## Privacy Policy **GREMI PERSONAL Limited Liability Company** ### § 1. General provisions This document defines the rules for storing and accessing information on the User’s devices through Cookies used to provide electronic services by the Controller, as well as issues related to the collection, processing, and protection of personal data via the domain (hereinafter referred to as the “Service”). The Service Provider processes the Personal Data of the data subjects in accordance with applicable law, in particular the laws of Poland and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). ### § 2. Definitions - **Controller** – Gremi Personal Sp. z o.o. (Gdańsk), which provides electronic services, stores and accesses information on the User’s devices, and collects and processes their personal data. - **Cookies** – information data, in particular small text files, stored on devices through which the User uses the Service’s websites. - **Device** – an electronic device through which the User gains access to the Service. - **Personal data** – any information relating to an identified or identifiable natural person (e.g., name, surname, identification number, location data, online identifier, etc.). - **User** – a person who may be provided with electronic services or with whom a contract for the provision of such services may be concluded, and who provides their personal data through the domain . - **Processing** – any operations performed on Personal Data (collection, storage, viewing, modification, deletion, etc.), whether automated or non-automated. - **Processor** – an entity that processes Personal Data on behalf of the Controller. ### § 3. Scope and purpose of data collection Personal data are processed to ensure the functioning of the Service, in particular for: - concluding contracts and fulfilling orders; - maintaining the operation and security of the Service, detecting abuse, conducting analyses; - preparing and presenting personalized advertising, offers, sending informational materials (including newsletters); - publishing content. **Data categories by purpose**: - **For contract conclusion**: name, surname, address, phone, IP address, Cookies, and other data provided by the User. - **For security and analytics**: name, surname, address, IP, Cookies. - **For marketing**: name, surname, PESEL, e-mail, phone, address, IP, Cookies. - **For content publication**: name, surname, e-mail, nickname, IP, Cookies. ### § 4. Legal basis for data processing - consent of the data subject; - necessity for the performance of a contract or to take steps prior to its conclusion; - fulfillment of the Controller’s legal obligation; - legitimate interest of the Controller or a third party. ### § 5. Retention period Personal data are stored as long as there is a legal basis for their processing, or longer if required by law (e.g., for legal proceedings). After the retention period, the data are deleted or anonymized. ### § 6. Voluntary provision of data Providing data is voluntary, but necessary for the achievement of the specified purposes. ### § 7. Cookies When using the Service, data are automatically collected through system logs and Cookies. From the moment the User connects to the Service, the IP address, device type, connection time, and activity data are recorded. Both session Cookies (deleted after closing the browser) and persistent Cookies (stored for a defined time) are used. The User may change Cookie settings or delete them in their browser. Restrictions on the use of Cookies may affect the functionality of the Service. Partner Cookies are also used for advertising and analytics. ### § 8. Rights and obligations of the Controller - The Controller may transfer data to authorized authorities in accordance with the law. - Data processing may be entrusted to subcontractors (hosting, technical support, marketing, etc.). ### § 9. Data processing by Processors - Processing is carried out only for the purposes specified in the Privacy Policy. - Processing is allowed only within the EU/EEA. - The Processor is required to apply appropriate technical and organizational security measures. - Data modification/deletion may only take place upon the Controller’s instruction. - The use of data for other purposes or disclosure to third parties is prohibited. ### § 10. User’s rights The User has the right to: 1. withdraw consent; 2. access their data; 3. request rectification or deletion of data; 4. restrict processing; 5. object to processing; 6. receive a copy of their data in a machine-readable format. Requests should be sent by e-mail to: [iod@gremi-personal.com](mailto:iod@gremi-personal.com), or by post to: **GREMI PERSONAL Sp. z o.o.**, ul. Wały Piastowskie 1/1415, 80-855 Gdańsk. ### § 11. Data protection The Controller applies necessary technical and organizational measures to protect data and regularly tests their effectiveness. ### § 12. Final provisions In matters not regulated by the Privacy Policy, applicable law shall apply, including the GDPR.

## Cookie Usage Policy ### 1. Introduction This website uses cookies to ensure its proper functioning, improve functionality, collect visit statistics, and personalize content and advertising. This Policy explains what cookies are, what types we use, for what purposes, how you can manage their use, and how to withdraw your consent. ### 2. What are cookies Cookies are small text files that are stored in your browser or on your device when you visit a website. ### 3. Types of cookies we use - **Necessary (technical)** — ensure the functioning of the website (e.g., authentication, privacy settings). - **Analytical / statistical** — allow analysis of how visitors use the website (Google Analytics, etc.). - **Marketing / advertising** — used to display relevant advertising (e.g., Google Ads, Meta Pixel). ### 4. Duration of storage - **Session cookies** — deleted after closing the browser. - **Persistent cookies** — remain on the device for a defined period or until deleted. ### 5. Use of third-party services We may use third-party cookies, including: - Google Analytics (USA / Ireland) - Meta Platforms (Facebook, Instagram) - Other marketing and analytical tools ### 6. Legal basis for processing - **Necessary cookies** — the legitimate interest of the controller (**Art. 6(1)(f) GDPR**). - **Analytical, marketing, functional cookies** — your prior consent (**Art. 6(1)(a) GDPR**; **Art. 173–174 Telecommunications Law**). ### 7. Managing and withdrawing consent You can change your cookie settings through the consent banner or in your browser: - Google Chrome - Mozilla Firefox - Safari - Microsoft Edge ### 8. Your rights You have the right to: - access your personal data, - rectify them, - delete them, - request restriction of processing, - object to the processing of personal data, - withdraw your consent at any time without affecting the lawfulness of processing before its withdrawal. ### 9. Data controller **Gremi Personal Sp. z o.o.**, ul. Wały Piastowskie 1/1415, 80-855 Gdańsk, Poland KRS: 0000462184 · NIP: 9282077796 · REGON: 081132767 Contact: [iod@gremi-personal.com](mailto:iod@gremi-personal.com) ### 10. Policy updates We may update this Policy from time to time. **Last updated:** 04/22/2026.

Privacy Policy

GREMI PERSONAL Limited Liability Company

§ 1. General provisions

This document defines the rules for storing and accessing information on the User’s devices through Cookies used to provide electronic services by the Controller, as well as issues related to the collection, processing, and protection of personal data via the domain https://gremi-personal.com (hereinafter referred to as the “Service”).

The Service Provider processes the Personal Data of the data subjects in accordance with applicable law, in particular the laws of Poland and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).

§ 2. Definitions

Controller – Gremi Personal Sp. z o.o. (Gdańsk), which provides electronic services, stores and accesses information on the User’s devices, and collects and processes their personal data.
Cookies – information data, in particular small text files, stored on devices through which the User uses the Service’s websites.
Device – an electronic device through which the User gains access to the Service.
Personal data – any information relating to an identified or identifiable natural person (e.g., name, surname, identification number, location data, online identifier, etc.).
User – a person who may be provided with electronic services or with whom a contract for the provision of such services may be concluded, and who provides their personal data through the domain https://gremi-personal.com.
Processing – any operations performed on Personal Data (collection, storage, viewing, modification, deletion, etc.), whether automated or non-automated.
Processor – an entity that processes Personal Data on behalf of the Controller.

§ 3. Scope and purpose of data collection

Personal data are processed to ensure the functioning of the Service, in particular for:

concluding contracts and fulfilling orders;
maintaining the operation and security of the Service, detecting abuse, conducting analyses;
preparing and presenting personalized advertising, offers, sending informational materials (including newsletters);
publishing content.

Data categories by purpose:

For contract conclusion: name, surname, address, phone, IP address, Cookies, and other data provided by the User.
For security and analytics: name, surname, address, IP, Cookies.
For marketing: name, surname, PESEL, e-mail, phone, address, IP, Cookies.
For content publication: name, surname, e-mail, nickname, IP, Cookies.

§ 4. Legal basis for data processing

consent of the data subject;
necessity for the performance of a contract or to take steps prior to its conclusion;
fulfillment of the Controller’s legal obligation;
legitimate interest of the Controller or a third party.

§ 5. Retention period

Personal data are stored as long as there is a legal basis for their processing, or longer if required by law (e.g., for legal proceedings). After the retention period, the data are deleted or anonymized.

§ 6. Voluntary provision of data

Providing data is voluntary, but necessary for the achievement of the specified purposes.

§ 7. Cookies

When using the Service, data are automatically collected through system logs and Cookies. From the moment the User connects to the Service, the IP address, device type, connection time, and activity data are recorded.

Both session Cookies (deleted after closing the browser) and persistent Cookies (stored for a defined time) are used.

The User may change Cookie settings or delete them in their browser. Restrictions on the use of Cookies may affect the functionality of the Service.

Partner Cookies are also used for advertising and analytics.

§ 8. Rights and obligations of the Controller

The Controller may transfer data to authorized authorities in accordance with the law.
Data processing may be entrusted to subcontractors (hosting, technical support, marketing, etc.).

§ 9. Data processing by Processors

Processing is carried out only for the purposes specified in the Privacy Policy.
Processing is allowed only within the EU/EEA.
The Processor is required to apply appropriate technical and organizational security measures.
Data modification/deletion may only take place upon the Controller’s instruction.
The use of data for other purposes or disclosure to third parties is prohibited.

§ 10. User’s rights

The User has the right to:

withdraw consent;
access their data;
request rectification or deletion of data;
restrict processing;
object to processing;
receive a copy of their data in a machine-readable format.

Requests should be sent by e-mail to: [email protected], or by post to:
GREMI PERSONAL Sp. z o.o., ul. Wały Piastowskie 1/1415, 80-855 Gdańsk.

§ 11. Data protection

The Controller applies necessary technical and organizational measures to protect data and regularly tests their effectiveness.

§ 12. Final provisions

In matters not regulated by the Privacy Policy, applicable law shall apply, including the GDPR.

Information Obligation

Controller

Gremi Personal Sp. z o.o., ul. Wały Piastowskie 1/1415, 80-855 Gdańsk, Poland
KRS: 0000462184 · NIP: 9282077796 · REGON: 081132767
Contact: [email protected]

Legal basis and purpose of data processing

Your personal data, including your name, surname, and email address, are processed on the basis of Article 6(1)(f) GDPR (legitimate interest of the Controller) to carry out marketing activities regarding its products and services.
The Controller has conducted a balance of interests assessment, which shows that its interests do not infringe the rights and freedoms of the data subject.

Source of data

The data have been obtained from publicly available sources where they were voluntarily provided by you for contact purposes, in particular from publicly accessible websites or business registers.

Recipients of data

The data may be transferred to third parties that, on behalf of the Controller, carry out the distribution of marketing messages. Such transfers are made on the basis of a data processing agreement in accordance with Article 28 GDPR.

Data retention period

The data will be processed for the duration of the marketing campaign, but no longer than 3 months from the date of acquisition, unless you object to their processing earlier.

Voluntary provision of data

Providing personal data is voluntary; however, failure to provide them may prevent you from receiving marketing information.

Rights of the data subject

You have the right to:

access your personal data,
rectify them,
request restriction of processing,
erase the data,
object to the processing of personal data.

Automated decision-making

Your personal data will not be used for automated decision-making, including profiling.

Right to lodge a complaint

If you consider that the processing of data is not compliant with the law, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.

Cookie Usage Policy

1. Introduction

This website uses cookies to ensure its proper functioning, improve functionality, collect visit statistics, and personalize content and advertising. This Policy explains what cookies are, what types we use, for what purposes, how you can manage their use, and how to withdraw your consent.

2. What are cookies

Cookies are small text files that are stored in your browser or on your device when you visit a website.

3. Types of cookies we use

Necessary (technical) — ensure the functioning of the website (e.g., authentication, privacy settings).
Analytical / statistical — allow analysis of how visitors use the website (Google Analytics, etc.).
Marketing / advertising — used to display relevant advertising (e.g., Google Ads, Meta Pixel).

4. Duration of storage

Session cookies — deleted after closing the browser.
Persistent cookies — remain on the device for a defined period or until deleted.

5. Use of third-party services

We may use third-party cookies, including:

Google Analytics (USA / Ireland)
Meta Platforms (Facebook, Instagram)
Other marketing and analytical tools

6. Legal basis for processing

Necessary cookies — the legitimate interest of the controller (Art. 6(1)(f) GDPR).
Analytical, marketing, functional cookies — your prior consent (Art. 6(1)(a) GDPR; Art. 173–174 Telecommunications Law).

7. Managing and withdrawing consent

You can change your cookie settings through the consent banner or in your browser:

Google Chrome
Mozilla Firefox
Safari
Microsoft Edge

8. Your rights

You have the right to:

access your personal data,
rectify them,
delete them,
request restriction of processing,
object to the processing of personal data,
withdraw your consent at any time without affecting the lawfulness of processing before its withdrawal.

9. Data controller

Gremi Personal Sp. z o.o., ul. Wały Piastowskie 1/1415, 80-855 Gdańsk, Poland
KRS: 0000462184 · NIP: 9282077796 · REGON: 081132767
Contact: [email protected]

10. Policy updates

We may update this Policy from time to time. Last updated: 04/22/2026.