On this page:
Security FAQs
Privacy & Compliance FAQs
Vendor Security FAQs

Security FAQs

Where is Bazaarvoice data stored?

All data is stored in AWS data centers.

Which certifications or external audits has Bazaarvoice undergone?

One of our most relevant certifications is from TUV Rheinland, a renowned German-based certification body. Every year, TUV conducts a data protection audit and confirms that Bazaarvoice has met its comprehensive catalog of data privacy and security requirements — which are driven by the requirements of the GDPR.

Does Bazaarvoice have formally documented written security policies and procedures that are regularly reviewed?

Yes.

Does Bazaarvoice have a dedicated information security staff focused on continued information security improvements, incidents, and breaches?

Yes. Bazaarvoice has a dedicated team of security professionals.

Who has access to client data?

Operations teams, client services, and support teams have access to client data on an as-needed basis. Each group needs access to client data to manage the environment and/or support Bazaarvoice clients.

Logical access to Bazaarvoice production operations server and network equipment is provided on the principle of least privilege.

Are penetration tests conducted regularly, and are the results available to clients?

Yes. Penetration testing is conducted annually by a third party. An executive summary of the results can be shared, upon request, with clients under NDA.

Is anti-virus protection loaded onto all workstations?

Yes. Antivirus protection is pre-loaded on all desktop/mobile workstation systems provided to Bazaarvoice personnel. It’s configured to perform real-time scans and push forced updates as it receives updated virus definitions.

Is Bazaarvoice equipment and infrastructure designed for high availability and failover?

Bazaarvoice’s SaaS offerings are hosted in secure, state-of-the-art AWS data centers strategically located in the U.S. and EU. Our solutions are designed for scalability and elasticity. All equipment and infrastructure provide services to our clients with resiliency, failover, and redundant functionality.

All data centers have extensive physical security, monitoring, and alarm systems in place as well.

Does Bazaarvoice support federated logins of any type where client users will have access to the Bazaarvoice portal?

Federated single sign-on is set to roll out this year for clients using SAML 2 (Ping, Azure, AD, or Okta).

Does Bazaarvoice require two-factor authentication and a VPN for its employees?

All Bazaarvoice personnel are required to use two-factor authentication when accessing internal systems. Every user must also connect with a VPN when outside the Bazaarvoice offices.

Privacy & Compliance FAQs

Is Bazaarvoice compliant with GDPR?

Yes. Our legal and privacy teams work with our EU-based data protection officer to stay informed of the latest developments and regulatory changes. Because our customers do business all over the world, we provide products and services that meet the most stringent privacy standards.

Is Bazaarvoice compliant with the California Consumer Protection Act (CCPA)?

Yes. We are subject to the CCPA. The Bazaarvoice Privacy Policy has a section for California residents that specifies how we comply and how they can communicate any concerns or requests.

Does Bazaarvoice have a dedicated data protection officer (DPO)?

Yes. The DPO is based in Europe and has specialized privacy training and expertise to represent any privacy matter we may have. The DPO works closely with our legal team and privacy operations team and can be contacted directly.

Does Bazaarvoice have a dedicated privacy department?

Yes. In addition to having a European-based data protection officer, we have a dedicated global privacy operations manager who is responsible for the day-to-day governance of privacy compliance; policies, procedures, and standards; privacy training and awareness for employees, contractors, and vendors; providing guidance on Privacy by Design best practices; ensuring timely response to individual privacy rights requests; improving operations as regulations and consumer demands change; and supporting client assurance.

What does Bazaarvoice do to help customers answer individual rights requests?

We provide a dedicated privacy API service. Our customers can bulk-submit their requests and expect a quick turnaround to help them stay compliant.

What does Bazaarvoice do for individuals to exercise their privacy rights?

We provide 3 ways to make privacy requests. Consumers can fill out an online data form for a subject access request, contact privacy directly, or contact the Bazaarvoice data protection officer directly.

Does Bazaarvoice sell personal information?

No.

Does Bazaarvoice collect personal information?

Yes. We only collect personal data when we need it to process a consumer’s request or we offer opportunities to use our services. We only exchange personal data when we have permission. Our customers get individual consent before collecting PII and sharing it with us.

What personal information does Bazaarvoice collect?

We strive to offer more and better value to clients and consumers while using less and less personal data. Our Privacy Policy contains a detailed view of the data we collect and our business reasoning behind it.

How does Bazaarvoice protect the privacy rights of individuals?

We collect the minimum amount of personal data needed and share it under the principle of least privilege with only those who have a clear need-to-know. We control and monitor access to maintain data integrity, make it easy for individuals to make requests about their data, and provide technical support for our customers to do the same for their customers.

Is Bazaarvoice able to provide all the types of privacy requests our customers and their customers might request?

Yes. We provide our customers and consumers the right-to-be-forgotten and honor all of the GDPR requirements for individual privacy rights requests.

Has Bazaarvoice ever had a major privacy breach of personal data?

No.

Does Bazaarvoice have formally documented written privacy policies, procedures, and requirements to protect personally identifiable information that is regularly reviewed?

Yes.

Yes

Vendor Security FAQs

Does Bazaarvoice use other companies to process personal information?

Yes. We use other company services to provide fulfillment of the products and services we offer. All vendors are held to the same high standards we hold for ourselves in protecting personal data and remaining compliant with all applicable laws and regulations.

How many third-party vendors does Bazaarvoice use?

We are a SaaS company. The number may vary as we enhance, modify, build, or integrate new technology, products, and services. An up-to-date list of all our vendors that process personal information is in our Vendor List.

What protection does Bazaarvoice give to its customers so that the vendors handling their data are able to meet privacy protection laws and regulations?

We cultivate our relationships carefully to find partners who respect our values and work methods. We leverage our security, privacy, legal, and finance departments early in the vendor review and onboarding process. We ensure we have covered every potential risk of doing business with a vendor and we clearly understand how their value fits our purposes.

How do you manage all the documentation required by frequently changing laws and regulations?

We monitor emerging regulations with the help of our data protection officer, privacy operations manager, legal team, and client services teams. When we learn of privacy changes, we quickly plan how to accommodate the changes. Sometimes our technology is enhanced. Sometimes our processes are improved. Our documents are updated to reflect the changes and we store them in secure repositories defined in our Business Continuity Plan. Our specific vendor documents are kept confidential for legal and security purposes. However, documents that define and guide our vendor relationships can be found on our Legal website.