Privacy Policy
This Privacy Policy explains how personal data is collected, used, stored and protected in connection with the website legaldocs.expert and the digital document-generation services offered through it (the "Service").
This Privacy Policy should be read together with our Terms & Conditions. In case of inconsistency between the Terms & Conditions and this Privacy Policy regarding data protection matters, this Privacy Policy prevails.
We follow a data-minimisation approach: as a rule, the information you enter into document fields is processed locally in your browser or on your device and is not transmitted to or stored on our servers, unless this Privacy Policy or the Website clearly states otherwise.
1. Data controller
The controller of your personal data is AXG Sp. z o.o., a limited liability company incorporated under the laws of Poland, with its registered office at ul. Graniczna 29, 40-017 Katowice, Poland, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000563458, NIP 9542756130, REGON 361793430 ("AXG", "we", "us", "our").
You can contact us in all matters relating to the processing of personal data and the exercise of your rights by email at: privacy@legaldocs.expert.
We have not appointed a Data Protection Officer; data protection enquiries should be sent to the address above.
2. Scope of this Policy
This Privacy Policy applies to personal data processed when you visit the Website, create an account, place an Order, make a payment, generate or download a Document, contact us, or otherwise use the Service.
It does not apply to third-party websites, services or applications that we link to but do not control.
3. Data-minimisation and local processing
The Service is designed so that the personal data and other information you enter into document fields are, as a rule, processed locally in your browser or on your device for the sole purpose of generating the Document.
We do not intentionally collect, transmit or store the contents of generated Documents on our servers, unless the Website clearly states otherwise for a specific feature or you voluntarily send such content to us, for example in a support or complaint request.
You should not send us completed Documents, sensitive data, special categories of personal data or confidential third-party information unless strictly necessary.
4. Categories of personal data we process
Depending on how you use the Service, we may process the following categories of personal data:
- account data, such as your email address and password (stored in hashed form);
- order and billing data, such as name or company name, billing address and tax identification where required for invoices;
- payment data, such as payment status, transaction identifiers and confirmation received from our payment provider (we do not store full card numbers);
- content you voluntarily send us, such as messages, attachments or Documents included in a support or complaint request;
- technical and usage data, such as IP address, browser type, device information, language settings, log data, security events and approximate location derived from your IP address;
- communication data, such as the content of your correspondence with us and records of complaints;
- data necessary to establish, exercise or defend legal claims.
Document field data that is processed locally in your browser is not included in the categories above, because it does not reach our servers under normal operation of the Service.
5. Purposes and legal bases of processing
We process personal data only where a legal basis exists under the General Data Protection Regulation (GDPR). In particular:
- to provide the Service, create and manage your account, process Orders and deliver Documents - performance of a contract (Article 6(1)(b) GDPR);
- to process payments and issue invoices, and to comply with accounting and tax obligations - legal obligation (Article 6(1)(c) GDPR);
- to handle complaints, enquiries and support requests - performance of a contract and our legitimate interest in responding to you (Article 6(1)(b) and (f) GDPR);
- to ensure the security of the Website, prevent fraud and abuse, and maintain logs - our legitimate interest in operating a secure service (Article 6(1)(f) GDPR);
- to establish, exercise or defend legal claims - our legitimate interest and, where applicable, a legal obligation (Article 6(1)(f) and (c) GDPR);
- to use optional analytics or similar non-essential technologies - your consent (Article 6(1)(a) GDPR), where such consent is required;
- to send marketing communications, where offered - your consent (Article 6(1)(a) GDPR), which you may withdraw at any time.
Where we rely on legitimate interests, you have the right to object, as described in the section on your rights below.
6. Cookies and similar technologies
We use cookies and similar technologies that are strictly necessary for the Website to function, such as maintaining your session and securing the Service. These do not require consent.
We use non-essential cookies or similar technologies, such as analytics, only with your consent, where required. You can manage or withdraw consent through the cookie settings made available on the Website or through your browser settings.
Disabling certain cookies may affect the availability or functionality of parts of the Service.
7. Recipients of personal data
We share personal data only where necessary and with appropriate safeguards. Recipients may include:
- payment processors that handle Order payments and provide us with payment confirmation and transaction data;
- hosting and infrastructure providers that operate the Website and store account, billing and log data on our behalf;
- analytics, security and anti-fraud providers, where used and where applicable consent has been given;
- email and communication providers used to send service messages and respond to enquiries;
- accounting, tax and legal advisers, and providers of invoicing services;
- public authorities, courts or other bodies where we are required to disclose data by law.
Where these providers act on our behalf, they process personal data as processors under data processing agreements that require them to protect your data and use it only on our instructions.
8. International transfers
We aim to keep personal data within the European Economic Area (EEA).
Where a recipient or processor is located outside the EEA, we transfer personal data only where an adequate level of protection is ensured, for example on the basis of an adequacy decision of the European Commission, Standard Contractual Clauses, or another lawful transfer mechanism under the GDPR.
You may request information about the safeguards applied to such transfers by contacting us at the address above.
9. Retention periods
We retain personal data only for as long as necessary for the purposes for which it was collected, including:
- account data - for as long as your account is active and for a reasonable period afterwards, unless you request earlier deletion;
- order, billing, invoice and tax data - for the period required by applicable accounting and tax law;
- payment and transaction records - for the period required to handle complaints, chargebacks and legal obligations;
- correspondence and complaint data - for as long as necessary to handle the matter and for any applicable limitation period;
- technical and security logs - for a limited period necessary for security, diagnostics and fraud prevention;
- data needed to establish, exercise or defend legal claims - until the relevant limitation periods expire.
When personal data is no longer required, we delete it or irreversibly anonymise it.
10. Your rights
Subject to the conditions and exceptions set out in the GDPR, you have the right to:
- access your personal data and obtain a copy of it;
- request rectification of inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- request restriction of processing;
- object to processing based on our legitimate interests, including profiling;
- data portability, where processing is based on consent or a contract and carried out by automated means;
- withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at the address provided above. We may need to verify your identity before responding.
You also have the right to lodge a complaint with a competent supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warsaw.
11. Automated decision-making and profiling
We do not make decisions that produce legal effects concerning you, or that similarly significantly affect you, based solely on automated processing, including profiling.
12. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure, taking into account the nature, scope and risks of the processing.
However, no internet service, browser-based tool, device or network is completely secure. You are responsible for using a secure device and browser, keeping your account credentials confidential, and protecting access to your email, device and downloaded files.
13. Children
The Service is not directed at children and is not intended for use by persons under the age required to enter into a contract under applicable law. We do not knowingly collect personal data from children.
14. Provision of data
Providing personal data is voluntary, but certain data is necessary to use specific features. For example, an email address is needed to create an account, and billing data is needed to issue an invoice. Without such data, we may be unable to provide the relevant part of the Service.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The current version will always be available on the Website, with the date of the latest update indicated.
Material changes will be communicated by appropriate means where required by law.
16. Contact
For any questions about this Privacy Policy or the processing of your personal data, or to exercise your rights, please contact us by email at: privacy@legaldocs.expert.