Effective date: 11 September 2025
Company: U2 COMPANY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Address: UL. PUŁAWSKA 221 / 1, 02-715 WARSZAWA, POLAND
Website: https://velazo-b2b.com
Contact (Data Protection): [email protected]
1. Introduction
This Privacy Policy explains how we collect, use, and protect personal data when you use our B2B e-commerce platform velazo-b2b.com, in compliance with the General Data Protection Regulation (GDPR, EU 2016/679) and applicable EU/Polish law.
2. Data Controller
The data controller is U2 COMPANY SP. Z O.O., UL. PUŁAWSKA 221 / 1, 02-715 WARSZAWA, POLAND.
Contact: [email protected]
3. Personal Data We Collect
Identification & contact data: name, surname, business email, phone, company name, VAT number, address.
Account data: login credentials, role/permissions, order history.
Transaction data: invoices, payment status (processing by Stripe/PayPal).
Technical data: IP address, device/browser info, server logs.
Cookies & similar technologies: analytics and advertising identifiers.
4. Purposes of Processing
Create and manage B2B accounts and verify business customers.
Process and fulfill orders, invoicing, and payments (Stripe/PayPal).
Provide customer support and essential service communications.
Ensure security and performance (including via Cloudflare).
Analytics and marketing (Google Analytics, Google Ads, Facebook Ads) subject to consent where required.
Compliance with legal obligations (tax/VAT, accounting, fraud prevention).
5. Legal Bases (GDPR Art. 6)
Contract performance Art. 6(1)(b) (account, orders, payments).
Legal obligation Art. 6(1)(c) (tax, accounting, KYC where applicable).
Legitimate interests Art. 6(1)(f) (platform security, B2B relationship management, limited direct B2B marketing).
Consent Art. 6(1)(a) (non-essential cookies/ads).
6. Cookies & Tracking
We use essential cookies and, with your consent, analytics/advertising cookies. A consent banner lets you accept/reject categories and change preferences at any time. Details (providers, purposes, retention) are listed in our Cookie settings page.
7. Data Sharing (Processors/Recipients)
Payments: Stripe, PayPal.
Infrastructure & security: Cloudflare, hosting providers.
Analytics/Ads: Google (Analytics/Ads), Meta (Facebook Ads).
Logistics: carriers/fulfilment partners (for delivery).
Authorities: where legally required.
We sign appropriate data processing agreements and ensure safeguards where applicable. You indicated no transfers outside the EU/EEA; if that changes, we will use GDPR-compliant safeguards (e.g., SCCs) and update this notice.
8. Retention
We retain data only as long as necessary: account/order/payment data for statutory periods (e.g., up to 5–10 years for tax/accounting under Polish law); marketing data until you withdraw consent or object; logs for a proportionate security period.
9. Your Rights
You have the right to access, rectify, erase, restrict processing, object, and data portability, and to withdraw consent at any time (does not affect past lawful processing). You may lodge a complaint with the Polish DPA (UODO).
Contact for requests: [email protected]
10. Security
We implement appropriate technical and organisational measures, including encryption in transit, access controls, and least-privilege policies.
11. Changes
We may update this Policy; material changes will be notified on the website with a new “Effective date.”