Privacy Policy

Your trust is important to us

Sakura Finetek respects your privacy and is committed to protecting your personal information. We want to make sure you understand what personal information we may collect about you when you interact with Sakura Finetek Europe B.V. or any of its subsidiaries (hereinafter together or individually referred to as ‘Sakura Finetek’), how we use your personal information, and how we keep it safe. 

Which subsidiary for personal processing data is responsible depends on which country you are connected from and how you interact with us. Please see the “Sakura Finetek entities” section to check which entity is to be considered as Controller. 

Sakura Finetek entities

The Controller is the Sakura Finetek entity, which, alone or jointly with another Sakura Finetek entity, determines the purposes and means of processing your personal data. 

Sakura Finetek entities
 (“Data Controllers”)


Name of the Data Controller


The Netherlands

Sakura Finetek Europe B.V.

Flemingweg 10a, 2408 AV Alphen aan den Rijn, The Netherlands


Sakura Finetek Austria GmbH

Office Park I/B 02, 1300 Flughafen-Wien


Sakura Finetek Belgium BVBA

Uitbreidingstraat 84, 2600 Antwerpen


Sakura Finetek Denmark ApS

Vibeholms Allé 15, 2605 Brøndby


Sakura Finetek France SAS

18 Rue Hergé, 59650 Villeneuve-d'Ascq


Sakura Finetek Germany GmbH

Innere Neumatten 20, 79219 Staufen im Breisgau

The Netherlands 

Sakura Finetek Holland B.V.

Flemingweg 10a, 2408 AV Alphen aan den Rijn, The Netherlands


Sakura Finetek Ireland Ltd

Block 4 Harcourt Centre, Harcourt Road, Dublin 2


Sakura Finetek Italia S.r.l.

Viale Ancona, 26, 30172 Venezia VE


Sakura Finetek Norway AS

Karenslyst allé 53, NO-0279 Oslo


Sakura Finetek Poland sp. z p.p

Grojecka Offices, ul. Grojecka 208, 02-390 Warszawa


Sakura Finetek Portugal Lda.

Praca Nuno Rodrigues Dos Santos, 14 B 1600-171, Lisboa 


Sakura Finetek Spain S.L.

Ronda de Sant Pere, 08010 Barcelona


Sakura Finetek Sweden AB

Fabriksgatan 7, 412 50 Göteborg

United Kingdom 

Sakura Finetek UK Ltd.

Oxford House, 12-20 Oxford St, Newbury RG14 1JB


Sakura Finetek’s Data Privacy Team

Sakura Finetek has a Data Privacy Team responsible for overseeing our compliance with the applicable laws and regulations, such as the GDPR and for answering privacy requests. If you have any questions concerning this privacy policy, please contact

Which personal data do we collect & process?

Personal data is all information that enables us to identify you. We may collect, use, store and transfer different kinds of personal data about you. This process can be broken down into the following categories:


Categories of personal data


Identification personal data 

your name, username or similar identifier, marital status, title, date of birth and gender.

Contact details 

your billing address, delivery address, email address and telephone numbers.

Financial information 

Bank account number, name of your bank, payment cards details, IBAN

Business personal data

business title, business contact information, representations of the place in the business organisation and business systems that employees are authorised to use, work history, work performance, assessments, training records and disciplinary actions;  

Technical data 

the internet protocol (I.P.) address of your device, details of the cookies on your device, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access one of Sakura Finetek’s website. 

Application data (candidates) 

your name, address, contact details, photo, motivation letter, covering letter, etc. 

Sensitive personal data 

details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership and information about your health, genetic or biometric data.


For how long do we keep your personal data? 

We will usually store the personal information we collect about you for no longer than necessary for the purposes to set out in accordance with our legal obligations and legitimate business interests.

The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal data:

  • Your consent: where the processing is based on your consent, we usually keep your information until you withdraw your consent. 
  • Our legitimate interests: where the processing is based on our legitimate interests, we usually keep your data as long as necessary for the purposes for which it has been collected.
  • A contract between you and us: where the processing is based on a contract, we usually retain your personal information until termination of the contract. However, it may happen that we keep your personal data for a longer period to comply with our legal and regulatory obligations.
  • Legal obligation: where the processing is based on a legal obligation, we usually keep your personal data for the period necessary to fulfil our legal obligation.
  • Establishment, exercise, or defence of legal claims: we may need to apply a “legal hold” that retains information beyond our typical retention period where we face the threat of a legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we also consider the amount, nature and sensitivity of the personal information and the potential risk of harm from unauthorised use or disclosure of your personal information.

With whom do we share your personal data

Within the Sakura Finetek Group: 

Within the Sakura Finetek group, your personal data will be transferred or made available only to those entities that need your personal information to fulfil our contractual/legal obligations or in order to protect our legitimate interests.

To ensure a high level of security for your personal data, we have concluded specific agreements with each Sakura entity (e.g. conclusion of Data Processing Agreements; conclusion of Joint-Controller Agreements; conclusion of Standard Contractual Clauses with Sakura entities that do not benefit from an adequacy decision from the European Commission).  Furthermore, the Sakura Finetek Group has implemented appropriate technical and organisational security measures to ensure a high level of security for your personal data. For more information on how your personal data are handled within the Sakura Finetek group, please contact

Outside the Sakura Finetek Group:

We may also disclose your personal information to third parties. Depending on the processing activity in question, the legal basis for the processing would be:  

  • your consent
  • our legitimate interest (only if your interests or fundamental rights do not override our interests). 
  • our legal or regulatory obligation. 

For the following recipients, for example, there is a legal obligation to pass on your personal data: 

  • Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
  • Judicial and law enforcement authorities, e.g. police, courts, public prosecutors; 
  • Lawyers or notaries, e.g. in legal disputes;

To make our operations more efficient, we use the services of external service providers (e.g. I.T. service providers) who may have access to your personal data. In order to ensure that the service providers comply with the same data protection standards as in our company, we have concluded appropriate contracts for order processing. These contracts regulate, among other things:

  • that third parties only have access to the data they need to carry out the tasks assigned to them; 
  • that the service providers only grant access to your data to employees who have explicitly committed themselves to comply with data protection regulations;
  • that the service providers comply with technical and organisational measures that guarantee data security and data protection;
  • what happens to the data when the business relationship between the service provider and us is terminated

For service providers based outside the European Economic Area (EEA), we take special security measures (e.g. using special contractual clauses) to ensure that the data is treated with the same level of caution exercised in the EEA. We regularly check all our service providers for compliance with our specifications.

Name of the service provider and role

Purpose of the sharing of personal data

Legal basis

Link to the privacy policy of the service provider

Oracle Fusion (USA), subprocessor.

Use of Oracle Enterprise Resource PlanningCloud for internal administrative and management purposes.

Art. 6 (1)(f) of the GDPR

Conclusion of a data processing agreement; Oracle Processor Code (Binding Corporate Rules)



If you would like to ask for more information about sharing your personal information, including the list of recipients, please contact

Global Processing Activities

Contact form 

You may give us personal data by filling in forms or corresponding with us by post, phone, email or otherwise. This includes:

  • your contact details;
  • your identification data;   
  • the content of your message. 

We process your data only to handle your request/inquiry. The legal base of the processing is Art. 6(1)(f) of the GDPR, namely our legitimate interest in answering your request. Your request/inquiry will be processed internally, and we will not share your information with any third party without your prior consent.  Your personal data will be deleted after the final processing of your request or inquiry, provided that no legal storage requirements conflict.

Application process

(via )

We process the data you sent us as part of your application to check whether your professional qualifications are suitable for the advertised position. This includes:  

  • your contact details;  
  • your application data;  
  • other information you may freely send us. 

We will only process your personal data to: 

  • decide whether you meet the basic requirements for the role or if you could potentially be employed in the near future; 
  • determine whether you have the legal right to work for us; 
  • assess your information and the results of any interview; 
  • and to communicate with you during the recruitment process. 

The legal basis for this processing is Art. 6 (1)(b) of the GDPR (pre-contractual relation).

If your application is unsuccessful, your details will be deleted 4 months after the rejection of your application. If your application is successful, your information will be stored in your employment record. If your application is rejected, we may like to keep your personal data for contacting you in case of an alternative career opportunity within Sakura Finetek. In that case, we will ask you to give your consent to enable us to keep your personal data for one more year. 

Your personal data will be processed only by people who are authorised to process your personal data (e.g. the H.R. department). We may also share your personal data within the Sakura Group. This may also involve transferring your data outside the EU/EEA (e.g. to Sakura Finetek USA). Whenever we transfer your personal data out of the EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • the data will be transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission (e.g. Sakura Finetek UK); 
  • we will use specific contracts approved by the European Commission (so-called Standard Contractual Clauses) which give personal data the same protection it has in Europe (e.g. Sakura Finetek US). 

Contractual obligations

Sakura uses your personal data to fulfil our contractual obligations towards your company and to manage our relationship with you. This may include:  

  • sending quotes, order administration, provision of products and services to your company, invoicing your company, responding to your service requests, processing contracts or completing any required due diligence (the list is not exhaustive). 

The legal basis of the processing is Art. 6(1)(b) of the GDPR (performance of a contract)

  • informing you via any means (including via email, telephone, text message, social media, post, or in person) about our products, services, publications, and events that we think may be of interest to you and your company, based on previous purchases and interest shown in our products and services. 

The legal basis of the processing is Art. 6(1)(f) of the GDPR (our legitimate interest in developing our business and relationship with you). 

Sakura will not sell or rent personally identifiable information to any third party for any purpose. Sakura may use the services of a third party to provide Sakura with support services in connection with our websites, and such parties may, from time to time, have access to your personally identifiable information to enable them to provide those services to Sakura. Please note that Sakura requires all such third parties to meet the same data protection standards as Sakura and are prohibited from using the information for their own marketing purposes.

MySakura Account 

You can register to MySakura under to create an account; you will need to provide us with the following information:   

  • Identification data;  
  • Contact details

The legal base for the processing is your consent. Having an account on MySakura enables access to various documents on Sakura Finetek products, such as brochures, safety data sheets, quality certificates and ISO certificates. 

Your personal data will be processed internally and will not be shared with any third party. We will keep your personal data in our database as long as you decide to delete your account. 

On-demand Webinars (Registration) 

You have the possibility to register to have access to a range of on-demand webinars. To register, we need to process the following information concerning you:  

  • Identification data
  • Contact details
  • Job title 
  • Country 

The information you provide us will only be used to provide you with the requested webinar and will not be processed for other purposes. The legal base for the processing is your consent. Your personal data will be deleted if you withdraw your consent or after two years. 

On-demand Webinars (Feedbacks) 

To improve our products and the content of our webinars, we may contact you to get your feedback. In order to contact you, we will need to process the following information concerning you:  

  • Identification data 
  • Contact details 
  • Job title 
  • Country 
  • Name of the webinar you registered for.

The information you provide will only be used to contact you to get your feedback concerning the webinar you registered for and will not be processed for other purposes. The legal base for the processing is your consent. Your personal data will be removed from our database if you withdraw your consent or after a period of two years. 

Newsletter and marketing emails

We may send you commercial and promotional communications concerning Sakura Finetek’s products, upcoming webinars and events. In order to contact you, we need to process the following information concerning you:  

  • Contact details 
  • Identification data. 

Most marketing / commercial messages we send will be by email. Our internal marketing department will primarily process your information. However, we may also share your information with third parties, such as the providers of webinars or organisers of events. The legal base for the processing is your consent (double opt-in) if you are potential clients / interested parties or our legitimate interest if you are an existing client. We will process your personal data for as long as you have not withdrawn your consent (potential clients) or objected to such data processing (existing clients). If you wish to unsubscribe from the newsletter, simply click the “unsubscribe link” provided at the bottom of each email communication.

Personal Data Breach 

A personal data breach is a security breach that has affected the confidentiality, integrity or availability of your personal data. We have implemented an internal procedure to handle personal data breaches and appointed an Incident Response Team to manage security incidents effectively. 

Depending on the severity of the personal data breach, we may notify the incident to the competent supervisory authority and communicate the personal data breach to you. If so, we will need to process the following information:  

Information concerning the circumstances of a personal data breach (date of the incident, categories of personal data concerned by the data breach, categories of data subjects affected by the data breach, potential adverse effects of the data breach, etc.). 

  • Identification data 
  • Contact details.

In case of a personal data breach, we will inform the competent supervisory authority no later than 72 hours after becoming aware of it and inform you without delay if the data breach is likely to result in a high risk to your rights and freedoms. 

Requests (Data Subject Requests)

As a data subject, you are entitled to exercise your GDPR rights. In order to handle your request, we may need to take the following information concerning you:   

  • Identification data 
  • Contact details 
  • Content of your request 
  • Outcome of the request.

We implemented an internal procedure to handle data subjects’ requests. We have a legal obligation to handle your requests and a legitimate interest in processing your personal data to be able to review and assess your request. We also must keep track of all data subject requests (accountability principle). Information regarding your request will be stored in a specific “Data Subject’s Requests Register” for administrative and evidential purposes only for a period of 6 years. 

Social Media Widget

The website includes social media features, such as Facebook, LinkedIn, YouTube, and Twitter buttons, that run on our website. These features may collect your I.P. address and which page you visit on our website and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it:  


Social Media (LinkedIn) 

Suppose you interact with us through LinkedIn ( In that case, we may receive information from the social network, such as your name, profile information and any other information you allow the social network to share with third parties. The data we receive is dependent on your privacy settings with LinkedIn. For more information about how LinkedIn process your personal data, please read the privacy policy on LinkedIn. 

Your GDPR-rights 

A summary of the rights you are entitled to be set out below:   

  • Right of Access: you are entitled to make a written request to Sakura to: 
    1. have confirmation of whether we are processing your personal data; 
    2. have access to your personal data we hold; 
    3. have a copy of your personal data; 
    4. verify whether Sakura lawfully processes your personal data. 
  • Right of rectification: you are entitled, where the information we hold about you is inaccurate or misleading, to request Sakura to rectify or erase the data. 
  • Right to erasure: you have the right to request we erase your personal data. 

Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

  • Right to object to processing: you have the right to object on grounds relating to your particular situation, at any time to process personal data concerning you based on our legitimate interest. 

In that case, Sakura will no longer process your data unless Sakura demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

  • Right to withdraw your consent: where processing your personal data is based on your consent, you have the right at any time to remove it. 

Please note that the withdrawal of your consent will not affect the lawfulness of any processing carried out before the withdrawal of your consent. 

If you want to exercise any of these rights, please contact us at

You also have a right to lodge a complaint with a data protection supervisory authority in the country where you are habitually resident, where we are based, or where any alleged infringement of Data Protection law has occurred. 


List of the competent supervisory authorities



Contact details



Österreichische Datenschutzbehörde

Hohenstaufengasse 3, 1010 Wien

Phone: 43 1 531 15 202525
 Fax: 43 1 531 15 202690


Autorité de protection des données

Rue de la Presse 35, 1000 Bruxelles

Phone: 32 2 274 48 00
 Fax: 32 2 274 48 10



Borgergade 28, 5, 1300 Copenhagen

Phone: 45 33 1932 00
 Fax: 45 33 19 32 18



8 rue Vivienne, CS 30223, 75002 Paris, Cedex 02

Phone: 33 1 53 73 22 22
 Fax: 33 1 53 73 22 00


Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Husarenstraße 30, 53117 Bonn

Phone: 49 228 997799 0
 Fax: 49 228 997799 550


Data Protection Commission

21 Fitzwilliam Square South, Dublin 2 – D02 RD 28. 

Phone:     1890 25 22 31 / 353 57 868 4800
 Fax: 353 57 868 4757


Il Garante per la protezione dei dati personali

Piazza di Monte Citorio, 121, 00186 Roma

Phone: 39 06 69677 1
 Fax: 39 06 69677 785

The Netherlands

Autoriteit persoonsgegevens

Prins Clauslaan 60 / P.O. Box 93374, 2509 AJ Den Haag/The Hague

Phone: 31 70 888 8500
 Fax: 31 70 888 8501



P.O. Box 458 Sentrum, NO-0105 Oslo


The Bureau of the Inspector General for the Protection of Personal Data

Ul. Stawki 2, 00-193 Warsaw

Phone: 48 22 53 10 440
 Fax: 48 22 53 10 441


Comissão Nacional de Protecção de Dados

R. de São. Bento, 148-3, 1200-821 Lisboa

Phone: 351 21 392 84 00
 Fax: 351 21 397 68 32


Agencia de Protección de Datos

C/Jorge Juan, 6, 28001 Madrid

Phone: 34 91399 6200
 Fax: 34 91455 5699



Drottninggatan 29 5th Floor, Box 8114 104 20 Stockholm

Phone: 46 8 657 6100
 Fax: 46 8 652 8652

United Kingdom

Information Commissioner’s Office

Water Lane, Wycliffe House, Wilmslow - Cheshire SK9 5AF

Phone: 44 1625 545 745


Questions regarding this Privacy Policy and enforcement

If you have any questions or concerns about any stage of processing your personal data, please contact us at You can also use this email address to inform us about any concerns regarding compliance with our Privacy Policy.

Changes to this Policy

We may occasionally update this Privacy Policy. Please review our Policy periodically, especially before providing us with personally identifiable information.