(Updated: January 3, 2023)
If you are a customer who is subject to the privacy laws of California or the European Union, the Data Privacy Addendum located at https://wpengine.com/legal/dpa/ as it may be updated from time to time governs the obligations between us with regard to personal data as defined by such laws.
Personal Data We Collect
- Information You Give Us. In order for you to use our Services and other features of our Site, we will ask you for some of your personal data (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. For example, we ask visitors who would like to comment on our blog to provide a username. Those who purchase Services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions. In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with us. You can always refuse to supply personal data; however, doing so may prevent you from receiving our Services or engaging in other activities on the Site. In no event will we ever request sensitive personal data (e.g. health information, religious preferences, etc.) from you, and we expressly request that you not provide any such sensitive personal data to us.
- Web Server Logs. As is true of most websites, we gather certain information automatically through your use of the Site. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring or exit pages, the files viewed on the Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and clickstream data to analyze trends in the aggregate and administer the site. We use analytical software to help us understand this information. This software sends information to its licensor. Other sites and companies may also use this software. As a result, the licensor may collect information that, when aggregated by them, allows them to identify you individually. We have no responsibility for this collection and use.
- Information Collected by Our Customers. Our customers may collect personal data in connection with the Services we provide to them. WP Engine’s customers control the personal data they collect, and WP Engine will not use or disclose that personal data except as authorized or directed by the customer in the course of our provision of the Services and as governed by our agreement with that customer. If your personal data is controlled by one of our customers, and you have concerns about the way that data is managed or wish to exercise your rights with respect to such data (including your rights of access, amendment, or deletion), please contact that customer directly.
- How We Use Personal Data. WP Engine will only use the personal data we collect as reasonably necessary for the following purposes:
- to allow you to use and interact with the Site;
- to provide the Services to you as our customer;
- to inform our continued development of the Site and the Services;
- to communicate with you from time to time in response to your requests for information or as may be relevant to your account with us;
- to send marketing communications related to the services we provide;
- as required by applicable law or legal requirements pertaining to records retention or for internal administrative purposes; or
- as specifically authorized by you in writing.
- Disclosure to Third Parties. We will not disclose your personal data to third parties except as follows:
- when we believe disclosure is reasonably required to comply with any law or legal request;
- to enforce our legal and contractual rights, or to protect the rights and safety of others;
- to third parties who help us provide any part of the Site or the Services, to the limited extent required for such help, and on condition that they may not further disclose your data or use it for any other purpose; or
- as part of a sale of our assets or a merger of our company.
- EU-US and Swiss-US Privacy Shield. On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring the European Commission’s Decision (EU) 2016/1250 of July 12, 2016 as invalid on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with European Union data protection requirements when transferring personal data from the European Union to the United States. Nonetheless, the U.S. Department of Commerce continues to administer the Privacy Shield program and we participate in and continue to comply and maintain certification with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list. Under the Privacy Shield Frameworks, we are responsible for the processing of personal data that we collect from you and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including requests made to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions more fully described on the Privacy Shield website located at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
- California Residents. If you are a resident of the State of California, this Section addresses your rights and our obligations under the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2023 (collectively the “California Privacy Laws”). Terms used in this Section have the same meaning as provided in the California Privacy Laws.
Information We Collect Our Site collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, our Site has collected the following categories of personal information from visitors within the last 12 months:
Examples: A real name, IP address, email address, account name, or other similar identifiers.
Category: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples: A name, address, telephone number, and (if you are applying for a job) your current employment and employment history.
Category: Internet or other similar network activity.
Examples: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Category: Geolocation data.
Examples: Physical location or movements.
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the California Privacy Laws’ scope.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete on our website.
- Indirectly from you. For example, from observing your actions on our website or interactions with our advertisers.
Use of Personal Information. We may use, or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the California Privacy Laws.
- We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information. We disclose all of the above categories of personal information to our third-party service providers subject, in each case, to a written contract that describes the business purpose of the disclosure and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Sales of Personal Information. We do not and will not sell your personal information.
Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will provide:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- The categories of personal information we sold to a purchaser, and the categories of recipients.
- The categories of personal information we disclosed for a business purpose, and the categories of recipients.
Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, you can contact us by email at [email protected] or by phone at (877) 973-6446. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination. We will not discriminate against you for exercising any of your California Privacy Laws rights. Unless permitted by the California Privacy Laws, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the California Privacy Laws that can result in different prices, rates, or quality levels. Any California Privacy Laws-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an electronic message through our website or write us at our address listed on our webpage.