Aexol Sp. z o.o. provides this Privacy Policy to explain our practices regarding our collection, use and disclosure of Personal Data and other information that we receive. We take the protection of Personal Data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), and the Polish Data Protection Act. The following explanation will provide an overview of how we ensure this protection and what data we process for what purpose.

Definitions

• Controller/Aexol - Aexol Sp. z o.o. (creator, maintainer and operator of the GraphQL AI platform) a Polish company having its principal place of business at Mlawska 4/U7 street, 15-411 Białystok, Poland, which determines the purposes and means of processing Personal Data

• User - any natural person whose Personal data the Controller processes and to whom this Privacy Policy applies.

• Other Organizations - entities to whom the Controller may transfer a part of personal data, in connection with the performance of certain activities or Services on its behalf. Those organizations will securely store personal data only for as long as indicated or as long as is required by applicable law.

• Personal Data - any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as in particular: a name and surname, e-mail address, device IP, location data, Internet ID and information collected through cookies and similar technology

• Consent - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their Personal Data

• GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

• Cookies - a small piece of information recorded by the server on a computer disc in the form of small text files.

• Privacy Policy - this document

• Website - the Controller's website and its subpages:  https://graphqlai.com/

• Service - the Controller's website provides online services, allows contact with them, and provides information about other organized activities such as events, newsletters, etc.
  
  

Contact information

The Controller of the obtained Personal Data is Aexol Sp. z o.o., a Polish company having a principal place of business at Mławska 4/U7, 15-411 Białystok, Poland registered in the National Court Register, under KRS number 0000602817, Tax Identification Number (NIP): 5423253283, REGON 363749060. Feel free to reach out about any and all matters related to the processing of Personal Data and the exercise of the rights attached to such processing via mail: Aexol Sp. z o.o., Mławska 4/U7, 15-411 Białystok, Poland or e-mail: office@aexol.com

Use of collected information

The Controller uses Personal Data collected for the following purposes:

• exchange of correspondence regarding business relations/contracts concluded between the User and the Controller, including replying to inquiries about products and services provided by the Controller including live chat - basis in Article 6(1)(b) of the GDPR

• in order to provide Services - then the legal basis for processing is the necessity of processing to perform the contract -- basis in Article 6 (1) (b) of the GDPR

• internal administrative purposes of the Controller, including statistics and internal reporting, conducting analytics which constitute pursuit of the Controller's legitimate interests. The goal is to always look for ways to make the Services smarter, faster, secure, better integrated and more useful - to this aim the Controller uses collective learning about how User behavior, usage of Services and feedback provided directly to troubleshoot and identify trends, usage, activity patterns and areas for integration and improvement of the Services. The Controller also tests and analyzes certain new features with some users before rolling the feature out to all users - basis in Article 6(1)(f) of the GDPR

• archiving (evidential purpose) which constitutes the pursuit of the Controller's legitimate interests of securing information in case a legal need for evidence arises - basis in Article 6(1)(f) of the GDPR

• potential establishment of claims, the exercise of claims or defense against claims, which constitutes the pursuit of the Controller's legitimate interests - basis in Article 6(1)(f) of the GDPR;

• handling of complaints, when they are lodged, in respect of the quality of services provided by the Controller and the manner of service delivered by employees of the Controller under the performed contracts - basis in Article 6(1)(b) of the GDPR

• direct marketing of the Controller's products and services. The Controller may use Personal Data to send promotional messages, newsletters, marketing, advertising and other information that may be of specific interest to the User, through other companies' websites and applications but only with the User's prior, specific, and written consent to receive such marketing communications. The User will be asked at the time of registration and/or opening an account if they want to receive such marketing communications. These marketing communications are aimed at driving engagement and maximizing what the User gets out of the Service and what may be of interest. The User can opt out of receiving marketing communications from the Controller at any time by following the unsubscribe instructions included in the marketing communications. Please note that the consent to the marketing activities is voluntary and may be withdrawn by the User at any time. - basis in Article 6(1)(f) of the GDPR

• The Controller processes the Personal Data of users visiting the Controller's profiles on social media (Linkedin, Facebook). This data is processed only in connection with keeping the profile, including to inform users about the Controller's activity and to promote various types of events, services and products. - basis in Article 6(1)(f) of the GDPR
  
  

The processed Personal Data may include: full name, position, company name, e-mail address, phone number, login, IP number, information collected via cookies or other similar technologies or other data necessary for the verification of a person.

About Cookies and tracking technologies

The Controller uses standard technologies like browser Cookies and third-party analytics tools to collect behavioral and operational data during interaction through the Website, apps and communication via email or text message. This Privacy Policy provides information about how the Controller uses cookies and similar technologies and how the User can control and manage them. A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Accordingly, the Controller and other entities provide analytical and statistical services on its behalf, storing information or gaining access to information already stored in the User's terminal telecommunications equipment (a computer, telephone, tablet, etc.). Cookie files used for the above purpose include:

• user-input cookies (session identifiers) stored for the duration of a session;

• authentication cookies used for services that require authentication for the duration of a session;

• user-centric security cookies e.g. used to detect abuses concerning authentication;

• multimedia player session cookies (e.g. flash player cookies);

• persistent user interface customization cookies for the duration of a session or slightly longer;

• cookies used to monitor online traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website) to compile statistics and reports about the operation of the Website. Google does not use the data collected to identify a User and neither does it combine any information items to make such identification possible. Detailed information on the scope and rules of collecting data in connection with the service can be found in Google's privacy & terms at this address
  
  

Marketing Cookies

The Controller and its trusted partners also use cookies for marketing purposes, e.g. in connection with sending behavior-based advertising to users. For this purpose, the Controller and its trusted partners may store information or gain access to information already stored in the User's terminal telecommunications equipment (a computer, telephone, tablet, etc.). Analytical and marketing tools used by The Controller and its trusted partners also use various solutions and tools used for analytical and marketing purposes. Below is a list with basic information about these tools, more detailed information in this respect may be found in the privacy policy of a particular partner.

• Google Analytics

  Google Analytics cookies are used by Google to analyze how the User uses the Website as well as to compile statistics and reports about the operation of the Website. Google does not use the collected data to identify a User and neither does it combine any information items to make such identification possible. Detailed information on the scope and rules of collecting data in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners
  
  

• Google Ads

  Google Ads is a tool that enables measuring the effectiveness of advertising campaigns executed by the Controller and allows the analysis of such data as e.g. keywords or the number of unique users. Google Ads Platform allows the Controller to display advertisements to the persons who visited the Website in the past. Information on the data processing by Google in the scope of the above service can be found at: https://policies.google.com/technologies/ads
  
  

• Facebook Pixel

  Facebook pixel is a tool that enables measuring the effectiveness of advertising campaigns executed by the Controller on Facebook. The tool enables advanced data analytics in order to optimize the Controller's acts together with the use of other tools offered by Facebook. Detailed information on data processing by Facebook can be found at: https://www.facebook.com/help/443357099140264
  
  

• Google Tag Manager

  Google Tag Manager is a tool that lets the Controller analyze the activities of Users on the Website by enabling the management of other analytical or marketing tools used by the Controller.
  
  

Managing Cookies Settings

The use of cookies to collect data through them, including obtaining access to data stored on the User's device requires the User's consent. This consent may be withdrawn at any time. Permission is not required only for the cookies, the use of which is necessary for the provision of the telecommunications service (data transmission to display content). Withdrawal of consent to the use of cookies is possible through the browser's settings. Detailed information on this can be found at the following links:

• Internet Explorer

• Mozilla Firefox

• Google Chrome

• Opera

• Safari
  
  

Sharing Personal Data with Other Organizations

The Controller may share the User's Personal Data with the following entities:

• processing entities in connection with activities commissioned by the Controller, performed on its behalf, on the basis of an agreement with the Controller and only in accordance with the instructions issued by the Controller;

• controlling and supervisory entities in order for the Controller to fulfill the obligations resulting from the provisions of law;

• postal operators and courier companies;

• external entities, if it is necessary for the proper performance of the contract on the basis of which the User cooperates with the Controller (e.g. providers, subcontractors).

Storing and protecting Personal Data

The Controller uses administrative, technical, contractual, and physical safeguards designed to protect Personal Data while it is under its control. The Personal Data may be stored on a server located outside the country where the User is located. The Controller stores Personal Data on secure servers. In justified situations, when the performance of the contract requires cooperation with technological partners from outside the European Economic Area ("EEA"), Personal Data may be transferred to third countries. Due to the fact that the level of Personal Data protection outside the EEA differs from that provided by European law, the Controller undertakes to apply appropriate safeguards that, in accordance with EU law, legalize the transfer and provide adequate guarantees for the protection of Personal Data. The provided Personal Data will be maintained in a safe and secure manner. GraphQL AI databases and information are stored on secure servers with appropriate firewalls. GraphQL AI uses industry-standard physical, technical and administrative security measures to safeguard all Personal Data, keeping it confidential and secure. The Controller conducts periodic reviews of security measures pertaining to Personal Data collection and storage, to guard against unauthorized access to the systems. When entering Personal Data (such as login credentials) in respect to the User Account ("User Information") all communications between GraphQL AI and the Users of GraphQL AI Services are encrypted using Secure Socket Layer (SSL) Certificates. The User of the Service, should use it responsibly and not share User Information including username, password or account information with anyone.

Personal Data storage duration

The period of data processing by the Controller depends on the type of Service provided and the purpose of their processing. As a rule, the User's data is processed by using the Services or conducting correspondence with the User, while the data related to the sending of marketing information including newsletter - until the consent is withdrawn or an effective objection to data processing is submitted. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them and after that time only if and to the extent that it will be required by law. After the expiration of the processing period, the data is irreversibly deleted or anonymized. Services are not intended for Users under 18 years of age and the Controller does not collect Personal Data from users under 18.

User's rights:

• The right to be informed about the processing of Personal Data.

• The right to obtain a copy of the data.

• The right to rectification.

• The right to delete data.

• The right to restrict the processing.

• The right to data portability.

• The right to object to other purposes of data processing.

• The right to withdraw consent to data processing at any time.

• The right to lodge a complaint with the supervisory body dealing with the protection of Personal Data.

In a situation where the Controller is not able to identify a natural person on the basis of the submitted request, the Controller will ask the applicant for additional information. Providing such data is not mandatory, but failure to provide them will result in a refusal to fulfill the request. The answer to the application should be given immediately, but not later than within a month from the date of receiving the request. In justified situations, the deadline for providing the answer may be extended, about which the Controller informs the applicant. The Controller stores information about the request and the person who made the request, in order to ensure compliance and to establish, defend or pursue possible claims of data subjects. The register of data subjects' applications shall be kept in a manner that ensures the integrity and confidentiality of the data contained therein.

Use of third-party AI model APIs

The Controller uses third-party AI model APIs as service providers. To learn more about if and how they collect and process data please visit their pages.

Use of Stripe for payments

The Controller uses the Stripe API as a payments infrastructure provider. Visit this page to learn more about how Stripe collects and processes data.