• Legal

Privacy Policy

Speednet Sp. z o.o. · Data Privacy Officer: Barbara Chaberka · privacy@speednet.pl

01Core privacy principles

We commit to the following foundational protections:

• Personal data transfers only occur with EU entities under GDPR or those meeting adequate protection standards.
• Marketing by electronic communication requires express consent per Polish electronic services law.
• Marketing via telecommunications requires explicit consent under Polish Telecommunications Law.
• Data retention continues as long as necessary to pursue the purposes described in this Privacy Policy.
• Users may access, rectify, erase, or restrict their data by contacting privacy@speednet.pl.
• Cookie usage follows the accompanying Cookie Policy with user consent.
• Speednet minimises the scope of gathered data — we do not collect data we believe to be unnecessary.

02Information we collect

Automatically collected

• Usage patterns, IP addresses, browser type, device information, server log data.
• Session and persistent cookies for account preferences and analytics.

User-provided

• Account information — name, email address, company, role, and authentication credentials.
• Documents, policies, contracts, and other files uploaded to the Auditor platform by Subscribers for analysis.
• Newsletter and event subscription details.
• Communications — information you provide when contacting support, requesting a demo, or corresponding with us.
• CV submissions and employment applications.

03Processing purposes and legal bases

Communications (Legitimate Interest — GDPR Article 6.1.f)

We process names, contact details, location, and communication content to respond to inquiries, organise meetings, record communications (with consent), and manage interactive features.

Platform services (Contract — Article 6.1.b)

We process account information and uploaded content to provide the Auditor platform services, including document analysis, gap identification, evidence pack generation, and compliance reporting. When processing documents uploaded by Subscribers, Speednet acts as a data processor on behalf of the Subscriber.

AI and document processing

Auditor uses artificial intelligence to analyse documents against regulatory frameworks. Important guarantees:

• Zero-training guarantee — your documents and prompts are never used to train foundation models. This is enforced contractually and technically.
• Workspace isolation — each Subscriber's data is logically isolated. No cross-tenant data access is possible.
• Transient processing — documents are processed in memory and not retained beyond the scope of the analysis unless explicitly saved by the Subscriber.

Marketing and analytics (Consent — Article 6.1.a)

With your consent, we use data to support marketing research, visitor analytics, campaign assessment, personalised communications, and advertising targeting.

Business relations (Legitimate Interest — Article 6.1.f)

Names, contact details, positions, company information, and communication records are processed to maintain relationships, develop new business, provide service updates, organise contracts, and ensure compliance with sanctions, anti-corruption, and anti-money laundering requirements.

Security (Legitimate Interest — Article 6.1.f)

Uploaded personal data, automatically collected device data, cookies, and web beacons are processed to maintain website and platform security, prevent fraud, protect rights, and defend intellectual property interests.

Legal and contractual requirements (Legal Obligation — Article 6.1.c)

We may disclose information where we, in good faith, believe that the law or legal process (such as a court order, search warrant, subpoena, or other lawful requests by public authorities) requires us to do so.

04Data sharing

We do not sell personal data. We share data only in the following circumstances:

• AI model providers — document content may be sent to third-party AI providers (e.g., Anthropic, OpenAI, Azure) for inference. All providers are contractually bound by data processing agreements that prohibit training on customer data.
• Infrastructure providers — we use cloud infrastructure providers for hosting and storage, subject to appropriate safeguards and strict confidentiality obligations.
• Legal requirements — we may disclose information to comply with applicable law, legal process, or governmental request.

Access is restricted to Speednet employees, affiliates, contractors, directors, technology providers, and service providers with strict confidentiality obligations. Failure to meet obligations may result in discipline or termination.

05Your rights under GDPR

Under EU Regulation 2016/679 and applicable data protection laws, you have the right to:

• Request access to the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Request erasure of your data (right to erasure).
• Restrict or object to processing.
• Data portability — receive your data in a structured, commonly used, machine-readable format.
• Withdraw consent at any time without affecting prior lawful processing.
• Choose whether information is disclosed to third parties or used for materially different purposes.
• Lodge a complaint with the Polish supervisory authority (UODO) or your local data protection authority.

To exercise your rights, contact privacy@speednet.pl or write to our registered address. Responses generally occur within one month; complex requests may take longer with notification.

Erasure may be refused for legal reasons. Some legitimate interests such as security reasons or other legal retention requirements may supersede any right to erasure requests.

No fees apply except for unfounded, repetitive, or excessive requests.

Personal data will not be subject to automated decision making, including profiling.

06Data security

We maintain reasonable safeguards to protect the security of our servers and your personally identifiable information, including SSL encryption which aims to prevent any unauthorised third party from obtaining or modifying any electronically transmitted personal data.

However, no security measures are 100% effective and we cannot guarantee the absolute security of your personal data. We implement appropriate technical and organisational measures including encryption in transit and at rest, access controls, audit logging, and regular security assessments.

07Data retention

Data processed on a consent basis remains during an unlimited period of time (or until the consent is revoked), unless otherwise prescribed or permitted by applicable law. Following consent withdrawal, we retain minimal data (name, contact details, references, notes) under alternative legal grounds.

Subscriber content uploaded to the Auditor platform is retained according to the Subscriber's configured retention policies. When a Subscriber deletes content or terminates their account, we delete the associated data within 30 days, except where retention is required by law.

Retention continues indefinitely when required by law, relevant to ongoing or prospective proceedings, or necessary to establish, exercise, or defend legal rights, including fraud prevention and credit risk reduction.

08Data transfers

Speednet is based in the European Union (Poland). We offer EU, UK, and US hosting options. Personal data transfers only occur with EU entities under GDPR or those meeting adequate protection standards. When data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under GDPR.

09Cookies

Cookies are small text files containing a string of alphanumeric characters, downloaded to your device to improve your experience. We use the following categories:

• Strictly necessary — fundamental for website browsing and feature usage. May be disabled via browser settings, which may affect functionality.
• Functional — remember registration status, user details, and preferences across interactions.
• Performance — collect anonymous usage statistics to improve the Services.
• Optional / behavioural — improve experience and deliver tailored content. Require explicit permission.

You may adjust browser settings to prevent cookie storage or use our Cookie Settings bar to configure your preferences. See our Cookie Policy for full details.

10Changes to this policy

Changes take effect upon posting with effective date updates. Significant changes receive prominent notice, including email notification. Continued use of the Services constitutes acceptance.

We will seek your affirmative consent prior to applying any material change to this Policy on how we use or disclose personally identifiable information to information we collected or received prior to the date of the change.

11Contact

Speednet Sp. z o.o.
Olivia Centre (Star)
al. Grunwaldzka 472C, 80-309 Gdańsk, Poland
KRS 0000295602 · NIP 5862208698 · REGON 220540536

Data Privacy Officer: Barbara Chaberka
privacy@speednet.pl
speednetsoftware.com