GDPR COMPLIANCE

Sasha Enterprises

Trading as: Sasha Enterprises

Website: https://sashaenterprises.com

Email: info@sashaenterprises.com

Registered Address: Sasha Enterprises, Cuffe Parade, 13, H 134, MAKER TOWER, G D SOMANI MARG, Mumbai, Maharashtra, 400005, India

This notice applies to individuals in the European Economic Area (“EEA”), the United Kingdom, and other persons whose personal data is protected by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or UK GDPR in relation to our processing activities.

1. Controller

The data controller for purposes of this Website and related B2B communications is:

Sasha Enterprises

Email: info@sashaenterprises.com

Address: Sasha Enterprises, Cuffe Parade, 13, H 134, MAKER TOWER, G D SOMANI MARG, Mumbai, Maharashtra, 400005, India

2. Data We Process

We may process identity, business contact, enquiry, transaction, technical, communications, and cookie-related data as described in our Privacy Policy.

3. Purposes and Legal Bases

We process personal data for: responding to enquiries and business requests; preparing quotations and contract discussions; performing contracts and managing transactions; supplier, customer, and compliance due diligence; security, fraud prevention, and internal administration; lawful marketing and relationship management; and compliance with legal obligations.

Legal bases may include:

• Consent (Article 6(1)(a)): for email and WhatsApp business communications, non-essential cookies, and marketing activities. Consent is freely given, specific, informed, and unambiguous, and may be withdrawn at any time.

• Legitimate interests (Article 6(1)(f)): for responding to B2B trade enquiries, maintaining business relationships, website analytics, and fraud prevention. We conduct a balancing test to ensure our interests do not override your rights.

• Contractual necessity (Article 6(1)(b)): where processing is necessary to perform or prepare for a business contract.

• Legal obligation (Article 6(1)(c)): where required by applicable EU, UK, or Indian law.

4. Your GDPR Rights

Subject to applicable conditions and limitations, you have the right to:

• be informed about processing (Articles 13–14);
• access your personal data (Article 15);
• rectify inaccurate or incomplete data (Article 16);
• erase personal data in appropriate circumstances (Article 17);
• restrict processing (Article 18);
• data portability — receive your data in a structured, commonly used, machine-readable format (Article 20);
• object to processing, including direct marketing — where you object to direct marketing, processing will cease immediately (Article 21);
• withdraw consent at any time without affecting the lawfulness of prior processing (Article 7(3)); and
• not be subject solely to automated decision-making producing legal or similarly significant effects (Article 22).

5. How to Exercise Your Rights

Submit requests to: info@sashaenterprises.com

We will respond within thirty (30) days. If the request is complex or we receive a high volume of requests, we may extend this by a further sixty (60) days, with notice. We may request verification of your identity before processing.

6. International Transfers

Personal data of EU/EEA/UK individuals may be transferred to India and other countries where our operations, partners, or service providers are located. For such transfers, we rely on:

• Standard Contractual Clauses (SCCs) as approved by the European Commission under Decision 2021/914;
• adequacy decisions, where applicable;
• other Article 46 safeguards as appropriate, including binding corporate rules where applicable; and
• supplementary technical or organisational measures where appropriate.

You may request a copy of the safeguards in place by contacting us at info@sashaenterprises.com.

7. Data Protection Contact

For GDPR requests or complaints, contact:

EU / GDPR Privacy Contact

Email: info@sashaenterprises.com

8. Complaints

You also have the right to lodge a complaint with your local data protection authority in the EEA or UK.

9. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects EU/EEA/UK individuals.