Privacy Policy & GDPR Compliance

Data Controller: Malbo & Malbo Shipyards Sp. z o.o.

Business Address: ul. Michalczyka 16a, 53-633 Wrocław, Poland

Shipyard Address: Stocznia 6, Malczyce, 55-320, Poland

Phone: +48 71 35 99 412, +48 71 35 90 952

NIP: 895-001-13-18

Email: rodo@malbo.com.pl

If you have any questions about data protection, you can contact our Data Protection Officer:

Email: rodo@malbo.com.pl

Phone: +48 71 35 99 412

3.1 Information You Provide Directly

• Contact information (name, email, phone number, company name)
• Project specifications and requirements
• Business correspondence and communications
• Billing and payment information

3.2 Information Collected Automatically

• Website usage data (pages visited, time spent, navigation patterns)
• Device information (IP address, browser type, operating system)
• Cookies and similar tracking technologies
• Log files and technical data

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contractual necessity (Art. 6(1)(b)): To fulfill contractual obligations and provide services
• Legitimate interests (Art. 6(1)(f)): For business operations, website analytics, and marketing
• Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and regulatory requirements
• Consent (Art. 6(1)(a)): For marketing communications and optional services

• Providing shipbuilding and steel construction services
• Processing orders and managing customer relationships
• Communication regarding projects and services
• Quality assurance and customer support
• Legal and regulatory compliance
• Website improvement and analytics
• Marketing communications (with consent)

We may share your data with:

• Classification Societies: Polish Register of Shipping, Lloyd's Register, Bureau Veritas
• Regulatory Authorities: Ministry of Infrastructure, maritime authorities
• Business Partners: Subcontractors, suppliers, and project partners
• Service Providers: IT services, accounting, legal advisors
• Financial Institutions: Banks and payment processors

All third parties are contractually bound to protect your data and use it only for specified purposes.

When transferring data outside the EU/EEA, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Appropriate safeguards as required by GDPR

We retain personal data for the following periods:

• Contract data: 10 years after contract completion (legal requirement)
• Financial records: 5 years (accounting obligations)
• Marketing data: Until consent is withdrawn or 3 years of inactivity
• Website analytics: 26 months maximum
• Communication records: 3 years for business purposes

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request confirmation of data processing and obtain a copy of your personal data.

9.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Article 17)

Request deletion of personal data when no longer necessary or consent is withdrawn.

9.4 Right to Restrict Processing (Article 18)

Request limitation of processing under specific circumstances.

9.5 Right to Data Portability (Article 20)

Receive personal data in a structured, machine-readable format.

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

9.7 Right to Withdraw Consent (Article 7)

Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at: rodo@malbo.com.pl

Response time: Within 30 days of receiving your request

10.1 Essential Cookies

Necessary for website functionality and security. Cannot be disabled.

10.2 Analytics Cookies

Help us understand website usage and improve user experience.

10.3 Marketing Cookies

Used for targeted advertising and marketing campaigns (with consent).

Cookie Management: You can manage cookie preferences through your browser settings or our cookie banner.

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Employee training on data protection
• Incident response and breach notification procedures
• Backup and recovery systems

In case of a personal data breach, we will:

• Notify supervisory authorities within 72 hours (if high risk)
• Inform affected individuals without undue delay (if high risk)
• Document all breaches and remedial actions taken
• Implement measures to prevent similar incidents

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will take steps to delete the information.

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects individuals.

You have the right to lodge a complaint with the supervisory authority:

Polish Data Protection Authority (UODO)

Address: ul. Stawki 2, 00-193 Warsaw, Poland

Phone: +48 22 531 03 00

Website: uodo.gov.pl

Email: kancelaria@uodo.gov.pl

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Post updates on our website with the effective date
• Notify you of significant changes via email (if we have your contact information)
• Maintain previous versions for reference

For any questions about this Privacy Policy or your personal data:

Data Protection Team

Email: rodo@malbo.com.pl

Phone: +48 71 35 99 412

Address: ul. Michalczyka 16a, 53-633 Wrocław, Poland