Data collection

WebSphere Commerce provides various sample store pages, store functions, and other features that the site can customize and use to create your custom store. If the site customizes and uses these templates, the site can be set up to collect personal data about shoppers and other users that browse and shop within your custom store.

IBM itself does not collect, access, or process any data for the site. The collection, storage, processing, and security of any personal data for the site users is the responsibility of our organization.

By default, WebSphere Commerce includes marketing and promotion features and order, shipping, and payment processes that can be used to collect or process personal data. If the site uses customized versions of the provided sample store pages, the site can collect personal data when a user registers for the store and when they submit an order. If the site uses store locator function or uses marketing activities and segments that rely on tracking shopper behavior, your store can collect additional data about a user. Some of our customizations might also collect personal data.

The following data is the only data that is classified as personal data that can be collected by default with the store pages and functions that is provided with WebSphere Commerce. If the site uses customized versions of the provided store pages, functions, and features, the site can collect the following types of personal data. Depending on the pages and functions that the site uses, the data that is collected can be different. You are responsible for customizing the store so that you only collect the data that the site needs.


Personal identity data

This data can be collected and used to uniquely identify an individual. By default, store pages can collect the following data when a user is registering for a store, updating their account page, or submitting an order. Administrators can enter the data for internal users when the administrator is creating the user's account.


Access and authentication credentials

Authentication data can be collected and used to uniquely identify an individual when a user registers for a store. By default, store pages can collect the following data when a user is registering for a store. For internal users, the data can be collected when administrators create user accounts.


Payment and financial data

Payment and financial data can be collected and used to process orders and to pass to third-party services for processing payments and orders. By default, sample pages can collect the following data when a user is registering for a store or submitting an order.


Behavioral data

Your site can collect data about how our customers browse and interact with the store. This data can be collected as customers browse and use the store. This data can be used to customize advertisements, recommend products, and more. The collection and processing of this data might require consent by a customer before the data is collected. By default, WebSphere Commerce can be set up to collect the following behavioral data:


Location data

If the site uses location-based features, such as store locator capabilities, we can collect data on the near-term location of an individual. This data can be used to determine the store to display to a user.


Order history

This data is collected when a customer submits an order. Depending on how the site processes orders, order data can be sent to a third-party system, such as an integrated order management system. Collected order data might need to be retained for auditing and other business purposes, such as to handle returns, recurring orders, and warranty claims.


Wish lists

This data is collected when a customer creates or updates a wish list.

When we are customizing the site to collect and process data, collect and process only the minimum amount of personal data needed.


Related concepts
General Data Protection Regulation (GDPR) and WebSphere Commerce