Privacy policy sample

Hi All

We're currently revising our data processing tools to be prepared for EU GDPR by end of May. For that reason, I'm re-writing our general privacy policy which should explicitly include each of our tools.

Since SugarCRM is one of our most frequently used marketing tools, I definitely need to explain the processing and collection of data through it. 

I wonder if there is any sample available from Sugar's side that could be used within a privacy policy? I already took a look at the dedicated EU GDPR section here in the community but couldn't find anything related.

Best regards


  • Hi Nicolas A,

    I don't think SugarCRM itself is the tool you need to look for. OFC SugarCRM is processing data and you need to prove if you are storing data like "race", "religion" etc which are especially protected by the GDPR but keep in mind:

    SugarCRM is not colecting data, it stores and uses it. You need to act before the data comes in i.e. your website, lead sources etc. Prepare yourself for GDPR by having processes ready that can manage a request from an individual that is asking you about its data that has been saved and used (how?) somewhere in your company. Have a workflow/checklist ready for handling those requests, put in aprovals and hiding data rules according to the GDPR.

    And many more....


    Björn Canales Pfisterer

    Technical Support Manager

    provalida GmbH

  • Nicolas

    Sugar does not provide any samples as each company can have their own set of policies. Privacy policy is subject to your company's business and procedures. You should consult a legal counsel who can help you in crafting the privacy policy. 

    Deepak Deolalikar

    Deepak Deolalikar

    Senior Director Product Management

  • Hi Björn

    Thanks for responding!

    I see as a GmbH you're based in Germany as well. I would strongly recommend reading the new DSGVO because even cookies are going to be rated as personal related data…the ones you mentioned like "religion" are even worse since they're going to be treated as special sensitive PRD.

    I would also not agree that the task of data protection ends by ensuring a process. E.g. SugarCRM is not based in the EU but part of the Privacy Shield, good to know but you need to inform your user about that fact in a very transparent way.

    And a little help with that level of transparency from Sugar's side was what I was looking for…



  • Thanks for your response but I have to admit that I would have expected more support for your users in the EU…e.g. Hotjar is doing a way better job than you guys. Your current "Forum" about EU GDPR is nothing more than a joke and it's not even more than 80 days until the activation of the new regulations.

  • Hi Nicolas

    Thanks for your feedback. We will be adding more details to the Forum. 

    We just posted another document along with a short product video. 

    Data Privacy and GDPR in Sugar 


    Deepak Deolalikar

    Senior Director Product Management

  • Hello everyone, 

    This question is being moved to a new community space, Enterprise & Professional. Please direct any additional feedback and questions about data privacy to that space, and be sure to follow it as well so you can stay informed on any new content that is communicated out from SugarCRM regarding data privacy. We will be adding additional information to that space shortly as it becomes available!


    SugarCRM | Sr. Community Manager