Privacy Policy

Effective date: 20.04.2026

1. Controller

The controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR“) is:

Bartosz Garliński, conducting business under the name “Bartosz Garliński Koncept” (sole proprietorship registered in the Polish Central Register and Information on Economic Activity – CEIDG) Address: ul. Opłotkowa 11, 51-007 Wrocław, Poland NIP: 898-182-11-36 Email: blog@tangible.as

(hereinafter also “we“, “us” or the “Controller“).

For any matters concerning the processing of your personal data, please contact us at blog@tangible.as.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by the Controller in connection with:

  • Your visit to and use of the website available at https://tangible.as/sets/ (the “Website“);
  • Your submission of a message through the contact form on the Website;
  • Analytics and marketing measurement carried out through tools installed on the Website.

This Privacy Policy does not apply to the processing of personal data that takes place on the Zanfia platform (operated by MailingR sp. z o.o., Warsaw, Poland) after you click through to https://tangible.zanfia.co/c/journal or to any other page within the zanfia.co domain. The processing on Zanfia — including the conclusion of your subscription to The Tangible Assets Journal, payment handling and newsletter delivery — is governed by the documents available at:

  • Zanfia Terms of Service: https://zanfia.com/terms-and-conditions/
  • Zanfia Privacy Policy: https://zanfia.com/privacy-policy/

Note that, once you subscribe to The Tangible Assets Journal on Zanfia, the Controller remains the controller of your subscriber data, while MailingR sp. z o.o. acts as our processor on the basis of a data processing agreement concluded via the Zanfia platform. MailingR may also act as an independent controller in respect of its own platform functions (for example, Zanfia’s own analytics and fraud prevention), as described in the Zanfia Privacy Policy.

3. Categories of data, purposes and legal bases

3.1 Contact form

When you use the contact form, we process:

  • Email address (mandatory);
  • Name, if you choose to provide it (optional);
  • The content of your message and any data you voluntarily include in it;
  • The date and time the message is sent.

Purpose: to receive your inquiry, to communicate with you, and to respond to your request.

Legal basis:

  • Art. 6(1)(b) GDPR — where your message concerns steps taken at your request prior to entering into a contract (for example, an inquiry about The Journal);
  • Art. 6(1)(f) GDPR — our legitimate interest in responding to inquiries directed to us and in maintaining business correspondence, where Art. 6(1)(b) does not apply.

Retention: for the duration of the correspondence and thereafter for a period necessary to document the handling of the matter and to establish, exercise or defend any legal claims — no longer than 3 years from the last contact, unless a longer retention period is required by mandatory law.

3.2 Analytics — Google Analytics 4

We use Google Analytics 4 (“GA4“), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to understand how the Website is used, measure audience behaviour and improve the Content.

Data processed: pseudonymous identifiers generated by GA4, a truncated IP address, device and browser information, referring URL, pages viewed, session duration, approximate location (country/city level), and interaction events.

Purpose: website analytics, audience measurement, and improvement of the Website.

Legal basis: Art. 6(1)(a) GDPR — your consent, given through our cookie banner. You may withdraw your consent at any time, with effect for the future, by changing your preferences in the cookie banner or in your browser.

Retention: in accordance with the retention period set in our GA4 configuration, typically up to 14 months.

Further information on Google’s processing is available at https://policies.google.com/privacy.

3.3 Marketing measurement — Meta Pixel

We use the Meta Pixel, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland, to measure the effectiveness of campaigns we run on Facebook, Instagram and other Meta services, to build custom and lookalike audiences, and to display relevant advertising.

Data processed: pseudonymous identifiers, IP address, browser and device information, pages viewed, actions taken on the Website (such as viewing a landing page or clicking through to Zanfia), and — if you are logged into a Meta service in the same browser — identifiers linking these events to your Meta account.

Purpose: marketing, remarketing and measurement of advertising effectiveness.

Legal basis: Art. 6(1)(a) GDPR — your consent, given through our cookie banner.

Joint controllership: in respect of certain Meta Pixel events data, the Controller and Meta Platforms Ireland Limited act as joint controllers within the meaning of Art. 26 GDPR. The essential terms of our joint-controller arrangement are set out in Meta’s Controller Addendum, available at https://www.facebook.com/legal/controller_addendum. Meta is responsible, in particular, for enabling you to exercise your data-subject rights directly vis-à-vis Meta and for providing the information required under Articles 13 and 14 GDPR in respect of its processing. You may exercise your rights with respect to data processed by Meta by contacting Meta directly.

Retention: as determined by Meta in its policies (see https://www.facebook.com/privacy/policy).

3.4 Server logs and Website security

Our hosting provider automatically records basic technical information in server logs, including IP address, date and time of the request, HTTP method, requested URL, response status, user-agent string and referrer.

Purpose: ensuring the security and stability of the Website, detecting and preventing abuse, and diagnosing technical issues.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in ensuring the security and proper functioning of our services.

Retention: typically up to 30 days, unless logs must be preserved for longer in connection with a specific security incident or legal claim.

4. Recipients of personal data

We may disclose your personal data to the following categories of recipients, where necessary for the purposes described above:

  • Hosting and IT service providers — acting as our processors under data processing agreements;
  • Email service providers — used for handling correspondence sent through the contact form;
  • Google Ireland Limited — in connection with GA4;
  • Meta Platforms Ireland Limited — in connection with the Meta Pixel (joint controller for events data; independent controller for its wider platform operations);
  • MailingR sp. z o.o. (Zanfia) — only from the moment you interact with a Zanfia URL and in accordance with the Zanfia Privacy Policy;
  • Professional advisers (legal, accounting, tax) — where necessary for the establishment, exercise or defence of claims, acting under duties of confidentiality;
  • Public authorities and courts — where disclosure is required by law.

We do not sell your personal data.

5. Transfers outside the European Economic Area

Google and Meta may process your personal data outside the European Economic Area, in particular in the United States. Such transfers take place on the basis of:

  • The adequacy decision of the European Commission of 10 July 2023 regarding the EU–U.S. Data Privacy Framework, where the relevant recipient is certified under that framework; and/or
  • Standard Contractual Clauses adopted by the European Commission under Art. 46(2)(c) GDPR, supplemented, where necessary, by additional technical and organisational measures.

You may obtain further information on the applicable safeguards, including a copy where legally available, by contacting us at blog@tangible.as.

6. Cookies and similar technologies

We use cookies and comparable technologies on the Website. A cookie is a small text file stored by your browser when you visit a website.

We use the following categories of cookies:

  • Strictly necessary cookies — required for the Website to function (for example, the cookie recording your consent choices). These cookies are used on the basis of Art. 173 of the Polish Act of 12 July 2024 — Electronic Communications Law and Art. 6(1)(f) GDPR, and do not require your consent.
  • Analytics cookies — set by Google Analytics 4 to measure Website usage. Used only with your prior consent.
  • Marketing cookies — set by the Meta Pixel to measure campaign effectiveness and enable remarketing. Used only with your prior consent.

When you visit the Website for the first time, a cookie banner is displayed, allowing you to accept, reject or manage categories of cookies. You may change your preferences at any time by using the “Cookie settings” link on the Website, or by clearing cookies in your browser and revisiting the Website.

Most web browsers also allow you to control cookies through their settings. Disabling certain cookies may affect the functioning of the Website.

A current list of specific cookies and their retention periods is available through the cookie banner on the Website.

7. Your rights under the GDPR

Subject to the conditions set out in the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — to obtain confirmation as to whether we process your data and a copy of such data;
  • Right to rectification (Art. 16 GDPR) — to correct inaccurate data or complete incomplete data;
  • Right to erasure (Art. 17 GDPR, “right to be forgotten”) — in the cases set out in the GDPR;
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR) — where processing is based on your consent or on a contract and is carried out by automated means;
  • Right to object (Art. 21 GDPR) — to object at any time to processing based on our legitimate interest (Art. 6(1)(f) GDPR), including any profiling for direct-marketing purposes, in which case we will stop such processing unless there are compelling legitimate grounds overriding your interests, rights and freedoms;
  • Right to withdraw consent (Art. 7(3) GDPR) — at any time, with effect for the future, without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent for analytics or marketing cookies, use the cookie banner;
  • Right to lodge a complaint with a supervisory authority — in particular, with the President of the Personal Data Protection Office in Poland (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, https://uodo.gov.pl.

To exercise these rights, please contact us at blog@tangible.as. We will respond within one month of receipt of your request; this period may be extended by up to two further months where necessary, in which case we will inform you of the extension and the reasons.

8. Profiling and automated decision-making

We do not take decisions that produce legal effects concerning you, or that similarly significantly affect you, based solely on automated processing within the meaning of Art. 22 GDPR.

The analytics and marketing tools described in Section 3 above may involve profiling in a limited sense (for example, in order to display more relevant advertising or to group users into audience segments). Such profiling is used exclusively for analytics and marketing purposes and does not produce legal or similarly significant effects in respect of you.

9. Data security

We apply appropriate technical and organisational measures, within the meaning of Art. 32 GDPR, to protect personal data against unauthorised access, loss, alteration and disclosure. These measures include, among others, TLS/SSL encryption of the Website, access controls, regular software updates and secure configuration of the hosting environment.

10. Children

The Website is addressed to adult investors and speculators in tangible and alternative assets. We do not knowingly collect personal data from individuals under the age of 16. If you believe that a minor has provided us with personal data, please contact us at blog@tangible.as and we will delete such data without undue delay.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, in particular in response to changes in applicable law, changes to the Website, or changes to the tools and services we use. The updated version will be published on the Website with the date of the last update indicated at the top of the document. Where changes are material, we will additionally notify you in an appropriate manner.

12. Contact

If you have any questions about this Privacy Policy or about the way we process your personal data, please contact us at:

Bartosz Garliński Koncept ul. Opłotkowa 11, 51-007 Wrocław, Poland Email: blog@tangible.as

This Privacy Policy is effective as of the date stated at the top of this document.