Legal documents
Leadbot Privacy Policy
This Privacy Policy (the "Policy") sets out how Leadbot processes personal data in connection with contact, entering into and performance of agreements, and delivery of AI assistant implementation, configuration and maintenance services. Using Leadbot's services or contacting Leadbot may involve processing of personal data in line with this Policy.
Leadbot's services are aimed primarily at businesses. In many projects Leadbot acts as a processor on behalf of the client, who remains the controller of data of the client's callers, customers, patients, leads or other end users.
1) PARTIES AND DEFINITIONS
1.1. "Controller" / "Leadbot" means: LEADBOT spółka z ograniczoną odpowiedzialnością, registered office in Wrocław, ul. Stanisława Drabika 22/10, 52-131 Wrocław, Poland, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0001231573, NIP: 8993055216, REGON: 544346881, e-mail: kontakt@leadbot.co.
1.2. "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council.
1.3. "Personal data" means information about an identified or identifiable natural person.
1.4. "Client" means the entity ordering Leadbot's services.
1.5. "Services" means implementation, configuration, maintenance and operation of AI assistants and related workflows, integrations, automation, reporting and operational support.
1.6. "Processor" means Leadbot acting on behalf of the Client as a personal data processor.
1.7. "Sub-processors" means entities supporting Leadbot in providing the Services, acting under processing agreements or other appropriate legal grounds.
2) SCOPE OF THE POLICY
2.1. The Policy applies to processing of personal data in connection with:
(a) contacting Leadbot,
(b) pre-contract activities and performance of agreements and delivery of services,
(c) settlements, accounting and compliance with legal obligations,
(d) ensuring security and quality of the services and pursuing or defending claims,
(e) marketing activities in B2B relations,
(f) handling and analysis of conversations, messages, leads and other data processed within client projects.
3) DATA WE PROCESS
3.1. Depending on the purpose, we may process:
(a) identity data: first and last name, position, role in the organisation,
(b) company data: company name, KRS, NIP, REGON, registered address, billing data,
(c) contact data: e-mail, phone number, other data provided in contact,
(d) communication data: message content, correspondence, meeting notes, information provided in forms,
(e) call data: call recordings, transcripts, summaries, tags, intents, call statuses, notes and data collected by the AI assistant,
(f) technical data: system logs, event IDs, call metadata, IP address, information about integrations and events in the systems,
(g) billing data: information about payments, invoices, subscriptions and billing history.
3.2. Leadbot does not ask for special categories of personal data and does not intentionally process them, unless it is required in a specific project and takes place on an appropriate legal basis defined by the Client. If such data appear in a message or a call, they will be processed only to the extent necessary to handle the case or deliver the service.
4) PURPOSES AND LEGAL BASES OF PROCESSING
4.1. We process data for the following purposes and on the following legal bases:
(a) contact and handling of enquiries – Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR,
(b) pre-contract activities, contract performance and service delivery – Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR,
(c) settlements, accounting and legal obligations – Art. 6(1)(c) GDPR,
(d) ensuring quality, security, service continuity and resolving technical issues – Art. 6(1)(f) GDPR,
(e) pursuing, establishing or defending claims – Art. 6(1)(f) GDPR,
(f) marketing of Leadbot services in B2B relations – Art. 6(1)(f) GDPR, respecting electronic communications rules.
4.2. In projects delivered for Clients, the legal bases for processing end users' data are defined by the Client as the data controller. Leadbot processes such data in line with the agreement, the Client's instructions and the applicable data processing agreement, if required.
5) PHONE CALLS, RECORDING AND TRANSCRIPTS
5.1. In some projects, calls may be recorded, transcribed, analysed, summarised and classified by the systems used to provide the Services.
5.2. The purpose of such processing may be handling of tickets, lead qualification, appointment booking, documenting the course of the call, quality control, security, accountability and handling of complaints or claims.
5.3. The legal basis may be Art. 6(1)(f) GDPR, Art. 6(1)(b) GDPR or Art. 6(1)(c) GDPR, depending on the specific context and Leadbot's role.
5.4. If calls are recorded in a project, information about the recording is provided to the caller at the start of the call in line with the Client's configuration and legal requirements.
6) DATA RECIPIENTS AND SUB-PROCESSORS
6.1. Data may be transferred to entities supporting Leadbot in providing the services, in particular:
(a) providers of IT infrastructure, hosting and cloud services,
(b) providers of CRM, automation, integration and communication tools,
(c) telecom providers, call operators, SIP and voice AI tool providers,
(d) providers of AI, transcription, speech synthesis, call analysis and automation services,
(e) providers of payment and subscription systems,
(f) providers of accounting, legal, tax and administrative services to the necessary extent.
6.2. These entities process data on the basis of appropriate agreements, instructions or other applicable legal bases, and only to the extent necessary to deliver their services.
7) TRANSFER OF DATA OUTSIDE THE EEA
7.1. Depending on project configuration, tools used and provider locations, data may be processed outside the European Economic Area.
7.2. In such cases we apply the safeguards required by law, in particular adequacy decisions, standard contractual clauses and additional security measures where required.
8) DATA RETENTION
8.1. We retain data:
(a) for the time needed to handle the enquiry and run the cooperation,
(b) for the duration of the contract and the period needed for its settlement,
(c) for the period required by law, in particular tax and accounting law,
(d) until claims are time-barred,
(e) for recordings, transcripts and project data: for the period required to fulfil the purpose or the period arising from the contract, project arrangements or Client instructions.
8.2. Where Leadbot acts as a processor, the retention period for end users' data may follow from the contract with the Client or the Client's instructions.
9) DATA SUBJECT RIGHTS
9.1. The data subject has the right to:
(a) access their data,
(b) rectify their data,
(c) erase their data if there is no basis for further processing,
(d) restrict processing,
(e) data portability,
(f) object to processing based on legitimate interest,
(g) lodge a complaint with the President of the Personal Data Protection Office.
9.2. Data-related requests can be sent to: kontakt@leadbot.co.
9.3. Where Leadbot acts as a processor on behalf of a Client, an end-user data request may be passed to the relevant Client as the data controller.
10) LEADBOT AS A PROCESSOR IN CLIENT PROJECTS
10.1. In many rollouts Leadbot acts as a processor on behalf of Clients using AI assistants.
10.2. In such cases:
(a) the Client is the controller of data of its callers, customers, patients, leads or other end users,
(b) Leadbot processes data only within the scope and for the purpose defined in the agreement and in line with the Client's instructions,
(c) the data processing rules for a project may be detailed in a data processing agreement,
(d) the Client is responsible for providing end users with the required information about data processing, including any call recording, where applicable.
10.3. If you contact a business using an AI assistant rolled out by Leadbot, that business is the controller of your data and Leadbot may act as a processor.
11) SECURITY
11.1. Leadbot applies technical and organisational measures appropriate to the risk, including:
(a) access control,
(b) encryption in transit,
(c) accountability of operations and event logging,
(d) data minimisation and restricted access to recordings, transcripts and project data,
(e) applying permissions on a need-to-know basis,
(f) selection of providers with security and data protection compliance in mind.
12) POLICY CHANGES
12.1. The Policy may be updated in response to changes in law, technology, company data, the way services are provided or the tools used.
12.2. The current version is published by Leadbot on its website or made available in another customary way.
13) CONTACT
For matters concerning privacy and personal data protection, you can contact Leadbot at: kontakt@leadbot.co.
