Privacy Statement Sana Commerce
Effective Date: Oktober 20th, 2025
1. Introduction
At Sana Commerce, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use, share, and protect personal data in connection with our products and services.
- Customers and their employees (where the customer is a legal entity)
- Prospects and their employees (where the prospect is a legal entity)
- Customers of our customers and visitors to their webstores
- Visitors to our website
We do not sell personal data.
2. Who We Are
Sana Commerce is a B2B SaaS eCommerce provider that helps businesses integrate their ERP systems with powerful eCommerce solutions. We act as a data controller for personal data collected directly from you (e.g., through our website or marketing activities) and as a data processor for personal data processed on behalf of our customers.
3. What Personal Data We Collect
| Category | Examples |
| Contact Information | Name, email, phone number, job title, company name |
| Account Information | Username, password, login credentials, billing details |
| Technical Information | IP address, device type, browser, cookies, usage logs |
| Browsing Data | Usage data, page views |
| Transaction Data | Purchase history, order information |
| Communication Data | Emails, chat logs, support tickets, survey responses |
| Event Participation | Registration details, attendance records, dietary preferences (if provided) |
4. How We Use Your Personal Data
| Purpose | Legal Basis | Examples of why We Process Your Data |
| Marketing, Promotions, Event participation | Consent, Contract, Legitimate Interest | To market and promote our services, such as sending direct marketing emails, making phone calls, provide web-based advertising (please see our cookie policy for more information) or facilitating your attendance to webinars or in-person events. |
| Service Usage and Implementation | Contract, Legitimate Interest | To enable your account, support your use of our services, and work with you during implementation. |
| Research and Service Improvement | Consent, Contract, Legitimate Interest | To improve and develop our services by analyzing feature usage, requesting your feedback, or developing thought leadership. |
| Security | Contract, Legitimate Interest, Legal Obligation | To protect Sana Commerce and our customers, for example, through firewall services or VPNs. |
| Payment Services | Contract | To provide payment services, such as processing transactions for subscriptions or purchases. |
| Business Operations | Contract, Legal Obligation, Legitimate Interest | To invoice you, create annual reports, manage debt collection, or handle legal claims. |
Legitimate Interest: When we rely on legitimate interest, we carefully balance our commercial needs with your rights and freedoms. Our primary interest is to provide a secure, efficient, and innovative platform while respecting your privacy. You have the right to object to processing based on legitimate interest (see *Section 7: Your Privacy Rights).
Consent: For activities like marketing or surveys, we seek your consent and provide an easy way to withdraw it.
5. How We Share Your Personal Data
| Recipient Category | For example for: |
| Marketing/Ad Tech Partners | Targeted advertising, analytics (e.g., Google Ads, LinkedIn) |
| Accountants & Lawyers | Compliance, financial reporting, legal claims |
| Insurers | Risk management, insurance claims |
| Cloud Service Providers | Hosting, data storage (e.g., Microsoft Azure) |
| SaaS Service Providers | Webinars, Remote videoconferencing, CRM |
| Payment Processors | Transaction processing (e.g. Banks and payment services providers) |
| Financial Partners | Fraud prevention, credit checks |
| Technical Partners | (your) ERP Partner(s), Partner software vendors |
| Sana Commerce Affiliates | Internal operations, service improvement |
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your home country. We use Standard Contractual Clauses (SCCs) approved by the European Commission and other safeguards to ensure your data remains protected.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
- GDPR Rights (EU/EEA/UK)
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Delete your data (subject to legal obligations).
- Restriction: Limit processing of your data.
- Portability: Receive your data in a machine-readable format.
- Objection: Opt out of processing based on legitimate interest.
- Withdraw Consent: Revoke consent for marketing or other activities.
- CCPA Rights (U.S.)
- Access: Request details about the personal data we collect.
- Deletion: Request deletion of your personal data.
- Opt-Out: Opt out of the “sale” of personal data (we do not sell personal data).
- Non-Discrimination: Exercise your rights without facing discrimination.
To exercise your rights, contact us at privacy@sana-commerce.com.
8. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this notice, unless a longer retention period is required by law. For example:
- Customer data: Retained for the duration of your contract + 7 years for legal compliance.
- Prospect data: Retained until no longer needed for our commercial purposes.
- Customer’s Customer data: Retained for the duration of the contract with the Customer + additional in the event of a legal requirement to hold the data.
- Website visitors: In accordance with our cookie policy or in the event you also qualify as one of the types of data subjects as classified above, in line with the retention period for those types of data subjects.
9. Children’s Privacy
Our services are not intended for children under 16. We do not knowingly collect personal data from children.
10. Updates to This Notice
We may update this Privacy Notice periodically. The latest version will always be available on our website, with the effective date clearly indicated.
11. Contact Us
For questions or concerns about your privacy or this notice, contact our Data Protection Office
Postal Address
Sana Commerce EMEA BV
Westblaak 180, 3012 KN, Rotterdam
Netherlands
Last Updated: Oktober 20, 2025