Privacy policy

1. General information

This Privacy Policy applies to the website available at https://www.behaviorai.eu, the Beta Waitlist, the Beta Program, and related communications operated by BehaviorAI.

The controller of personal data is DM Dots Sp. z o.o., with its registered office in Gałówek (55-330), Gałówek 37, NIP 9131633963, KRS 0000995121.

Contact e-mail address of the controller: contact@behaviorai.eu

The controller processes personal data in accordance with the GDPR, including Regulation (EU) 2016/679, and applicable provisions of Polish law.

2. Scope of this Privacy Policy

This Privacy Policy applies in particular to personal data processed in connection with:

  • browsing the Website,
  • submitting forms on the Website,
  • joining the Beta Waitlist,
  • receiving beta-related operational communications,
  • receiving newsletter or product updates where separate consent has been given,
  • creating and using an Account in the Beta Program through Memberstack,
  • contacting the controller,
  • handling complaints, claims, or legal obligations.

3. Categories and sources of personal data

The controller may process in particular the following categories of personal data:

  • identification and contact data, including e-mail address,
  • professional or profile information voluntarily provided during Beta Waitlist registration, such as role or experience,
  • account-related data processed in connection with registration and login through Memberstack,
  • communication data, including messages sent to the controller,
  • technical data, including IP address, browser data, device data, logs, and cookie-related data.

Personal data is obtained:

  • directly from the data subject,
  • through forms available on the Website,
  • through systems used to manage the Beta Waitlist and Beta Program,
  • through Memberstack in connection with account creation, authentication, and account management,
  • through MailerLite in connection with newsletter or product update subscriptions,
  • automatically through cookies, logs, and other standard website technologies.

4. Purposes, legal bases, and retention periods

The controller processes personal data for the following purposes:

  1. Operation of the Website and technical security
    Purpose: ensuring the proper operation, security, and integrity of the Website and related systems.
    Legal basis: Article 6(1)(f) GDPR, namely the controller's legitimate interest in securing and administering the Website.
    Retention: for the period necessary for technical administration, security, and log analysis, and no longer than required for these purposes.
  2. Handling contact requests and correspondence
    Purpose: responding to messages, inquiries, and requests sent to the controller.
    Legal basis: Article 6(1)(f) GDPR, namely the controller's legitimate interest in handling correspondence, and where applicable Article 6(1)(b) GDPR where the correspondence concerns steps prior to entering into an agreement.
    Retention: for the period necessary to handle the correspondence and thereafter for the period necessary to establish, exercise, or defend legal claims.
  3. Beta Waitlist registration and administration
    Purpose: operating the Beta Waitlist, receiving registrations, evaluating candidates for possible participation in the Beta Program, and organizing invitations.
    Legal basis: Article 6(1)(b) GDPR, to take steps at the request of the data subject and to perform the Beta Waitlist / Beta Program Agreement, and Article 6(1)(f) GDPR to administer and develop the Beta Program.
    Retention: until removal from the Beta Waitlist, closure of the relevant beta recruitment round, or expiry of the period necessary to establish, exercise, or defend legal claims.
  4. Operational Beta Program communications
    Purpose: sending messages related to the Beta Waitlist or Beta Program, including invitation e-mails, onboarding information, service-related notices, account-related messages, and other operational communications connected with the Beta Program.
    Legal basis: Article 6(1)(b) GDPR where such communication is necessary to perform the applicable agreement, and Article 6(1)(f) GDPR for the controller's legitimate interest in operating the Beta Program.
    Retention: for the duration of the relevant waitlist or account relationship and thereafter for the period necessary to establish, exercise, or defend legal claims.
  5. Newsletter and product updates
    Purpose: sending newsletter communications, product updates, or other marketing information where the data subject has separately opted in.
    Legal basis: Article 6(1)(a) GDPR, i.e. consent, together with any additional requirements resulting from applicable marketing and electronic communications laws.
    Retention: until consent is withdrawn, unsubscribe is exercised, or the controller decides to discontinue the relevant communications, and thereafter only to the extent necessary to demonstrate compliance or handle claims.
  6. Account creation and use in the Beta Program
    Purpose: creating, activating, maintaining, and securing the Account; enabling login; handling password reset; providing the Beta Services through Memberstack and related systems.
    Legal basis: Article 6(1)(b) GDPR, because the processing is necessary for performance of the beta service agreement, and Article 6(1)(f) GDPR for account security and fraud prevention.
    Retention: for the duration of the Account and thereafter for the period necessary to comply with legal obligations and to establish, exercise, or defend legal claims.
  7. Complaints, legal obligations, and claim handling
    Purpose: handling complaints, complying with legal obligations, and establishing, exercising, or defending legal claims.
    Legal basis: Article 6(1)(c) GDPR where processing is necessary to comply with a legal obligation, and Article 6(1)(f) GDPR where processing is necessary for the controller's legitimate interest in claim handling and legal defense.
    Retention: for the period required by law or until expiry of the applicable limitation periods.

5. Provision of data

Providing personal data is voluntary, but it may be necessary depending on the relevant functionality or relationship with the controller.

In particular:

  • providing data in the Beta Waitlist form is necessary to join the Beta Waitlist,
  • providing an e-mail address is necessary to receive Invitation or operational Beta Program communications,
  • providing account-related data is necessary to create and use an Account,
  • giving separate newsletter consent is optional and is not required to join the Beta Waitlist or to be considered for the Beta Program.

6. Recipients of personal data

Personal data may be disclosed to recipients acting on behalf of the controller or independently where required by law or by the nature of the service.

Recipients may include in particular:

  • Webflow, as the provider of the website and form infrastructure,
  • MailerLite, as the provider used for newsletter, product update, or e-mail communication workflows,
  • Memberstack, as the provider used for account creation, authentication, access management, and related account operations,
  • providers of hosting, IT, security, maintenance, and communication services,
  • professional advisers, including legal and accounting advisers, where necessary,
  • public authorities or other entities entitled to receive data under applicable law.

The controller uses only such recipients as are necessary for the relevant processing purpose.

7. Transfers outside the EEA

Some of the service providers used by the controller may process personal data outside the European Economic Area or may use infrastructure located outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, the controller applies appropriate safeguards required by the GDPR, which may include:

  • a European Commission adequacy decision,
  • standard contractual clauses approved by the European Commission,
  • other lawful transfer mechanisms provided for under the GDPR.

Information about specific transfer safeguards may be requested from the controller.

8. Rights of the data subject

Subject to the conditions and limitations provided for in the GDPR, the data subject has the right to:

  • access personal data,
  • obtain rectification of personal data,
  • obtain erasure of personal data,
  • obtain restriction of processing,
  • receive personal data in a portable format where applicable,
  • object to processing based on Article 6(1)(f) GDPR,
  • withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal,
  • lodge a complaint with the President of the Personal Data Protection Office.

If the data subject wishes to exercise any of the rights above, they may contact the controller at contact@behaviorai.eu.

9. Forms, e-mail communications, and Beta Waitlist

The Website may contain forms enabling users to contact the controller or register for the Beta Waitlist.

Data entered in such forms is processed for the purpose resulting from the function of the specific form, in particular:

  • contact handling,
  • Beta Waitlist administration,
  • qualification for the Beta Program,
  • sending Invitation or onboarding communications,
  • handling voluntary newsletter subscriptions where separate consent is collected.

Joining the Beta Waitlist does not automatically create an Account and does not automatically subscribe the user to marketing communications unless a separate optional consent is given.

10. Memberstack Accounts

If a person is invited to the Beta Program and creates an Account, personal data may be processed through Memberstack for purposes including:

  • account creation and activation,
  • authentication and login management,
  • password reset,
  • account access control,
  • account-related security and operational notices.

The controller remains the controller of personal data processed in connection with the Account, while Memberstack may act as a processor or service provider used for account-related operations.

11. Cookies and similar technologies

The Website may use cookies and similar technologies necessary for:

  • proper operation of the Website,
  • remembering basic user settings,
  • security,
  • enabling account-related functions after login,
  • other functions lawfully implemented on the Website.

Where non-essential cookies or similar technologies are used, including analytical or marketing technologies, the controller should obtain consent where required by law before such technologies are activated.

Cookie settings may also be managed in the browser, but restricting some cookies may affect the operation of selected Website functionalities.

12. Automated decision-making

The controller does not use solely automated decision-making producing legal effects or similarly significantly affecting the data subject, unless this is clearly communicated separately and a lawful basis exists.

13. Final information

The controller may amend this Privacy Policy where necessary due to changes in law, technology, organizational processes, or the Beta Program and related services.

The current version of the Privacy Policy should be made available on the Website.

List of Trusted Partners

Google
Purposes of processing: Personal data is processed in connection with communication with participants and the use of Google service functionalities, such as event scheduling, sending event invitations, and organizing surveys and forms in which the User expresses a willingness to participate. In addition, lists of event participants are processed when necessary for the organization and management of a given event, provided that the participant registers and gives consent. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) in managing communication, promoting events, and ensuring the efficient organization of activities, as well as the User’s freely given consent where required.
Partner’s privacy policy: https://policies.google.com/privacy?hl=pl
Partner’s website: https://google.com

YouTube
Purposes of processing: Processing solely in connection with running the profile, including informing Users about the Controller’s activities and promoting various events, services, and products, as well as communicating with users through functionalities available on social media platforms. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting of promoting its own brand and building and maintaining a community around the brand.
Partner’s privacy policy: https://policies.google.com/privacy
Partner’s website: https://policies.google.com/

LinkedIn
Purposes of processing: Processing solely in connection with running the profile, including informing Users about the Controller’s activities and promoting various events, services, and products, as well as communicating with users through functionalities available on social media platforms. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting of promoting its own brand and building and maintaining a community around the brand.
Partner’s privacy policy: https://www.linkedin.com/legal/privacy-policy
Partner’s website: https://www.linkedin.com/

Meta – Instagram
Purposes of processing: Processing solely in connection with running the profile, including informing Users about the Controller’s activities and promoting various events, services, and products, as well as communicating with users through functionalities available on social media platforms. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting of promoting its own brand and building and maintaining a community around the brand.
Partner’s privacy policy: https://privacycenter.instagram.com/
Partner’s website: https://www.instagram.com/

MailerLite
Purposes of processing: Processing solely for the purpose of informing Users about the Controller’s activities and promoting various events, services, and products, as well as communicating with users. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting of promoting its own brand and building and maintaining a community around the brand.
Partner’s privacy policy: https://www.mailerlite.com/pl/legal/privacy-policy
Partner’s website: https://www.mailerlite.com/pl

MemberStack
Purposes of processing: Processing solely for the purpose of informing Users about the Controller’s activities and promoting various events, services, and products, as well as communicating with users. The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting of promoting its own brand and building and maintaining a community around the brand.
Partner’s privacy policy: https://docs.memberstack.com/hc/en-us/articles/11419812024347-Privacy-Policy
Partner’s website: https://www.memberstack.com/