PRIVACY POLICY OF THE NATIONAL CENTER FOR AI RESEARCH
The National Center for Artificial Intelligence Research (KCBSI) was established by a group of AI enthusiasts and practitioners who share a common passion for this technology. We met as individuals with similar interests, deeply convinced that AI can transform our daily lives and work for the better. We decided to join forces to serve people - making it easier to understand and use AI in a way that enables everyone to benefit from it.
Our mission is to support individuals, teachers, entrepreneurs, and creators by helping them unlock the full potential of artificial intelligence, increase productivity, save time, and improve quality of life. KCBSI is an initiative born out of a desire to help and share knowledge - so that AI becomes accessible to everyone who wishes to use it, regardless of their level of technical expertise.
TABLE OF CONTENTS
- General Provisions
- Legal Basis for Data Processing
- Purpose, Basis, Duration, and Scope of Data Processing
- Data Recipients
- Rights of the Data Subject
- Cookies, Usage Data, and Analytics
- Final Provisions
1. GENERAL PROVISIONS
1.1. This Privacy Policy is for informational purposes. It sets out the rules for personal data processing by the Controller, including the legal basis, purposes, and scope of personal data processing, the rights of data subjects, and information on the use of cookies and analytical tools.
1.2. The personal data controller is KRAJOWE CENTRUM BADAŃ SZTUCZNEJ INTELIGENCJI sp. z o.o., ul. Przemysłowa 3, 83-400 Kościerzyna, NIP 5911725383, KRS 0001148193, REGON 540610298 – hereinafter referred to as the “Controller.”
1.3. The Controller processes personal data in accordance with applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or the “Regulation.”
1.4. Using the Controller’s services is voluntary. Likewise, providing personal data is voluntary, except in two cases:
(1) entering into agreements with the Controller – failure to provide the personal data required in the order form and this privacy policy will make it impossible to conclude and perform the service agreement with the Controller. In such a case, providing data is a contractual requirement, and if the data subject wishes to conclude the agreement, they are obliged to provide the required data;
(2) legal obligations of the Controller – providing data is a statutory requirement resulting from generally applicable laws that impose obligations on the Controller (e.g., maintaining tax or accounting records). Failure to provide the data will prevent the Controller from fulfilling such legal obligations.
1.5. The Controller takes special care to protect the interests of data subjects and ensures that the data collected is:
(1) processed lawfully;
(2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
(3) factually correct and adequate in relation to the purposes for which it is processed;
(4) stored in a form that permits identification of the data subject no longer than is necessary to achieve the purpose of processing; and
(5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure that processing complies with the Regulation and is demonstrable. These measures are reviewed and updated as necessary. The Controller uses technical means to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.
2. LEGAL BASIS FOR DATA PROCESSING
2.1. The Controller processes personal data if:
(1) the data subject has given consent to the processing of their personal data for one or more specific purposes;
(2) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
(3) processing is necessary to comply with a legal obligation to which the Controller is subject; or
(4) processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly when the data subject is a child.
3. PURPOSE, LEGAL BASIS, DURATION, AND SCOPE OF DATA PROCESSING
3.1. Each time, the purpose, legal basis, duration, scope, and recipients of personal data processed by the Controller result from actions taken by the specific Client.
3.2. The Controller may process personal data for the following purposes, on the following legal bases, for the indicated duration, and in the following scope:
|
Purpose of data processing |
Legal basis and data retention period |
Type of processed data |
|
Execution of the concluded agreement |
Article 6(1)(b) GDPR (performance of a contract) Data is processed for the period necessary to demonstrate performance, execution, and termination of the agreement, and defense against any related claims. |
First name, last name, email address, phone number. |
|
Creating an account on the website |
Article 6(1)(b) GDPR (performance of a contract) Data is processed for the duration of the account's existence on the website, and after deletion for the time necessary to defend against any related claims. |
First name, last name, email address, phone number. |
|
Receiving the newsletter |
Article 6(1)(a) GDPR (consent) Data is processed as long as consent for receiving the newsletter is valid. |
Email address. |
|
Establishment, exercise or defense of claims that may be pursued by or against the Controller |
Article 6(1)(f) GDPR (legitimate interest of the Controller) Data is processed for the duration during which the data subject may assert claims; data is deleted after the limitation period expires. |
First name, last name, email address, phone number, Tax ID (NIP), National ID (PESEL). |
|
Conducting tax settlements |
Article 6(1)(c) GDPR (compliance with a legal obligation) For the period necessary to carry out tax settlements. |
First name, last name, email address, phone number, Tax ID (NIP), National ID (PESEL). |
4. DATA RECIPIENTS
4.1. For the proper functioning of the Service, including the execution of concluded Agreements, it is necessary for the Controller to use the services of external entities (such as software providers, couriers, or payment operators). The Controller uses only such processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that processing complies with the GDPR and protects the rights of data subjects.
4.2. Data is not transferred by the Controller in every case or to all recipients or categories of recipients mentioned in this privacy policy – the Controller transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary to fulfill that purpose.
4.3. Personal data in connection with the execution of a contract may be transferred to:
a) entities processing electronic or card payments – if the Client uses electronic or card payment methods on the Service, the Controller provides the collected personal data of the Client to the selected payment operator to the extent necessary to handle the payment;
b) service providers supplying the Controller with technical, IT, and organizational solutions enabling the Controller to conduct business operations (in particular providers of computer software, email and hosting services, company management tools, and technical support systems) – the Controller provides the collected personal data of the Client to such a provider acting on its behalf only when and to the extent necessary to achieve the purpose of processing in accordance with this privacy policy;
c) providers of accounting, legal, and advisory services supporting the Controller (in particular accounting offices, law firms, or debt collection agencies) – the Controller provides the collected personal data of the Client to the selected provider only when and to the extent necessary to achieve the purpose of processing in accordance with this privacy policy.
5. PROFILING
5.1. Information may be processed in an automated manner (including profiling), but this will not produce any legal effects concerning a natural person or similarly significantly affect that person’s rights or obligations.
5.2. In the case of profiling:
a) sensitive data is not processed,
b) data is protected through pseudonymization,
c) if pseudonymization is not applied, only email address, IP address, or cookies are used.
5.3. The purpose of profiling is:
a) analysis of personal preferences and interests of users of the Services or products to customize the content presented in the Services or products,
b) marketing, in particular tailoring offers to the preferences of the recipient.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, erasure, or data portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten"), restriction of processing, objection to processing, and the right to data portability. Detailed conditions for exercising the above rights are set out in Articles 15–21 of the GDPR.
6.2. Right to withdraw consent at any time – if personal data is processed based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.3. Right to lodge a complaint with a supervisory authority – i.e., the President of the Personal Data Protection Office, ul. Stawki 2, 00–193 Warsaw, Poland.
6.4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Controller), including profiling based on these provisions. The Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
6.5. To exercise the rights mentioned in this section of the privacy policy, you can contact the Controller by sending an appropriate message in writing or by email to the address provided at the beginning of this policy or by using the contact form available on the Service.
7. COOKIES
7.1. Cookies are small text files containing information stored on the device of a visitor to the Website (e.g. hard drive of a computer, laptop, or smartphone memory card – depending on the device used to browse the Website). Detailed information about cookies and their origin can be found, among others, here: http://en.wikipedia.org/wiki/HTTP_cookie.
7.2. The Controller may process data stored in cookies when visitors use the Website for the following purposes:
7.2.1. identifying Users logged into the Website and displaying that they are logged in;
7.2.2. remembering selected services for the purpose of placing an Order;
7.2.3. remembering data from completed Order Forms or login details;
7.2.4. customizing the content of the Website according to individual User preferences (e.g. color, font size, page layout) and optimizing use of the Website;
7.2.5. compiling anonymous statistics on how the Website is used.
7.3. By default, most web browsers available on the market automatically accept cookies. Users may define conditions for the use of cookies through their browser settings. This means cookies can be partially limited (e.g. temporarily) or completely disabled – however, this may affect some functionalities of the Website.
7.4. Web browser settings regarding cookies are considered as consent to the use of cookies by the Website – in accordance with regulations, such consent can be expressed via browser settings. If such consent is not granted, it is necessary to adjust browser settings accordingly.
7.5. Detailed information on how to change cookie settings and delete cookies in popular web browsers can be found in the help section of the browser or on the following pages (clickable links):
-
Chrome browser
-
Firefox browser
-
Internet Explorer browser
-
Opera browser
-
Safari browser
-
Microsoft Edge browser
8. DATA TRANSFER
Personal data may be transferred outside the European Economic Area; however, in such cases, it is always transferred only to countries that ensure a level of personal data protection at least equivalent to that applicable within the European Union.
9. FINAL PROVISIONS
9.1. The Website may contain links to other websites. The Controller encourages users to read the privacy policies of those websites after navigating to them. This privacy policy applies only to the Controller’s Website.
9.2. This Privacy Policy is regularly reviewed and updated if necessary.
9.3. The current version of the Privacy Policy was adopted and is effective from June 24, 2025.