Privacy Policy

Effective date: 3 November 2025

I. Data Controller

PLATURAL Life Sciences Sp. z o.o.
Jesionowa 11, 55-114 Malin, Poland
NIP: 9151831790, REGON: 529755542
Email: info@platural.com

This Policy applies to:

Our websites (including platural.com) and online store (platural-shop.com),
Our mobile application for Android/iOS,
The Platural Professional Program.

II. Scope & Shared Accounts

You may use the same account across our website/store and mobile app. Depending on your settings and use, selected data may be available across both surfaces to provide the service you expect (access to your data, saved preferences and documents).

We process personal data for the following purposes:

Customer orders & account management (store & app)
Creating and managing accounts; processing orders, payments, invoicing, shipping/returns; customer support.
Legal bases: performance of a contract Art. 6(1)(b); legal obligations (tax/accounting) Art. 6(1)(c); legitimate interests (fraud prevention, service quality) Art. 6(1)(f).
Platural Professional Program (B2B)
Enrollment, partner verification, access management, self-billing/settlements, issuing documents, and related communications.
Legal bases: Art. 6(1)(b) and Art. 6(1)(c); legitimate interests Art. 6(1)(f) (program administration, preventing abuse).
App functions
Secure sign‑in and session management; optional push notifications (e.g., account/settlement notices); app preferences and features.
Legal bases: Art. 6(1)(b) (service delivery); Art. 6(1)(a) where consent is required by platform rules; Art. 6(1)(f) (necessary logs, security).
Support & communications
Handling inquiries (email/contact forms), technical assistance.
Legal bases: Art. 6(1)(b) or Art. 6(1)(f) depending on context; Art. 6(1)(c) for regulatory queries.
Compliance
Fulfilling tax, accounting, and regulatory duties (e.g., invoice retention).
Legal basis: Art. 6(1)(c).
Analytics & marketing on the website
Measuring reach and improving UX; remarketing/ads (when enabled).
Legal bases: Art. 6(1)(a) GDPR and §25(1) TTDSG for non‑essential cookies/technologies; Art. 6(1)(f) and §25(2) TTDSG for strictly necessary technologies.

We do not engage in solely automated decisions producing legal effects (Art. 22 GDPR). Limited marketing “profiling” (e.g., segmentation) may occur; you can object at any time (see Section XII).

IV. Categories of Data

Depending on your use, we may process:

Identification & contact data: name, company, tax ID/VAT, addresses, email, phone.
Account data: login, hashed credentials, roles/permissions, device push token.
Order & billing data: items, prices, discounts, invoices, shipping details, returns; self‑billing documents and acceptance timestamps (Professional Program).
Payment data: payment method, status, transaction reference via secure payment providers (we do not store full card numbers).
Technical & usage data: IP address, device identifiers, OS/browser/app version, basic diagnostics; consent status; limited local storage used for essential functions (e.g., session, preferences).
Push notifications: device token, delivery status, basic event logs.
Support content: messages and attachments you share with us.

V. Sources

Directly from you (forms, checkout, app, support),
From your device/browser/app (technical data, platform permissions).

VI. Recipients (Processors & Partners)

We share data only as needed with trusted recipients under appropriate agreements, including:

IT/hosting and SaaS (site/app hosting, CRM, email, helpdesk),
E‑commerce and store integrations necessary to operate the shop,
Payment processors (e.g., card processors, bank transfers),
Logistics & shipping partners (fulfillment and returns),
Consent Management Platform (e.g., Usercentrics GmbH) for cookie/consent records,
Analytics/advertising providers (if enabled by your consent),
Push notification service providers (e.g., Google/Firebase),
Professional Program administration (accounting, tax, legal advisors).

A current list of categories of processors is available on request.

VII. International Data Transfers

Some providers are located outside the EEA (e.g., analytics or messaging vendors). Where required, we use Standard Contractual Clauses (SCCs) approved by the European Commission and implement supplementary safeguards to ensure an adequate level of protection (Art. 44–49 GDPR).

VIII. Cookies & Similar Technologies (Website)

We use cookies and similar technologies (which may include local or device storage) for:

Essential operations (e.g., security, cart, session) – §25(2) TTDSG / Art. 6(1)(f) GDPR,
Analytics – consent required, §25(1) TTDSG / Art. 6(1)(a) GDPR,
Marketing/remarketing – consent required, §25(1) TTDSG / Art. 6(1)(a) GDPR.

Consent Management: We use a CMP (e.g., Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich) to collect and store your preferences. You can change or withdraw consent at any time via the banner/fingerprint icon.

IX. Mobile App Details

Secure sign‑in & local storage
Authentication tokens are stored securely on your device. You can log out at any time to clear the token.
Push notifications
Delivered via platform messaging services. Data processed include device token and delivery metadata. You can disable notifications in the app (if available) or in your device settings.
Permissions & features
The app may request limited permissions (e.g., camera for QR features; network status). We do not collect precise geolocation by default.

X. Platural Professional Program (B2B) — Specifics

If you participate:

We process participant and company details (e.g., name, address, tax ID, banking details), coupon/partner IDs, sales attribution, and self‑billing/settlement documents.
We may register your device push token to deliver settlement or policy updates.
Legal bases: Art. 6(1)(b) (program performance), Art. 6(1)(c) (tax/accounting), and Art. 6(1)(f) (program integrity/fraud prevention).
Self‑billing / deemed acceptance: where applicable and described in the Program Terms, settlement documents may be deemed accepted after a defined period if no objection is raised. The app or email may notify you of such events. Timelines are governed by the Program Terms.

XI. Data Retention

Account data: for the lifetime of your account and up to the limitation period for claims.
Orders, invoices, settlements (incl. self‑billing): retained for statutory accounting/tax periods (typically 6–10 years, depending on jurisdiction).
Support communications: retained to resolve the matter and for compliance.
Push tokens: while active; removed upon logout, revocation, or prolonged inactivity.
Consent records & cookie preferences: retained as required for compliance and audit.
We delete or anonymize data when retention is no longer required.

You have the right to access, rectify, erase (where applicable), restrict processing, data portability, and to object to processing based on legitimate interests (especially marketing). Where processing relies on consent, you may withdraw consent at any time (without affecting prior lawful processing).
To exercise your rights, contact info@platural.com. You also have the right to lodge a complaint with a supervisory authority.

XIII. Security

We apply technical and organizational measures appropriate to risk, including transport encryption, access control, least‑privilege, secure on‑device storage for sign‑in tokens, and vendor due diligence. No method is 100% secure; we continuously improve safeguards.

XIV. Children

Our services are not directed to children. The Professional Program is for adults/organizations. If you believe we processed a child’s data without proper basis, contact us to remove it.

XV. Do‑Not‑Track / Global Privacy Control

Your browser or device may support DNT/GPC signals. Where feasible, we honor consent preferences captured through our CMP and applicable platform settings. For ad/analytics vendors, manage consent via the site banner.

XVI. Changes to this Policy

We may update this Policy from time to time. The latest version will always be available at this URL and will include the effective date.

Privacy Policy & Cookie Notice