B2B Outreach Privacy Notice
Last updated: 2026-05-13
This notice explains how Sonia Sp. z o.o. processes personal data
of contact persons at companies we approach for B2B partnerships. It is provided under
Articles 13 and 14 of the EU General Data Protection Regulation (GDPR).
1. Who we are (Data Controller)
- Legal entity
- Sonia Sp. z o.o.
- Registered office
- ul. prof. Ludwika Chmaja 6, 35-021 Rzeszow, Poland
- Court register
- KRS 0000199077
- VAT-EU
- PL8131097731
- REGON
- 690365224
- Contact for data matters
- privacy@sonia-b2b.eu
2. What data we process
For B2B prospects we typically hold:
- Business email address (e.g.
name@company.com or sales@company.com)
- Full name (where publicly available)
- Job title and role at the employer (where publicly available)
- Employer company name, domain, country, and public business contact details
- Public professional links (e.g. LinkedIn URL)
- Records of correspondence with us (sent emails, replies, unsubscribe events)
We do not process special categories of data (Art. 9 GDPR).
3. Where we got your data (Art. 14)
We obtained your data from publicly available sources:
- Your company website (contact pages, team pages)
- Public B2B directories and trade publications (e.g. Cosmoprof, Europages)
- Public LinkedIn company profiles
We do not buy mailing lists and we do not scrape private/closed sources.
4. Why we process it (purpose & legal basis)
- Purpose
- To send a single business proposal regarding a B2B partnership (wholesale of cosmetics) and to follow up if you express interest.
- Legal basis
- Legitimate interest of the controller (Art. 6(1)(f) GDPR) - direct B2B marketing to a relevant audience.
We balanced our interest against your rights and concluded that the contact is proportionate because:
(i) the message goes to a business address of someone whose role plausibly relates to purchasing decisions,
(ii) the content is strictly professional, and
(iii) you can opt out at any moment with one click.
- You may object
- at any time, including by clicking the unsubscribe link in any email we send you (Art. 21 GDPR).
5. How long we keep it
- Active prospects: up to 24 months from last meaningful contact.
- If you unsubscribe: we permanently retain your email and company domain on a suppression list. This is required to honour your opt-out and prevent re-contact. No content data is retained.
- Replies and correspondence: retained for the duration of any resulting business relationship, plus the statutory accounting/tax retention period (currently 5 years from end of the relevant fiscal year, Polish accounting law).
6. Who we share data with
- Email delivery providers (Zoho Mail, Smartlead) acting as processors under Art. 28 GDPR.
- Hosting and database providers (AWS, Railway, PostgreSQL).
- Accounting/tax authorities where required by law.
We do not sell or rent your data.
7. International transfers
Some processors (e.g. AWS) may process data outside the EEA. Such transfers are covered by
Standard Contractual Clauses (Art. 46 GDPR) or other approved safeguards.
8. Your rights (Art. 15-21 GDPR)
At any time you may:
- Request access to your data (Art. 15)
- Request correction (Art. 16)
- Request erasure (Art. 17) - subject to retention obligations above
- Request restriction of processing (Art. 18)
- Request data portability (Art. 20)
- Object to processing at any time, including direct marketing (Art. 21) - this stops outreach immediately
- Lodge a complaint with a supervisory authority (Art. 77) - in Poland: UODO; you may also contact your local DPA
To exercise any right: email privacy@sonia-b2b.eu. We respond within 30 days.
9. Automated decisions
We do not make automated decisions producing legal effects in relation to you (Art. 22 GDPR). A salesperson reviews every email before it is sent.
10. Changes
We may update this notice. The current version is always at sonia-b2b.eu/privacy-b2b.html.
Material changes will be reflected in the "Last updated" date.