privacy policy

Effective date: 02.02.2026

1. Data Controller

The controller of your personal data is: “MatchIt!” Szymon Łój, Piotr Emil Pala, Krzysztof Nabzdyk Spółka Cywilna
Registered office: Kobylniki 3, 55-300 Środa Śląska, Polska
Tax Identification Number (NIP): PL9131637369
Email: matchitholds@gmail.com

2. Categories of Personal Data

We collect the following personal data when you submit an order or inquiry:

First and last name (contact person)
Company name
Company Tax Identification Number (NIP)
Email address
Phone number
Shipping address

We do not collect payment data via the website.

3. Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes:

a) Conclusion and performance of a contract

(handling orders, communication regarding orders, delivery)

Legal basis: Article 6(1)(b) GDPR – performance of a contract or taking steps prior to entering into a contract.

b) Compliance with legal obligations

(accounting, tax and bookkeeping duties)

Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation to which the controller is subject.

c) Establishment, exercise or defence of legal claims

Legal basis: Article 6(1)(f) GDPR – legitimate interest of the controller.

Where processing is based on legitimate interest, that interest consists of protecting the company against legal claims and ensuring business continuity.

4. Data Retention Period

Personal data is stored:

For the duration of the contractual relationship,
For the period required by applicable accounting and tax laws,
Until the expiry of limitation periods for potential legal claims.

After these periods, data is deleted or anonymised.

5. Recipients of Personal Data

Personal data may be disclosed to:

IT and hosting service providers,
Email service providers,
Accounting and bookkeeping service providers,
Courier and logistics companies (for delivery purposes),
Legal advisors (if necessary).

Where required under Article 28 GDPR, data processing agreements are concluded with processors.

6. Transfers Outside the EEA

If personal data is transferred outside the European Economic Area (EEA), such transfers are carried out in accordance with Chapter V GDPR, including the use of appropriate safeguards such as Standard Contractual Clauses adopted by the European Commission.

7. Rights of Data Subjects

Under GDPR, you have the right to:

Access your personal data (Article 15 GDPR),
Rectification (Article 16 GDPR),
Erasure (Article 17 GDPR),
Restriction of processing (Article 18 GDPR),
Data portability (Article 20 GDPR),
Object to processing based on legitimate interest (Article 21 GDPR).

You also have the right to lodge a complaint with the competent supervisory authority.

In Poland, the supervisory authority is:

Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warsaw, Poland
www.uodo.gov.pl

8. Obligation to Provide Data

Providing personal data is necessary for the conclusion and performance of a contract. Failure to provide required data may result in the inability to process your order.

9. Source of Data

Personal data is obtained directly from the data subject via the website order form or email communication.

10. Automated Decision-Making

Personal data is not subject to automated decision-making, including profiling, within the meaning of Article 22 GDPR.

11. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data transmission (SSL), access control and data minimization.