Privacy Notice: Sika SRM Application

Sika Digital Applications can process different categories of personal data depending on the implemented scope of the respective application. The processed personal data of Sika employees and external users may include:

• First and last names, business email addresses, business landline and mobile phone numbers; 
• User data (e.g. usernames and passwords).

If you are a direct contracting party of Sika, the legal basis for the processing of your personal data is the implementation of pre-contractual measures or the performance of a contract entered into at your request. If you are a contact person for a Sika customer or business partner, the legal basis for processing your personal data is Sika’s legitimate interest in establishing and maintaining business relationships.

Furthermore, personal data is processed in order to comply with legal obligations, particularly with regard to compliance, auditing, taxation, regulatory reporting and the defence of and enforcement of legal claims.

The legal basis for this data processing is Sika’s legitimate interest in establishing and developing stable customer relationships. Sika's overarching legitimate interests are the management of supplier relationships and the fulfilment of legal and regulatory obligations. Failure to provide the data means it is not possible to use the SRM tool or collaborate with Sika.

Furthermore, user-related data is used within the SRM tool for access security, access control, traceability of system actions, user administration, and personalisation purposes. There is no exclusively automated decision-making. The legal basis for processing this data is Sika’s legitimate interest in ensuring the SRM Application operates securely.
 

The recipients of the personal data are organisational units within companies in the Sika Group. These include the Procurement, Supplier Risk Management, Corporate Compliance, Corporate Legal, Sustainability and Quality departments. Where applicable, the Finance department is also included, insofar as this is necessary for the creation of a creditor master record.

Sika uses external service providers to make the SRM Application available, including web servers, storage space, database services, security services and maintenance services. The recipient of the SRM Application is Procurence Sp. z o.o., Cosmopolitan Tower, ul. Twarda 4/171, 00-105 Warsaw, Poland. Other recipients may include technical service providers involved in system provision, authentication or integration. In this context, Sika or the relevant service providers process the personal data of SRM Application users on the basis of Sika’s legitimate interest in efficiently and securely providing this online service.

Where personal data is transferred internationally, Sika ensures an adequate level of protection in accordance with applicable data protection laws. Depending on the jurisdiction, this may include the use of standard contractual clauses, intra‑group agreements, or other legally recognized safeguards.

Furthermore, Sika will not disclose your personal data to third parties unless you have expressly consented to such disclosure, unless Sika is legally obliged or entitled to disclose data due to local legal regulations and/or official court orders, or unless Sika has an overriding legitimate interest in disclosure. Technical security measures are in place to ensure that data is transmitted securely in such cases (e.g. encryption).

Unless specified otherwise in individual cases, personal data will be deleted when it is no longer necessary for the purposes of collection or processing, provided there are no statutory retention obligations preventing its deletion. Sika will also delete personal data upon request if the conditions set out therein are met. If personal data is required for other legally permissible purposes, it will not be deleted, but its processing will be restricted. In this case, the data will not be processed for other purposes.

Any personal data received by Sika in connection with the performance of a contract will be retained for the duration of the contractual relationship and, where necessary, for a period beyond this. Sika stores tax-related documents for the periods prescribed by commercial or tax law.

User data is subject to soft deletion after two years of inactivity. The data subject is informed in advance by email and given the opportunity to confirm further storage. For companies in the EU and EEA, data is permanently deleted after five years of inactivity. Furthermore, certain data may be stored for longer if required by legal obligations, for example in relation to tax, compliance and regulatory reporting, or for the assertion or defence of legal claims.