Privacy information
Sandvik will process the personal data you provide in this form (such as name, contact details, company, and any information included in your report) for the purpose of receiving, assessing, and managing reported security vulnerabilities.
The processing is based on Sandvik’s legitimate interest in maintaining the security of its systems, products, and services, and to comply with applicable legal obligations.
Your personal data will be accessible to relevant functions within the Sandvik Group and, where necessary, to trusted service providers supporting our security operations or to authorities if required by law.
Personal data related to vulnerability reports will be retained for as long as necessary to investigate and remediate the issue and to meet legal and compliance requirements. As a general rule, reports are retained for up to 24 months after case closure, unless a longer retention period is required by law or ongoing legal proceedings.
For more information about how Sandvik processes personal data and your rights, please see Sandvik’s Privacy Statement.
