Legal

Privacy Policy

How SAP BASIS Solutions collects, uses, and protects your personal information.

Effective date: January 1, 2024 Last updated: June 10, 2026 Governed by: GDPR & applicable data protection law

SAP BASIS Solutions ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and your rights over it. We never sell your personal data.

1. Who We Are

SAP BASIS Solutions is an enterprise SAP consulting firm providing SAP BASIS administration, SAP Security & GRC, S/4HANA migration, managed services, and cloud integration. We operate the website sapbasissolutions.com.

Data Controller: SAP BASIS Solutions
Contact: info@sapbasissolutions.com

2. Information We Collect

We collect information you provide directly and information collected automatically when you use our website:

  • Contact form submissions — name, email address, company, job title, phone number, and message content
  • Email correspondence — when you email us directly at info@sapbasissolutions.com
  • Usage data — pages visited, time spent, browser type, device type, and approximate location (country/city level) via server logs
  • Cookies — session cookies required for website functionality (no advertising or tracking cookies)

We do not collect sensitive personal data such as financial information, government IDs, or health data.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to consultation requests and enquiries submitted via our contact form
  • Providing SAP consulting services to clients who engage us
  • Sending service-related communications (project updates, proposals, invoices)
  • Improving our website content and user experience
  • Complying with legal obligations

We do not use your information for automated decision-making or profiling.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contractual necessity — to perform services you have requested
  • Legitimate interests — to respond to enquiries and improve our services
  • Consent — where you have explicitly provided consent (e.g. subscribing to updates)
  • Legal obligation — to comply with applicable law

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data only in these limited circumstances:

  • Service providers — third-party tools that help us operate our website (e.g. form processing via Formspree). These providers are contractually bound to process data only on our instructions.
  • Legal requirements — if required by law, court order, or government authority
  • Business transfers — in the event of a merger or acquisition, with appropriate data protection obligations

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Contact form enquiries — up to 2 years from last contact
  • Client records — for the duration of the engagement plus 7 years (legal/accounting requirements)
  • Server log data — up to 30 days

7. Cookies

Our website uses only essential session cookies required for navigation and security. We do not use advertising, tracking, or analytics cookies from third parties. You can disable cookies in your browser settings, though this may affect site functionality.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Access controls limiting data access to authorised personnel only
  • API keys and credentials stored outside the web root in secure configuration files
  • Regular security audits and log monitoring

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — request we limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at info@sapbasissolutions.com. We will respond within 30 days.

10. International Data Transfers

Your data may be processed in countries outside your own. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses) in compliance with GDPR requirements.

11. Children's Privacy

Our website and services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

SAP BASIS Solutions
Email: info@sapbasissolutions.com
Website: sapbasissolutions.com