Personal Data Protection Policy (GDPR)

This document describes how Bilionbuy International s.r.o. (hereinafter 'Operator') handles your personal data when using our artificial intelligence-based platform. Our priority is transparency and protection of your privacy.

Business name: Bilionbuy International s.r.o.

Registered office: Farbiarska 53/29, 064 01 Stará Ľubovňa

Company ID: 56190999

Responsible person (DPO): Mgr. Štefan Lazorčák

Contact for data protection issues: hello@aipersecond.com

Identification data: Name, surname, email address, telephone number.

Account data: Login credentials, payment history, preferences, settings.

User inputs (Prompts): Text content, files or other data that you enter into the system when interacting with our AI.

Technical data: IP address, browser type, device, website behavior records (cookies – detailed in the Cookie Policy document).

Referral data: Email addresses of people you have invited to the program and the status of their registration.

Service provision (AI): Performance of contract.

Security and operation: Legitimate interest.

Marketing and newsletter: Your explicit consent.

Referral program: Performance of contract / Legitimate interest.

Our platform uses AI algorithms to analyze your inputs in order to provide a personalized response.

No training on your data: We do not use your private inputs and conversations to train publicly available AI models of third parties.

Automated decision-making: The system may automatically generate recommendations based on your inputs. However, you have no legal or other significant consequences resulting solely from automated decision-making without human intervention.

Encryption: Data is encrypted in transit and at rest.

Limited access: Employees of the Operator do not have access to the content of your conversations except in cases of technical support requested directly by you.

Third parties: We do not share your data with marketing agencies. Our own systems operate in the EU/EEA. To provide the AI features we use third-party providers who may process your data outside the EU/EEA; in such cases the transfer is secured by appropriate safeguards under the GDPR – in particular Standard Contractual Clauses (SCC) within concluded data processing agreements (DPA).

Accounting documents: 10 years (as required by law).

Account data: For the duration of your account's existence.

Conversation history: For the continuity of the user's work, it is retained until the user manually deletes it or until the account is cancelled.

As a data subject, you have the right to:

• Access to data: Obtain a copy of your processed data.

• Correction: Request correction of inaccurate data.

• Deletion (Right to be forgotten): Request deletion of your data if no longer needed.

• Processing restriction: Suspend processing in specified cases.

• Portability: Obtain your data in machine-readable format.

• Objection: To processing based on legitimate interest.

• Complaint: You have the right to lodge a complaint with the supervisory authority of the country whose legislation applies to you.