- General Data Protection Regulation (GDPR)
- What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared?
- What choices are available to you regarding the use of your data?
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information?
Effective May 25, 2018 the General Data Protection Regulation (GDPR) will replace the EU Data Protection Directive. Unlike the Data Protection Directive, GDPR will have direct effect in all EU member states without any need for local implementing legislation and it will override existing national privacy laws.
Direct Commerce has always taken great care to ensure any personal data is handled with the utmost care and we will continue to strengthen our data privacy activities while ensuring we meet the additional requirements of the EU General Data Protection Regulation. As a data processor, Direct Commerce is committed to complying with all GDPR requirements and we expect our customers and their suppliers to comply with all applicable laws and regulations in connection with the use of the Direct Commerce website and portal making sure that our customers have all rights and consents necessary to allow Direct Commerce to use and process such data.
The Information Security Program at Direct Commerce consists of policies and procedures to help ensure that Direct Commerce is acting in accordance with current and new compliance requirements when providing our services. Our effectiveness will be attested through an annual SOC2 compliance certification. Additionally, Direct Commerce commits to monitor, analyze and respond to security incidents in a timely manner in accordance with the Direct Commerce standard operating procedure, which sets forth the steps that Direct Commerce employees must take in response to a threat or security incident.
Information Collected by Direct Commerce
Direct Commerce collects information from you when you complete our online vendor registration form, contact us for more information regarding our services, attend our webinars, participate in an online forum, blog, or voluntary survey, download content or fill out a form. We may collect all or some of the following information: name, email address, phone number, address, company name, vendor number, title, department, country and/or industry. Alternatively, you may visit our site anonymously. Any data we request that is not required will be specified as voluntary or optional.
We may also collect information when you ask to be included in an email or other mailing list.
Personal Information refers to any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
If your Personal Information changes, to request removal of your personal information or if you no longer desire our service, you may correct, update, amend, delete or deactivate it by emailing us at email@example.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Use of Personal Information by Direct Commerce
We are the sole owners of the information collected on our sites. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone. We will not share your information with any third party outside of our organization except to satisfy legal or auditing obligations.
Any of the information we collect may be used:
- To administer your account and facilitate your transactions
- To respond to customer service requests
- To send periodic emails when you have requested to receive them. (The email address you provide for order processing, may be used to send you information and updates pertaining to your order or request, in addition to receiving occasional company news, updates, promotions, related product or service information, etc.)
- To provide you the Direct Commerce services you have requested
- To improve our websites (We continually strive to improve our website offerings based on the information and feedback we receive from you.)
- To personalize your experience (Your information helps us to better respond to your individual needs.)
We provide you the opportunity to opt-out of having your information used for certain purposes or to unsubscribe from receiving future contacts. If you no longer wish to receive emails, our newsletter or other promotional communications, you may opt-out of receiving them by following the detailed unsubscribe instructions at the bottom of each email or communication or by emailing us at firstname.lastname@example.org.
You can also do the following at any time by contacting us or by emailing us at email@example.com:
- See what data we have about you, if any
- Change/correct any data we have about you
- Have us delete any data we have about you
- Express any concern you have about our use of your data
How Direct Commerce Protects Your Information
The security of your Personal Information is important to us.
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment and protected with industry standard tools to prevent unauthorized disclosure.
We implement a variety of security measures to maintain the safety of your Personal Information when you submit a request, or otherwise provide us with your personal information. These security measures include: password protected directories and databases to safeguard your information and PCI Scanning to actively protect our servers from hackers and other vulnerabilities.
However, since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to Direct Commerce. Please contact us at firstname.lastname@example.org with questions regarding our security measures.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
As is true of most web sites, we use third party tracking-utility partners to gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click stream data.
We use this information to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole
Third Parties with Whom Direct Commerce Shares Personal Information
We do not sell, trade, or otherwise transfer to outside parties, the Personal Information you provide. This does not include trusted third parties who assist us in operating our websites, conducting our business, maintaining our blog, or servicing you. We may also release your information when we believe release is appropriate to comply with the law (such as to comply with a subpoena, or similar legal process), enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
If Direct Commerce is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web Site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Third Party Links
While we continue to seek to protect the integrity of our own site, you should contact these sites directly if you have any questions about the use of the information that they collect.
In the context of an onward transfer, Direct Commerce will be responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on our behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
California Online Privacy Protection Act Compliance
Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Information to outside parties without your consent.
We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003.
EU-U.S. Privacy Shield Framework
Direct Commerce has formally joined the Privacy Shield Program managed by the U.S. Department of Commerce and complies with the U.S. – E.U. Privacy Shield framework, regarding the collection, use, and retention of data from the European Union. Direct Commerce has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view Direct Commerce’s certification, please visit www.privacyshield.gov/.
Direct Commerce has further committed to refer unresolved Privacy Shield complaints to Judicial Arbitration and Mediation Services, Inc. (JAMS) an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please refer to the link https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Furthermore, under certain conditions, an individual may invoke binding arbitration.
Terms and Conditions
The English version of this policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
Contacting Direct Commerce About Privacy Questions or Comments
Direct Commerce Privacy Coordinator
735 Montgomery Street, Suite 200
San Francisco, CA 94111 USA
(415) 288 9700
- General Data Protection Regulation (GDPR)
- Federal Trade Commission Fair Information Practices in the Electronic Marketplace
- California Online Privacy Protection Act
- Privacy Alliance
- Controlling the Assault of Non-Solicited Pornography and Marketing Act
- EU-U.S. Privacy Shield Framework
This policy was last modified on May 23, 2018.