Privacy Policy Vaibro
This Privacy Policy has been adopted in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Official Journal of the European Union L 119/1 of 4.5.2016; hereinafter: GDPR).
The purpose of this policy is, in particular, to fulfill the information obligations referred to in Articles 13 and 14 of the GDPR.
1. Definitions
In this policy, we use the following terms:
1) Vaibro System – a work and project management system made available to the Client under a Subscription Agreement, including in particular: (i.) Vaibro WebbApp, (ii.) Cloud Vaibro, (iii.) Disk Vaibro, (iv.) VaibroCal.
2) Service – the service provider’s website – Vaibro WebApp – available at: https://app.vaibro.ai operated by the Service Provider, through which modules of the Vaibro System are provided. The Service includes a user interface that allows Clients to log in and use the system’s functionalities.
3) Mobile Application – a mobile application (Vaibro mobile app) enabling account creation, available through platforms providing online intermediary services and through the Service.
4) VAIBRO Cloud – VAIBRO software operating on physical servers and managing the cloud environment where the Client stores their data, enabling the use of the Vaibro module, VaibroCal, and Vaibro Drive.
5) We, VAIBRO, Administrator – VAIBRO.AI simple joint-stock company (prosta spółka akcyjna) with its registered office in Radlin at: Rybnicka Street number 64 (44-310 Radlin), entered in the register of entrepreneurs of the National Court Register kept by the District Court Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register under number 0001060094, VATID: 9542860614, REGON: 52647081000000, share capital: 9.699.713,00 PLN, e–mail: office@vaibro.ai.
6) Organization – a set of accounts with different levels of permissions managed by the User – the Organization Owner – who can grant permissions to other Users within the organization.
7) You / Client / User – individuals whose personal data are processed by VAIBRO in connection with the use of the Vaibro System, the Service, or the Mobile Application.
2. Who is the data controller?
The data controller is the entity that determines the purposes and methods of processing personal data. The controller of your personal data is VAIBRO.
3. Whose personal data do we process?
In connection with our business activities, we process in particular personal data of: users of the Vaibro System, employees of users, collaborators of users. The scope of processed data is always adequate to the purposes of processing.
4. What data do we collect and for what purpose?
The scope of data collected and the purposes of processing depend on the functionalities used within: the Vaibro System, or the Mobile Application.
4.1 Use of the Service and the Vaibro System
I. What data do we collect?
Data stored within the system and assigned to the User’s account, including:
a. first name, last name, phone number, email address of the User and their employees, collaborators, contractors, or persons cooperating with the User under other civil-law contracts
b. data contained in documents stored on Vaibro Drive
II. Purpose of processing
To provide the functionalities of the Vaibro System.
III. Is providing data mandatory?
Providing data is voluntary, however it is necessary to perform the agreement and properly use the Vaibro System.
IV. Legal basis
Processing is based on:
a. the agreement for electronic service provision involving access to the Vaibro System (Article 6(1)(b) GDPR)
b. our legitimate interest (Article 6(1)(f) GDPR) ensuring the proper functioning of the Vaibro System.
V. Data recipients
Recipients may include:
• IT infrastructure providers
• hosting providers
• subcontractors involved in service delivery.
VI. Retention period
For the period necessary to perform agreements or for the duration of our legitimate interest in processing the data.
If the processing is based on legitimate interest, you have the right to object (see section 8).
4.2 Mobile Application
I. What data do we collect?
• first name • last name • phone number • email address
II. Purpose of processing
To provide functionalities of the Mobile Application and the Vaibro System.
III. Is providing data mandatory?
Providing data is voluntary, but necessary for the provision of services via the Mobile Application.
IV. Legal basis
Processing is based on the agreement concluded with the Administrator (Article 6(1)(f) GDPR).
V. Data recipients
Recipients may include:
• Vaibro employees and collaborators
• hosting providers.
VI. Retention period
Data are deleted when the agreement with VAIBRO ends. However, data may be retained longer if necessary to:
a. fulfill legal obligations (civil law, tax law, accounting law) – usually 5 years from the end of the year when the event occurred
b. pursue VAIBRO’s legitimate interests such as:
• maintaining correspondence with clients
• establishing, pursuing, or defending legal claims
Retention period: up to 3 years after the end of cooperation.
4.3 Registration of a Vaibro System Account
I. What data do we collect?
Data necessary for account registration, including: • first and last name • address • email address • login • password For entrepreneurs additionally: • tax identification number (NIP) • company name.
II. Purpose of processing
We process you data in purpose of:
• execution of the electronic service agreement
• providing Vaibro System functionalities
• correspondence via available technologies (mail, email, communicators)
• preparing analyses, statistics, and marketing research
• pursuing or defending legal claims.
III. Is providing data mandatory?
Providing data is voluntary but required to register an account and use the system.
IV. Legal basis
Processing is based on:
a. agreements concluded with the user (Article 6(1)(b) GDPR)
b. legal obligations (tax law, accounting regulations, archiving obligations) (Article 6(1)(c) GDPR)
c. legitimate interest of VAIBRO (Article 6(1)(f) GDPR).
V. Data recipients
Recipients may include:
• IT infrastructure providers
• hosting providers.
• subcontractors
• legal, tax, and accounting advisors
• debt purchasers in case of significant payment arrears.
VI. Retention period
Data are processed depending on the legal basis:
• duration of the subscription agreement and limitation periods
• duration of legal obligations
• duration of legitimate interest.
Remember that if the legal basis for data processing is a legitimate interest, you have the right to object to further processing of your data, in accordance with section 8 below.
5. Automated decision-making and profiling
Currently, we do not use automated decision-making producing legal or similarly significant effects.
6. Transfer of data outside the EEA
Your personal data may be transferred outside the European Economic Area (EEA). In such cases, appropriate safeguards are applied, including Standard Contractual Clauses (SCC).
7. Automated decision-making (repeat clause)
Currently, we do not use automated decision-making producing legal or similarly significant effects.
8. Your rights regarding personal data
You may request:
1. access to your data
2. correction of data
3. restriction of processing
4. deletion of data (“right to be forgotten”)
5. transfer of data to another controller.
Requests will be handled according to Articles 15–20 GDPR.
9. Right to object
You have the right to object to processing based on our legitimate interest. If:
• data are processed for marketing purposes → processing will stop immediately
• processing is based on another legitimate interest → processing will stop unless we demonstrate overriding legal grounds or the need to establish, pursue, or defend claims.
The right to object may be exercised, in particular, by sending an appropriate statement in the manner specified in section 11 below.
10. Complaint to the supervisory authority
If you believe your data are processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO). Contact details: https://uodo.gov.pl/pl/p/kontakt.
11. Publication and updates of the Privacy Policy
This policy may be updated from time to time. The current version will always be available in the Vaibro System or Mobile Application.
12. AI Functions in the Vaibro System
12.1 The Vaibro System allows users to use AI-based features such as: • ChatGPT and other OpenAI services • Gemini AI Users may consent to transferring personal data entered into the system to the following entities:
a. Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland
b. OpenAI Ireland Ltd 1st Floor, The Liffey Trust Centre 117-126 Sheriff Street Upper Dublin 1, D01 YC43, Ireland
12.2 Providing personal data and using AI features is voluntary, but necessary to access full system functionality. Consent may be given via: • the mobile application, or • account settings in the Service.
12.3 AI dictation functionality When dictation features are used, the following data may be transferred to AI systems: Examples of transferred data:
|
Data transfered to AI system |
Purpose of data processing in AI system |
|
· name, · surname, · address, · e-mail address, · contractor Data (VATID, Registration number, company name, name, surname), · employee data (name, surname), · other personal data entered by the user. |
Providing the user with dictation and voice recording features that convert spoken commands into text and tasks within the client’s organization.
The AI function enables the dictation of tasks recognized by the AI system. The Service Provider provides the User with the ability to use the recording in order to convert the spoken command into text. |
12.4 Privacy rules of third parties Rules for data processing by third parties are defined in their policies:
a. Google Privacy Policy https://policies.google.com/privacy ,
b. OpenAI Data Processing Addendum https://openai.com/pl-PL/policies/data-processing-addendum/ OpenAI Privacy Policy https://openai.com/pl-PL/policies/privacy-policy/ .
13. Contact
If you have questions regarding personal data processing, you can contact us:
VAIBRO.AI simple joint-stock company
Rybnicka 64
44-310 Radlin
(with the note: “personal data protection”)
e-mail: iodo@vaibro.ai