SugarDaddy dating website logo

Privacy Policy

Privacy Policy of the website sugardaddy.pl

This Privacy Policy explains the principles of processing Users' personal data within the sugardaddy.pl website (hereinafter referred to as the "Website"). This document has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Polish law. Please read it carefully.

§1. Personal Data Administrator and Data Protection Inspector

The controller of the personal data of the Website Users (the entity deciding on the purposes and methods of data processing) is DOURO DYNAMICS sp. z o.o. with its registered office at ul. Michała Kleofasa Ogińskiego 11/9, 03-318 Warsaw, Poland, KRS 0001090323, NIP: 5242999599, (hereinafter referred to as the "Controller").

The Controller has not currently appointed a Data Protection Officer. All matters concerning the processing of your personal data can be directed to the Controller – contact details can be found in §12 below. If a Data Protection Officer (DPO) is appointed in the future, we will provide their contact details in the updated Privacy Policy.

§2. Categories of personal data and sources of their acquisition

The Administrator processes various categories of Users' personal data, in particular:

  • Mandatory and voluntary registration data: during registration, only basic data marked as mandatory are required (including e-mail address, password, date of birth to confirm age, gender, role on the Website, location), while providing additional information (such as precise geolocation, detailed profile data) is voluntary and failure to provide it does not block the use of the Website.
  • Geolocation data: data regarding the User's precise geographical location (geolocation) is processed only with the User's separate, express consent. This consent may be withdrawn at any time.
  • Profile Data: information voluntarily provided by the User in a profile on the Website, which may include a personal description, information about interests, and other data that the User chooses to disclose about himself or herself as part of his or her profile.
  • Website Usage Data: technical and statistical information collected when using the Website, e.g., the IP address of the User's device, browser and operating system data, unique identifiers assigned to the User, server logs (time of visit, request URL, session identifiers, etc.), as well as data about the User's activity on the Website (e.g., profiles viewed, contacts established, messages sent, payments made for premium services, login history, and account settings). This data may be collected automatically using cookies or similar technologies (details in §9).
  • Transaction data: If the Website offers paid features (e.g., premium subscriptions), the Controller may process data required to process payments, such as limited payment card information (e.g., the last digits of the card number) or transaction identifiers, as well as billing data (if the User requests an invoice, e.g., name, address, Tax Identification Number). If a purchase is made through external platforms (e.g., Apple App Store/iTunes or Google Play), the Controller only receives the information necessary to activate the purchased service from these providers (e.g., transaction confirmation, subscription ID), while detailed payment data remains managed by the aforementioned platforms. Full payment data (e.g., card number) is not stored by the Website – payments are handled by external payment providers compliant with the PCI DSS standard.
  • Correspondence data: information contained in communication with the Administrator or the Website staff (e.g. data provided in support requests, e-mails, telephone conversations or chats (including via WhatsApp) with the staff, etc.), including contact details and the content of the correspondence.
  • Special categories of data: as a rule, the Controller does not require or process sensitive data (i.e., special categories of personal data referred to in Article 9 of the GDPR, e.g., data on health, political opinions, sexual life, or racial/ethnic origin) from Users. Users are requested not to disclose such information in their profile or in communications via the Website. Due to the nature of the Website (establishing personal relationships, intimate topics), Users may disclose data relating to the sexual sphere, e.g., sexual orientation, relationship preferences, and intimate life, which may constitute sensitive data within the meaning of Article 9 of the GDPR (e.g., data on sexual life, health, or racial/ethnic origin disclosed indirectly through a description). However, it should be emphasized that the Controller does not require the provision of such information and will not process it without meeting legal requirements.

Data Sources: As a rule, the Controller obtains personal data directly from you, i.e., from the data subject – this occurs when you register an account, complete your profile, use the Website's services, or communicate with the Controller. In some cases, the Controller may receive your data from other sources, in accordance with Article 14 of the GDPR, e.g.:

  • from third-party login service providers – if you register or log in to our Website using an external account (e.g. "Log in with Facebook", "Sign in with Apple" or Google), we receive some of your data from the provider of such service (such as your name, surname, e-mail address, user ID on that service, profile picture, etc.) in accordance with the scope of your consent given to that provider.

Whenever personal data does not originate directly from the data subject, the Controller fulfills the information obligation towards that person under Article 14 of the GDPR by providing all required information no later than upon first communication with that person or within one month of obtaining the data (unless the person has previously obtained the information themselves). This Privacy Policy contains all relevant information regarding data processing, including for individuals whose data may have been obtained from other sources.

§3. Data processing purposes and legal basis

Users' personal data is collected and used only for specific purposes and on the basis of the appropriate legal basis provided for by the GDPR. The processing purposes and their corresponding legal basis are outlined below:

  • Registering and maintaining a User account on the Website – to enable you to create an account, use the Website and its functionalities (create a profile, search and communicate with other Users, etc.). Legal basis: consent of the data subject (Article 6, paragraph 1, letter a of the GDPR) and necessity for the performance of a contract for the provision of electronic services (Article 6, paragraph 1, letter b of the GDPR). Creating an account and accepting the Website's terms and conditions creates a legally binding contract between the User and the Controller, and the processing of mandatory registration data is necessary for the performance of this contract. In the case of voluntary registration data, we rely on the User's express consent.
  • Provision of Website services and User support – to ensure that the Website's features function as intended, including enabling partner search (matching Sugar Daddy with Sugar Baby, Sugar Mummy with Sugar Babe, etc.), communication between Users (messages, chat), participation in the community, and use of premium features. This also includes ongoing User support, resolving technical issues, answering questions, and handling requests and complaints. Legal basis: necessity for the performance of a contract (Article 6, paragraph 1, letter b of the GDPR) – processing these data is an essential part of the service provided.
  • Profiling on the Website (matching content and partners) – in order to improve the quality of the Website’s services and facilitate its use, the Controller may analyze Users’ personal data (such as profile information, behavior on the Website, preferences) in an automated manner to profile Users. This profiling serves, for example, to suggest potentially best-suited partners to the User (suggesting profiles of other Users who may match preferences), personalize the content displayed on the Website (e.g., the order in which search results are displayed, internal Website advertisements), or adapt the interface to the User’s needs. Legal basis: the Controller’s legitimate interest (Article 6, paragraph 1, letter f of the GDPR) in increasing the attractiveness and functionality of our services through personalization, as well as, in part, the necessity to perform the contract (Article 6, paragraph 1, letter b) – because a certain degree of content customization is the essence of the Website’s operation and is expected by Users. Note: Such profiling does not have any legal effect on the User or significantly impact them in any other way – it is solely intended to improve the user experience on the Website (for details on profiling, see §11). The User has the right to object to the profiling described in this section – in such a case, we will endeavor to ensure that the User can use the Website without such profiling, if technically possible (however, this may result in less effective results matching).
  • Payment Processing and Paid Services – If the User decides to purchase paid services (e.g., premium accounts, additional features), personal data will be processed to process such transactions, confirm payments, issue invoices (upon request), and record the User's obligations related to the paid service. Legal basis: necessity for the performance of a contract (Article 6, paragraph 1, letter b of the GDPR) – a contract for the provision of paid functionality, and compliance with legal obligations (Article 6, paragraph 1, letter c of the GDPR) in the areas of, for example, tax and accounting law (obligation to record transactions in the books, retain accounting records, etc.).
  • Marketing of the Controller's own services – processing of your data for the purpose of direct marketing of the Website's services or the Controller's products, which may include: sending commercial information about new Website features, promotions, special offers, a newsletter with tips and articles related to the Website's topics, or displaying personalized marketing messages on the Website. Such marketing may be carried out via electronic means (e-mail, in-app notifications, SMS, push messages) only if you have consented to it, for example, by selecting the appropriate option during registration or in your account settings. Legal basis: User consent (Article 6, paragraph 1, letter a) of the GDPR) to the extent that regulations require consent to the sending of commercial information electronically or to the use of telecommunications terminal equipment for marketing purposes (in accordance with the Telecommunications Law and the Act on the Provision of Electronic Services). In certain situations, marketing may also be based on the Controller's legitimate interest (Article 6, paragraph 1, letter f) of the GDPR – for example, if you are already our customer (have an account on the Website), we may, within legally permitted limits, send you information about our own similar services, but you always have the right to object or opt out of receiving such content. Every marketing message sent by the Controller contains clear information on how to unsubscribe from further communications (e.g., an "Unsubscribe" link).
  • Personalization of advertisements and offers from partners (external marketing) – The Website does not transfer your personal data to third parties for marketing purposes without your consent. However, advertisements or offers from external partners may be displayed on the Website (e.g., in the form of advertising banners). Users' personal data may be profiled to tailor such advertisements to the User's interests (e.g., through the use of advertising cookies – see §9), which may result in an external partner (e.g., an advertising network operator) gaining access to certain information about the User as a data recipient (e.g., a cookie identifier, information that a given browser visited our Website and saw a given advertisement). Legal basis for such processing: User consent (Article 6, paragraph 1, letter a of the GDPR) to the use of cookies and similar advertising technologies, expressed through our cookie banner or browser settings. Users have the ability to manage consent to such activities – details in the Cookie Policy (§9). If the User does not consent, their data will not be processed for this purpose, and the displayed advertisements may be less relevant.
  • User Communication and Support – We use your contact details (e.g., email) and the content of your requests to communicate with you regarding matters related to the Website: to answer questions, inform you about changes to the Terms and Conditions or Privacy Policy, send system notifications (e.g., account creation confirmation, warnings about violations of the Terms and Conditions, notifications about new messages in your account, etc.), and to request feedback on the operation of the Website. Legal basis: depending on the nature of the communication – necessity for the performance of the contract (Art. 6 sec. 1 letter b GDPR) in the case of messages relevant to the provision of services (e.g., technical information, responses to service requests), or the Controller's legitimate interest (Art. 6 sec. 1 letter f GDPR) in maintaining relationships with Users, improving the quality of services, and building a positive User experience.
  • Ensuring the security of the website and preventing abuse – we may process Users' personal data to monitor the use of the website for violations of the regulations or the law, prevent fraud, extortion, and other illegal activities, filter prohibited content (violating the regulations), detect bots or fictitious accounts, ensure the security of User accounts (e.g., verifying the User's age or identity in the event of doubts as to age, requesting an ID document, automatically blocking suspicious activity). This also includes automated decision-making to a certain extent – e.g., the system may automatically block an account due to a high probability of fraud or spam behavior (in such cases, the User may refer to the Website support – see §11). Legal basis: the legitimate interest of the Controller (Article 6 paragraph 1 letter f of the GDPR) consisting in protecting the Website, its own know-how and the User community against harmful activities, as well as fulfilling legal obligations (Article 6 paragraph 1 letter c of the GDPR) in ensuring data security (e.g. obligations arising from cybersecurity regulations).
  • The Administrator may monitor content published by users to ensure compliance with the website's terms and conditions and prevent violations, which may result in the processing of personal data belonging to special categories (so-called sensitive data, e.g., data concerning sexual orientation, sex life, political opinions, racial or ethnic origin, or health) if users voluntarily disclose such data in the content they publish on their profiles.
  • The Administrator processes such data only if the user has voluntarily made such data public – pursuant to Article 9, paragraph 2, letter e of the GDPR ("data manifestly made public by the data subject"). Where such data is processed for the purpose of justifying a potential account ban or taking other measures to protect against violations of the terms and conditions, the legal basis may also be the need to establish, pursue, or defend the Administrator's legal claims (Article 9, paragraph 2, letter f of the GDPR).
  • The Administrator ensures that this data is processed only to the extent necessary to achieve the above purposes and with appropriate technical and organizational measures to protect the rights of users.
  • Analysis, research, and service development – we process aggregated, anonymized, or pseudonymized information about User activity (e.g., statistics on the use of specific Website features, results of surveys voluntarily completed by Users) to improve our services, introduce new functionalities, optimize the Website's interface and usability, and conduct internal business analyses (e.g., reporting trends and marketing campaign effectiveness). Whenever possible, we use anonymized data or data that does not identify specific individuals for this purpose. Legal basis: the Controller's legitimate interest (Article 6, Section 1, Letter f of the GDPR) in developing and improving online services and better adapting them to Users' needs.
  • Fulfillment of legal obligations – we also process personal data when necessary to comply with obligations under generally applicable law. This applies in particular to: tax and accounting obligations (e.g., storing accounting records documenting payments for the legally required period), obligations related to complaints and contract withdrawals (storing correspondence and documentation related to complaints), archiving obligations, responding to public authorities (e.g., the police, courts) based on legal provisions, etc. Legal basis: fulfillment of a legal obligation incumbent on the Controller (Article 6, paragraph 1, letter c of the GDPR) arising from specific regulations (e.g., the Accounting Act, the Tax Ordinance, the Civil Code, the Consumer Rights Act, personal data protection regulations).
  • Establishing, pursuing, or defending legal claims – in the event of a legal dispute between the User and the Controller or the need to pursue claims for damages, we may process the necessary scope of personal data to establish, pursue, or defend our claims. This includes, for example, maintaining information in a database about blocked Users whose actions have caused harm to other people, storing data related to financial transactions for a certain period of time in the event of a payment dispute, or forwarding data to lawyers or law enforcement authorities if necessary. Legal basis: the Controller's legitimate interest (Article 6(1)(f) of the GDPR) in protecting our rights and pursuing or defending against potential claims.

The Controller always ensures that only such data is processed and only for as long as necessary to achieve the above purposes. If processing is based on your consent, it is voluntary, and consent may be withdrawn at any time (which does not affect the lawfulness of previous processing). Where legitimate interest is the basis, we make every effort to consider your potential impact and rights – if you believe that our actions violate your rights or privacy, you have the right to object (see §7).

§4. Recipients of personal data

The Administrator does not sell or share collected personal data with third parties for their own marketing purposes without your express consent. However, as part of the Website's operations, certain information may be transferred or disclosed to other entities in strictly defined situations. Such entities constitute data recipients within the meaning of the GDPR. The Administrator discloses personal data only to the extent necessary and based on appropriate legal bases and agreements (e.g., data processing agreements) ensuring data protection. The categories of data recipients include, in particular:

  • Other Website Users: The Website aims to enable contact between Users, therefore the information you post on your profile (such as your nickname, age, gender, city, description, photos, etc.) is visible to other registered Users. Depending on your privacy settings, it may also be visible to non-logged-in users (guests) visiting the Website – unless the Website limits the visibility of profiles to logged-in Users only. Please be aware that any data voluntarily disclosed in your profile becomes available to other people, over whose actions the Administrator has no control. Please be careful when publishing information about yourself. If you terminate your use of the Website (delete your account), your profile will be deleted or anonymized. However, other Users may have previously saved or copied some information – the Administrator has no technical means of 100% preventing this.
  • Processors (service providers acting on behalf of the Administrator): Users' personal data may be transferred to trusted service providers used by the Administrator to operate the Website. These include:

Hosting and IT infrastructure providers: The Website relies on IT infrastructure (servers, cloud computing, data centers) provided by specialized companies. For example, the Controller may use the services of technology giants such as Amazon Web Services (AWS), Microsoft (Azure), or Google Cloud to store data on servers. These providers may potentially have access to User data to the extent necessary to maintain the infrastructure (e.g., if technically necessary). A relevant data processing agreement is concluded with each such provider, obliging them to secure the data and use it solely for the purpose of providing the service to the Controller.

Payment service providers: If the User makes a payment on the Website, transactions may be processed by external payment processors (e.g., online payment systems, banks, card issuers). Such entities become independent controllers of data relating to the payment itself (e.g., credit card details), but may receive certain information from us necessary to associate the payment with your account (e.g., User ID, payment amount, and payment purpose). Examples of recipients in this category include PayU, Przelewy24, PayPal, Stripe, and third-party platform operators (e.g., Apple App Store/iTunes, Google Play) – depending on the selected payment method. These entities process data in accordance with their privacy regulations and financial law.

Communication services and analytical tools: The Controller may use the services of companies supporting communication with Users (e.g., a transactional email and newsletter delivery system, a chatbot, a helpdesk ticketing system) or analytical tools (e.g., Google Analytics) to analyze website traffic. These service providers may process User data (e.g., email address, IP address, cookie ID) only on our behalf and at our request, based on data processing agreements. They may not use this data for their own purposes.

Technical partners and developers: Sometimes the Controller uses external IT specialists, interactive agencies, or freelancers to develop the Website, fix bugs, and test new features. These individuals may have access to data in the Website's database to the extent necessary to perform their tasks (e.g., during database development, data migration, integration of new modules). Each such collaboration is based on appropriate agreements obliging the contractors to maintain confidentiality and data security.

  • Entities affiliated with the Controller (affiliated companies, business partners): Sugardaddy.pl is part of a larger corporate group and collaborates with partners to provide its services. In particular, the Sugardaddy.pl Website is created in international cooperation – the brand rights belong to the Israeli company Sugar Inter Media Ltd (R.N. 515460095). For internal administrative and operational purposes, certain data may be shared with these affiliated entities, for example, for central service management, reporting, second-line technical support, or business analysis. Such sharing is based on a joint controllership or data entrustment agreement and is conducted in accordance with applicable data protection regulations. In the event of joint data control (e.g., by a parent company), Users will be informed of the key arrangements between the joint controllers (in accordance with Article 26 of the GDPR). Currently, the primary controller responsible for protecting the privacy of EU Users is DOURO DYNAMICS sp. z o.o. (the entity indicated in §1). Any transfer of data to partners outside the EEA takes place in accordance with §5 (Data Transfers Outside the EEA).

  • State authorities and authorized third parties: At the request of authorized public authorities (e.g., the Police, Prosecutor's Office, Court, President of the Personal Data Protection Office), the Controller may – in accordance with applicable law – transfer Users' personal data to these authorities if necessary and legally required (e.g., for the purposes of investigations or evidentiary proceedings). Furthermore, in the case of pursuing or defending legal claims, data may be made available to external law firms, experts, or debt collection agencies acting on behalf of the Controller and based on appropriate entrustment agreements or confidentiality obligations.

Data is transferred to each of the above recipients only to the extent necessary to achieve the given purpose (minimization principle) and with due respect for confidentiality and data security. The Controller requires its partners and suppliers to adhere to high standards of personal data protection in accordance with the GDPR.

§5. Transfer of data outside the European Economic Area (EEA)

Because we provide services in multiple countries, the sharing of user data described in §4 involves cross-border data transfers to the United States and Israel, where different data processing laws may apply. When transferring personal data outside the EEA, the United Kingdom, Switzerland, or other countries whose data protection laws have been deemed adequate by the European Commission, we typically rely on standard contractual clauses. These standard contractual clauses are commitments between the companies transferring personal data, obliging them to protect the privacy and security of your data. Data transfers outside the EEA are made in particular to the following recipients:

• Hosting, infrastructure, analytics, or payment service providers based in the United States, in particular: SendGrid (Twilio Inc.), Google LLC (Google Cloud Platform), and Cloudflare Inc. All of these providers are subject to the Data Privacy Framework (DPF).

• Companies incorporated under Israeli law within the SugarDaddy capital group: Sugar Inter Media Ltd (R.N. 515460095) and Snob Productions Ltd (R.N. 516645090). Israel has obtained a European Commission decision on the adequacy of personal data protection, issued under Article 45 of the GDPR, effective since 2011 and last confirmed in January 2024.

Detailed information on data recipients, target countries, and the safeguards applied is available upon request. To receive a copy of the standard contractual clauses or for more information, please contact us (contact details in §12).

§6. Data storage period

Your personal data will be stored no longer than necessary to fulfill the purposes for which it was collected. Retention periods may vary depending on the data category and the legal basis for processing. Below are the main principles regarding data retention time:

  • User account and profile data (registration, profile data, and content collected on the account): We retain it for the duration of your active account on the Website. Once you delete your account, this data is deleted or anonymized, meaning we remove any personally identifiable information. The deletion process may take up to 30 days from the time your account is deactivated (due to backups and system update cycles). Note: Publicly visible profile information will be deleted so that other Users have no access to it. However, certain minimal account data (e.g., unique identifier, email address) may be retained in our internal database in archived form for an additional period solely for billing or statistical purposes.
  • Data required to defend against claims or assert rights (archive): To protect against potential disputes, complaints, or claims, the Administrator may retain key information about the course of our relationship with the User after the service is terminated. This applies, for example, to: transaction and payment history, consents and declarations submitted by the User, communications with us, and basic account identification data. This data will be retained for a period corresponding to the statute of limitations for claims under civil law – as a rule, this is currently 6 years in property matters (for consumers, some claims may expire after 6 years, and some after 3 years). If the User files any claims or initiates proceedings (e.g., court proceedings), we may retain data until such proceedings are legally concluded and a decision is enforced. The basis for such archiving is our legitimate interest.
  • Financial and transactional data (e.g., proof of payment, invoices): We retain data for the period required by tax and accounting law. Accounting documents (e.g., VAT invoices) containing personal data (name, surname, address) must be retained for 5 years from the end of the fiscal year to which they relate (in accordance with the Accounting Act and the Tax Ordinance). After this time, they are destroyed in a manner that secures the data (unless longer storage is necessary due to ongoing tax or other proceedings).
  • Data processed based on consent for marketing purposes: If we process your data (e.g., email address) based on consent to send newsletters or other forms of marketing, we process this data until you withdraw your consent. Upon withdrawal of consent, we immediately cease using the data for this purpose. However, we may retain information about the fact of consent and its withdrawal for a certain period for evidentiary purposes (to demonstrate the legality of our past actions)—usually for the limitation period for claims, as described above. If you do not withdraw your consent but do not log in to the Website or interact with the content sent for an extended period (e.g., 2 years), we may ask you to renew your consent or decide to discontinue sending and delete marketing data after such a long period of inactivity.
  • Automatically collected data (system logs, activity data, cookies): We store basic event logs (server activity records) for up to 12 months from their recording – for IT security, diagnostics, and analysis purposes (unless longer storage is exceptionally necessary, e.g., as evidence in a breach investigation). Cookie data is stored for a period corresponding to the lifecycle of a given cookie – details can be found in the Cookie Policy. Session (temporary) cookies are typically deleted when you close your browser, while persistent cookies may last for a specified period (e.g., 3 months, 6 months, 1 year) depending on their purpose – after that time, they expire or are renewed with your consent. You can delete cookies yourself at any time (via your browser settings).
  • Correspondence and notification data: If you contact us (e.g., via email or contact form), we will retain the content of the correspondence and related data for as long as necessary to process the matter, and then for up to 2 years after the end of the contact – in case we need to refer to the findings in the future (legitimate interest of the Controller). If the correspondence concerns a complaint or the exercise of consumer rights, we may retain it for up to 1 year after the expiry of the warranty period or settlement of the complaint, in order to demonstrate compliance with legal obligations.

After the periods indicated above, your personal data will be deleted, anonymized, or securely pseudonymized (making it impossible to identify you unless identification is no longer necessary). In some cases, instead of completely deleting your data, we may permanently encrypt it or separate it from the active database (moved to an archive) if this is necessary for legitimate business or technical purposes. However, in such cases, the data will only be available on a limited basis (e.g., to the IT department) and will not be used for any active purposes.

§7. Rights of data subjects

In connection with the Controller's processing of your personal data, you have certain rights. Under the GDPR, you have the right to:

  • Right to access your data – you have the right to obtain confirmation as to whether we are processing your personal data and, if so, the right to receive a copy of your data and information about, among other things, the purposes of processing, data categories, recipients, and the planned retention period (all this information is also included in this Policy). The first copy of your data is free of charge; we may charge an administrative fee for subsequent copies.
  • Right to rectification – you have the right to request immediate rectification of your personal data that is inaccurate or outdated. Taking into account the purposes of processing, you also have the right to have incomplete data supplemented (e.g., by submitting an additional declaration). Users can independently correct and update most of their profile data through their account settings on the Website.
  • Right to erasure ("right to be forgotten")– you have, subject to Art. 63 of the GDPR. Under Article 17 of the GDPR, you have the right to request the deletion of your personal data, for example, when the data is no longer necessary for the purposes for which it was collected, when the consent on which the processing was based has been withdrawn and there is no other legal basis, or when you effectively object to the processing (see below). The Controller is also obligated to comply with your request to delete your data if the data processing was unlawful or if there is a legal obligation requiring the deletion of your data. Please note that in certain situations, the Controller may refuse to completely delete your data – this applies to situations where further processing is necessary to comply with a legal obligation or to establish, pursue, or defend legal claims (the Controller will inform you of this reason). The simplest way to delete most data is to delete your account on the Website – which will initiate the process of deleting your data from our systems (in accordance with §6).
  • Right to restriction of processing – you have the right to request that the Controller temporarily restrict the processing of your personal data (apart from storing it) in the following cases: (a) if you contest the accuracy of the data – for a period allowing us to verify its accuracy; (b) if processing is unlawful and you object to the erasure of the data and instead request the restriction of its use; (c) if we no longer need the data for our purposes, but you require it to establish, exercise, or defend legal claims; (d) if you have objected to processing – until we determine whether our legitimate interest overrides the grounds for objection. During the processing restriction period, we will only store the data or process it only with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another person. You will be informed of the lifting of the restriction.
  • Right to data portability – to the extent that data is processed based on consent (Article 6(1)(a)) or on a contract (Article 6(1)(b)) and the processing is automated – you have the right to receive your personal data from us in a structured, commonly used, machine-readable format (e.g., CSV, JSON, or similar format). You can also instruct us to transmit this data directly to another designated controller, provided it is technically feasible. This right applies to data you have provided to us (e.g., via a registration form or in your profile settings).
  • Right to object to processing – you have the right to object at any time to the processing of your personal data based on the legitimate interest of the Controller (Article 6(1)(f) GDPR) – for reasons relating to your particular situation. In such a case, we will consider the objection and cease processing the data for that purpose unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending legal claims. However, if the data is processed for direct marketing purposes, the objection is always effective and unconditional – if we receive an objection to marketing, we will cease such processing immediately. You can raise an objection, for example, by sending an email with the relevant request (see §12).
  • Right to withdraw consent – If we process any of your data based on consent (Article 6, paragraph 1, letter a of the GDPR), you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, we will no longer process the data for the purposes for which consent was required. For example, you can withdraw your consent to receive the newsletter by clicking the "unsubscribe" link available in the footer of each message or by changing the notification settings in your account. Other consents (e.g., to cookies) can be withdrawn by changing your browser settings or using the consent management mechanism on our website.
  • Right to lodge a complaint with a supervisory authority – If you believe that our processing of your personal data violates the GDPR or other data protection regulations, you have the right to lodge a complaint with the appropriate supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO), based in Warsaw (address: ul. Stawki 2, 00-193 Warsaw). You can submit a complaint directly to PUODO (e.g., in writing or via the electronic form on the office's website). We would be grateful if you would first communicate your concerns to us – we will try to clarify them and resolve any issues.

To exercise your rights, you can contact us at any time – all contact details and instructions on how to exercise your rights can be found in §12 below. We process requests and applications regarding Users' rights promptly, no later than one month after receiving them (this deadline may be extended, if necessary, to a maximum of two additional months due to the complex nature of the request or the number of requests – in such a case, we will inform you of the extension and the reasons for it). Exercising your rights is generally free of charge; we may only charge a fee in the event of a clearly unfounded or excessive request (especially if repetitive).

§8. Voluntary provision of data and consequences of failure to provide it

Providing personal data required for account registration and completing a profile on the Website is voluntary, but necessary to use our services. This means that if you do not provide us with certain information marked as mandatory (e.g., email address, login, password, date of birth confirming age), we will not be able to create an account or provide you with the Website's services.

During registration and use of the Website, we clearly indicate which data is required and which is optional. Providing optional data (e.g., detailed profile information, additional photos, "About Me" section) is your decision – however, this serves to enhance the attractiveness of your profile and facilitate establishing relationships with other Users. Failure to provide optional data does not result in negative consequences in the form of inability to access the Website; however, it may limit your ability to use all of its features (e.g., profiles with minimal information may be less frequently visited by other Users).

In certain situations, we may request additional information after registration – for example, if it is necessary for age verification (requesting proof of age or over 18 years), to process a complaint (requesting contact information or details of the event), or to issue an invoice (invoice data). Providing such data is always voluntary, but failure to provide it may prevent us from taking certain actions on your behalf (e.g., without information confirming the validity of a complaint, we may not honor a claim, without invoice data, we will not be able to issue a named invoice, etc.).

If we collect your data based on consent (e.g., consent to marketing activities, consent to the use of certain cookies), providing such consent is entirely voluntary. However, failure to do so may result in you not receiving certain marketing content (e.g., the newsletter) or in some Website functionalities not being available (e.g., personalized recommendations based on cookies may not function fully without consent). You have the right to withdraw your consent at any time (see §7).

In summary: failure to provide the required data will prevent you from using the Website, and failure to provide optional data or consent may result in limited functionality but will not block access entirely. Where we collect data based on a statutory requirement (e.g., for accounting purposes), providing this data may be a statutory obligation – in which case we will inform you about this separately.

§9. Cookies and Similar Technologies

We use cookies and similar technologies (such as local storage, pixel tags, scripts) on the Website to ensure proper operation of the website, facilitate its use, and for analytical, personalization, and advertising purposes. Cookies are small text files stored on the User's device (computer, smartphone) when visiting the Website.

We use cookies to process IT data that may constitute personal data within the meaning of the GDPR (e.g., IP address, device identifier, User ID assigned to a cookie, activity data). We use both technically necessary cookies (ensure login, navigation, and security), functional cookies (remembering preferences), analytical cookies (used to collect statistics on User traffic and behavior – e.g., Google Analytics), and advertising cookies (enabling the display of interest-based advertisements).

Detailed information about the types of cookies used, their purposes, storage periods, and how you can manage them can be found in a separate document – the Cookie Policy (or Cookie Policy), available on our website. We encourage you to read it to thoroughly understand which cookies we use and how you can manage them (e.g., through browser settings or the dedicated cookie preference panel on the website).

During your first visit to the Website, we display a message (cookie banner) informing you about the use of cookies and asking for your consent to the use of non-essential cookies. You can change your cookie settings at any time – instructions can be found in the aforementioned Cookie Policy.

We would like to emphasize that we do not use cookies to identify you in real life or to obtain any confidential information. Cookies are used to improve your experience using the Website (e.g., they remember your session so you don't have to log in each time) and allow us to analyze and improve our services. Advertising cookies may use your data with your consent – if you do not wish to receive personalized ads, please decline consent to these cookies or disable them.

More details – https://sugardaddy.pl/pl/info/polityka-plikow-cookie

(which constitutes an integral supplement to this Privacy Policy).

§10. Services for Persons Over 18 Years of Age

The Website is not intended for persons under 18 years of age. According to the Website's terms and conditions, registration and use of our services are permitted only to adults (18+). We do not offer our services to minors, nor do we target them with our offerings.

The Administrator does not knowingly collect personal data from minors. During the registration process, we require proof of age (by providing a date of birth indicating 18 years of age or older). If reasonable doubts arise regarding the User's age during the use of the Website, the Administrator may request additional verification (e.g., presentation of an ID solely to confirm date of birth). Refusal to provide such verification or confirmation that the User is under 18 years of age will result in the account being blocked or deleted.

If, despite our security measures, a person under 18 registers on the Website with false information, they should immediately notify the Administrator. If we receive credible information that we are processing the data of a child under 18, we will take appropriate steps to remove this data from our database and, if possible, delete the account of such person.

We recommend that parents and legal guardians supervise the online activity of minors. Our Website addresses topics targeted at adults (regarding relationships such as "sugar dating"), and therefore we strongly advise against making it available to minors.

§11. Automated Decision-Making, Including Profiling

The Administrator may use automated data processing, including profiling, as part of the operation of the Website. However, the Administrator does not make decisions that produce legal effects or significantly affect Users solely based on automated processing (i.e., without human intervention) within the meaning of Article 22 of the GDPR. This means that no key decisions regarding your rights or access to services are made automatically – there is always human intervention in the decision-making process, or these decisions do not significantly impact your rights. Please note that certain technical processes on the Website are automated – for example, the system automatically completes registration (conclusion of the Agreement) and activates the User Account after meeting the required conditions (providing the required data, accepting the Terms and Conditions, etc.). This is a technical action enabling immediate access to services and does not constitute a decision that has negative legal consequences for the User.

Profiling that occurs on the Website is partially described in §3 (profiling for partner matching, content personalization, and possibly marketing purposes). It involves the IT system analyzing the information and activity you provide (e.g., demographic data, profile preferences, search and contact history) and, based on this, automatically assessing which content or other Users may be of interest to you. For example, the algorithm may highlight profiles of people in search results that most closely match your declared criteria (e.g., age, location), or it may suggest people in the "Suggested Partners" section with whom you have the highest profile compatibility. Similarly, in the area of internal advertising, profiling means that, for example, male Users may be shown different promotional content than female Users, etc.

The main consequence of such profiling is to personalize the User's experience on the Website – receiving more tailored suggestions and finding the desired contacts more quickly. Profiling may also influence the tailoring of marketing content (for example, if you have consented to marketing or advertising cookies, an algorithm may decide to display an advertisement for a specific premium offer, considering your activity to be attractive to you).

We emphasize that profiling on the Website does not lead to any discriminatory consequences or deprive you of any essential rights. For example, we do not automatically reject registrations based on profiles, nor do we assess a user's "trustworthiness" solely by machine, etc. All decisions regarding potential access restrictions (e.g., blocking an account for violating the Terms of Service) are made with human involvement – although the system may automatically report a suspicious account for review. Users always have the option to appeal the decision and seek intervention from our staff.

If you do not consent to profiling, you have the right to object (described in §7). Upon receipt of your objection, we will limit or disable profiling of your account (e.g., we will not suggest partners to you, and search results may be sorted randomly or chronologically instead of by relevance). However, please remember that some profiling is an inherent part of the service we provide – for example, without data analysis, we would not be able to offer any matches between Sugar Daddies and Sugar Babies, which is the primary purpose of the Website. However, we always strive to accommodate your requests and find a solution that respects your rights while still allowing you to use the Website to its basic extent.

The Administrator does not currently use any other forms of automated decision-making (as defined in Article 22 of the GDPR) beyond the profiling mechanisms described above. If this were to change in the future, you will be notified by updating this Privacy Policy, along with information on the principles of making such decisions, their significance, and the anticipated consequences for you.

§12. Contact and Final Provisions

Privacy Contact: For all matters concerning this Privacy Policy, the processing of your personal data, and the exercise of your rights, you can contact the Controller as follows:

Email address: [email protected] Postal address: ul. Michała Kleofasa Ogińskiego 11/9, 03-318 Warsaw, Poland

We prefer contact by email – this will allow for the fastest response. We respond to messages regarding personal data protection without undue delay, generally within 7 business days. If your message concerns the exercise of a specific right or a report of an infringement and its review will require more time, we will inform you of the expected response date (no later than one month, in accordance with the GDPR).

This Privacy Policy is reviewed on an ongoing basis and updated as necessary. The current version of this document is effective as of June 20, 2025. We will notify Users of any significant changes to the Policy through the Website (e.g., a message upon login or email). We encourage you to regularly review the Privacy Policy to stay up to date on how we protect your data.

Thank you for reading our Privacy Policy. We make every effort to ensure your data is secure and that your use of the Website is comfortable and privacy-safe. If you have any questions or concerns, please contact us at the contact details provided above.

Quick Links

SugarDaddy dating website logo

Contact: [email protected]