Version 1.0 — June 2026 — GDPR & Lithuanian Law

Privacy Policy

Preamble

SUNALA UAB places the utmost importance on protecting your personal data. This Privacy Policy describes how we collect, use, store and protect your data in connection with your use of the sunalaa.com Platform and its associated services.

This policy complies with the GDPR (EU Regulation 2016/679), Lithuanian personal data protection law and the requirements of the MiCA regulation.

Your fundamental rights (GDPR)

Right of access
Right to rectification
Right to erasure ('right to be forgotten')
Right to data portability
Right to object
Right to restriction of processing

To exercise these rights: privacy@sunalaa.com

ARTICLE 01

Article 1 — Data Controller

SUNALA UAB (registration in progress)

Republic of Lithuania, European Union

DPO email: privacy@sunalaa.com

General email: contact@sunalaa.com

Legal framework: GDPR (EU 2016/679) + Lithuanian Data Protection Act

ARTICLE 02

Article 2 — Data Collected

2.1 Data provided directly

  • Email address
  • Pseudonym / username
  • Password (hashed — never stored in plain text)
  • Country of residence
  • Crypto wallet address (optional)
  • KYC documents (ID, proof of address) where applicable
  • Payment information (processed by our PCI-DSS certified providers)

2.2 Automatically collected data

  • IP address and approximate geolocation
  • Browser, operating system, device type
  • Pages visited, session duration, clicks
  • Connection data (timestamp, frequency)
  • Activity data (streaks, points collected, missions)
  • Unique device identifier

2.3 Referral data

  • Referral link used at registration
  • Identity of partners in your network (pseudonyms only)
  • Activity data from your referral network

ARTICLE 03

Article 3 — Purposes and Legal Bases for Processing

PurposeLegal basisData
Account creation and managementContract performance (Art. 6.1.b)Email, username, password
Points and activity trackingContract performance (Art. 6.1.b)Activity, points history
Referral programmeContract performance (Art. 6.1.b)Network data, commissions
Notifications and emailsConsent (Art. 6.1.a)Email, notification preferences
Fraud preventionLegitimate interest (Art. 6.1.f)IP, behaviour, account data
KYC / AML complianceLegal obligation (Art. 6.1.c)Identity, KYC documents
Platform improvementLegitimate interest (Art. 6.1.f)Anonymised usage data
Tax obligationsLegal obligation (Art. 6.1.c)Transaction data

ARTICLE 04

Article 4 — Data Retention Periods

  • 1Active account: data retained for the entire duration of account activity
  • 2Points and transactions: 5 years after the last operation (accounting obligations)
  • 3KYC documents: 5 years after account closure (AMLD6)
  • 4Technical logs: rolling 12 months
  • 5Marketing emails: 3 years after the last active consent
  • 6Anonymised data: retained indefinitely for statistical purposes

ARTICLE 05

Article 5 — Data Sharing and Transfers

SUNALA never sells your personal data to third parties.

Data may be shared only in the following cases:

  • Technical providers (hosting, CDN) strictly within the scope of the service
  • PCI-DSS certified payment processors (e.g. Stripe) for transactions
  • KYC/AML providers (e.g. Sumsub) for identity verification
  • Competent authorities upon judicial or legal order
  • Referral partners (limited sharing to pseudonyms within your network)

5.1 Transfers outside the EU

Any transfer of data outside the European Economic Area is governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

ARTICLE 06

Article 6 — Data Security

SUNALA UAB implements the following security measures:

Communication encryption via TLS/SSL (HTTPS)

Password hashing with bcrypt (high cost factor)

Two-factor authentication (2FA) available for all accounts

Data access limited to strictly necessary personnel (least privilege principle)

Regular security audits and penetration testing

Incident response plan with notification within 72h in the event of a breach (GDPR Art. 33)

ARTICLE 07

Article 7 — Cookies and Tracking Technologies

Cookie typePurposeDuration
Essential (session)Session maintenance, authenticationSession / 30 days
AnalyticsAnonymised audience measurement13 months
PerformancePage load optimisation6 months
MarketingPersonalisation and retargeting90 days

ARTICLE 08

Article 8 — Exercising Your Rights

To exercise your GDPR rights, contact our DPO: privacy@sunalaa.com

Response time: 1 month (extendable to 3 months for complex requests)

You may also lodge a complaint with the Lithuanian data protection authority (VDAI): www.vdai.lrv.lt

ARTICLE 09

Article 9 — Changes to the Privacy Policy

Any material change to this Policy will be notified by email and/or via a notification on the Platform at least 30 days before it takes effect.

Data Protection Contact

DPO: privacy@sunalaa.com

General email: contact@sunalaa.com

Supervisory authority (VDAI): www.vdai.lrv.lt

Response time: 30 days maximum

All requests must include proof of identity

Last updated: June 2026 — Version 1.0 — SUNALA UAB, Vilnius, Lithuania

Back to home