Skip to main content

Privacy Policy

Effective date: 1 January 2025

Introduction

Knapsack Ltd ("Stalmio", "we", "us", or "our"), incorporated in England and Wales and trading as Stalmio, is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use the Stalmio platform, and describes your rights under UK GDPR, the UK Data Protection Act 2018, and the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable.

Data Controller

Data Controller: Knapsack Ltd, incorporated in England and Wales, trading as Stalmio. Data Protection contact: privacy@stalmio.com. As a UK company systematically targeting EU residents, we have appointed an EU GDPR representative as required by Article 27 GDPR; contact us at privacy@stalmio.com for details.

Data We Collect

We collect the following categories of personal data: (a) Account data — name, email address, phone number, company name, and password hash when you register; (b) Listing data — machinery details, photographs, pricing, and location information you submit; (c) Communication data — messages exchanged through the platform; (d) Usage data — IP address, browser type, pages visited, and interaction logs collected automatically; (e) Payment data — billing address and transaction records (payment card details are processed by our payment provider and not stored by us).

Legal Basis for Processing

We process your personal data on the following legal bases: (a) Contract performance (Article 6(1)(b) GDPR) — to provide the Service and manage your account; (b) Legitimate interests (Article 6(1)(f) GDPR) — to improve the Service, prevent fraud, and ensure platform security; (c) Legal obligation (Article 6(1)(c) GDPR) — to comply with tax, accounting, and other legal requirements; (d) Consent (Article 6(1)(a) GDPR) — for optional analytics and marketing cookies, where you have given consent.

Retention Periods

We retain personal data for as long as necessary for the purposes set out in this Policy: Account data is retained for the duration of your account plus 3 years for legal compliance. Transaction records are retained for 7 years as required by Polish tax law. Usage logs are retained for 12 months. You may request deletion of your data at any time, subject to our legal retention obligations.

Your Data Subject Rights

Under GDPR (EU and UK), you have the following rights: (a) Right of access — request a copy of your personal data; (b) Right to rectification — correct inaccurate data; (c) Right to erasure — request deletion of your data ('right to be forgotten'); (d) Right to data portability — receive your data in a structured, machine-readable format; (e) Right to object — object to processing based on legitimate interests; (f) Right to restrict processing — request that we limit how we use your data. To exercise any of these rights, contact us at privacy@stalmio.com. We will respond within 30 days.

International Transfers

Your data is primarily processed within the European Economic Area (EEA). Where we transfer data outside the EEA (for example, to cloud infrastructure providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission. For transfers to the UK following Brexit, we rely on the UK adequacy decision or equivalent safeguards.

Cookies

We use cookies and similar technologies on our website. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.

Right to Complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk. If you are located in the EU, you may also contact your national data protection authority (e.g. UODO in Poland at uodo.gov.pl, CNIL in France at cnil.fr, or AEPD in Spain at aepd.es).

Contact Us

For any privacy-related questions or to exercise your rights, please contact our Data Protection contact at privacy@stalmio.com