About us
FKOLO.pl sp. z o.o., headquartered in Warsaw, ul. Dereniowa 11 lok. 8, KRS no. 0000003630, hereinafter referred to as the Administrator in this Privacy Policy. The Administrator has not appointed a Data Protection Officer due to the lack of such an obligation. Personal data is processed to the extent necessary for the execution of the agreement concluded by the User with the Administrator, as well as to the extent necessary for the Administrator to take actions at the User’s request, and to the extent necessary to fulfill the legal obligation imposed on the Administrator. Personal data is collected and processed in the manner and on the principles set out in this Policy, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: GDPR, as well as the Act of 10 May 2019 (Journal of Laws 2018, item 1000), consolidated text of 30 August 2019 (Journal of Laws 2019, item 1781), hereinafter: Data Protection Act.

General provisions
The Administrator pays particular attention to the protection of the privacy of all individuals whose personal data it processes. A key aspect of this protection is safeguarding the rights and freedoms of natural persons in connection with the processing of their data. We ensure that your data is processed in compliance with the GDPR, the Data Protection Act, as well as specific regulations (including labor law and the Accounting Act). The Administrator is the controller of personal data within the meaning of Article 4(7) GDPR. We also use the services of processors as defined in Article 4(8) GDPR – they process personal data on behalf of the Administrator (e.g. server providers, IT specialists, etc.). As the Administrator, we implement appropriate technical and organizational measures to guarantee a level of security proportional to the potential risk of violating the rights or freedoms of natural persons, considering both probability and severity of threats. We use data transmission encryption (SSL), encryption at rest, restricted staff access, regular security audits, and backups. We also apply policies and procedures, as well as organize regular training to enhance our employees’ knowledge and competence in this area.

How we use your personal data
As the Administrator, we process your data to provide our OKTO service – an AI virtual assistant enabling integration with user applications (such as Gmail, Google Calendar, Microsoft Outlook, task lists, etc.) and performing automated actions based on entered or integrated data, such as: handling technical requests and user support, sending system information and notifications, internal analysis and optimization of the service, and direct marketing (based on appropriate consent). We share your data with third parties only with your consent or when required by law.

On what principles and legal basis we process your data
We take special care to protect the interests of data subjects, ensuring in particular that personal data is:

• processed lawfully, fairly, and transparently;
• collected for specific, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes;
• adequate, relevant, and limited to what is necessary for processing purposes;
• accurate and, where necessary, kept up to date – we act to ensure that inaccurate data is promptly deleted or rectified;
• stored in a form allowing identification of the data subject no longer than necessary;
• processed in a manner that ensures appropriate security, including protection against unlawful processing, accidental loss, or destruction.

Your data is usually processed based on consent, which can be withdrawn at any time. In some cases, processing is necessary to fulfill a legal obligation imposed on us as the Administrator. Processing may also be necessary for purposes arising from our legitimate interests, such as conducting business activities.

Personal data we collect
The scope of personal data collected by the Administrator may vary depending on the purpose of processing. The Administrator collects, among others:

• Identification data: name, surname, email address, phone number.
• Login data: authentication data (OAuth tokens) for Google and Microsoft services.
• Data from integrated applications: contents of emails, calendars, tasks, notes.
• Technical data: IP address, device type, operating system, error logs.
• Communication data: messages sent via interfaces (e.g. chat).
• Operational and statistical data: usage patterns, number of interactions, etc.

Your rights
We aim to provide all relevant information in a concise, transparent, understandable, and easily accessible form, in clear and plain language, and to communicate with you regarding the processing of personal data in connection with your rights, including the right to:

• information at the time of data collection,
• information upon request – including whether data is processed and other details under Article 15 GDPR, including the right to a copy of the data,
• rectification of data,
• erasure (“right to be forgotten”),
• restriction of processing,
• data portability,
• objection,
• not to be subject to automated decision-making (including profiling),
• information about data breaches.

To exercise your rights, please contact us at: hi@aioktopus.com

How we will contact you
We provide information in writing or otherwise, including electronically where appropriate. If you request, we may provide information orally, provided your identity is confirmed by other means. If you submit your request electronically, we will respond electronically where possible unless you indicate a different preferred form of communication.

Response timeframe
We aim to provide information without undue delay – generally within one month of receiving a request. If necessary, this period may be extended by two further months due to the complexity or number of requests. In any case, within one month we will inform you of the actions taken and (where applicable) the extension and reasons for the delay.

Subprocessors / processors
If we cooperate with entities processing data on our behalf, we use only those that provide sufficient guarantees of implementing appropriate technical and organizational measures to meet GDPR requirements and protect the rights of data subjects. We carefully verify such entities, conclude detailed agreements with them, and conduct periodic compliance checks.

How we safeguard your data processing
To meet legal requirements, we have developed detailed procedures covering:

• data protection by design and by default,
• data protection impact assessments,
• breach notification,
• maintaining records of processing activities,
• data retention,
• exercising data subjects’ rights.

We regularly review and update our documentation to demonstrate compliance with GDPR accountability principles and to incorporate best market practices in the interest of data subjects.

Data retention
We store personal data in identifiable form no longer than necessary for processing purposes. After that period, data is anonymized (removing identifying features) or deleted. Data deletion is complete and permanent. Our retention procedures ensure:

• limiting storage periods to the minimum,
• setting deletion deadlines and criteria, or periodic reviews.

The retention period is determined primarily by legal requirements (e.g. employment records, accounting documents) and the Administrator’s legitimate interests (e.g. marketing activities). The policy covers both paper and electronic data.

Authorizations
We ensure that every person authorized by us and having access to your personal data processes it only on our instructions, unless otherwise required by EU or Member State law.

Cookies
“Cookies” are small files stored on your computer, containing settings and other information used on websites you visit. Cookies may store site settings or be used to track user interactions with the site. We use cookies, among others, to customize our site content to your preferences, optimize website use, maintain your session (after login, so you don’t need to re-enter login details on each page), as well as to support and enforce security measures.