VTEX’s Commitment

VTEX knows how important it is to protect personal data. Therefore, we act in accordance with current global privacy and personal data protection laws.

We also wanted to provide a channel where anyone could access our notices and find information about how we process personal data.

As proof of our commitment to gaining and increasing our clients’ trust and confidence, VTEX has drawn up some privacy statements, which are available here, such as the Data Processing Addendum, Privacy Notices, Cookie Policy, among others.

VTEX is a global company. As such, we are constantly updating our personal data security and privacy procedures to follow all applicable data protection laws in the countries where our company operates. VTEX has also obtained all the most relevant high-level certifications to guarantee that the personal data we process is safe.

When acting as a Personal Data Processor, VTEX always takes the necessary steps to ensure its platform is secure and compliant with data protection laws. On the other hand, when acting as the Personal Data Controllers, our clients also need to take some actions to comply with the applicable laws. Here, you can find some guidelines that will help you understand the requirements you must comply with. Please remember that these are just general guidelines. The regulations that apply to you may contain other provisions and obligations.

What is the GDPR?

The GDPR is a data protection and privacy regulation for all individuals within the European Union. It also addresses the export of personal data outside the EU.

As stated in its article on Territorial Scope, the “Regulation applies to the processing of personal data in the context of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.”

Commitment to the Principles of the GDPR

VTEX policies and agreements cover all GDPR principles.

1- Lawfulness, Fairness, and Transparency: VTEX abides by the law and the fair use of the personal data collected to provide the services offered transparently;
2- Purpose Limitation: The subjects’ data is only used for the purpose established;
3- Data Minimization: VTEX collects only the minimum amount of data necessary to process the orders received;
4- Accuracy: The data collected and processed by VTEX is necessarily accurate and current;
5- Storage Limitation: VTEX only stores the subjects’ data while it is necessary for the processing of the service provided;
6- Integrity and Confidentiality: VTEX will always do whatever is within its reach, based on standards and best practices, to take appropriate measures to ensure personal data security.

Commitment to the Controllers

VTEX always works hard to offer the best value possible so its tenants’ efforts will translate into profitable and efficient commerce operations.

This principle translates into the constant creation and evolution of tools that, regardless of the comprehensiveness of our current Admin GUI and APIs, will progressively and constantly make it easier and more seamless for our tenants – the Controllers – to comply with the GDPR.