Privacy Policy (Azmoy)

1) Who is the Data Controller

The Data Controller (administrator of personal data) is:
Maksymilian Kędzierski
Email: maksymilian.kedzierski@azmoy.com

2) What data we collect and where it comes from

We process personal data you provide directly, as well as limited technical data generated when you use the website:

A) Contact form / call booking

• First and last name
• Email address
• Company / organization (if provided)
• Message content and any additional information you submit
• Booking metadata (e.g., meeting date/time)

B) AI Safety Check (lead magnet)

• Identifying data: name, company, email
• Use-case data: responses to questions, description of the intended use case
• Output/assessment: e.g., risk level, category, and recommendations generated based on your inputs

Please do not include sensitive personal data (e.g., health data) or third-party personal data in free-text fields unless strictly necessary.

C) Technical logs and cookies

• IP address
• User-agent / browser and device parameters
• Analytics data (e.g., visit statistics, referral source, on-site behavior) if analytics tools are enabled
• Cookie identifiers (where consent is given or cookies are strictly necessary)

3) Why we process data and legal bases (GDPR)

We process personal data for the following purposes:

A) Responding to inquiries and scheduling calls

Purpose: respond to messages, manage correspondence, schedule meetings, and prepare for scoping discussions.
Legal basis:
Article 6(1)(b) GDPR (steps prior to entering into a contract / performance of a contract), and/or Article 6(1)(f) GDPR (legitimate interest—communication and business development).

B) Running the AI Safety Check and follow-up

Purpose: provide the assessment result, create a summary of your responses, and follow up with an offer or next steps when relevant.
Legal basis: Article 6(1)(f) GDPR (legitimate interest—lead qualification and providing relevant information).

C) Internal CRM and business operations (e.g., Airtable)

Purpose: organize contacts, manage leads, keep internal records related to sales and customer support.
Legal basis: Article 6(1)(f) GDPR (legitimate interest—efficient organization of operations).

D) Legal obligations (if applicable)

Purpose: compliance with legal obligations (e.g., accounting/tax documentation).
Legal basis: Article 6(1)(c) GDPR (legal obligation).

E) Marketing communications

We do not use your data for mass marketing without a valid legal basis. If we launch a newsletter or similar marketing communication, we will request separate consent where required.

4) Where data goes

We may share data with trusted service providers (processors) that help us operate the website and services. Depending on your interactions, this may include:

• Airtable – lead storage and internal CRM (e.g., AI Safety Check submissions)
• Calendly – scheduling and call booking
• Hosting / website infrastructure (e.g., Vercel) – hosting and delivery
• Email provider – communication and inbox services
• Analytics provider – website analytics (e.g., Google Analytics)

These providers process data on our behalf under applicable data processing terms and only to the extent necessary to provide their services.

International transfers: Some providers may process data outside the European Economic Area (EEA). Where applicable, transfers are protected using appropriate safeguards (e.g., Standard Contractual Clauses).

5) Data retention

We store personal data only for as long as needed for the purposes described above:

• Contact and booking data: for the duration necessary to handle the inquiry and any follow-up, then for a limited period to maintain business records or defend potential claims.
• AI Safety Check submissions: for a period necessary to provide the result and follow up; typically no longer than 12 months unless you become a customer or request earlier deletion.
• Technical logs: retained for a limited period for security and troubleshooting purposes.

You can request deletion at any time (see Section 7).

6) Security

We apply reasonable technical and organizational measures to protect personal data, including access controls and limiting data to what is necessary. No method of transmission or storage is 100% secure, but we work to minimize risks.

7) Your rights (GDPR)

Depending on the circumstances, you have the right to:

• access your personal data,
• rectify inaccurate data,
• request erasure ("right to be forgotten"),
• restrict processing,
• data portability (where applicable),
• object to processing based on legitimate interest,
• withdraw consent (if processing is based on consent), without affecting prior lawfulness.

To exercise your rights, contact: maksymilian.kedzierski@azmoy.com

You also have the right to lodge a complaint with your supervisory authority (in Poland: the President of the Personal Data Protection Office—UODO).

8) Cookies

We may use cookies and similar technologies to ensure the website works properly and (optionally) to analyze traffic. Where required, we will request consent for non-essential cookies. You can manage cookies through your browser settings and the cookie banner settings.

9) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with the updated "Last updated" date.