We take the protection of your Personal Data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the Polish Data Protection Act. The following explanations will give you an overview of how we ensure this protection and what data we process for what purpose.
- Controller/Aexol/We - means Aexol Sp. z o.o. (creator, maintainer and operator of the GraphQL AI platform) a Polish company having a principal place of business at Mlawska 4/U7 street, 15-411 Białystok, Poland, which determines the purposes and means of the processing of Personal Data
- Other Organizations - entities to whom we may transfer a part of your personal data, in connection with the performance of certain activities or Services by them on our behalf. They will securely store your personal data and only for as long as we indicate or as required by applicable law.
- Personal Data - means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as in particular a name and surname, e-mail address, device IP, location data, Internet ID and information collected through cookies and other similar technology
- Consent - means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their Personal Data;
- GDPR - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Cookies - a small piece of information recorded by the server on your computer disc in the form of small text files.
- Website - our website and its subpages: https://graphqlai.com/
- Service - The Controller's website that provides online services, allows you to contact them, and provides information about other activities we organize or participate in, such as events, newsletters, etc.
The Controller of the Personal Data obtained from you is Aexol Sp. z o.o., a Polish company having a principal place of business at Mławska 4/U7, 15-411 Białystok, Poland registered in the National Court Register, under KRS number 0000602817, Tax Identification Number (NIP): 5423253283, REGON 363749060.
If you wish to contact us about any and all matters related to the processing of Personal Data and the exercise of the rights attached to such processing, you can contact us via mail: Aexol Sp. z o.o., Mławska 4/U7, 15-411 Białystok, Poland or e-mail: [email protected]
How we use the information collected from you
The Controller uses the Personal Data collected from you for the following purposes:
- exchange of correspondence regarding business relations/contracts concluded between you and the Controller, including replying to your inquiries about products and services provided by the Controller including our live chat - basis in Article 6(1)(b) of the GDPR
- in order to provide Services - then the legal basis for processing is the necessity of processing to perform the contract -- basis in Article 6 (1) (b) of the GDPR
- internal administrative purposes of the Controller, including statistics and internal reporting, conducting analytics which constitute pursuit of our legitimate interests. We are always looking for ways to make our Services smarter, faster, secure, integrated and useful to you. We use collective learning about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. We also test and analyze certain new features with some users before rolling the feature out to all users - basis in Article 6(1)(f) of the GDPR
- archiving (evidential purpose) which constitutes the pursuit of our legitimate interests of securing information in case a legal need for evidence arises - basis in Article 6(1)(f) of the GDPR
- potential establishment of claims, the exercise of claims or defense against claims, which constitutes the pursuit of our legitimate interests - basis in Article 6(1)(f) of the GDPR;
- handling of complaints, when they are lodged, in respect of the quality of services provided by the Controller and the manner of service delivered by employees of the Controller under the performed contracts - basis in Article 6(1)(b) of the GDPR
- direct marketing of the Controller's products and own Services. We use your contact Personal Data to send promotional messages, newsletters, marketing, advertising and other information that may be of specific interest to you, through other companies' websites and applications but only with your prior specific written consent to receive such marketing communications. We will ask you at the time of registration and/or opening an account with us if you want to receive such marketing communications. These marketing communications are aimed at driving engagement and maximizing what you get out of the Services and what we think may be of interest to you. You can opt out of receiving marketing communications from us at any time by following the unsubscribe instructions included in our marketing communications. Please note that your consent to our marketing activities is voluntary and may be withdrawn by you at any time. - basis in Article 6(1)(f) of the GDPR
- The Controller processes the Personal Data of users visiting the Controller's profiles on social media (Linkedin, Facebook). This data is processed only in connection with keeping the profile, including to inform users about the Controller's activity and to promote various types of events, services and products. - basis in Article 6(1)(f) of the GDPR
The Personal Data processed by us may include: full name, position, company name, e-mail address, phone number, login, IP number, information collected via cookies or other similar technologies or other data necessary for the verification of a person.
About Cookies and tracking technologies
- user-input cookies (session identifiers) stored for the duration of a session;
- authentication cookies used for services that require authentication for the duration of a session;
- user-centric security cookies e.g. used to detect abuses concerning authentication;
- multimedia player session cookies (e.g. flash player cookies);
- persistent user interface customization cookies for the duration of a session or slightly longer;
- cookies used to monitor online traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to compile statistics and reports about the operation of the Website). Google does not use the data collected to identify a User and neither does it combine any information items to make such identification possible. Detailed information on the scope and rules of collecting data in connection with the service can be found in Google's privacy & terms at this address
Google Analytics cookies are used by Google to analyze how the user uses the Website as well as to compile statistics and reports about the operation of the Website. Google does not use the collected data to identify a user and neither does it combine any information items to make such identification possible. Detailed information on the scope and rules of collecting data in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners
Google Ads is a tool that enables measuring the effectiveness of advertising campaigns executed by the Controller and allows the analysis of such data as e.g. keywords or the number of unique users. Google Ads Platform allows displaying our advertisements to the persons who visited the Website in the past. Information on the data processing by Google in the scope of the above service can be found at: https://policies.google.com/technologies/ads
Facebook pixel is a tool that enables measuring the effectiveness of advertising campaigns executed by the Controller on Facebook. The tool enables advanced data analytics in order to optimize the Controller's acts together with the use of other tools offered by Facebook. Detailed information on data processing by Facebook can be found at: https://www.facebook.com/help/443357099140264
Google Tag Manager
Google Tag Manager is a tool that lets the Controller analyze the activities of Users on the Website by enabling the management of other analytical or marketing tools used by the Controller.
Managing Cookies Settings
- Internet Explorer
- Mozilla Firefox
- Google Chrome
Why do We share Your Personal Data with Other Organizations
We may share your Personal Data with the following entities:
- processing entities in connection with activities commissioned by the Controller, performed on its behalf, on the basis of an agreement with the Controller and only in accordance with the instructions issued by the Controller;
- controlling and supervisory entities in order for the Controller to fulfill the obligations resulting from the provisions of law;
- postal operators and courier companies;
- external entities, if it is necessary for the proper performance of the contract on the basis of which you cooperate with the Controller (e.g. providers, subcontractors).
How We store and protect your Personal Data
We use administrative, technical, contractual, and physical safeguards designed to protect your Personal Data while it is under our control. We may store your Personal Data on a server located outside the country where you live. We store your Personal Data on secure servers. In justified situations, when the performance of the contract requires cooperation with technological partners from outside the European Economic Area ("EEA"), your Personal Data will be transferred to third countries. Due to the fact that the level of Personal Data protection outside the EEA differs from that provided by European law, the Controller undertakes to apply appropriate safeguards that, in accordance with EU law, legalize the transfer and provide adequate guarantees for the protection of your Personal Data. The Personal Data that you provide will be maintained in a safe and secure manner. GraphQL AI databases and information are stored on secure servers with appropriate firewalls. GraphQL AI uses industry-standard physical, technical and administrative security measures to safeguard all Personal Data, keeping it confidential and secure. We conduct periodic reviews of our security measures pertaining to our Personal Data collection and storage, to guard against unauthorized access to our systems. When you enter Personal Data (such as login credentials) in respect to your User Account ("User Information") all communications between GraphQL AI and the Users of GraphQL AI Services are encrypted using Secure Socket Layer (SSL) Certificates. As a user of the Services, You should use the Services responsibly and not share your User Information including your username or password or account information with anyone.
How long do We keep Your Personal Data
The period of data processing by the Collector depends on the type of Service provided and the purpose of processing. As a rule, the user's data is processed by using the Services or conducting correspondence with the user, while the data related to the sending of marketing information including newsletter - until the consent is withdrawn or an effective objection to data processing is submitted.
The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized. Services are not intended for Users under 18 years of age and we do not collect Personal Data from users under 18.
- The right to be informed about the processing of Personal Data.
- The right to obtain a copy of the data.
- The right to rectification.
- The right to delete data.
- The right to restrict the processing.
- The right to data portability.
- The right to object to other purposes of data processing.
- The right to withdraw consent to data processing at any time
- The right to lodge a complaint with the supervisory body dealing with the protection of Personal Data.
In a situation where the Controller is not able to identify a natural person on the basis of the submitted request, the Controller will ask the applicant for additional information. Providing such data is not mandatory, but failure to provide them will result in a refusal to fulfill the request.
The answer to the application will be given immediately, but not later than within a month from the date of receiving the request. In justified situations, the deadline for providing the answer may be extended, about which the Controller informs the applicant.
The Controller stores information about the request and the person who made the request, in order to ensure compliance and to establish, defend or pursue possible claims of data subjects. The register of data subjects' applications shall be kept in a manner that ensures the integrity and confidentiality of the data contained therein.
Use of third party AI model APIs
The Controller uses third party AI model APIs as services providers. Please visit their pages if you wish to learn more about if and how they collect and process data.
Use of Stripe for payments
The Controller uses the Stripe API as a payments infrastructure provider. Please visit this page
to learn more about how Stripe collects and processes data.