Effective as of July 12, 2024.
LexelerateAI DOO Novi Sad (hereinafter: LexelerateAI) as a data controller, collects and processes Personal data in relation to interactions on our Website and the use of our Service.
This Privacy Policy is applicable only to the use of our Website (https://lexelerate.ai/). The use of other LexelarateAI products/services is governed by separate privacy policies and not by this Agreement.
We respect and value your privacy, so we have taken the protection of Personal data seriously. For that reason, we created this Privacy Policy – to explain to you in a transparent and understandable way how we collect, share, and use your data, as well as how you can exercise the rights you have as a Data subject.
Please note that every term that is capitalized but undefined in this Privacy Policy has the same meaning as in our Terms of Use.
The Privacy Policy applies to all individuals who access our Website, send us inquiries via Website, email, or social media account, and engage our Service. However, the Privacy Policy does not apply to information from which no individual can reasonably be identified (anonymized information).
This Privacy Policy, along with our Terms of Use and Cookie Policy, constitutes an Agreement that is binding on you. Therefore, we strongly suggest you read it carefully and get informed about the processing and protection of your Personal data.
In case you have any questions regarding this Privacy Policy, please contact us at office@lexelerate.ai.
- Definitions
- Personal data we collect
- Personal Data We Collect, Why, on What Ground
- Data subjects under the age of 16
- Usage of your personal data
- Who do we share your personal data with?
- Data Transfers
- Data subject’s rights
- Keeping your personal data secure
- Changes to our Privacy Policy
- Get in touch
Definitions
When we say… | We mean… |
“Consent” | Your explicit consent to the processing of personal data. Persons who are 16 years of age or older may give free consent to the processing of their Personal data. |
“Cookies” | Small pieces of code stored on your device (computer or mobile device). This information is used to provide you with certain functions, track your use of the Website, and compile statistical reports on the website activity. Mention of Cookies also includes other similar technologies; more detailed information on what are they and how you can manage them you can find in our Cookie Policy. |
“Data processor” | Any natural or legal subject who processes Personal data on our behalf. We may use the services of various service providers to process your Personal data more effectively. |
“Data subject” or “you” | Any natural person who shares their Personal data with LexelerateAI. |
“GDPR” | General Data Protection Regulation 2016/679 (GDPR); and |
“Personal data” or “data” | Any information relating to an identified or identifiable natural person (Data subject);
|
“Processing” | Any activity or set of activities performed on Personal data or sets of Personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. |
“Service” | Making available any content or features by us on the Website. The Service does not include products or services that LexelerateAI otherwise provides such as services via our Lexelarate AI Platform or through the provision of legal consultations. |
“Technical data” | Personal data such as Internet Protocol (IP) address, device type, unique device identification number, browser type, and broad geographic location (e.g. country or city-level location). |
“Usage data” | Information about how your device has interacted with our Website, including the pages accessed and links clicked. |
“Website” | The website owned by LexelerateAI located at https://lexelerate.ai/. |
Personal data we collect
Data about you may be shared and collected directly from you or from third parties.
Under “data provided by you” we mean:
- Data collected voluntarily
We process your personal data when you contact us through the Website, social media, email, etc. and intentionally share certain information with us through the Website’s feature or direct correspondence. All personal information that you provide to us needs to be true, complete, and accurate, and you are obliged to notify us of any changes to such personal information.
- Data collected automatically when you access and use our Website
Includes information such as:
- Your IP address,
- Device type,
- Unique device identification number,
- Browser-type,
- Broad geographic location (e.g. country or city-level location).
We may also collect information about how your device has interacted with our Website, which includes the pages accessed and links clicked. Collecting this information enables us to better understand the interests of the visitors who visit our Website, where they come from, and what content on our Website is relevant to them.
This information is collected primarily by using cookies and similar tracking technology, as explained in more detail in our Cookie Policy.
- Personal data we collect about you from third parties
In some cases, we may obtain your personal data without you giving us such data directly.
Personal Data We Collect, Why, on What Ground
DATA WE COLLECT | PURPOSE | LEGAL BASIS | RETENTION PERIOD |
Technical and Usage data are collected primarily by using cookies and similar tracking technology, as explained further in our Cookie Policy. | Collecting this information enables you to navigate through a website and use the different options or services that exist within it and enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. | Your consent. | Until the withdrawal of your consent. You can withdraw your consent at any time at your cookie setting as explained in our Cookie Policy. The withdrawal of consent does not affect the lawfulness of the processing based on the consent prior to such withdrawal. |
Contact details and other information you choose to share with us in your inquiry via our Website, email provided on the Website, or otherwise. | To respond to your inquiries. | Processing is necessary for the performance of the Agreement or entering into such Agreement with you. | If we do not have legal obligations or some other ground to retain your data as described in this Policy, we will delete them after 30 days from the response to your inquiry. |
Email of subscribers to our Newsletter. | If you would like to receive notifications about changes and developments in AI-related legislation, updated to our Service and Website, you can leave us your email address. | Your consent. | We will keep you on our mailing list until you withdraw your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to such withdrawal. You may unsubscribe from or mailing list at any time, by using the option “unsubscribe” in the email. |
Email, input, or feedback that you provide to our Services when using the AI Act Bot. | We collect data in order to give you access to our chat bot empowered by artificial intelligence designed to answer numerous EU AI Act-related questions. | Processing is based on your consent and it is also necessary for the performance of the Agreement in case you want to utilize AI Act Bot as a part of our Service. | If we do not have legal obligations or some other ground to retain your data as described in this Policy, we will delete this data if you withdraw your consent, but no later than 30 days from the delivery of the assessment. |
Full name and email address of the Users who utilize our Free Tool for Risk Assessment. | We collect data in order to give you access to our questionnaire which helps assess your obligations under the EU AI Act. | Processing is based on your consent and it is also necessary for the performance of the Agreement in case you want to utilize Free Tool for Risk Assessment as a part of our Service. | If we do not have legal obligations or some other ground to retain your data as described in this Policy, we will delete this data if you withdraw your consent, but no later than 30 days from the delivery of the assessment. |
Technical data and usage data of the visitors of our Website. | In order to prevent misuse and fraudulent behavior on our Website and thus to protect our business, but also our partners, other Users, we need to process this Personal data. | Processing is based on our legitimate interest and the legitimate interest of our Users, i.e. for the safe usage and functioning of our Website, protection of our business, but also the protection of our Users, which is essential to us. | In accordance with the applicable statutory deadlines. |
We do not process data outside the specified purposes, and, especially, we do not:
- Sell any kind of personal data,
- Disclose this information to other marketers,
- Provide your personal information to any third party individual, government agency, or company at any time unless strictly compelled to do so by law.
Data subjects under the age of 16
Our Website is not intended for minors, and we do not knowingly collect data relating to a person younger than 16. If you are under the age of 16, please do not provide any personal information about yourself to us. If we detect that we have collected personal information from a person under the age of 16, such information will be deleted promptly. If you believe we have collected personal information regarding a child under the age of 16, please contact us at office@lexelerate.ai.
Usage of your personal data
None of your personal data will be used by LexelerateAI, unless we have your consent or if some other legally valid reason applies. Your personal data will be used only for the purposes we collected it for, and only when we have a reasonable and lawful basis to do so.
In order to achieve the highest level of personal data security, our staff is legally bound by the professional secret. Furthermore, we use adequate legal, technical, and organizational measures to prevent any disclosed information is revealed outside the legal purpose for which it was collected.
Who do we share your personal data with?
To be able to perform some processing activities, we may require additional support from external processors. In such situations, LexelerateAI uses information audits to identify, categorize and make records of all personal data that is processed outside of LexelerateAI – that way, all the information, processing activity, processor, and legal basis are recorded, reviewed, and easily accessible.
Such external processing may include (but is not limited to):
- IT Systems and Services,
- Legal Services,
- Financial Services
- Human Resources,
- Direct Marketing Services.
We may be legally required to share certain information, including your personal data, with e.g. public authorities or governmental bodies; in such cases, we will not require your further consent in order to share your personal data in such circumstances.
Data Transfers
We may transfer your personal data to countries other than the one you reside in. In these cases, we will transfer your personal data only:
- To the countries within the EEA, where our cloud servers are located;
- To the countries which do not form the EEA but are considered to ensure an adequate level of protection;
- To the countries which do not belong to those specified under items 1. and 2, but only by applying the appropriate safeguard measure in accordance with the GDPR (for example, applying standard contractual clauses), for example to the Republic of Serbia where the registered seat of the founder of LexelerateAI is located.
Since our processor, Google LLC is on the Data Privacy Framework List, as a reliable mechanism for Personal data transfers from the EU to the US, it is being considered that Google LLC provides an adequate level of Personal data protection.
For transfers of data to the other processors in the US, we will make sure that the recipient has a Data Processing Agreement in place with the applicable standard data protection clauses.
Data subject’s rights
As a Data subject whose personal information we hold, you have certain rights under the GDPR. This Section of our Privacy Policy should provide you with general information and an explanation of these rights.
In relation to each of the rights noted below, we have also provided a reference to the specific provision of the GDPR from which that right arises. So, in case you are interested in finding out more about it, you can easily access it.
Right to withdraw the Consent Article 7(3)c of the GDPR | If you have provided your consent to the collection, processing, and transfer of your Personal data, you have the right to withdraw your consent – fully or partly. Once we have received a notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented, unless there is another legal ground for the processing. |
Right to access Article 15 of the GDPR | You can send us a request for a copy of the Personal data we hold about you. We have ensured that appropriate measures have been taken to provide such a copy in a transparent and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data subject and with prior verification as to the subject’s identity. Information will be provided to the Data subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary. |
Right to rectification Article 16 of the GDPR | If the Personal data we have about you is incorrect, you have the right to request that we correct those data. In such a case, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the Personal data in question to them. |
Right to be forgotten Article 17 of the GDPR | You have the right to request from us that your Personal data be deleted in these situations: – The personal data are no longer needed for the purpose for which they were collected; – You have withdrawn your consent (where the processing was based on consent); – You have objected to the processing and no overriding legitimate grounds are justifying us processing the personal data; – the Personal data was being unlawfully processed; or – the Personal data has to be erased for compliance with a legal obligation. However, this right does not apply where, for example, the processing is necessary to comply with a legal obligation, or for the establishment, exercise, or defense of legal claims. |
Right to the restriction of processing Article 18 of the GDPR | You can exercise your right to the restriction of processing if: – the accuracy of the Personal data is contested, – the processing is unlawful, but you do not want the data erased, – we no longer need the Personal data but you require the data for the establishment, exercise, or defense of legal claims, – you have objected to the processing, but the verification of whether the legitimate reasons of the data controller override those of the Data subject is pending. |
Right to data portability Article 20 of the GDPR | In case you have provided your Personal Data to us, and that data is processed using automated means, you have the right to ask us for a copy of such Personal Data, as well as to have those data transmitted to a third-party data controller. |
Right to object Article 21 of the GDPR | You have the right to object to using your Personal Data in case processing is based on our legitimate interest, as well as if the processing is performed with the purpose of direct marketing, which includes profiling. |
Right to Lodge a Complaint Article 77 of the GDPR | If you have any concerns or requests in relation to your Personal data, please contact us at office@lexelerate.ai and we will respond within 30 days. If you are unsatisfied with how we process your data, you may also contact the competent supervisory authority. In case you believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority located in the EEA where you reside or work or where the alleged infringement took place. |
To exercise any of these rights, please contact us at office@lexelerate.ai.
Keeping your personal data secure
LexelerateAI has implemented appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
However, please note that no method of transmission over the Internet or method of electronic storage is absolutely secure. For that reason, we cannot guarantee its 100% security or confidentiality.
Changes to our Privacy Policy
LexelerateAI reserves the right to change and update this Privacy Policy periodically at its sole discretion.
If we have the possibility to inform you (via email or in a similar manner), we may send you the notice regarding the upcoming changes. In any case, a notice of each change will be published on our Website. Therefore, please review our Privacy Policy from time to time, to make sure you are familiar with the current version.
Please note that any change shall enter into force after being published on our Website. If you do not agree to our Privacy Policy, please stop using our Website immediately.
Get in touch
If you want to exercise any of the rights that you have as a data subject, or you have a question for us regarding this Privacy Policy, please contact us at office@lexelerate.ai.