I. GENERAL PROVISIONS.
1. The controller of personal data collected through the website sasulla.com is MATULA Design Sp. z o.o. with its registered office in Krakow, address: Masarska 13/B4, 31-534 Krakow, Poland, registered in the National Court Register under the KRS number: 0000793079, Tax Identification Number (VAT ID): PL6751708211, Statistical Number (REGON): 363746400, hereinafter referred to as the “Controller".
2. All personal data collected by the Controller through the website are processed in accordance with the Regulation 2016/679 of the European Parliament and of the European Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the "GDPR".
3. The Controller makes every effort to secure the personal data of individuals using the website in accordance with applicable law, hereinafter referred to as "Clients" or respectively "Client".

II. LEGAL BASIS AND TYPES OF PROCESSED PERSONAL DATA.
1. The Controller collects and processes personal data in accordance with the relevant provisions, in particular with the GDPR and the principles of data processing provided therein.
2. Instances where personal data is collected:
a) when sending an email to the address: ula@sasulla.com (Article 6(1)(b) of the GDPR);
b) when using contact form available on the website (Article 6(1)(a) of the GDPR);
c) when placing an order through the order form linked on the website (Article 6(1)(b) of the GDPR);
d) when signing up for the newsletter (Article 6(1)(a) of the GDPR).
3. When placing orders via the aforementioned email, the Client is required to provide:
a) email address;
b) address details, such as:
- first and last name;
- city and postal code;
- street, apartment or house number;
- phone number;
- country.
c) In the case of business entities, it may additionally include:
- name/company name;
- Tax Identification Number (VAT ID).
4. The Controller processes anonymous data related to the use of the website (IP address, domain, browser type, operating system type, access time) for the purpose of generating statistics helpful in administering the website. This data is anonymous and is not disclosed to third parties, subject to the provisions of point IV paragraph 1 of this Privacy Policy (Article 6(1)(f) of the GDPR).
5. The Controller also processes personal data in connection with the enforcement of claims. In this case, some of the Client's personal data may be processed, based on the legitimate interest (Article 6(1)(f) of the GDPR), which involves establishing, pursuing, and defending claims in proceedings before courts and other state authorities.
6. Providing personal data is voluntary, but in some cases may be necessary for the conclusion of a contract. Failure to provide personal data may result in the Controller's inability to fulfill the order.

III. DURATION OF PROCESSING PERSONAL DATA.
1. The Controller processes the Client's personal data based on their consent, in which case the data is processed until the consent is withdrawn. After the withdrawal of consent, the personal data is processed for a period corresponding to the statute of limitations for claims that the Controller may assert and that may be asserted against the Controller. The limitation period is six years (unless a specific provision provides otherwise), and for claims related to business activities and claims for periodic benefits, it is three years.
2. When the concluded contract forms the basis for the processing of the Client's personal data, the personal data is processed for as long as necessary to perform the contract, and thereafter for a period appropriate to the statute of limitations. The limitation period is six years (unless specific provisions provide otherwise), and for claims related to business activities and claims for periodic benefits, it is three years.

IV. INFORMATION ON TO WHOM THE PERSONAL DATA IS DISCLOSED TO.
1. In connection with the provision of services by the Controller, Clients' personal data may be disclosed to external entities, in particular to: suppliers responsible for the operation of IT systems necessary for the operation of the website, hosting providers, entities providing accounting services, legal services, payment processing, printing services, courier services, and postal services.
2. When a request is made to the Controller by authorized state authorities (such as the President of the Personal Data Protection Office, the Police, the Prosecutor's Office, the President of the Office of Electronic Communications, the President of the Office for Competition and Consumer Protection) for the disclosure of personal data, such data will be disclosed by the Controller.

V. CLIENTS' RIGHTS.
1. Clients whose personal data is processed have the right to:
a) request access to their data,
b) rectification of their data,
c) request erasure of their data,
d) or restriction of processing activities,
e) object to the processing of their data,
f) data portability, including obtaining a copy of their data.
- all these rights have been extensively discussed in Articles 15 to 21 of the GDPR.
2. Each Client has the right to withdraw their consent to the processing of personal data. In such a case, the Controller will immediately erase the Client's personal data, unless there is a legal obligation requiring their further processing. If the Client believes that the Controller has in any way - which we certainly do not wish for - violated the Client's rights or failed to ensure the security of personal data, the Client has the right to lodge a complaint with the supervisory authority, which is currently the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

VI. AUTOMATED DECISION-MAKING AND INFORMATION ON PROFILING.
1. Based on the provided personal data, the Controller does not make any decisions that would have an automated character (i.e., without human involvement).
2. The Controller also does not take any actions aimed at profiling Clients whose personal data has been obtained.

VII. COOKIES.
The Controller uses Cookies technology. The purpose is to adjust the functionality of the website to the needs of the Clients. The Client can consent to this. If the Client does not consent, it is suggested to disable the use of Cookies in the internet browser options.

VIII. CHANGES TO THE POLICY.
1. The Controller reserves the right to change the Privacy Policy, which will be communicated to the Clients by publishing its current version on the website.
2. If there are any questions regarding this Privacy Policy, please contact us at: sasulla@matula.design
Back to Top