Skip to Main Content

privacy policy

Last updated: 20.08.2025

This Privacy Policy describes how GALEON Spółka z ograniczoną odpowiedzialnością spółka komandytowa, with its registered office at ul. Starogardzka 22, 83-010 Straszyn, Poland, entered into the National Court Register under KRS number 000031857 (“GALEON”, “we”, “our”, “us”), processes personal data and uses cookies when you access or use the Website https://galeon.yachts (“Website”).

We are committed to ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data Controller

The controller of your personal data is:

GALEON Spółka z ograniczoną odpowiedzialnością spółka komandytowa

ul. Starogardzka 22,

83-010 Straszyn,

Poland

KRS: 000031857

Contact:

Data Protection Officer (DPO):

Małgorzata Tarasiuk

Email: iod@galeon.pl

2. Categories of Data Processed

We may process the following categories of data:

  • Information you provide directly: name, surname, email address, phone number, company details (e.g., through contact forms, newsletter sign-ups, or contracts).
  • Contract and billing data: data necessary for preparing offers, entering into and performing contracts, invoicing, and compliance with accounting/tax regulations.
  • Automatically collected information: IP address, device and browser identifiers, operating system, geolocation data (approximate), and browsing activity on the Website.
  • Marketing and newsletter data: information on interactions with newsletters (e.g., open rates, link clicks) and preferences regarding marketing communications.

3. Purposes of Processing

We process personal data for the following purposes:

  1. Service delivery and contract execution – preparing offers, concluding and executing contracts, production and sale of goods, and providing advisory services.
  2. Legal compliance – fulfilling obligations arising from applicable laws (e.g., tax, accounting, and financial reporting).
  3. Legitimate interests – safeguarding claims, preventing fraud, maintaining IT systems, sending business correspondence, and conducting limited direct marketing of GALEON’s products and services.
  4. Marketing and communication – sending newsletters, advertising our products and services, and analyzing campaign performance.
  5. Website performance and analytics – monitoring traffic, improving user experience, and tailoring advertising content.

4. Legal Basis for Processing (GDPR)
  • Contract (Art. 6(1)(b) GDPR): Processing necessary to perform or prepare a contract.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing necessary for compliance with legal requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR): For fraud prevention, securing claims, ensuring IT security, and direct marketing of GALEON’s products.
  • Consent (Art. 6(1)(a) GDPR): For newsletter subscriptions, marketing tracking, and use of cookies for analytics/advertising.

    • 5. Data Retention

    We retain personal data only for as long as necessary to fulfill the purposes outlined above, specifically:

    • Contract data: until contract completion, and thereafter for the period required by law (e.g., 5 years for financial settlement with tax authorities).
    • Complaint data: 2 years from delivery date.
    • Marketing and newsletter data: until consent is withdrawn.
    • Data processed under legitimate interests: for the period necessary to pursue or defend claims.

    6. Data Recipients

    Personal data may be disclosed to:

    • Authorized employees and contractors of GALEON.
    • Professional service providers (legal, tax, accounting, IT, and advisory).
    • Marketing and analytics providers (Google, Meta, MailerLite).
    • Public authorities, where required by law.

    We do not transfer personal data to third countries outside the EEA unless required by service providers (e.g., Google, Meta, MailerLite). In such cases, appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms) are applied.

    7. Your Rights

    Under GDPR and applicable laws, you may exercise the following rights:

    • Access: obtain confirmation of whether your personal data is processed and access a copy.
    • Rectification: correct inaccurate or incomplete data.
    • Erasure: request deletion of personal data where legally permissible.
    • Restriction: request limitation of processing.
    • Data portability: receive your data in a structured format and transmit it to another controller.
    • Objection: object to processing based on legitimate interests, including direct marketing.
    • Withdrawal of consent: withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

    You also have the right to lodge a complaint with the President of the Polish Data Protection Authority (UODO) or another competent supervisory authority.

    8. Security

    We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. Data processing is carried out in compliance with GDPR and applicable laws.

    9. Automated Decision-Making

    We do not use automated decision-making or profiling in connection with personal data.

    10. Cookies and Similar Technologies

    a. What Are Cookies?

    Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They serve various functions such as enabling core website operations, remembering user preferences, analyzing traffic, and supporting personalized advertising.

    b. Cookies Used on This Website

    Strictly Necessary Cookies

    • Purpose: Required for the Website to function correctly. They enable basic features such as page navigation, security, and access to restricted areas.
    • Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)).
    • Examples: Session identifiers, security tokens.

    Functional Cookies

  • Purpose: Allow the Website to remember choices you make (such as language or region) to provide a more customized experience.
  • Legal Basis: Consent (GDPR Art. 6(1)(a)) where applicable.

    • Performance and Analytics Cookies

  • Purpose: Collect information about how visitors use the Website, such as which pages are visited most frequently and if users encounter errors. These cookies help improve performance and usability.
  • Examples: Google Analytics or other traffic measurement tools.
  • Legal Basis: Consent (GDPR Art. 6(1)(a)).

    • Advertising and Targeting Cookies

  • Purpose: Track browsing behavior across websites to deliver relevant advertising. They may also limit the number of times an ad is displayed and measure campaign effectiveness.
  • Legal Basis: Consent (GDPR Art. 6(1)(a)).

    • Third-Party Cookies

    • Purpose: Placed by third-party services integrated into the Website (e.g., video platforms, social media widgets, analytics providers).
    • Note: These third parties may process your data in accordance with their own privacy policies.

    c. Cookie Duration

  • Session cookies: deleted when the browser is closed.
  • Persistent cookies: remain on your device until expiration or manual deletion (ranging from 1 day to 24 months depending on provider).

    • d. Managing Cookies

    Consent Management

    On your first visit to this Website, you will be presented with a cookie banner that allows you to:

    • Accept all cookies.
    • Reject all non-essential cookies.
    • Customize your cookie preferences.

    You may update or withdraw your consent at any time by [link to cookie settings page or consent management tool].

    Browser Settings

    Most browsers allow you to manage cookies through their settings. You may block or delete cookies, but doing so may impact website functionality.

    Rejecting cookies may affect Website functionality.

    11. CCPA Notice (for California Residents)

    If you are a California resident, you have the right to:

    • Know what categories of personal information we collect and how it is used.
    • Request deletion of personal information.
    • Opt-out of the sale or sharing of personal information (we do not sell personal data, but third-party advertising providers may process your information).

    To exercise these rights, contact us at iod@galeon.pl.

    12. Updates to This Policy

    We may update this Cookie Policy to reflect changes in technology, legal requirements, or our data processing practices. Updates will be posted on this page with a revised “Last Updated” date.

    13. Contact

    For any questions about this Policy or your data rights, please contact:

    GALEON Spółka z ograniczoną odpowiedzialnością spółka komandytowa
    ul. Starogardzka 22, 83-010 Straszyn, Poland

    Email: galeon@galeon.pl
    DPO: iod@galeon.pl