← Back to Home
1. Data Controller
The data controller for personal data processed through the MatjarUK platform is:
- MatjarUK Technologies, Inc.
- 2614 Westheimer Rd, Suite 210, Houston, TX 77098, United States
- Privacy Officer: privacy@matjaruk.com
- Phone: +1 (713) 482-7190
Where we process personal data on behalf of our business clients (e.g., their customers' delivery
addresses), we act as a Data Processor. Our clients remain the Data Controller for that
data.
2. Data We Collect
We collect the following categories of personal data:
2.1 Account Data
- Full name, business email address, phone number, job title
- Company name, registration number, billing address
- Password (hashed, never stored in plaintext)
2.2 Usage Data
- Feature interactions, dashboard views, search queries
- Order routing decisions, inventory queries, supplier actions
- Login timestamps, session duration, pages visited
2.3 Technical Data
- IP address, browser type and version, operating system
- Device identifiers, screen resolution
- Referral source and navigation paths
2.4 Client-Uploaded Data
- Product catalogues, supplier contact details, order records
- Customer shipping addresses and order histories (processed on behalf of our clients)
3. How We Use Data
We process personal data for the following purposes:
- Service Delivery — operating the platform, synchronising inventory, routing orders,
coordinating with suppliers
- Transactional Notifications — sending order confirmations, inventory alerts,
delivery updates, and security notices
- Billing & Invoicing — processing subscription fees, generating receipts,
managing payment records
- Security & Fraud Prevention — monitoring for unauthorised access, enforcing
rate limits, detecting anomalies
- Legal Compliance — fulfilling regulatory obligations, responding to lawful requests
from authorities
- Platform Improvement — analysing usage patterns to improve features, fix defects,
and optimise performance (using aggregated, de-identified data)
4. Legal Bases for Processing (GDPR)
Under the General Data Protection Regulation, we process personal data on the following legal bases:
- Performance of Contract (Article 6(1)(b)) — processing necessary to deliver the
Service you have subscribed to
- Legitimate Interest (Article 6(1)(f)) — security monitoring, fraud prevention,
platform analytics (balanced against your rights)
- Legal Obligation (Article 6(1)(c)) — tax record-keeping, regulatory disclosures,
law enforcement cooperation
- Consent (Article 6(1)(a)) — where explicitly requested, such as optional usage
analytics; consent can be withdrawn at any time
5. We Do Not Sell Personal Data
MatjarUK does not sell, rent, trade, or otherwise disclose personal data to third parties for
their own commercial purposes. This commitment applies to all categories of personal data
we collect, under both GDPR and CCPA definitions of "sale."
6. Sub-Processors
We share personal data with the following categories of sub-processors, strictly for the purposes
described:
- Amazon Web Services (AWS) — cloud infrastructure hosting (eu-west-2 London region).
AWS Privacy
- Mailgun (Sinch) — transactional email delivery. Mailgun
Privacy
- Stripe — payment processing and subscription billing. Stripe Privacy
Each sub-processor is bound by a Data Processing Agreement that limits processing to the purposes
specified by MatjarUK and requires equivalent security standards.
7. International Data Transfers
As a US-based company serving UK and EU clients, we transfer personal data internationally. We ensure
adequate protection through:
- Standard Contractual Clauses (SCCs) — EU-approved clauses incorporated into our
agreements with sub-processors
- EU-US Data Privacy Framework — we adhere to the principles of the framework where
applicable
- UK International Data Transfer Agreement (IDTA) — supplementary provisions for UK
transfers
8. Data Retention
We retain personal data only as long as necessary for the purposes described:
- Account data — retained for the duration of your subscription, plus 90 days for
data export
- Usage data — retained for 24 months, then aggregated and anonymised
- Technical / server logs — retained for 12 months
- Email delivery logs — retained for 90 days
- Billing records — retained for 7 years (tax compliance)
- Consent records — retained for 36 months after last activity
- Client-uploaded data — deleted within 30 days of account termination, unless export
is requested
9. Your Rights — GDPR
If you are located in the European Economic Area or United Kingdom, you have the following rights:
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — correct inaccurate or incomplete data
- Right to Erasure — request deletion of your data ("right to be forgotten")
- Right to Restriction — limit processing in certain circumstances
- Right to Data Portability — receive your data in a structured, machine-readable
format
- Right to Object — object to processing based on legitimate interest
- Right to Withdraw Consent — where processing is based on consent, withdraw at any
time without affecting lawfulness of prior processing
We respond to all data subject requests within 30 days. To exercise your rights, email
privacy@matjaruk.com.
You also have the right to lodge a complaint with a supervisory authority, such as the UK Information
Commissioner's Office (ICO) at ico.org.uk.
10. Your Rights — CCPA
If you are a California resident, the California Consumer Privacy Act grants you the following rights:
- Right to Know — request disclosure of the categories and specific pieces of
personal information we have collected about you
- Right to Delete — request deletion of personal information we have collected
- Right to Opt-Out of Sale — we do not sell personal information; therefore, there is
no sale from which to opt out
- Right to Non-Discrimination — we will not discriminate against you for exercising
any CCPA rights
To submit a CCPA request, email privacy@matjaruk.com with the
subject line "CCPA Request."
11. Cookies
MatjarUK uses strictly necessary cookies only:
- Session cookie — maintains your authenticated session while using the platform
- CSRF token — prevents cross-site request forgery attacks
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No
personal data is shared with advertising networks.
12. Data Security
We implement technical and organisational measures to protect your data:
- Encryption in transit — TLS 1.3 for all connections
- Encryption at rest — AES-256 for stored data
- Access controls — role-based access (RBAC) with principle of least privilege
- Multi-factor authentication — enforced for all internal systems and encouraged for
client accounts
- Vulnerability management — regular dependency scanning and penetration testing
- Incident detection — real-time monitoring for anomalous access patterns
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will provide at least 30 days' advance notice via email and in-app notification
- The "Last Updated" date at the top of this page will be revised
- Continued use of the Service after the effective date constitutes acceptance of the updated policy
14. Contact
For privacy-related enquiries, data subject requests, or complaints:
- Privacy Officer — MatjarUK Technologies, Inc.
- 2614 Westheimer Rd, Suite 210, Houston, TX 77098
- Email: privacy@matjaruk.com
- Phone: +1 (713) 482-7190