PRIVACY AND COOKIES

POLICY OF VIRTUE-YAHCTS.COM WEBSITE

This Privacy and Cookies Policy of the Website (hereinafter: “Policy”) is

provided for information purposes which means that is not a source of

obligations for the persons visiting the Website. All questions or doubts

connected with the processing of your personal data can be sent to the

following e-mail address: info@virtue-yachts.com

I. PURPOSE OF THE POLICY

II. GENERAL PROVISIONS

III. PURPOSES AND BASES OF PERSONAL DATA PROCESSING

1. ELECTRONIC SERVICES

2. PLACEMENT OF ORDERS AND PERFORMANCE OF THE SALE CONTRACT

3. CONTACT WITH THE CUSTOMER

4. NEWSLETTER

5. BLOG

IV. PERIOD OF PROCESSING

V. RECIPIENTS OF PERSONAL DATA

VI. RIGHTS OF DATA SUBJECTS

VII. COOKIES

VIII. FINAL PROVISIONS

I. PURPOSE OF THE POLICY

The purpose of this Policy is:

a) presentation of the principles of processing of personal data by the

Controller on the Website (including the Mobile Application), and by

making it available – notifying the data subjects of the processing of their

personal data under Regulation (EU) 2016/679 of the European Parliamentand of the Council of 27 April 2016 on the protection of natural persons with

regard to the processing of personal data and on the free movement of

such data, and repealing Directive 95/46/EC (General Data Protection

Regulation) (hereinafter: “GDPR”);

b) explanation of your rights in relation to the personal data processed by

the Controller and methods of securing them;

c) information about the cookies used by the Website and terms of their

acceptance.

II. GENERAL PROVISIONS

1. The Controller of your personal data collected through the Website

(including the Mobile Application) and the entity running the Website is

Virtue Yachts Sp. z o.o. with registered office in Giżycko (ul. Obwodowa 4, 11-

500 Giżycko), (KRS) under number 0000900003, NIP (Tax Identification

Number) 9731077565,, REGON (Polish National Official Business Register)

388883906, website address: www.virute-yachts.com electronic mail

address: info@virtue-yachts.com telephone number: +48 571 553 821 (toll

as for a standard call – according to the pricelist of the relevant operator)

(hereinafter: “Controller”).

2. In all matters related to protection of personal data, the Controller can be

contacted at the following e-mail address: info@virtue-yachts.com

3. The Controller declares that it acts with due diligence to protect the

interests of the data subject. In particular, it warrants that:

a) it processes the personal data in compliance with the law, reliably and

transparently for the data subject;

b) it collects the personal data for specific, clear and legitimate purposes

and does not process them further in a manner not compliant with those

purposes;

c) the personal data are adequate, appropriate, and limited to the extent

necessary for the purposes of their processing;

d) the personal data are correct and updated if needed;

e) it stores the personal data in a form allowing identification of the data

subject for the maximum period necessary to pursue the purposes of their

processing;

f) it processes the personal data in a manner that ensures appropriate

security, including protection against unauthorised or unlawful processingand against accidental loss, destruction or damage, using appropriate

technical or organisational measures.

4. Providing personal data is voluntary but necessary to pursue the

purposes specified in Clause III below.

III. PURPOSES AND BASES OF PERSONAL DATA PROCESSING

Your personal data can be processed for various purposes and based on

different legal bases, depending on the functionalities of the Website you

use, especially for the purpose of conclusion and performance of the

contracts concluded with you, marketing, analytical or statistical activities,

improvement of the quality of services, performance of the relevant legal

obligations imposed on the Controller. For details, see below.

1. ELECTRONIC SERVICES

The personal data provided by you in connection with creation of the

Website Account as well as other personal data obtained in connection

with your activity on the Website and use of the Electronic Services are

processed mostly to enable your registration on the Website and for the

purpose of operation of your Account as well as use of other available

Electronic Services. The legal basis for processing of your personal data for

this purpose is the requirement for performance of the Service Contract

concluded with the Controller – Article 6(1)(b) of GDPR.

Your personal data can be also processed for the purpose of marketing,

analytical and statistical activities as well as pursuit or defence of potential

claims. In such a case, the legal basis for processing of your personal data

is the legitimate interest of the Controller or a third party – Article 6(1)(f) of

GDPR.

2. PLACEMENT OF ORDERS AND PERFORMANCE OF THE SALE CONTRACT

The personal data provided by you in connection with placement of Orders

and conclusion of the Sale Contract on the Website are processed mainly

for the purpose of execution of the purchase process, i.e.:

a) for the purpose of execution of your Order and performance of the

concluded Sale Contract. The legal basis for processing of your personal

data for this purpose is the requirement for performance of the SaleContract concluded with the Controller – Article 6(1)(b) of GDPR.

b) for the purpose of settlement of your Order and the concluded Sale

Contract, including issue and retention of documents regarding sale,

processing of returns and complaints. The legal basis for processing of your

personal data for this purpose is fulfilment of the obligations imposed on

the Controller under the applicable law, including accounting and tax

obligations – Article 6(1)(c) of GDPR.

Your personal data can be also processed for the purpose of marketing,

analytical and statistical activities as well as pursuit or defence of potential

claims. In such a case, the legal basis for processing of your personal data

is the legitimate interest of the Controller or a third party – Article 6(1)(f) of

GDPR.

3. CONTACT WITH THE CUSTOMER

The personal data provided by you in connection with contact with the

Controller via electronic mail, by telephone or via the contact form are

processed mainly for the purpose of processing of your request and

providing a reply. The legal basis for processing of your personal data for

this purpose is the legitimate interest of the Controller – Article 6(1)(f) of

GDPR.

Your personal data can be also processed for the purpose of marketing,

analytical and statistical activities as well as pursuit or defence of potential

claims. The legal basis for processing of your personal data for this purpose

is the legitimate interest of the Controller or a third party – Article 6(1)(f) of

GDPR.

4. NEWSLETTER

If you sign up for the Newsletter (grant consent for receipt of commercial

information), your personal data are processed to send marketing content

to you (receipt of the Newsletter). The legal basis for processing of your

personal data for this purpose is the requirement for performance of the

Newsletter contract concluded with the Controller – Article 6(1)(b) of GDPR.

Your personal data can be also processed for the purpose of marketing

(not related to the Newsletter), analytical and statistical activities as well as

pursuit or defence of potential claims. In such a case, the legal basis for

processing of your personal data is the legitimate interest of the Controller

or a third party – Article 6(1)(f) of GDPR.5. BLOG

If you use the Blog, the moment you start using it (i.e. upon proper launch of

the service consisting in display of the relevant URL address –

https://virtue-yachts.com/news especially by entry in the address bar of

web browser of the address: https://virtue-yachts.com/news), your

personal data are processed to make the content and materials published

on the Blog available to you. The legal basis for processing of your personal

data for this purpose is the requirement for performance of the Blog service

contract concluded with the Controller – Article 6(1)(b) of GDPR.

Your personal data can be also processed for the purpose of marketing

(not related to the Blog), analytical and statistical activities. In such a case,

the legal basis for processing of your personal data is the legitimate

interest of the Controller or a third party – Article 6(1)(f) of GDPR –

consisting in marketing of products or services.

Furthermore, your personal data can be processed to pursue and establish

claims or to defend against any potential claims. In such a case, the legal

basis for processing of your personal data is the legitimate interest of the

Controller or a third party – Article 6(1)(f) of GDPR – consisting in the legal

need for demonstration of facts or defence of interests.

IV. PERIOD OF PROCESSING

1. Your personal data are processed:

a) in connection with creation of the Account or use of other Electronic

Services – for the period of existence of the Account or use of other

Electronic Services;

b) in connection with placement of the Order or conclusion of the Service

Contract – for the period required to execute the Order and perform the

concluded Sale Contract, including settlement of the Order and concluded

Sale Contract as well as fulfilment of the legal obligations connected with

the concluded Contract (accounting and tax obligations);

c) in connection with contact with the Controller – for the period required to

process your request and provide a reply;

d) in connection with conducted marketing, analytical or statistical

activities – for the period of existence of the legitimate interest of the

Controller or a third party, alternatively until you submit an objection tosuch processing;

2. Furthermore, in any case, your personal data can be also processed for

the period necessary for:

a) performance of the Controller’s obligations under the applicable law;

b) pursuit or defence against potential claims – for the prescription period

provided for by the applicable law.

3. The period of storage of your personal data may vary depending on the

scope of the personal data and purposes of their processing. In any case,

the longer period of storage of personal data shall apply.

V. RECIPIENTS OF PERSONAL DATA

1. The Controller can make your personal data available to the third parties

it cooperates with in running the Website. These may include entities that

provide technical assistant in running the Website, e.g. hosting service or

ICT service providers, carriers or agents delivering the ordered Products,

entities processing electronic or card payments, companies providing

support in communication with customers and marketing campaigns as

well as providers of legal and advising services. The third parties the

Controller makes the personal data available to on the Website are obliged

to apply appropriate measures ensuring security and protection of your

personal data. Your personal data can be also transferred to the

companies belonging to the capital group of the Controller.

2. In principle, your personal data are processed within the territory of the

European Economic Area (hereinafter: “EEA”). However, in connection with

the Controller’s cooperation with third parties in the scope of the operation

of the Webstie, your personal data may be transferred to a country outside

the EEA where the entity cooperating with the Controller maintains the tools

used to process the personal data in cooperation with the Controller. In the

case of such a transfer of data, it shall be done only to the extent necessary

and connected with the services provided by such entities to the

Controller.

3. In the case of transfer of personal data to any entities domiciled outside

the EEA, the Controller ensures fulfilment of the requirements provided for in

Chapter 5 of GDPR, including application of the appropriate transfersecurity measures in the form of standard contractual clauses adopted

under the decision of the European Commission. You can obtain a copy of

the security measures applied for the personal data transferred outside the

EEA contacting the Controller at the following e-mail address: info@virtue-

yachts.com

VI. RIGHTS OF DATA SUBJECTS

The data subject has the right to:

a) access to his/her personal data (including but not limited to receipt of

information on which personal data are processed);

b) request rectification and restriction of processing of personal data (e.g.

if they are incorrect);

c) request erasure of personal data (e.g. if they are processed in breach of

the law);

d) transfer the personal data (data portability) he/she supplied to the

Controller and which are processed in an automated manner, and where

the processing is based on a consent or the basis of requirement for the

purpose of performance of the contract, e.g. to another controller;

e) withdraw the consent (to the extent the consent is the basis for

processing) at any time, it being understood that withdrawal of the consent

does not affect the processing carried out by the Controller lawfully prior to

its withdrawal;

f) object to the processing of his/her personal data based on the premise

of requirement for the purposes resulting from the legitimate interests of

the Controller or a third party, including but not limited to processing for

marketing purposes;

g) file a complaint with the President of the Personal Data Protection Office.

VII. COOKIES

1. The Controller uses cookies (small text files) or files of similar functionality,

stored in your end device in connection with use of the Website.

2. Cookies allow us to ensure proper functioning of the Website and

execution of its primary functions. We may also use them to analyse the

use of the Website, customise it to your interests and present customised

advertising content.3. Cookies collect various types of information which, in principle, are not

personal data (they do not allow to identify you). Certain information,

depending on their content and method of use, may be, however,

attributed to a certain person and, thus, considered as personal data. In

relation to information of this type, the provisions of the Policy regarding

personal data apply accordingly. To the extent the cookies contain your

personal data, the basis for their processing is the legitimate interest of the

Controller or a third party – Article 6(1)(f) of GDPR.

4. The Website uses two main types of cookies:

a) “session cookies” – temporary files stored in your end device until you

leave the website or turn the software (Internet browser) off; and

b) “persistent cookies” – files stored on your end device for the period set in

the cookies parameters or until you delete them.

5. In addition to the necessary cookies (which we use to guarantee proper

operation of the service and its safe use), we may also use the following

types of cookies on the Website:

a) analytical and functional – cookies used to analyse the method of use of

the Website. They allow us, among other things, to determine the number of

Website visitors as well as detect irregularities in its functionalities and to

improve it continuously. These cookies also make the use of the Website

easier for you (e.g. by saving your information and settings);

b) marketing – cookies used to present advertisements customised to your

interests; they can also be used to adapt the content and advertisements

presented to you by the third parties we cooperate with.

6. In many cases, the web browser allows storage of cookies in the user’s

end device by default. You can delete the cookies stored on your end

device or disable their saving in the settings of your web browser at any

time.

7. For detailed information on the methods of disabling / deleting cookies,

see the “Help” section of your web browser. For example, in Internet Explorer

browser cookies can be modified in: Tools -> Internet options -> Privacy; in

Mozilla Firefox: Tools -> Options -> Privacy; while in Google Chrome: Settings

-> Show advanced settings -> Privacy -> Content settings -> Cookies.

Access paths may differ depending on the web browser version used.

8. When using the Website, you can select the scope of use of the cookies

technology and then grant the relevant consent corresponding to theselected scope. The cookies installed on your device will depend on the

scope of cookies you consent to.

9. Cookies are harmless for you and your device. Restriction of use of the

cookies may affect certain functionalities available on the Website, allow or

significantly hinder proper use of the Website.

10. As the Controller cooperates with other entities as part of the Website,

for the purposes of the said cooperation the browser saves also cookies

originating from the entities the Controller cooperates with. This allows for

collection of, among other things, information on the viewed Products. The

cookies sent by those entities aim, in particular, at ensuring proper

operation of the Website and improvement of effectiveness of presentation

of advertisements, corresponding to your online activity. In particular, the

Controller uses the services of the following entities who use cookies on the

Website. Google Analytics ( https://policies.google.com/privacy), Facebook

(Meta).

VIII. FINAL PROVISIONS

1. The Controller reserves the right to change the Policy – this may happen

for important reasons, including but not limited to:

a) change of the applicable law, including but not limited to law regarding

protection of personal data, telecommunication law, law regarding

electronic services and regulating the rights of consumers, affecting the

rights and duties of the Controller or user of the Website;

b) development of functionalities or electronic services resulting from

advancements in Internet technology, including use / implementation of

new technological or technical solutions, affecting the scope of the Policy.

2. The Controller will publish information on every change of the Policy on

the Website. Along with each change, the new version of the Policy will be

published with a new date.

3. As links to third-party websites not belonging to the Controller and for

which the Controller accepts no liability may be displayed on the Website,

the Controller encourages you to read the privacy policies published on the

third-party websites of other controllers.

4. This Policy version is effective as of 2023.01.01