Privacy Policy

Last updated: 01/03/2026

This Privacy Policy describes the rules for processing personal data by the online store Sexy Matcha, (the “Store”), available on www.sexymatcha.pl, and operated by:

Legal name: Sexy Matcha Kacper Folan

Business Address: kartograficzna 82/16 03-290 Warszawa, Poland

NIP: 7252282533

REGON: 381085099

Email: konta@sexymatcha.com

Phone: +48 510 627 476

The above entity is the Data Controller within the meaning of Article 4(7) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. 1. LEGAL BASIS FOR DATA PROCESSING

   Personal data are processed in accordance with:

   • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
   • The Polish Personal Data Protection Act of 10 May 2018,
   • The Act on Providing Services by Electronic Means,
   • The Telecommunications Law Act.

   Personal data are processed in accordance with the principles of:

   • Lawfulness, fairness, and transparency
   • Purpose limitation
   • Data minimization
   • Accuracy
   • Storage limitation
   • Integrity and confidentiality

2. 2. PURPOSES AND LEGAL GROUNDS FOR PROCESSING

   Personal data are processed for the following purposes:

   1. Conclusion and performance of a sales contract

      Legal basis: Article 6(1)(b) GDPR

      Data necessary to process orders, payments, delivery, and customer service.

   2. Compliance with legal obligations

      Legal basis: Article 6(1)(c) GDPR

      Including tax, accounting, and consumer protection obligations.

   3. Direct marketing of own products

      Legal basis: Article 6(1)(f) GDPR (legitimate interest)

   4. Newsletter distribution

      Legal basis: Article 6(1)(a) GDPR (consent)

   5. Analytics and improvement of Store performance

      Legal basis: Article 6(1)(f) GDPR (legitimate interest)

3. 3. SCOPE OF DATA COLLECTED

   The Controller may process the following personal data:

   • First and last name
   • Billing address
   • Delivery address
   • Email address
   • Phone number
   • IP address
   • Information about browser and device
   • Order history
   • Payment status information

   Providing data is voluntary but necessary to conclude and perform a sales contract.

4. 4. DATA RETENTION PERIOD

   Personal data are stored:

   • For the duration of the contract and thereafter for the period required by tax and accounting regulations (generally 5 years under Polish law),
   • For the duration of the limitation period for claims,
   • Until consent is withdrawn (for marketing/newsletter data),
   • Until a valid objection is submitted (for legitimate interest processing).

5. 5. DATA RECIPIENTS

   Personal data may be transferred to entities supporting the Store’s operations, including:

   • Courier and postal service providers
   • Hosting and IT providers
   • Accounting service providers
   • Marketing service providers
   • Legal advisors
   • Authorized public authorities

   Payment Processing – Przelewy24 / PayPro SA

   If online payments are selected, personal data necessary for payment processing are transferred to:

   PayPro SA – Settlement Agent

   ul. Pastelowa 8 60-198 Poznań, Poland

   KRS: 0000347935

   NIP: 7792369887

   REGON: 301345068

   PayPro SA acts as the payment operator for card payments and online transactions via the Przelewy24 system.

   Payment data are processed in accordance with the operator’s own privacy policy.

6. 6. DATA SUBJECT RIGHTS

   Under the GDPR, users have the right to:

   • Access their personal data (Art. 15 GDPR)
   • Rectification (Art. 16 GDPR)
   • Erasure (Art. 17 GDPR)
   • Restriction of processing (Art. 18 GDPR)
   • Data portability (Art. 20 GDPR)
   • Object to processing (Art. 21 GDPR)
   • Withdraw consent at any time (Art. 7(3) GDPR)

   Withdrawal of consent does not affect the legality of processing prior to withdrawal.

   Requests may be submitted to:

   konta@sexymatcha.com

   Users also have the right to lodge a complaint with the Polish supervisory authority:

   President of the Personal Data Protection Office (UODO)

   ul. Stawki 2 00-193 Warsaw, Poland

   https://uodo.gov.pl

7. 7. TRANSFER OF DATA OUTSIDE THE EEA

   Personal data are not transferred outside the European Economic Area (EEA), unless appropriate safeguards are applied in accordance with Chapter V GDPR (e.g., Standard Contractual Clauses).

8. 8. COOKIES AND TRACKING TECHNOLOGIES

   The Store uses cookies for:

   • Ensuring technical functionality
   • Saving user preferences
   • Statistical and analytical purposes
   • Marketing activities (if consent is granted)

   Users may manage cookies via browser settings.

   Where required by law, consent is obtained before placing non-essential cookies.

9. 9. DATA SECURITY

   The Controller implements appropriate technical and organizational measures, including:

   • SSL encryption
   • Secure hosting
   • Access control systems
   • Regular software updates

   Personal data are protected against unauthorized access, disclosure, alteration, or destruction.

10. 10. NEWSLETTER

    Users may subscribe to the Sexy Matcha newsletter by providing their email address and giving explicit consent.

    Unsubscription is possible at any time via:

    • The unsubscribe link included in each email

    • Sending a request to konta@sexymatcha.com

11. 11. CHANGES TO THE PRIVACY POLICY

    The Controller reserves the right to amend this Privacy Policy.

    The current version is always available on the Store’s website.