Privacy Policy

Updated: July 29, 2021

This Privacy Policy describes the privacy practices of Chord Commerce, Inc. (“Chord” or “us” or “we”).

Chord provides e-commerce technology services to other businesses – our clients. To take advantage of our services, our clients share information with us about their individual consumers, including contact details and shopping histories. We process that information on our clients’ behalf to provide our clients with content management, a customer data platform and order management, among other services.

We may also collect personal information for our own business purposes, such as business contact details of potential customers or job applicants’ resumes.

This Privacy Policy applies to:

  • The chord.co website and any other websites or online services controlled by us and which display this Privacy Policy, and
  • E-commerce technology services that we provide to our clients.

Our website and online services are designed for businesses and are not intended for personal, family or household use. Accordingly, we treat all personal information covered by this Privacy Policy as pertaining to individuals acting as business representatives, rather than in their personal capacity.

INFORMATION WE COLLECT

Information We Collect for Chord’s Own Business Purposes

We may collect information about individuals who interact with Chord when using our website or services (such as employees of our clients), job applicants, and other individuals.

Information you provide to us. Personal information you may provide to us through our services or otherwise includes:

  • Contact details, such as your first and last name, email and mailing addresses, and phone number.
  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.

Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Data providers, such as information services and data licensors.
  • Public sources, such as social media platforms.

Information We Collect from or on Behalf of Our Clients

We may collect information about individual consumers from our clients or – at clients’ requests – from their service providers. Our clients determine the scope of the information transferred to us, and the information we receive may vary by client. Typically, we may collect clients’ consumers’ contact details and demographic data, transaction details and shopping histories, and details about consumers’ interactions with marketing communications.

COOKIES AND OTHER INFORMATION COLLECTED BY AUTOMATED MEANS

We, our service providers, and our business partners, may collect certain information about the use of our websites by automated means, such as cookies, web beacons and other technologies. Likewise, as part of our services, we may offer our clients the ability to install these types of technologies on their websites or in the emails they send to their customers; and if a client does so, we collect information on its behalf. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. We and our service providers and business partners may collect information about your online activities over time and across third-party websites when you use our websites and mobile applications.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Privacy Preferences, Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes.

The information we collect by automated means varies based on whether we are collecting information for our own business purposes or whether we are collecting information from or on behalf of our customers to provide our services.

Automated Data Collection for Chord’s Own Business Purposes

The information collected by automated means for our own business purposes includes:

  • Details about the devices that are used to access our websites (such as the IP address, and type of operating system and web browser)
  • Dates and times of visits to, and use of, our websites
  • Information about how our websites are used (such as the content that is viewed on our websites and how users navigate between our webpages, and the date and time of access)
  • Details about how individuals interact with our emails (such as whether the email is opened and which links are clicked in the email)
  • URLs that refer visitors to our websites
  • Search terms used to reach our websites

Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

Automated Data Collection on Behalf of Our Clients

The information collected by automated means on behalf of our clients may include:

  • Details about the devices that are used to access our clients’ websites (such as the IP address, and type of operating system and web browser)
  • Dates and times of visits to, and use of, our clients’ websites
  • Information about how our clients’ websites are used (such as the content that is viewed on our clients’ websites and how users navigate between webpages, and the date and time of access)
  • Details about how individuals interact with our clients’ emails (such as whether the email is opened and which links are clicked in the email)
  • URLs that refer visitors to our clients’ websites
  • Search terms used to reach our clients’ websites
  • Web browsers may offer users of our clients’ websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

OUR USE OF PERSONAL INFORMATION

Our Use of Personal Information for Chord’s Own Business Purposes

We may use personal information to:

  • Provide our services to our clients
  • Communicate about the products and services we offer, and respond to requests, inquiries, comments, and suggestions
  • Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read)
  • Operate, evaluate and improve our business, our websites, and other products and services we offer (including to develop new products and services)
  • Invoice and collect payment for our services
  • Establish and maintain an individual’s profile in our service
  • Tailor the content we display in our communications, in our services and in mobile apps
  • Administer surveys and other market research
  • Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests)
  • Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide
  • Process employment applications
  • Monitor recruiting statistics, to inform our recruitment activities

We may aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.

Our Use of Personal Information on Behalf of our Clients

We use personal information we collect from or on behalf of our clients to provide services to our clients at their direction. We do not use this information for Chord’s own purposes. We use personal information only as directed or authorized by our client. Typically, we are directed or authorized to use personal information collected on behalf of the client to:

  • Synthesize performance analytics for our client
  • Personalize site experiences for our clients’ customers
  • Target customers for our clients’ marketing campaigns
  • Analyze and enhance our clients’ communications and strategies (including by identifying when emails sent to you have been received and read)

INFORMATION WE SHARE

We may share personal information for the purposes set out in this Privacy Policy with:

  • Service providers that perform services on our behalf, such as technology providers (including providers of payment processing, technology support, web hosting, and email communications)
  • Survey and market research providers
  • Advertising and marketing partners
  • Analytics organizations

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.

In addition, we may share your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.

CAREERS

If you submit your information in connection with job opportunities at Chord, we will use and disclose the information to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help inform our recruitment activities. We will process this information based on our legitimate interest of evaluating job candidates or, when you provide us with sensitive information, based on your consent.

PRIVACY PREFERENCES, RIGHTS, AND CHOICES

Individuals have certain rights and choices regarding Chord’s processing of their personal information. Please note, however, that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.

Individuals whose personal information Chord processes on behalf of a client should contact that client to exercise the rights and choices described in this Privacy Policy.

We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals to whom the information pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

Individuals residing in the European Economic Area, Switzerland, and the United Kingdom (collectively, “Europe”) may have additional rights as outlined in the “Notice to European Users” section below.

Access or Correct Personal Information

You may request access to the personal information that we maintain about you. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. You may request to correct any errors in your personal information. We may reject your request to access or correct your information, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection. If you wish to exercise this right please contact us here at [email protected]

Marketing Emails

You may unsubscribe from receiving marketing or other commercial emails from Chord by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as information about changes to our website terms).

Online Behavioral Advertising

Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly-titled link).

Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

INTERNATIONAL DATA TRANSFERS

We are headquartered in the United States and may use services providers that operate in other countries. Your personal information may therefore be processed in the United States or transferred to other locations where privacy laws may not be as protective as those in your state, province, or country.

HOW WE PROTECT INFORMATION

We maintain reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful, or unauthorized access, disclosure, alteration, use, loss, or destruction. However, we cannot guarantee that the safeguards we maintain will ensure the security of the personal information.

LINKS TO OTHER WEBSITES AND THIRD-PARTY CONTENT

We may provide links to websites and other third-party content that is not owned or operated by Chord. The websites and third-party content to which we link may have separate privacy notices or policies. Chord is not responsible for the privacy practices of any entity that it does not own or control.

CHILDREN

Our website and services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through our website or services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

CHANGES TO OUR PRIVACY POLICY

Chord reserves the right to change this Privacy Policy at any time. When we update this Privacy Policy, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Policy and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Policy in other ways, such as via email or other contact information you have provided.

HOW TO CONTACT US

You may contact us with questions, comments, or complaints about this Privacy Policy or our privacy practices, or with requests to access or correct your information, by emailing [email protected] or writing us at Chord Commerce, Inc. 33 Irving Place, New York, New York 10003.

NOTICE TO EUROPEAN USERS

The information provided in this “Notice to European Users” section applies only to individuals in Europe.

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller. Chord is the controller of the personal information we collect for our own business purposes, such as business contact details of potential customers, for purposes of European data protection legislation.

Legal basis for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose

Legal basis

To operate our services

Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.

  • For research and development
  • For marketing and advertising purposes
  • For compliance, fraud prevention and safety
  • Sharing your personal information as described in this Privacy Policy

These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law

Processing is necessary to comply with our legal obligations

With your consent

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the website or services, or otherwise to us.

If you provide us with any sensitive personal information when you visit our website or use our services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.

Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cross-border Data Transfer. If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

Your rights. European data protection laws may give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to [email protected] or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.