sig combibloc group logo

Privacy Notice

if you order or purchase goods and/or services from us

This supplemental Privacy Notice explains what personal data we collect about you order or purchase goods and/or services from us. This Privacy Notice should be read in conjunction with the main Privacy Notice.


SIG Group AG reserves the right to modify this Privacy Notice at any time. Please periodically review this Privacy Notice so that you know, among other things, what personal data we collect, how we use it, and with whom we may share it.


This Privacy Notice explains what personal data we collect about you when conducting business transactions and, when you communicate with us.


Which types of personal data do we process?

Personal data is any information that directly or indirectly relates to an identified or identifiable living individual. Which (types of) personal data we process, depends on the relationship you have with SIG. We may process the following personal data about you:


Personal data that you provide when you order or purchase goods and/or services from us:

When you are a (potential) customer and you (pre)order our goods and/or service, we may process the following types of personal data: Name, title, company name and address, email, telephone number, unique administration number, bank details of your company, information on your orders, prices and delivery status, your preferences, your payment history and other information you provide to us.


Personal data that you provide when you contact us:

When you contact us online, per e-mail, post or by phone, we may process the following types of personal data: Name, email address, name of the organization you work for, details about your question, request or complaint, and other information you provide to us when you contact us.


We may process your personal data for the following purposes:



  • To offer and improve our goods and services.
  • To conducting satisfaction and market research surveys.
  • To promoting our company and our goods and services.
  • To ensure the continuity of our services.
  • To handle questions, requests, complaints, and claims.
  • For internal controls, protecting our assets, and for the security and maintenance of the integrity of our systems and data.
  • To comply with our statutory obligations and requests of authorities, to avoid and settle claims.

Customers (including potential Customers)

  • To facilitate a purchase / providing service, including making payment, or to otherwise conduct a business transaction, creating a customer account.
  • To administrating and managing orders, executing and registration of agreements.
  • To Notify you when an order is being processed or is ready for delivery or pick-up.
  • To identify product and service preferences.
  • To send you informational or promotional communications, maintaining contact with you.
  • To validate credentials, authenticate customers and prevent fraudulent transactions;


What are the legal grounds for the processing of your personal data?

A data controller may only process personal data if one of the prescribed legal grounds apply. SIG complies to the principles of the EU General Data Protection Regulation (GDPR) and any applicable data protection regulation.  For the data processing activities of SIG that are subject to the GDPR, the following legal grounds are relevant:

  • Performance of an agreement. We process your data to perform an agreement that we enter into or have entered into with you, when you have instructed us to provide goods and/or services or when we purchase products or services from you.
  • Consent. We ask your permission for certain data processing operations, for example if we want to send you our newsletter or other commercial emails whilst you are not an existing customer. Consent may be withdrawn at any time without affecting the lawfulness of processing based on the consent before the withdrawal.
  • Statutory obligation. We may process your data if and to the extent that this is necessary to comply with any of our statutory obligations.
  • Legitimate interest. In some cases, we process personal data because we have a legitimate interest in doing so and because we do not disproportionately invade your privacy when doing so. This is the case, for example, if you are a customer and we want to make you an offer based on services you purchased previously. Also, we have a legitimate interest in maintaining a selection process for the recruitment of personnel and to check the capabilities of job applicants.
With whom can we share your personal data?

Your personal data will be processed within the relevant department of the local SIG entity. We may in certain cases share your personal data within our group and/or with third parties, as described below. We will only transfer your personal data if and to the extent this is necessary for the purposes as described in this Privacy Notice.

We may share your personal data with the SIG group companies as listed on our website when this is necessary to fulfil your requests and to provide our services. If you are a job applicant, we will provide the information of your application to the SIG entity mentioned in the vacancy.

We may share your personal data with suppliers and vendors that help us with our business activities including shipping vendors, billing and refund vendors, payment card processors and companies that help us improve our products and services such as suppliers who provide direct fulfilment services for certain products. Also, we may involve hosting providers and other service providers that may need to process personal data for us. When such third parties act as data processors on our behalf, we make appropriate arrangements about the security of your personal data in a data processing agreement.

We may transfer your personal data if we merge with or are acquired by a third party or should any such transaction be proposed. If and insofar as we are legally obliged and/or permitted to do so, we may share your personal data with relevant authorities.


How long do we retain your personal data?

We do not retain your personal data longer than necessary for the purposes mentioned in this Privacy Notice. For customers we retain your personal data during our relationship and for a maximum period of two years after our relationship has ended, unless we are required to retain the data for a longer period, for example to comply with tax laws and regulations. In that case, we will retain the data for a period of at least seven years.