as fraud detection and prevention);
- maintaining corporate or business records consistent with our retention policies and applicable laws;
- protecting against activities that may threaten the security, integrity, or availability of our or another party’s products, systems, and services; and
- for marketing and selling our products and services, consistent with applicable laws.
- We are processing your information to protect our legal rights;
- You give us consent to process your Personal Information;
- We need to process your data to comply with a legal obligation, such as a lawful subpoena or law-enforcement request or to fulfill the lawful instructions of our customers (when they are acting as the controller); and/or
- We have another lawful basis for processing in accordance with applicable EU laws.
If you have consented to our use of their personal information, and our processing is based on that consent, you have the right to withdraw their consent in accordance with the General Data Protection Regulation ("GDPR"), but this will not affect any processing that has already taken place. If you object to or restrict processing, you may not be able to use the Sites and Services or certain features any longer.
As a E.U. resident, You may exercise specific rights with respect to Personal Information under GDPR. In particular, You have the right to:
- withdraw its consent at any time;
- object to the processing of your Personal Information;
- access your Personal Information;
- monitor and request the rectification of Personal Information;
- obtain a restriction of Processing of your Personal Information;
- obtain the erasure or deletion of your Personal Information;
- receive your Personal Information or obtain the transfer to a different data controller;
- lodge a complaint before the supervisory authority for the protection of Personal Information or start legal proceedings.
Where Commerce Layer is acting as a controller, you can initiate a request to exercise your rights by contacting us as specified in the "Contact Us" section below. Please note that these requests apply only to information that Commerce Layer holds as a "controller." If your request relates to the Personal Information collected through one of our customer’s websites or digital products, you should direct your request to the owner of that website or product. Please note that you must verify your identity and request before Commerce Layer will process your request. You may be required to provide email confirmation or other information in order for us to verify your identity.
8 — Children
Our Service is not directed to children who are under the age of 16. Commerce Layer does not knowingly collect Personal Information from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Information to Commerce Layer through the Service please contact us and we will endeavor to delete that information from our databases.
9 — Links to other websites
10 — Security
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Information to Commerce Layer via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
11 — Your choices
In certain circumstances providing Personal Information is optional. However, if you choose not to provide Personal Information that is needed to use some features of our Service, you may be unable to use those features. You can also log in to your account or contact us to request updates or corrections to your Personal Information.
13 — Contact us
Our contact information
Commerce Layer, Inc. — with registered office in 2965 Woodside Road, Woodside CA 94062 - USA, e-mail firstname.lastname@example.org.
Our EU representative
Commerce Layer Srl. — with registered office in Via del Carmine 11, 59100 Prato, Tax Code / VAT code IT02382940977, e‑mail email@example.com
Our data protection officer (DPO)
Our Data Protection Officer is Massimo Scardellato — Via Dandolo 4C, 31050, Ponzano Veneto (TV), Tax Code SCRMSM67P04L407Z, e-mail firstname.lastname@example.org.