Your Privacy Matters: Understanding Our Commitment

Effective Date: 01 October 2025

DERASTA Sp. z o.o. (“we”, “our”, “us”) respects your privacy and is committed to protecting the personal and business information you share with us.

This Privacy Policy explains how we collect, process, and protect your data when you:

• Open a B2B account with us
• Place an order via email
• Use our website or services

This policy complies with:

• Polish GDPR implementation law (RODO)
• UK Data Protection Act 2018

⚡ Improved readability and formatting for online viewing while preserving all content.

We only collect data necessary to provide our services and meet legal obligations.

• Company and trading names
• Registration and VAT numbers
• Registered and delivery addresses
• Contact person details (name, email, phone)
• Bank details for verification (if applicable)
• Nature of business and intended product use

• Order details (products, quantities, and dates)
• Correspondence, quotations, and confirmations
• Payment and invoice-related information

⚡ Restructured into clear bullet points for easier readability.

We process your information to:

• Verify and onboard B2B clients under our Terms of Business
• Manage orders, deliveries, and payments
• Fulfil legal and regulatory obligations, including tax and customs compliance
• Communicate about orders, product updates, or compliance matters
• Prevent misuse or diversion of controlled products

⚡ Simplified flow and bolded key actions for better visual hierarchy.

We process your data based on:

• Contractual necessity – to fulfil our Terms of Business
• Legal obligation – to comply with EU, Polish, and UK laws
• Legitimate interests – to maintain security, prevent misuse, and protect business operations

We may share your data only with:

• Shipping and logistics partners for delivery purposes
• Regulatory authorities when required by law
• Professional advisers, such as auditors, lawyers, or tax consultants, where necessary

We do not sell, rent, or trade your data for marketing purposes.

⚡ Clarified “no marketing use” for stronger transparency.

We retain personal and business data only for as long as necessary to:

• Perform contractual obligations
• Comply with legal or regulatory requirements
• Maintain records for audit or dispute resolution

In general, data is retained for up to five (5) years after the end of the business relationship, unless law requires a longer retention period.

⚡ Added bold emphasis for time frame.

You have the right to:

• Access your personal or business data
• Correct inaccurate information
• Request deletion or restriction of processing, where permitted by law
• Object to processing on legitimate grounds
• Lodge a complaint with the Polish Data Protection Authority or the UK Information Commissioner’s Office (ICO)

All requests should be submitted in writing to info@derasta.pl.

⚡ Added bold action words to highlight user rights.

We implement appropriate technical and organisational measures to protect your data from:

• Unauthorised access or disclosure
• Accidental loss, destruction, or damage

All personnel handling data are trained and bound by confidentiality obligations.

We may update this Privacy Policy from time to time to reflect legal, operational, or regulatory changes.
The Effective Date at the top of this page indicates the latest version.

⚡ Added clarity on version tracking.

For questions or privacy requests, please contact:

DERASTA Sp. z o.o.
ul. Solipska 3/5, 02-482 Warszawa, Poland
Email: info@derasta.pl
Phone: +48 665 930 686

© 2025 DERASTA Sp. z o.o. All rights reserved.

AreaDescription

Formatting

Improved structure for website readability (headings, bullets, emphasis).

Transparency

Highlighted “no marketing data use” and clearer explanation of rights.

Accessibility

Added visual emphasis (bold, spacing) for easier scanning online.

Compliance

Retained full compliance with Polish GDPR (RODO) and UK Data Protection Act 2018.