Home
Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
Compliance
The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
GDPR and HCL Commerce
HCL Commerce provides documentation and functions that your organization can use to help it on the journey to GDPR readiness. If your store operates within the European Union (EU), sells products or services to those people in the EU, or monitors the behavior of EU data subjects, your site likely needs to be GDPR compliant from May 25, 2018.
Right to erasure
Right to erasure, in accordance with the GDPR, is the right for an individual to require that their personal data is deleted when the individual requests it. To help support this requirement, HCL Commerce provides a set of SQL queries. If your site uses custom tables or columns to store personal data, customize the queries as needed. It is your responsibility to define a GDPR-compliant process for handling right to erasure requests.
Data retention
As part of getting your site GDPR ready, your organization is responsible for creating any plans or documents that detail how long your site retains any personal data that is collected. HCL Commerce does not provide any functionality for creating a retention plan.

Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
- Getting started
  HCL Commerce has different advantages for business users, administrators and developers. HCL Commerce targets each of these roles with a tailored set of offerings so that each of your users can get maximum benefit.
- Installing and deploying
  Learn how to install and deploy HCL Commerce development environments and HCL Commerce production environments.
- Migrating
  Before you migrate to HCL Commerce Version 9.1, review this information to help plan and execute your migration.
- Operating
  Topics in the Operating category highlight tasks that are typically performed by business users, customer support representatives, to complete their day-to-day tasks in the operation of the HCL Commerce site.
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using HCL Commerce in combination with other products.
- Administering
  Topics in the Administering category highlight tasks that are typically performed by the Site Administrator, to support daily operations of the HCL Commerce site.
- Customizing
  The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
- Tutorials
  HCL Commerce provides many tutorials to help you customize and understand your HCL Commerce instance and stores.
- Samples
  Topics in the Samples category highlight the various samples that are provided with HCL Commerce.
- Compliance
  The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
  - GDPR and HCL Commerce
    HCL Commerce provides documentation and functions that your organization can use to help it on the journey to GDPR readiness. If your store operates within the European Union (EU), sells products or services to those people in the EU, or monitors the behavior of EU data subjects, your site likely needs to be GDPR compliant from May 25, 2018.
    - Privacy and consent
      HCL Commerce provides storefront and business user functionality that your site can use to present your privacy information and provide consent management options to your shoppers.
    - Right to access
      Right to access, in accordance with the GDPR, is the right for an individual to access their personal data upon request. To help support this requirement, HCL Commerce provides a set of SQL queries. If your site uses custom tables or columns to store personal data, customize the queries as needed. It is your responsibility to define a GDPR-compliant process for handling right to access requests.
    - Right to erasure
      Right to erasure, in accordance with the GDPR, is the right for an individual to require that their personal data is deleted when the individual requests it. To help support this requirement, HCL Commerce provides a set of SQL queries. If your site uses custom tables or columns to store personal data, customize the queries as needed. It is your responsibility to define a GDPR-compliant process for handling right to erasure requests.
      - SQL statements: Right to erasure
        Individuals have the right to ask your organization to delete any personal information about them that your organization holds. The following table lists personal data that is stored in HCL Commerce and shows how to delete the data by using an SQL query.
      - Data retention
        As part of getting your site GDPR ready, your organization is responsible for creating any plans or documents that detail how long your site retains any personal data that is collected. HCL Commerce does not provide any functionality for creating a retention plan.
    - Data protection by design and default
      Data protection by design and default, in accordance with the GDPR, requires that customer data is encrypted during all communications, internal and external. Enable a Secure Sockets Layer (SSL) connection for data transfer between HCL Commerce servers and the database.
  - HCL Commerce and the PCI Data Security Standard
    The Payment Card Industry (PCI) Data Security Standard (DSS), developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International, facilitates the global adoption of consistent data security measures.
  - Security standards
    Some main security standards are: NIST SP 800-131A, FIPS 140-2 and PCI.
- Securing
  These topics describe the security features of HCL Commerce and how to configure these features.
- Performance
  Topics in the Performance section describe the means by which to plan, implement, test, and re-visit the optimization of HCL Commerce site performance.
- Troubleshooting
  Topics in the Troubleshooting section highlight common issues that are encountered with HCL Commerce, and how they can be addressed or mitigated.
- Reference
  Topics in the Reference section contain all of the HCL Commerce reference documentation.

Data retention

As part of getting your site GDPR ready, your organization is responsible for creating any plans or documents that detail how long your site retains any personal data that is collected. HCL Commerce does not provide any functionality for creating a retention plan.

HCL Commerce does provide functionality that your organization can use to delete data from your database when your organization no longer needs the data or when you need to directly erase data. Your organization is responsible for erasing any collected personal data that is retained within your system when the data is no longer needed. Your organization is responsible for determining the data retention period for specific personal data types. For instance, order history data might need be retained while any return policies or warranties are in effect. Order the data might also need to be retained for a specific period for auditing and other business purposes. After the retention period elapses and the data is no longer needed, you can erase the data.

To help your organization delete data when that data is no longer needed, HCL Commerce provides a database cleanup utility. Your organization can run the utility on a schedule to erase personal data that is no longer needed. This utility is configured by default to delete some types of data based on parameters that you can configure when you run the utility. If your site collects more personal data than can be collected with the sample store pages and features that are provided with HCL Commerce, you can configure the utility to erase the additional data.

By default, HCL Commerce is configured to store data within only the HCL Commerce database. The Database Cleanup utility can remove data from only this database. If you store data in another database or location, you are responsible for developing a method to remove data from that database or location.

If you need to directly erase personal data from the HCL Commerce database, such as when a user submits a request for their data to be erased, you can customize and use SQL statements to erase the data. For more information, see SQL statements: Right to erasure.