General Data Protection Regulation (GDPR) Policy – SIONIQ
Last updated on: 26th February 2026
Sioniq Tech Private Limited (“Sioniq”, “we”, “our”, or “us”) is committed to ensuring the privacy and security of personal data processed in accordance with the General Data Protection Regulation (European Union - EU) (“GDPR”). This policy outlines how we handle personal data and the rights of individuals whose data we process.
This GDPR Policy forms part of and is subject to the Terms of Use and any executed Data Processing Agreement (DPA), if any. In the event of conflict, the DPA shall prevail.
What is GDPR and Whom is it Applicable to / Who are covered by GDPR?
GDPR is an EU-wide privacy and data protection law that regulates how EU residents’ data is protected by companies and enhances the control the EU residents have, over their personal data.
GDPR applies where personal data of individuals located in the European Economic Area (EEA) is processed in circumstances defined under Article 3 of the GDPR.
1. Scope of This Policy
This GDPR Compliance Policy applies to:
- Personal data of individuals located in the European Economic Area (EEA)
- Sioniq’s Cloud (SaaS) services
- On-Premises deployments (where applicable)
- Customers, users, employees, and partners whose data is processed by Sioniq
2. Roles Under GDPR
Customer: For Customer-provided ERP data, SIONIQ acts as a Data Processor and processes personal data only on documented instructions from the Customer (Data Controller).
Sioniq: For website usage, billing, and account management data, SIONIQ may act as an independent Data Controller.
3. Principles of Data Processing
Sioniq adheres to the following principles when processing personal data:
- Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and transparently.
- Purpose limitation: Personal data is collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data minimization: We collect only the personal data necessary for the purpose it is intended.
- Accuracy: We ensure that personal data is accurate and kept up to date.
- Storage limitation: Personal data is kept only for as long as necessary to fulfil its purpose.
- Integrity and confidentiality: Personal data is processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Data subject request handling timelines: Requests will be handled without undue delay and, in any event, within one (1) month, subject to extension as permitted under GDPR.
4. Lawful Basis for Processing
Sioniq processes personal data based on the following lawful bases:
- Performance of a contract: To fulfil contractual obligations with our customers and users covered by the GDPR.
- Legal obligations: To comply with legal requirements.
- Legitimate interests: For purposes such as providing our services and enhancing the user experience, unless overridden by the rights of the data subject.
- Explicit consent: Where required, for specific processing activities.
5. Technical & Organizational Measures
To ensure the security of personal data, Sioniq implements the following measures:
- Encryption: Personal data is encrypted both in transit and at rest.
- Access controls and authentication: Access to personal data is limited to authorized personnel only.
- Regular security reviews and logs: Periodic reviews, logging and updates of security practices to mitigate potential risks.
6. Sub-Processors
Sioniq may engage third-party sub-processors to assist in the delivery of its services, such as for:
- Cloud infrastructure
- Payment processing
- Support services
Sioniq may update its list of sub-processors in accordance with applicable contractual obligations and applicable law. Sub-processors are bound by contractual obligations to ensure that data protection standards are maintained.
7. International Data Transfers
Where personal data is transferred outside the EEA, SIONIQ implements appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent lawful mechanisms in accordance with GDPR requirements.
8. Data Subject Rights
As part of our commitment to data protection, Sioniq supports the following rights for data subjects under the GDPR:
- Right of access: Individuals can request information about the personal data we hold about them.
- Right to rectification: Individuals can request corrections to inaccurate or incomplete personal data.
- Right to erasure: Individuals can request deletion of their personal data, subject to certain conditions.
- Right to restriction: Individuals can request restrictions on how their data is processed.
- Right to data portability: Individuals can request their personal data in a structured, commonly used format to transfer to another controller.
- Right to object: Individuals can object to the processing of their personal data based on certain grounds, such as legitimate interests.
Requests related to these rights can be submitted to info@sioniq.com.
9. Data Breach Management
In the event of a data breach, Sioniq will:
- Assess the incident promptly and investigate its cause.
- Notify affected customers without undue delay, where required.
- Assist Customers in meeting GDPR compliance obligations where required by applicable agreements and law.
10. Data Retention & Deletion
Personal data will be retained only as long as necessary to fulfil its intended purpose or as required by law. Upon reaching the retention period or upon termination of Services and subject to contractual terms, Customer data will be deleted or returned in accordance with the applicable agreement and data retention policies.
11. Documentation & Records
Sioniq maintains comprehensive records of:
- Processing activities
- Security measures
- Compliance efforts related to GDPR
SIONIQ maintains records of processing activities as required under the applicable provisions of the GDPR.
12. Cooperation with Authorities
Sioniq cooperates with competent supervisory authorities in accordance with applicable legal obligations.
13. Limitation of Liability
Liability arising under this GDPR Policy shall be subject to the limitation of liability provisions contained in the applicable agreement between the parties or “Terms of Use” policy.
14. No Absolute Guarantee
While SIONIQ implements appropriate technical and organizational measures, no method of transmission or storage can be guaranteed to be 100% secure.
15. Data Processing Agreement (DPA) Reference
Upon request, SIONIQ may enter into a separate Data Processing Agreement (DPA) with Customers where required under GDPR.
16. Policy Updates
Sioniq reserves the right to update this policy periodically to reflect changes in regulatory requirements or internal practices. Material updates to this Policy will be reflected through a revised “Last Updated” date.
17. Contact Information
For GDPR-related queries, requests, or to exercise your rights, please contact us at info@sioniq.com.
18. Governing Law
This policy is governed by the applicable data protection laws, including the General Data Protection Regulation (EU) and any relevant local laws that may apply.