Menu
Login SBSAXENT
Menu
Privacy Policy
This Privacy Policy applies to SBSAXENT Workspace services operated by SBSA Laboratory OÜ.

Partner onboarding & access requests

Controller: SBSA Laboratory OÜ (Estonia). Contact: office@sbsalab.eu

1. Scope

This section explains how we process personal data submitted through the Partner Agreement & Access Request form and related onboarding communications. It applies to both B2B Partners and private individuals.

2. Categories of data we collect

  • Identity and contact data: name, email address
  • Partner details: address, Tax/VAT ID (where applicable), head office (optional), website (optional), other notes (optional)
  • Technical data (limited): IP address, user agent (for security and audit purposes)

3. Purposes of processing

  • To evaluate, administer, and process onboarding and access requests
  • To communicate about agreement signature, approval status, and delivery of access credentials
  • To protect the security and integrity of SBSAXENT Workspace environments
  • To meet compliance and record-keeping obligations where applicable

4. Legal bases (GDPR)

We process personal data on the basis of:

  • Contract (GDPR Art. 6(1)(b)): to take steps at the request of the data subject prior to entering into a contract and to perform contractual onboarding.
  • Legitimate interests (GDPR Art. 6(1)(f)): to secure our systems, prevent misuse, and maintain audit trails appropriate for controlled-access services.
  • Legal obligation (GDPR Art. 6(1)(c)), where applicable: to comply with lawful requests or mandatory record-keeping requirements.

5. Recipients and processors

We may use trusted service providers (processors) for hosting, email delivery (SMTP), and IT operations. We do not sell personal data. Access to submissions is restricted to authorized personnel.

6. International transfers

If any processing involves transfers outside the EEA, we apply appropriate safeguards (such as Standard Contractual Clauses) where required.

7. Retention

We retain onboarding submissions for as long as necessary to process the request and maintain appropriate records. Typical retention is aligned with the contractual relationship and applicable legal requirements, after which data is securely deleted or anonymized.

8. Data subject rights

Depending on the circumstances, you may have the right to access, rectification, erasure, restriction, objection, and data portability. You may also lodge a complaint with a supervisory authority in the EU/EEA.

9. Security

We apply reasonable technical and organizational measures appropriate for a controlled-access service, including access controls and audit practices.

10. Contact

For privacy inquiries, contact: office@sbsalab.eu