de EN RU
Demo anfordern
Bloomreach Acquires Exponea. Learn more

Data privacy post acquisition

The acquisition of Exponea by Bloomreach does not affect customers’ privacy in any respect. 


The acquisition has been conceived as the effort to build synergies between two companies including their products and cultures. Product-wise, we are combining the understanding of the product offering (Bloomreach) with the understanding of the customer (Exponea). Culture-wise, we could not be closer. Both pay a great deal of attention to the concepts of integrity and truth, and thus also to data privacy. 


The following paragraphs clearly detail all aspects of handling data privacy after the transaction. 


Client data security 


As you may well know, Exponea has always taken the topics of security and privacy very seriously and the acquisition does not change this. It remains our highest priority to protect the data we work with, including those of our clients. 


In practical terms, security translates into our structure, educational objectives, and recruiting process. Following the transaction, we will continue to uphold our valid certifications (see our website), and respect all data protection agreements and contracted terms as well as applicable law (GDPR, CCPA, etc.). Additional security safeguards are continually updated as privacy law evolves. 


Our compliance with security best practices is evidenced by SOC 2 report, which is accessible with an NDA. More information about client security at Exponea is available at


Data residency and data transfer


The transaction will have no immediate implications on data residency and data transfer. Data transfers and data location are subject to conditions and requirements stipulated in the contracts with our clients and applicable law (GDPR, CCPA, etc.). All our contractual and legal obligations will be respected at all times. 


Access to data 


There will be no changes in clients’ accounts during normal operation or support teams interventions. You can continue to work with our support teams the way you have been used to, including the process of submitting questions and receiving answers. 


Service continuity


We will continue to guarantee service availability in accordance with valid SLAs. 


Both companies have implemented business continuity and  incident management processes that will stay in place. 

You can learn more at


Security and compliance people


Dedicated teams will continue to ensure product continuity. 


At Exponea, a team of security engineers and a security manager are an essential part of our IT. This team is responsible for maintaining our protection and defense systems, reviewing security operational processes, building security frameworks and creating new security policies. They also monitor any suspicious activity, address cybersecurity threats and perform regular health checks and audits. 


Our independent Data Protection Officer (DPO) makes sure that Exponea stays compliant. The DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, GDPR awareness training, and audits.




Further questions


Wir setzen auf Cookies

... um unsere Kommunikation für Sie so bequem wie möglich zu machen. Durch Klicken des Akzeptieren-Buttons, stimmen Sie unseren Datenschutzbestimmungen und dem Speichern von Cookies zu. Sie können Ihre Einstellungen jederzeit ändern.

Cookies verwalten


We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.