Przejdź do treści / Skip to content
Back AI TrustCERT

Privacy Policy - AI TrustCERT

Effective date: 29 April 2026
Last updated: 18 June 2026
Version: 1.1

1. General information

This Privacy Policy sets out the rules for processing personal data and the use of cookies and similar technologies on the website available at: www.aitrustcert.pl and www.aitrustcert.com

The website presents the AI TrustCERT programme - a programme supporting organisations in the responsible, safe and structured use of artificial intelligence, in particular through AI literacy training, AI policies, AI tool registries, risk assessments, certifications, reports and documentation.

We care about the privacy of our users and the security of personal data. We process personal data in accordance with applicable law, including the GDPR and regulations concerning electronic communications and cookies.

2. Data Controller

The controller of personal data of website users is:

Moon Lion Media Bartosz Czerniawski
ul. Koralowa 17
66-400 Gorzów Wielkopolski, Poland
VAT ID: 5993246908
E-mail: [email protected]

In this Privacy Policy, the Controller may also be referred to as "we", "us" or "AI TrustCERT".

3. Contact for data protection matters

For any matter relating to the processing of personal data, please contact the Controller:

Email: [email protected]
Postal address: Moon Lion Media Bartosz Czerniawski, ul. Koralowa 17, 66-400 Gorzów Wielkopolski, Poland

The Controller has not appointed a Data Protection Officer, as there is no such legal obligation at the date of publication of this Policy. All data protection enquiries should be addressed directly to the Controller.

4. Key data processing principles

We process personal data in accordance with the following principles:

Lawfulness, fairness and transparency - data is processed lawfully and in a manner understandable to the user.

Data minimisation - we collect only the data needed for the specified purpose.

Purpose limitation - data is used only for clearly defined purposes.

Data accuracy - we ensure data is kept up to date and accurate.

Storage limitation - data is stored only for as long as necessary.

Confidentiality and security - we apply appropriate technical and organisational measures to protect data.

Accountability - we document our activities to demonstrate compliance.

5. What data may we process?

Depending on how you use the website, we may process the following data.

5.1. Contact form data

  • first and last name,
  • organisation name,
  • job title,
  • email address,
  • phone number,
  • message content,
  • information about organisation type,
  • information about number of employees,
  • information about interest in the AI TrustCERT programme,
  • other data provided voluntarily in the form.

5.2. AI Act readiness test or diagnostic form data

If a readiness test, survey, qualification form or diagnostic form is available on the website, we may process:

  • contact person data,
  • organisation data,
  • information about AI tool usage,
  • information about AI policies, procedures, training and registries,
  • information about organisational needs,
  • survey answers,
  • test result or preliminary readiness score,
  • recommended package or implementation scope.

The readiness test is informational and organisational in nature. It does not constitute a legal opinion, compliance audit or guarantee of an organisation's compliance with the EU AI Act.

5.3. Commercial communication data

  • contact details,
  • correspondence history,
  • information about interest in the offer,
  • information about commercial arrangements,
  • data needed to prepare an offer, presentation, quote or implementation proposal.

5.4. Technical and operational data

  • IP address,
  • browser type and version,
  • device type,
  • operating system,
  • approximate location based on IP address,
  • date and time of visit,
  • pages visited,
  • traffic source,
  • cookie identifiers,
  • advertising identifiers,
  • data concerning interactions with the website.

5.5. Advertising campaign and social media data

  • data shared through the relevant platform,
  • profile name,
  • message or comment content,
  • campaign statistics,
  • information about clicks, conversions and interactions,
  • advertising identifiers, where the user has given appropriate consent.

6. Purposes and legal bases for processing

6.1. Handling contact form enquiries

Purpose: responding to messages, contacting the user, providing information about AI TrustCERT, scheduling a call or preparing an offer.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest of the Controller in handling correspondence and communicating with persons interested in the offer. Where an enquiry is aimed at concluding a contract, the basis may also be Art. 6(1)(b) GDPR.

6.2. AI Act readiness test or diagnostic survey

Purpose: assessing an organisation's readiness level, preparing recommendations, qualifying for the appropriate AI TrustCERT package, contacting the user about the test result.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest; or Art. 6(1)(a) GDPR where explicit consent is provided for receiving results or reports.

6.3. Preparing offers and B2B activities

Purpose: preparing offers, commercial contact, negotiations, scheduling presentations, consultations or implementations.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in conducting business activities.

6.4. Newsletter and educational materials

Purpose: sending newsletters, webinar invitations, materials about the EU AI Act, AI literacy, AI governance and the AI TrustCERT programme.

Legal basis: Art. 6(1)(a) GDPR - consent. Consent may be withdrawn at any time.

6.5. Direct marketing of own services

Purpose: informing about AI TrustCERT services, training, events, webinars, packages and implementations.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in marketing own services.

6.6. Website analytics

Purpose: analysing website traffic, measuring campaign effectiveness, improving content and developing the site.

Tool: Google Analytics. Legal basis: Art. 6(1)(a) GDPR - consent. Google Analytics is activated only after consent to analytics cookies is given.

6.7. Advertising, remarketing and conversion measurement

Purpose: running advertising campaigns, measuring conversions, creating audiences and analysing ad effectiveness.

Tools: Meta Pixel, LinkedIn Insight Tag and Google Ads (conversion tracking and remarketing). Legal basis: Art. 6(1)(a) GDPR - consent. These tools are activated only after consent to marketing cookies is given.

6.8. CRM and enquiry management

Purpose: managing enquiries, contacts, leads, sales conversations and the offer process. Tool: monday.com. Legal basis: Art. 6(1)(f) GDPR - legitimate interest in organising the sales process.

6.9. Mailing

Purpose: sending newsletters, educational messages, webinar information and marketing communications. Tool: Brevo. Legal basis: Art. 6(1)(a) GDPR - consent.

6.10. Hosting, technical maintenance and DNS infrastructure

Purpose: maintaining the website, ensuring its operation, security, availability and performance. Tools: Railway.com (application hosting), home.pl (domain provider), Cloudflare (DNS and network infrastructure). Legal basis: Art. 6(1)(f) GDPR - legitimate interest.

6.11. Asserting or defending against claims

Legal basis: Art. 6(1)(f) GDPR.

6.12. Compliance with legal obligations

Legal basis: Art. 6(1)(c) GDPR.

7. Voluntary provision of data

Providing data is voluntary but may be necessary to send an enquiry, receive a response, obtain readiness test results, prepare an offer, subscribe to the newsletter, participate in a webinar or contact us about AI TrustCERT. Failure to provide data may make it impossible to fulfil the chosen purpose.

8. Recipients of data

Personal data may be shared with the following categories of recipients: application hosting provider (Railway.com), domain provider (home.pl), DNS and network infrastructure provider (Cloudflare), technology and educational platform provider (e-LEA Technologies Sp. z o.o.), email service providers, analytics tool providers (Google Analytics), advertising tool providers (Meta Pixel, LinkedIn Insight Tag, Google Ads - Google Ireland Limited), CRM providers (monday.com), mailing system providers (Brevo), IT and security service providers, accounting, legal and advisory service providers, partners involved in handling an enquiry or implementation where necessary and lawful, and public authorities where required by law.

Data is shared only to the extent necessary for the specified purposes.

9. Data transfers outside the European Economic Area

The use of tools such as Google Analytics, Google Ads, Meta Pixel, LinkedIn Insight Tag, monday.com and Brevo may result in personal data being transferred outside the EEA, in particular to the United States. Such transfers take place using mechanisms provided for under the GDPR, including European Commission adequacy decisions, standard contractual clauses, data processing agreements and additional safeguards.

10. Retention periods

10.1. Contact form

Data submitted via the contact form is retained for as long as necessary to handle the enquiry and then for the period required to protect against potential claims, as a rule no longer than 3 years from the end of correspondence.

10.2. AI Act readiness test

Data from the test or survey is retained for the period needed to prepare results, recommendations and an offer, then for archival, analytical or claims-defence purposes, as a rule no longer than 3 years from the last contact.

10.3. Newsletter and mailing

Data processed on the basis of newsletter consent is retained until consent is withdrawn or the newsletter is discontinued. Limited data may be retained after unsubscription to demonstrate that consent was given and withdrawn.

10.4. Marketing data

Data used for direct marketing is retained until an effective objection is raised or consent is withdrawn.

10.5. Technical data and cookies

Retention periods depend on the type of cookie, tool configuration and consent panel settings.

10.6. Claims-related data

Data may be retained for the statutory limitation period applicable to claims under relevant law.

11. Rights of data subjects

You have the following rights under the GDPR:

  • right of access to data,
  • right to receive a copy of data,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability,
  • right to object to processing,
  • right to withdraw consent at any time where processing is based on consent,
  • right to lodge a complaint with a supervisory authority.

Requests to exercise your rights may be sent to: [email protected]

12. Right to object

You have the right to object to the processing of your personal data where processing is based on the Controller's legitimate interest. Where you object to direct marketing, the Controller will cease processing your data for that purpose.

13. Right to withdraw consent

Where data is processed on the basis of consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may withdraw consent by clicking the unsubscribe link in an email, changing settings in the cookie panel, or sending a message to [email protected].

14. Right to lodge a complaint

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the supervisory authority. In Poland:

Prezes Urzędu Ochrony Danych Osobowych
ul. Stanisława Moniuszki 1A
00-014 Warsaw, Poland
www.uodo.gov.pl

15. Automated decision-making and profiling

Personal data is not used to make decisions based solely on automated processing that would produce legal effects or similarly significantly affect users.

If an AI Act readiness test or diagnostic form is available on the website, its result may represent an automatic preliminary classification or recommendation (e.g. readiness level or suggested AI TrustCERT package). This result is prepared using a scoring or rule-based algorithm, without passing user data to LLM tools such as ChatGPT, Claude, Gemini or similar language models. The result is informational and organisational - it does not constitute a legal opinion, compliance audit or guarantee of compliance with the EU AI Act.

16. Use of artificial intelligence systems

The Controller may use selected AI tools on the website, in particular for chatbot support, creating informational, educational, graphic or marketing content, and supporting communication about the AI TrustCERT programme.

Personal data submitted through contact forms, registration forms, AI Act readiness test forms or diagnostic forms is not transmitted to LLM tools such as ChatGPT, Claude, Gemini or similar language models.

If a chatbot based on a language model is available on the website, users will be informed that they are communicating with an AI system. The chatbot provides general information about the AI TrustCERT programme, the EU AI Act, training, certification, the offer and how to contact the Controller. Chatbot responses are informational and auxiliary - they do not constitute legal advice, compliance opinion, audit, administrative decision or binding recommendation.

The Controller does not use AI on the website for emotion recognition, biometric identification, biometric categorisation or assessment of users' personal characteristics. Selected content, graphics, illustrations or informational materials published on the website may be created or supported using AI tools. Such materials are informational, educational or marketing in nature and do not constitute a formal legal opinion or guarantee of any organisation's compliance with the EU AI Act.

For more information see: AI Usage Terms.

17. Cookies and similar technologies

The website uses cookies and similar technologies such as pixels, tags, browser identifiers, local storage, session storage and analytics or advertising scripts. Cookies are small files stored on your device when you visit the website.

18. Categories of cookies used on the website

18.1. Necessary cookies

Required for the website to function correctly, including forms, security, privacy settings and service stability. These cookies may be used without consent where they are strictly necessary.

18.2. Analytics cookies

Used to analyse website traffic, measure content popularity, traffic sources and user behaviour. Tool: Google Analytics. Activated only after the user consents to analytics cookies.

18.3. Marketing cookies

Used for advertising campaigns, remarketing, conversion measurement and audience creation. Tools: Meta Pixel, LinkedIn Insight Tag and Google Ads. Activated only after the user consents to marketing cookies.

18.4. Functional cookies

Used to remember user preferences or improve the operation of selected website features. Applied when the user gives consent, unless strictly necessary.

19. Managing cookie consent

You can manage cookie consent through your browser settings, by deleting cookies from your device, or by blocking cookies in your browser.

20. Tools used on the website

20.1. Google Analytics

Used to analyse website traffic, visit statistics, traffic sources and user behaviour. Activated after consent to analytics cookies.

20.2. Meta Pixel

Used to measure ad effectiveness, create audiences, run remarketing and analyse conversions from Meta campaigns. Activated after consent to marketing cookies.

20.3. LinkedIn Insight Tag

Used to measure LinkedIn campaign effectiveness, analyse conversions, run remarketing and view visitor statistics. Activated after consent to marketing cookies.

20.4. monday.com

Used for CRM, enquiry management, leads, contacts and the sales process. Data submitted through forms may be saved in monday.com when needed to handle an enquiry.

20.5. Brevo

Used for mailing, newsletter delivery, educational messages, webinar information and marketing communications. Data is sent to Brevo only when the user subscribes to the newsletter or consents to communication.

20.6. Own forms

The website uses its own contact and diagnostic forms. Data submitted through forms is passed to the Controller and may be handled in systems such as email, monday.com or other enquiry-management tools.

20.7. home.pl

home.pl acts as domain provider for aitrustcert.pl and aitrustcert.com. Technical data may be processed by home.pl solely to the extent necessary for domain management and maintenance.

20.8. Railway.com

Railway.com is the hosting provider for the AI TrustCERT website application. Technical data and server logs may be processed within Railway.com infrastructure to the extent necessary for the operation, security and availability of the website.

20.9. Cloudflare

Cloudflare provides DNS and network infrastructure services for aitrustcert.pl and aitrustcert.com. Network traffic may be routed through Cloudflare servers, which may involve processing technical data such as IP addresses, to the extent necessary to ensure the availability, security and performance of the website.

20.10. AI chatbot

A chatbot based on a language model may be used on the website. Users should not share personal data, sensitive data, confidential information, client or employee data, trade secrets or documents containing third-party personal data with the chatbot.

20.11. e-LEA Technologies

e-LEA Technologies Sp. z o.o. is the technology and educational platform provider underpinning AI TrustCERT services, in particular training, certificates, tests, user accounts and access to educational materials. User data processed through the platform may be handled by e-LEA Technologies Sp. z o.o. as a data processor or independent controller.

e-LEA Technologies Sp. z o.o.
ul. Mazowiecka 10, 00-048 Warsaw, Poland
VAT ID: PL5993193945, REGON: 366342978, KRS: 0000658749

20.12. Google Ads

Google Ads (provider: Google Ireland Limited) is used for conversion measurement, remarketing and assessing the effectiveness of advertising campaigns in the Google network. It uses the Google tag (gtag.js) and cookies such as _gcl_au. The tool is activated only after consent to marketing cookies is given. Data may be transferred to Google outside the EEA (in particular to the USA) using the mechanisms provided for under the GDPR. Consent can be withdrawn at any time in the cookie settings panel, which deletes the associated cookies.

21. Security of data

The Controller applies technical and organisational measures to protect personal data, including SSL/TLS encryption, server security, access controls, password and authentication mechanisms, backups, system updates, incident response procedures and data processing agreements with service providers.

22. Confidentiality of form submissions

Please do not submit confidential information, trade secrets, special category data or data not necessary for handling your enquiry through website forms. In particular, please do not submit medical data, national identification numbers, identity documents, passwords, payment card data, client or employee data, documents containing third-party personal data or legally protected information.

23. Links to external websites

The website may contain links to external websites, social media platforms, webinar platforms, forms, payment systems or partner sites. The Controller is not responsible for the privacy practices of external services.

24. Children and minors

The website is intended for adults, organisations, businesses, public institutions, universities and business partners. The Controller does not intentionally collect data from children or minors.

25. Changes to this Privacy Policy

The Controller may update this Privacy Policy in the event of changes to applicable law, the scope of the website's activities, the introduction of new forms or tools, changes to service providers or the development of the AI TrustCERT programme. The current version will always be published on the website.

26. Services provided through the e-LEA platform

The websites aitrustcert.pl and aitrustcert.com are informational and contact websites. Users do not create accounts directly on these websites unless explicitly stated otherwise.

Selected services related to the AI TrustCERT programme - such as training, tests, certificates, reports, user accounts or access to educational materials - may be provided through the e-LEA system. When registering in the e-LEA system, users may receive separate terms and conditions, privacy policies or information clauses regarding the processing of data within that system.

The owner of e-LEA Technologies rights is:

e-LEA Technologies Sp. z o.o.
ul. Mazowiecka 10, 00-048 Warsaw, Poland
VAT ID: PL5993193945, REGON: 366342978, KRS: 0000658749

27. Final note

AI TrustCERT is not an official state or EU certificate. It is a programme supporting organisations in the responsible, safe and documented use of artificial intelligence.

Test results, recommendations, educational materials, automatically generated information or AI-supported content are informational and auxiliary in nature. They do not constitute a formal legal opinion, compliance audit or guarantee of any specific organisation's compliance with the EU AI Act.

AI TrustCERT

AI Literacy training · AI Governance platform included

© 2026 Moon Lion Media Bartosz Czerniawski. All rights reserved.

aitrustcert.pl · aitrustcert.com

Navigation

  • Training
  • Platform
  • EU AI Act
  • Pricing
  • Contact
  • News
  • AI Ready Check

Legal

  • Privacy Policy
  • AI Usage Terms

Newsletter

Updates on the EU AI Act, AI Governance and our training.

You have joined the AI TrustCERT newsletter. If the welcome email didn't arrive, check your spam folder.

Something went wrong. Please try again.

AI TrustCERT supports organisations in preparing, implementing and documenting actions related to AI Governance, AI Literacy and AI Compliance. The system helps collect evidence of due diligence, but does not guarantee the organisation’s compliance with the AI Act or the absence of administrative sanctions. It does not replace individual legal advice.

© 2026 Moon Lion Media Bartosz Czerniawski. All rights reserved.
Privacy PolicyAI Usage Terms