Privacy Statement Sana Commerce

Effective Date: Oktober 20th, 2025

1. Introduction

At Sana Commerce, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use, share, and protect personal data in connection with our products and services.

  • Customers and their employees (where the customer is a legal entity)
  • Prospects and their employees (where the prospect is a legal entity)
  • Customers of our customers and visitors to their webstores
  • Visitors to our website

We do not sell personal data.

2. Who We Are

Sana Commerce is a B2B SaaS eCommerce provider that helps businesses integrate their ERP systems with powerful eCommerce solutions. We act as a data controller for personal data collected directly from you (e.g., through our website or marketing activities) and as a data processor for personal data processed on behalf of our customers.

3. What Personal Data We Collect

Category Examples
Contact Information Name, email, phone number, job title, company name
Account Information Username, password, login credentials, billing details
Technical Information IP address, device type, browser, cookies, usage logs
Browsing Data Usage data, page views
Transaction Data Purchase history, order information
Communication Data Emails, chat logs, support tickets, survey responses
Event Participation Registration details, attendance records, dietary preferences (if provided)

4. How We Use Your Personal Data

Purpose Legal Basis Examples of why We Process Your Data
Marketing, Promotions, Event participation Consent, Contract, Legitimate Interest To market and promote our services, such as sending direct marketing emails, making phone calls, provide web-based advertising (please see our cookie policy for more information) or facilitating your attendance to webinars or in-person events.
Service Usage and Implementation Contract, Legitimate Interest To enable your account, support your use of our services, and work with you during implementation.
Research and Service Improvement Consent, Contract, Legitimate Interest To improve and develop our services by analyzing feature usage, requesting your feedback, or developing thought leadership.
Security Contract, Legitimate Interest, Legal Obligation To protect Sana Commerce and our customers, for example, through firewall services or VPNs.
Payment Services Contract To provide payment services, such as processing transactions for subscriptions or purchases.
Business Operations Contract, Legal Obligation, Legitimate Interest To invoice you, create annual reports, manage debt collection, or handle legal claims.

Legitimate Interest: When we rely on legitimate interest, we carefully balance our commercial needs with your rights and freedoms. Our primary interest is to provide a secure, efficient, and innovative platform while respecting your privacy. You have the right to object to processing based on legitimate interest (see *Section 7: Your Privacy Rights).

Consent: For activities like marketing or surveys, we seek your consent and provide an easy way to withdraw it.

5. How We Share Your Personal Data

Recipient Category For example for:
Marketing/Ad Tech Partners Targeted advertising, analytics (e.g., Google Ads, LinkedIn)
Accountants & Lawyers Compliance, financial reporting, legal claims
Insurers Risk management, insurance claims
Cloud Service Providers Hosting, data storage (e.g., Microsoft Azure)
SaaS Service Providers Webinars, Remote videoconferencing, CRM
Payment Processors Transaction processing (e.g. Banks and payment services providers)
Financial Partners Fraud prevention, credit checks
Technical Partners (your) ERP Partner(s), Partner software vendors
Sana Commerce Affiliates Internal operations, service improvement

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your home country. We use Standard Contractual Clauses (SCCs) approved by the European Commission and other safeguards to ensure your data remains protected.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • GDPR Rights (EU/EEA/UK)
    • Access: Request a copy of your personal data.
    • Rectification: Correct inaccurate or incomplete data.
    • Erasure: Delete your data (subject to legal obligations).
    • Restriction: Limit processing of your data.
    • Portability: Receive your data in a machine-readable format.
    • Objection: Opt out of processing based on legitimate interest.
    • Withdraw Consent: Revoke consent for marketing or other activities.
  • CCPA Rights (U.S.)
    • Access: Request details about the personal data we collect.
    • Deletion: Request deletion of your personal data.
    • Opt-Out: Opt out of the “sale” of personal data (we do not sell personal data).
    • Non-Discrimination: Exercise your rights without facing discrimination.

To exercise your rights, contact us at privacy@sana-commerce.com.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this notice, unless a longer retention period is required by law. For example:

  • Customer data: Retained for the duration of your contract + 7 years for legal compliance.
  • Prospect data: Retained until no longer needed for our commercial purposes.
  • Customer’s Customer data: Retained for the duration of the contract with the Customer + additional in the event of a legal requirement to hold the data.
  • Website visitors: In accordance with our cookie policy or in the event you also qualify as one of the types of data subjects as classified above, in line with the retention period for those types of data subjects.

9. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children.

10. Updates to This Notice

We may update this Privacy Notice periodically. The latest version will always be available on our website, with the effective date clearly indicated.

11. Contact Us

For questions or concerns about your privacy or this notice, contact our Data Protection Office

Email

privacy @sana-commerce.com

Postal Address

Sana Commerce EMEA BV
Westblaak 180, 3012 KN, Rotterdam
Netherlands

Last Updated: Oktober 20, 2025