On this page:
Security FAQs
Privacy & Compliance FAQs
Vendor Security FAQs
Security FAQs
Where is Bazaarvoice data stored?
All data is stored in AWS data centers.
Which certifications or external audits has Bazaarvoice undergone?
Bazaarvoice is certified by Schellman Compliance LLC as operating an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013. Bazaarvoice is committed to maintaining the rigorous controls required by the ISO 27001 standard and being annually recertified. Bazaarvoice’s certificate is 1667990-1, issued on November 17, 2022. This can be verified on Schellman’s website.
Does Bazaarvoice have formally documented written security policies and procedures that are regularly reviewed?
Yes.
How can I get a copy of Bazaarvoice information security documentation?
Relevant information security documentation may be provided upon request. Please send an email to security@bazaarvoice.com to request documentation.
Does Bazaarvoice have a dedicated information security staff focused on continued information security improvements, incidents, and breaches?
Yes. Bazaarvoice has a dedicated team of security professionals.
How do I report a suspected security issue to Bazaarvoice?
Please send an email with details of the suspected security issue to security@bazaarvoice.com.
Who has access to client data?
Operations teams, client services, and support teams have access to client data on an as-needed basis. Each group needs access to client data to manage the environment and/or support Bazaarvoice clients.
Logical access to Bazaarvoice production operations server and network equipment is provided on the principle of least privilege.
Are penetration tests conducted regularly, and are the results available to clients?
Yes. Penetration testing is conducted annually by a third party. An executive summary of the results can be shared, upon request, with clients under NDA.
Is anti-virus protection loaded onto all workstations?
Yes. Antivirus protection is pre-loaded on all desktop/mobile workstation systems provided to Bazaarvoice personnel. It’s configured to perform real-time scans and push forced updates as it receives updated virus definitions.
Is Bazaarvoice equipment and infrastructure designed for high availability and failover?
Bazaarvoice’s SaaS offerings are hosted in secure, state-of-the-art AWS data centers strategically located in the U.S. and EU. Our solutions are designed for scalability and elasticity. All equipment and infrastructure provide services to our clients with resiliency, failover, and redundant functionality.
All data centers have extensive physical security, monitoring, and alarm systems in place as well.
Does Bazaarvoice support federated logins of any type where client users will have access to the Bazaarvoice portal?
Federated single sign-on is set to roll out this year for clients using SAML 2 (Ping, Azure, AD, or Okta).
Does Bazaarvoice require two-factor authentication and a VPN for its employees?
All Bazaarvoice personnel are required to use two-factor authentication when accessing internal systems. Every user must also connect with a VPN when outside the Bazaarvoice offices.
Privacy & Compliance FAQs
Is Bazaarvoice compliant with GDPR?
Yes. Our privacy notice has a section for EU, EEA, Swiss and UK residents. Our legal and privacy teams work with our EU-based data protection officer to verify that we meet required standards and stay informed of the latest developments and regulatory changes. Because our customers do business all over the world, we provide products and services that meet the most stringent privacy standards.
Is Bazaarvoice compliant with the California Consumer Protection Act (CCPA)?
Yes. Our Privacy Notice has a section for California residents that specifies how we comply and how they can communicate any concerns or requests.
Does Bazaarvoice have a dedicated data protection officer (DPO)?
Yes. The DPO is based in Europe and has specialized privacy training and expertise to represent any privacy matter we may have. The DPO works closely with our legal team and privacy operations team and can be contacted directly.
Does Bazaarvoice have a dedicated privacy department?
Yes. Alongside our data protection officer, our legal team support and verify compliance globally. We have a dedicated global privacy operations manager who is responsible for the day-to-day governance of privacy privacy – this includes: policies, procedures, and standards; privacy training and awareness for employees, contractors, and vendors; guidance on Privacy by Default best practices; ensuring timely response to individual privacy rights requests; improving operations as regulations and consumer demands change; and supporting client assurance. The global privacy manager is supported by technical and project teams driving Privacy by Design through Bazaarvoice.
Is Bazaarvoice able to provide all the types of privacy requests our customers and their customers might request?
Yes. We provide our customers and consumers the right-to-be-forgotten and honor all of the GDPR requirements for individual privacy rights requests.
What does Bazaarvoice do to help customers answer individual rights requests?
We provide a dedicated privacy management service accessed via API or by our customer portal. Our customers can submit their requests and expect a quick turnaround to help them stay compliant. You can read more on our Knowledge Base support site
How does Bazaarvoice protect the privacy rights of individuals?
We collect the minimum amount of personal data needed and share it under the principle of least privilege with only those who have a clear need-to-know. We control and monitor access to maintain data integrity, make it easy for individuals to make requests about their data, and provide technical support for our customers to do the same for their customers.
What does Bazaarvoice do for individuals to exercise their privacy rights?
Bazaarvoice’s products and services (including Influenster) offer a range of access points. In addition to this, individuals and data subjects can contact our privacy team or DPO directly. More information can be found in the Bazaarvoice privacy notice and Influenster privacy notice.
Does Bazaarvoice sell personal information?
No.
Does Bazaarvoice collect personal information?
Yes. We collect personal data for a range of purposes including managing and delivering our products and services; co-ordinating and responding to individual request (including data rights requests); identifying and supporting clients; offering opportunities to use our services and to manage employee and client data.
What personal information does Bazaarvoice collect?
We strive to offer more and better value to clients and consumers while using less and less personal data. The Bazaarvoice privacy notice and Influenster privacy notice provide more information about the data we collect and our business reasoning behind it.
Has Bazaarvoice ever had a major privacy breach of personal data?
No.
Does Bazaarvoice have formally documented written privacy policies, procedures, and requirements to protect personally identifiable information that is regularly reviewed?
Yes.
Does Bazaarvoice have all necessary legal documentation, contracts, and agreements with all the third parties involved for the protection of privacy?
Yes
Does Bazaarvoice share data outside the European Economic Area?
Yes. As a US company, Bazaarvoice processes data on servers in the USA. Transfer of personal data between the EU and US is governed by fully compliant Standard Contractual Clauses.
How do you adapt to frequently changing laws and regulations?
We monitor emerging regulations with the help of our data protection officer, privacy operations manager, legal team, and client services teams. When we learn of privacy changes, we quickly plan how to accommodate the changes. Sometimes our technology is enhanced. Sometimes our processes are improved. Our documents are updated to reflect the changes and we store them in secure repositories defined in our Business Continuity Plan.
Vendor Security FAQs
Does Bazaarvoice use other companies to process personal information?
Yes. We use other company services to provide fulfillment of the products and services we offer. All vendors are held to the same high standards we hold for ourselves in protecting personal data and remaining compliant with all applicable laws and regulations.
How many third-party vendors does Bazaarvoice use?
We are a SaaS company. The number may vary as we enhance, modify, build, or integrate new technology, products, and services. An up-to-date list of all our vendors that process personal information is in our Vendor List.
What protection does Bazaarvoice give to its customers so that the vendors handling their data are able to meet privacy protection laws and regulations?
We cultivate our relationships carefully to find partners who respect our values and work methods. We leverage our security, privacy, legal, and finance departments early in the vendor review and onboarding process. We ensure we have covered every potential risk of doing business with a vendor and we clearly understand how their value fits our purposes.