Last Updated July 29, 2021
This Privacy Policy describes the privacy practices of Chord Commerce, Inc. (“Chord” or “us” or “we”).
Chord provides e-commerce technology services to other businesses – our clients. To take advantage of our services, our clients share information with us about their individual consumers, including contact details and shopping histories. We process that information on our clients’ behalf to provide our clients with content management, a customer data platform and order management, among other services.
We may also collect personal information for our own business purposes, such as business contact details of potential customers or job applicants’ resumes.
This Privacy Policy applies to:
Our website and online services are designed for businesses and are not intended for personal, family or household use. Accordingly, we treat all personal information covered by this Privacy Policy as pertaining to individuals acting as business representatives, rather than in their personal capacity.
INFORMATION WE COLLECT
Information We Collect for Chord’s Own Business Purposes
We may collect information about individuals who interact with Chord when using our website or services (such as employees of our clients), job applicants, and other individuals.
Information you provide to us. Personal information you may provide to us through our services or otherwise includes:
Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
Information We Collect from or on Behalf of Our Clients
We may collect information about individual consumers from our clients or – at clients’ requests – from their service providers. Our clients determine the scope of the information transferred to us, and the information we receive may vary by client. Typically, we may collect clients’ consumers’ contact details and demographic data, transaction details and shopping histories, and details about consumers’ interactions with marketing communications.
COOKIES AND OTHER INFORMATION COLLECTED BY AUTOMATED MEANS
We, our service providers, and our business partners, may collect certain information about the use of our websites by automated means, such as cookies, web beacons and other technologies. Likewise, as part of our services, we may offer our clients the ability to install these types of technologies on their websites or in the emails they send to their customers; and if a client does so, we collect information on its behalf. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. We and our service providers and business partners may collect information about your online activities over time and across third-party websites when you use our websites and mobile applications.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Privacy Preferences, Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes.
The information we collect by automated means varies based on whether we are collecting information for our own business purposes or whether we are collecting information from or on behalf of our customers to provide our services.
Automated Data Collection for Chord’s Own Business Purposes
The information collected by automated means for our own business purposes includes:
Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.
Automated Data Collection on Behalf of Our Clients
The information collected by automated means on behalf of our clients may include:
OUR USE OF PERSONAL INFORMATION
Our Use of Personal Information for Chord’s Own Business Purposes
We may use personal information to:
We may aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.
Our Use of Personal Information on Behalf of our Clients
We use personal information we collect from or on behalf of our clients to provide services to our clients at their direction. We do not use this information for Chord’s own purposes. We use personal information only as directed or authorized by our client. Typically, we are directed or authorized to use personal information collected on behalf of the client to:
INFORMATION WE SHARE
We may share personal information for the purposes set out in this Privacy Policy with:
Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.
In addition, we may share your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.
CAREERS
If you submit your information in connection with job opportunities at Chord, we will use and disclose the information to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help inform our recruitment activities. We will process this information based on our legitimate interest of evaluating job candidates or, when you provide us with sensitive information, based on your consent.
PRIVACY PREFERENCES, RIGHTS, AND CHOICES
Individuals have certain rights and choices regarding Chord’s processing of their personal information. Please note, however, that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.
Individuals whose personal information Chord processes on behalf of a client should contact that client to exercise the rights and choices described in this Privacy Policy.
We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals to whom the information pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.
Individuals residing in the European Economic Area, Switzerland, and the United Kingdom (collectively, “Europe”) may have additional rights as outlined in the “Notice to European Users” section below.
Access or Correct Personal Information
You may request access to the personal information that we maintain about you. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. You may request to correct any errors in your personal information. We may reject your request to access or correct your information, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection. If you wish to exercise this right please contact us here at support@chord.co.
Marketing Emails
You may unsubscribe from receiving marketing or other commercial emails from Chord by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as information about changes to our website terms).
Online Behavioral Advertising
Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly-titled link).
Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
INTERNATIONAL DATA TRANSFERS
We are headquartered in the United States and may use services providers that operate in other countries. Your personal information may therefore be processed in the United States or transferred to other locations where privacy laws may not be as protective as those in your state, province, or country.
HOW WE PROTECT INFORMATION
We maintain reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful, or unauthorized access, disclosure, alteration, use, loss, or destruction. However, we cannot guarantee that the safeguards we maintain will ensure the security of the personal information.
LINKS TO OTHER WEBSITES AND THIRD-PARTY CONTENT
We may provide links to websites and other third-party content that is not owned or operated by Chord. The websites and third-party content to which we link may have separate privacy notices or policies. Chord is not responsible for the privacy practices of any entity that it does not own or control.
CHILDREN
Our website and services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through our website or services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
CHANGES TO OUR PRIVACY POLICY
Chord reserves the right to change this Privacy Policy at any time. When we update this Privacy Policy, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Policy and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Policy in other ways, such as via email or other contact information you have provided.
HOW TO CONTACT US
You may contact us with questions, comments, or complaints about this Privacy Policy or our privacy practices, or with requests to access or correct your information, by emailing privacy@chord.co or writing us at Chord Commerce, Inc. 33 Irving Place, New York, New York 10003.
NOTICE TO EUROPEAN USERS
The information provided in this “Notice to European Users” section applies only to individuals in Europe.
Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller. Chord is the controller of the personal information we collect for our own business purposes, such as business contact details of potential customers, for purposes of European data protection legislation.
Legal basis for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Processing purpose
Legal basis
To operate our services
Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law
Processing is necessary to comply with our legal obligations.
With your consent
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the website or services, or otherwise to us.
If you provide us with any sensitive personal information when you visit our website or use our services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.
Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Cross-border Data Transfer. If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
Your rights. European data protection laws may give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
You may submit these requests by email to support@chord.co or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.