Privacy Policy

MLNATIVE Website Privacy Policy This Privacy Policy (hereinafter: "Policy") contains information about the processing of your personal data in connection with the use of the mlnative website, operating at the Internet address https://mlnative.com (hereinafter: "Website").

CONTROLLER INFORMATION Your personal data controller is Your personal data controller is MLNATIVE sp.z o.o. (limited liability company) with its registered office in Gdańsk (registered office address: ul. Stefana Batorego 33/19, 80-251 Gdańsk) in theRegister of Entrepreneurs of the National Court Register kept by the DistrictCourt for Gdańsk-Północ w Gdańsku, VII Commercial Division of the NationalCourt Register under KRS number: 0001026089, holding NIP: 9571155976, REGON: 524788382, with share capital: PLN 5.000,00

In all matters related to the processing of personal data, you may contact the Controller by e-mail at: hello@mlnative.com.

The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and ensures that it processes it in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter:"GDPR"), the Data Protection Act of 10 May 2018 and other data protection legislation.

PROCESSING OF PERSONAL DATA The use of the Website requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds for the processing, as well as the duration of the processing and the obligation or voluntariness to provide it.

NEWSLETTER SUBSCRIPTION Provision of the above-indicated personal data is voluntary, but necessary in order to receive the Newsletter (failure to provide such data will make it impossible to subscribe to the Newsletter).

The Controller will process the above-indicated personal data until an effective objection is raised or the purpose of the processing is achieved, or until the claims resulting from the Newsletter Provision Agreement become time-barred (which ever occurs first).

COMPLAINT HANDLING Provision of the above-indicated personal data is a condition for receiving a response to the complaint or exercising your rights under the Controller's liability provisions (provision of such data is voluntary, but failure to provide it will prevent you from receiving a response to the complaint and exercising the said rights).

The Controller will process the above-indicated personal data for the duration of the complaint procedure and in the case of exercising the aforementioned rights of yours - until they expire.

ENQUIRY RESPONSES The provision of the above-indicated personal data is voluntary, but necessary in order to receive a response to an enquiry(failure to provide such data will prevent you from receiving a response).

The Controller will process the above-indicated personal data until an objection is successfully raised or the purpose of the processing is achieved (whichever occurs first).

WEBSITE ANALYTICS The provision of the above-indicated personal data is voluntary, but necessary in order for the Controller to obtain information about your activity on the Website (failure to provide such data will result in the Controller's inability to obtain the said information).

The Controller will process the above-indicated personal data until you successfully raise an objection or the purpose of the processing is achieved.

WEBSITE FUNCTIONALITY The provision of the above-indicated personal data is voluntary, but necessary in order to ensure the proper functioning of the Website (failure to provide such data will prevent proper functioning of the Website).

The Controller will process the above personal data until an objection is successfully raised or the purpose of the processing is achieved.

DATA PROTECTION COMPLIANCE Provision of the above-indicated personal data is voluntary, but necessary for the Controller to properly perform its duties under data protection legislation, including the exercise of rights granted to you by the GDPR (failure to provide such data will result in the

inability to properly exercise the said rights).

The Controller will process the above-indicated personal data until the expiry of the statute of limitations for claims for breach of data protection regulations.

LEGAL CLAIMS Provision of the above-indicated personal data is voluntary, but necessary in order to establish, assert or defend against claims that may arise in connection with the performance of Agreements concluded with the Controller (failure to provide such data will result in the Controller's inability to undertake the said activities).

The Controller will process the above-indicated personal data until the expiry of the statute of limitations for claims which may arise in connection with the performance of Agreements concluded with the Controller.

DATA RECIPIENTS The following third parties working with the Controller will be the recipients of the personal data: a) the hosting company; b) newsletter service provider; c) companies providing tools to analyze activity on the Website (including Posthog, Apollo); d) providers of solutions based on LLM language models (including Microsoft offering Azure Open AI Service).

In addition, personal data may also be transferred to public or private entities if such an obligation arises from generally applicable law, a final and non-appealable court judgment, or a final and non-appealable administrative decision.

INTERNATIONAL DATA TRANSFERS In connection with the Controller's use of services provided by Google LLC, your personal data may be transferred to the following third countries: UK, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the aforementioned third countries is:

  • in the case of the UK, Canada, Israel, Japan and South Korea, decisions of the European Commission finding an adequate level of protection for personal data in each of the aforementioned third countries;

  • in the case of the USA, Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, finding an adequate level of protection for personal data provided under the EU-US data protection framework;

  • in the case of Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia, contractual clauses providing an adequate level of protection, in line with the standard contractual clauses set out in Commission Implementing Decision (EU)2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

You may obtain a copy of data transferred to a third country from the Controller.

YOUR RIGHTS In relation to the processing of personal data, you have the following rights:

  1. the right to be informed which personal data pertaining to you are processed by the Controller and to receive a copy of such data (the so-called right of access). The issue of the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;
  2. if the data processed become outdated or incomplete (or otherwise incorrect) you have the right to request rectification;
  3. in certain situations you may request the Controller to delete your personal data, e.g. when: a) the Controller no longer needs the data for the purposes communicated by it; b) you have effectively withdrawn your consent to data processing
  • unless the Controller is entitled to process the data on another legal basis; c) the processing is unlawful; d) the need to delete the data arises from a legal obligation on the Controller;
  1. where your personal data is processed by the Controller on the basis of your consent to the processing or for the purpose of performing an Agreement with the Controller, you have the right to transfer your data to another controller;
  2. where your personal data is processed by the Controller on the basis of your consent to the processing, you have the right to withdraw that consent at any time (withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of

the consent before its withdrawal); 6) if you consider that the processed personal data is incorrect, its processing is unlawful, or the Controller no longer needs certain data, you may request that for a certain, necessary period of time (e.g. to verify the correctness of the data or to assert claims) the Controller refrain from performing any operations on the data, but only store them; 7) you have the right to object to the processing of your personal data based on the Controller's legitimate interests. If you successfully lodge an objection, the Controller will stop processing your personal data for the aforementioned purpose; 8) you have the right to lodge a complaint with the President of the Personal Data Protection Office if you consider that the processing of your personal data violates the provisions of the GDPR.

COOKIES POLICY

  1. The Controller hereby informs that the Website uses "cookies" installed on your terminal device. These are small text files that can be read by the Controller's system as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google);
  2. The Controller uses cookies for the following purposes: a) to ensure the proper functioning of the Website Ð using cookies, the Website may function efficiently, it is possible use its functions and move conveniently between the various subpages; b) to enhance the user experience of the Website - thanks to cookies, it is possible to detect errors on certain subpages and continuously improve them; c) to keep statistics - cookies are used to analyze how users use the Website. This makes it possible to constantly improve the Website and adapt its operation to the preferences of its users.
  3. The Controller may place both permanent and temporary (session) files on your device. Session files are usually deleted when you close your browser, whereas closing your browser does not delete permanent files;
  4. Information about the cookies used by the Controller is displayed in the panel at the bottom of the Website. Depending on your decision, you can enable or disable cookies of each category (except for essential cookies) and change these settings at any time;
  5. The data collected through cookies do not allow the Controller to identify you.
  6. The Controller uses the following cookies or tools that use them:
  7. Through most used browsers, you can check whether cookies have been installed on your terminal device, as well as delete installed cookies and block the Website from installing them in the future.

However, disabling or restricting the use of cookies may cause quite serious difficulties in the use of the Website, e.g. in the form of having to log in to every subpage, longer loading time of the Website, restrictions in the use of certain functions.

FINAL PROVISIONS To the extent not covered by the Policy, the generally applicable data protection regulations shall apply.

The Policy shall be effective as of 30.06.2025