Preamble
SUNALA UAB places the utmost importance on protecting your personal data. This Privacy Policy describes how we collect, use, store and protect your data in connection with your use of the sunalaa.com Platform and its associated services.
This policy complies with the GDPR (EU Regulation 2016/679), Lithuanian personal data protection law and the requirements of the MiCA regulation.
Your fundamental rights (GDPR)
To exercise these rights: privacy@sunalaa.com
ARTICLE 01
SUNALA UAB (registration in progress)
Republic of Lithuania, European Union
DPO email: privacy@sunalaa.com
General email: contact@sunalaa.com
Legal framework: GDPR (EU 2016/679) + Lithuanian Data Protection Act
ARTICLE 02
2.1 Data provided directly
2.2 Automatically collected data
2.3 Referral data
ARTICLE 03
| Purpose | Legal basis | Data |
|---|---|---|
| Account creation and management | Contract performance (Art. 6.1.b) | Email, username, password |
| Points and activity tracking | Contract performance (Art. 6.1.b) | Activity, points history |
| Referral programme | Contract performance (Art. 6.1.b) | Network data, commissions |
| Notifications and emails | Consent (Art. 6.1.a) | Email, notification preferences |
| Fraud prevention | Legitimate interest (Art. 6.1.f) | IP, behaviour, account data |
| KYC / AML compliance | Legal obligation (Art. 6.1.c) | Identity, KYC documents |
| Platform improvement | Legitimate interest (Art. 6.1.f) | Anonymised usage data |
| Tax obligations | Legal obligation (Art. 6.1.c) | Transaction data |
ARTICLE 04
ARTICLE 05
Data may be shared only in the following cases:
5.1 Transfers outside the EU
Any transfer of data outside the European Economic Area is governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
ARTICLE 06
SUNALA UAB implements the following security measures:
Communication encryption via TLS/SSL (HTTPS)
Password hashing with bcrypt (high cost factor)
Two-factor authentication (2FA) available for all accounts
Data access limited to strictly necessary personnel (least privilege principle)
Regular security audits and penetration testing
Incident response plan with notification within 72h in the event of a breach (GDPR Art. 33)
ARTICLE 07
| Cookie type | Purpose | Duration |
|---|---|---|
| Essential (session) | Session maintenance, authentication | Session / 30 days |
| Analytics | Anonymised audience measurement | 13 months |
| Performance | Page load optimisation | 6 months |
| Marketing | Personalisation and retargeting | 90 days |
ARTICLE 08
To exercise your GDPR rights, contact our DPO: privacy@sunalaa.com
Response time: 1 month (extendable to 3 months for complex requests)
You may also lodge a complaint with the Lithuanian data protection authority (VDAI): www.vdai.lrv.lt
ARTICLE 09
Any material change to this Policy will be notified by email and/or via a notification on the Platform at least 30 days before it takes effect.
Data Protection Contact
DPO: privacy@sunalaa.com
General email: contact@sunalaa.com
Supervisory authority (VDAI): www.vdai.lrv.lt
Response time: 30 days maximum
All requests must include proof of identity
Last updated: June 2026 — Version 1.0 — SUNALA UAB, Vilnius, Lithuania