Legal pages         Home     T&C     Privacy Policy      Cookie Policy

Privacy Policy

Last Modified Date: March 24, 2025a

Table of Contents

  1. Introduction
  2. Who We Are
  3. Personal Data We Collect
  4. How We Use Your Personal Data
  5. Legal Basis for Processing
  6. AI Agents and Automated Processing
  7. Cookies and Tracking Technologies
  8. Sharing of Personal Data
  9. International Data Transfers
  10. Data Retention
  11. Data Security and Privacy by Design
  12. Your Privacy Rights
  13. Shared Responsibility
  14. Compliance with Global Privacy Regulations
  15. Children's Privacy
  16. Changes to the Privacy Statement
  17. How to Contact Us

Introduction

CommerceClarity is committed to protecting your privacy and personal data. This Privacy Statement describes how we collect, use, share, and protect your personal data when you use our services, our website, and our applications (collectively, the "Services").

We invite you to read this Privacy Statement carefully to understand our practices regarding your personal data. By using our Services, you consent to the practices described in this Privacy Statement.

Who We Are

Data Controller: Sunex S.r.l. (operating as CommerceClarity)
Address: Via di Affogalasino, 34, 00148 Rome, Italy
VAT Number: IT15901031003
Privacy Email: [email protected]

In the context of the GDPR and other data protection laws:

  • When we collect and process personal data related to your user accounts, contact information, and use of our Services, we act as the "data controller."
  • When we process personal data contained in content uploaded or managed by our customers within our SaaS platform, we act as the "data processor" on behalf of our customers, who are the "data controllers."

Personal Data We Collect

CommerceClarity collects different types of personal data depending on how you interact with our Services:

Data Category Examples
Data provided directly by users
  • Account information: first name, last name, email address, password, professional role, company name
  • Billing information: billing address, payment information, VAT number
  • Uploaded content: personal data contained in product catalogs, product sheets, and other content
  • Communications: information provided to customer support or in surveys
Data collected automatically
  • Usage data: information about features used, frequency and duration of use
  • Device information: device type, operating system, browser, screen resolution
  • Log data: IP address, date and time of access, pages visited, system errors
  • Performance data: metrics related to platform performance, loading times, crashes
Data from third parties
  • Authentication providers: data from third-party authentication services
  • Business partners: data from partners providing integrated services
  • Publicly available information: data related to company or professional activity

How We Use Your Personal Data

We use your personal data for the following purposes:

Providing and improving the Services

  • Providing access and functionality of our SaaS platform
  • Personalizing your user experience
  • Developing and improving our products and services
  • Providing technical assistance and customer support
  • Processing transactions and managing your account

Communications

  • Sending you service-related information (updates, security alerts, notifications)
  • Responding to your requests and questions
  • Sending you marketing communications, if you have consented to receive them
  • Conducting surveys and collecting feedback

Analysis and research

  • Analyzing how our users use the Services
  • Conducting research to improve our Services
  • Generating aggregated and anonymized statistics

Security and legal compliance

  • Protecting the security of our Services
  • Preventing fraud and abuse
  • Resolving disputes
  • Enforcing our terms of service
  • Complying with legal obligations

AI Agents and Automated Processing

CommerceClarity uses artificial intelligence technologies, including AI agents, to provide and improve its Services. It's important that you understand how we process data through these systems.

How our AI agents work

Our AI agents are primarily used to:

  • Automate the creation and optimization of content for product sheets
  • Verify compliance of content with specified guidelines
  • Provide suggestions to improve product sheet performance
  • Monitor and analyze market data to provide competitive intelligence

Use of data for training

Our AI models are used exclusively to process data within our platform and to provide the requested services.

Automated decisions and profiling

In accordance with Article 22 of the GDPR, we inform you that CommerceClarity may use automated decision-making processes, including profiling, to:

  • Automatically generate content for product sheets based on the data provided
  • Categorize products and suggest SEO optimizations
  • Analyze sales and advertising performance to suggest improvements

Importance and consequences: These automated decisions can influence the visibility of your products, pricing strategies, and sales performance. However:

  • We do not make fully automated decisions with significant legal effects without human oversight
  • You always have the right to request human intervention, express your opinion, and contest automated decisions
  • You can disable certain automation features in your account settings

Cookies and Tracking Technologies

CommerceClarity uses cookies and similar tracking technologies to collect and store certain information when you use our Services. These tools help us improve the user experience, analyze site usage, and personalize content.

Types of cookies we use

Cookie Type Description
Essential cookies Necessary for the operation of the website and to provide the requested services
Analytical cookies Help us understand how users interact with our site
Functional cookies Allow enhanced functionality and personalization
Targeting/advertising cookies Used to show you relevant advertisements (if applicable)

Cookie management

You can manage your cookie preferences through the cookie banner on our website. Additionally, most web browsers allow you to control cookies through browser settings. Please note that disabling certain cookies may affect your experience and the features available in our Services.

For more detailed information about the cookies we use, please see our Cookie Policy.

Sharing of Personal Data

CommerceClarity may share your personal data with the following categories of recipients:

Service providers

We collaborate with third-party service providers who help us manage, provide, and improve our Services. These providers have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use your data for other purposes.

Specific examples of third-party service providers with whom we might share data include:

Category Examples
Hosting and cloud infrastructure Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, OVH
Analytics and monitoring Google Analytics, Mixpanel, Hotjar, June
Communications and customer support Intercom, Zendesk, SendGrid, Mailchimp, Hubspot
Payments and billing Stripe, PayPal
CRM and marketing HubSpot, Salesforce
Authentication and security Auth0, Cloudflare

Affiliated entities

We may share your personal data with our affiliated companies or subsidiaries for the purposes described in this Privacy Statement.

Legal compliance and protection

We may disclose your personal data if we believe in good faith that such disclosure is necessary to:

  • Comply with a law, regulation, or legal proceeding
  • Protect the rights, property, or safety of CommerceClarity, our users, or the public
  • Detect, prevent, or address fraud, abuse, or security issues
  • Respond to government requests

Business transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred as part of that transaction. We will notify you (via notice on our website or email) of any change in ownership or use of your personal data, as well as any choices you may have regarding your personal data.

With your consent

We may share your personal data with third parties when we have your explicit consent to do so.

International Data Transfers

CommerceClarity is an Italian company based in the European Union. However, we may transfer, process, and store your personal data in countries other than your country of residence, including countries outside the European Economic Area (EEA).

When we transfer personal data outside the EEA, we adopt appropriate measures to ensure that your personal data receives an adequate level of protection, such as:

  • Transfer to countries that have been recognized by the European Commission as providing an adequate level of protection for personal data
  • Use of Standard Contractual Clauses (SCCs) approved by the European Commission
  • Implementation of supplementary safeguards where necessary

You can request a copy of the safeguards we have put in place to protect your personal data during international transfers by contacting us at [email protected].

Data Retention

CommerceClarity retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process your personal data
  • Whether we can achieve those purposes through other means
  • The applicable legal requirements

Our specific retention periods

Data Category Retention Period
Account data 24 months after closing the account or last access
Transaction and billing data 10 years (Italian tax requirement)
Access and security logs 6 months
Support communication data 24 months from ticket resolution
Marketing data Until consent withdrawal or deletion request
Product data uploaded to the platform During the contract period and for 90 days after termination to allow data recovery

The indicated retention periods may be extended in case of legal disputes, investigations, or requests from competent authorities.

After the retention period, we securely delete your personal data or render it anonymous so that it can no longer be associated with you.

Data Security and Privacy by Design

Security measures

CommerceClarity takes the security of your personal data seriously. We have implemented appropriate technical and organizational measures designed to protect your personal data from accidental loss, unauthorized access or disclosure, alteration, and destruction.

Our security measures include:

  • Encryption of data in transit and at rest
  • Strict access controls and multi-factor authentication
  • Security monitoring and logging
  • Regular security reviews and penetration testing
  • Security training for employees
  • Security incident management policies and procedures

Privacy by Design and by Default

CommerceClarity adopts a "Privacy by Design" and "Privacy by Default" approach in the development and management of our Services:

  • Data minimization: we collect and process only the personal data necessary to provide our Services
  • Pseudonymization and anonymization: we implement pseudonymization and anonymization of data where possible to reduce privacy risks
  • Privacy-respecting default settings: the default settings of our Services are configured to ensure the highest possible level of privacy
  • User controls: we provide users with granular controls over their privacy preferences and data sharing

Data breach management

In the event of a personal data breach, we will follow the procedures required by the GDPR and other applicable laws, which include:

  • Notification to the competent data protection authority within 72 hours of discovering the breach, where applicable
  • Direct notification to the affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, including:
    • A clear description of the nature of the breach
    • Contact details of our privacy contact point
    • A description of the likely consequences of the breach
    • A description of the measures taken or proposed to address the breach and mitigate its effects
  • Documentation of all personal data breaches, including the facts related to the breach, its effects, and the remedial actions taken

Your Privacy Rights

In accordance with the GDPR and other applicable data protection laws, you have certain rights regarding your personal data:

Privacy Right Description
Right of access You have the right to request a copy of your personal data that we hold and information about how we use it.
Right to rectification You have the right to request the correction of inaccurate or incomplete personal data concerning you.
Right to erasure In certain circumstances, you have the right to request the deletion of your personal data (also known as the "right to be forgotten").
Right to restriction of processing In certain circumstances, you have the right to request the restriction of processing of your personal data.
Right to data portability You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit such data to another data controller.
Right to object You have the right to object at any time to the processing of your personal data based on our legitimate interest. In particular, you have the right to object to the use of your personal data for direct marketing purposes.
Right not to be subject to automated decisions You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

How to exercise your rights

To exercise your privacy rights, you can send a detailed request to [email protected]. Your request will be handled as follows:

  1. Receipt of request: Once we receive your request, we will send a confirmation of receipt within 3 business days
  2. Identity verification: To protect your privacy, we will ask you to verify your identity by providing specific information related to your account
  3. Request processing: We will process your request as quickly as possible, in any case within 30 days from the verification of your identity (this period may be extended by up to 60 days for complex requests)
  4. Response: We will provide you with a complete response that includes:
    • The actions taken in response to your request
    • Any requested information in an accessible format
    • Details of any limitations applied to your request and related reasons

If your request is particularly complex or you have submitted multiple requests, we may need more time to respond. In this case, we will inform you of the delay and provide you with regular updates on progress.

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is the Garante per la protezione dei dati personali (https://www.garanteprivacy.it/).

Shared Responsibility

When you use CommerceClarity Services as a business customer to process third-party data (e.g., data from your customers or end users), a shared responsibility model for data protection applies:

Your responsibilities as a customer

As a business customer of CommerceClarity, when you use our Services to process personal data of third parties, you are considered the "data controller" of such data and have the following responsibilities:

  • Ensuring you have a valid legal basis for collecting and processing personal data
  • Informing data subjects (your customers/end users) about the processing of their data, including the use of services such as CommerceClarity
  • Obtaining necessary consents where required by law
  • Responding to data subject requests regarding their rights
  • Ensuring that the data you upload or manage through CommerceClarity is accurate, relevant, and limited to what is necessary
  • Implementing appropriate security measures on your side
  • Notifying competent authorities and data subjects of any data breaches that occur within your scope of responsibility

CommerceClarity's responsibilities

When we process personal data of third parties on your behalf, we act as a "data processor" and we commit to:

  • Processing data only according to your documented instructions
  • Implementing appropriate security measures to protect data
  • Assisting, as far as possible, in responding to data subject requests
  • Supporting you in complying with security and breach notification obligations
  • Deleting or returning all personal data at the end of the provision of Services

What this means for the end user

End users (e.g., customers of our business customers) should be aware that:

  • For matters relating to the processing of their personal data, they should primarily contact the organization that directly collected their data (our business customer)
  • In some cases, they may have rights applicable to both the data controller (our business customer) and to us as a data processor

Compliance with Global Privacy Regulations

CommerceClarity is committed to complying with applicable data protection laws in all jurisdictions where we operate. In addition to the EU GDPR, we also comply with other relevant privacy laws, including:

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

For California residents, we respect the additional rights provided by the CCPA/CPRA, which include:

  • The right to know what personal data we collect, use, share, or sell
  • The right to delete personal data
  • The right not to be discriminated against for exercising privacy rights
  • The right to limit the use and disclosure of sensitive personal information
  • The right to correct inaccurate personal data

Other applicable regulations

We continuously monitor the evolution of data protection laws worldwide and update our practices accordingly to maintain compliance with applicable regulations.

If you have specific questions about compliance with privacy laws in your jurisdiction, we invite you to contact us at [email protected].

Children's Privacy

CommerceClarity Services are intended for users aged 18 and older. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected or received personal data from an individual under 18 years of age without verification of parental consent, we will delete such information. If you believe we might have information from or about an individual under 18 years of age, please contact us at [email protected].

Changes to the Privacy Statement

We may update this Privacy Statement periodically to reflect changes in our practices, our Services, or applicable laws. The date of the last modification will always be indicated at the beginning of the document.

For substantial changes, we will provide appropriate notice (e.g., through a visible notice on our website or via email) before the changes become effective. We encourage you to regularly review this Privacy Statement to be informed about how we protect your personal data.

By continuing to use our Services after the changes have come into effect, you accept the updated version of the Privacy Statement.

How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Statement or our privacy practices, you can contact us in one of the following ways:

Email: [email protected]

Postal address:
Sunex S.r.l. (CommerceClarity)
Via di Affogalasino, 34
00148 Rome RM
Italy

We will do our best to answer your questions or resolve your concerns as quickly as possible.

This Privacy Statement is also available in Italian. In the event of any inconsistencies between the Italian and English versions, the Italian version shall prevail.

Grow Together with CommerceClarity's Affiliate Program

Discover CommerceClarity in Action