Privacy policy

Last updated: 25.05.2026

2. Scope of this policy

This policy describes the rules for processing personal data in connection with the use of elistar.pl, in particular the contact form, the AI automation scanner, the service process diagnosis, public scanner and diagnosis reports, web analytics, technical logs and communication with Elistar.

3. What data may we process?

3.1. Contact form

If you use the contact form, we may process:

• your first name, last name or company name entered in the form,
• email address,
• phone number, if provided,
• the content of the message, including a description of the process, issue or inquiry,
• technical data related to sending the form, such as IP address, date and time of submission, and browser information.

3.2. Free AI diagnosis / AI automation scanner

If you use the free AI diagnosis / AI automation scanner, we may process data entered in the diagnosis form, in particular:

• company name,
• company website address,
• industry and optional industry description,
• employee range,
• the role of the person filling out the form,
• a description of the company, processes, problems, priorities, implementation readiness and budget scale,
• the email address used for code verification,
• phone number, if provided,
• selected consents and declarations,
• the generated report, the technical prompt content, the AI model response, submission status and technical metadata,
• the public token/link to the report and the submission creation and update dates.

3.3. Service process diagnosis

If you use the service process diagnosis, we may process data entered in the diagnosis form, in particular:

• company name,
• first name, last name or contact person details, if provided,
• email address,
• phone number, if provided,
• company website address, if provided,
• company type, staff range and approximate monthly number of service requests,
• answers regarding ticket organization, statuses, communication, devices, warranties, technicians, subcontractors and settlements,
• additional description entered in the form, selected consents and declarations,
• the diagnosis result, the public token/link to the report and technical metadata of the submission.

3.4. Public data

To prepare a diagnosis report, we may analyze publicly available information about the company, including information from the website provided in the form and other information visible publicly on the internet.

3.5. Technical data and logs

In connection with the operation of the website, we may process technical data such as:

• IP address,
• date and time of access,
• the visited subpage URL,
• event type,
• browser and device information,
• port, host and other technical data recorded in server logs or application logs.

4. Purposes and legal bases for processing

We process personal data for the following purposes:

• handling an inquiry from the contact form - the legal basis may be Article 6(1)(b) GDPR if the contact is aimed at concluding a contract, or Article 6(1)(f) GDPR, i.e. our legitimate interest in handling correspondence and business inquiries;
• preparing and making available the report of the free AI diagnosis / AI automation scanner - Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, i.e. performance of the diagnostic service and our legitimate interest in handling the submission;
• preparing and making available the service process diagnosis report - Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, i.e. performance of the diagnostic service and our legitimate interest in handling the submission and preventing abuse;
• verifying the email address with a code - Article 6(1)(f) GDPR, i.e. protecting the form against abuse and reducing false submissions;
• contact after receiving the report or inquiry - Article 6(1)(f) GDPR, and if the contact were to be marketing-related beyond handling the submission, the basis may be consent;
• ensuring security, preventing abuse, troubleshooting errors and protecting claims - Article 6(1)(f) GDPR;
• web analytics and cookies other than necessary ones - based on consent expressed in the cookie banner, in accordance with applicable e-privacy rules and GDPR;
• compliance with legal obligations, where such obligation arises from law - Article 6(1)(c) GDPR.

5. Free AI diagnosis / AI automation scanner

The free AI diagnosis / AI automation scanner is a diagnostic tool. Based on the data entered in the form and publicly available information about the company, it prepares an initial report regarding potential areas for automation, AI, OCR, integrations, web applications or process organization.

The diagnosis report:

• is informational and preliminary,
• is not a full audit, legal analysis, commercial offer or guarantee of results,
• may contain errors, simplifications or inaccurate hypotheses,
• requires verification during a conversation, audit or process analysis,
• does not constitute decision-making producing legal effects for a natural person.

6. Service process diagnosis

The service process diagnosis is an informational tool. Based on the answers from the form, it prepares an indicative report on ticket organization, statuses, customer communication, documentation, warranties, technicians, subcontractors, settlements and reporting.

In the current version, the service process diagnosis report is prepared based on form responses and scoring rules. It is not generated by an external AI model unless this is clearly indicated for a given tool.

The diagnosis report:

• is informational and preliminary,
• is not a full audit, legal analysis, commercial offer or guarantee of results,
• does not evaluate the work of specific individuals,
• requires verification during a conversation, audit or process analysis,
• does not constitute decision-making producing legal effects for a natural person.

7. Use of external AI providers

To prepare a diagnosis report or other analyses, we may use external AI model providers, in particular language model APIs. Data sent to such providers is limited to the scope necessary to perform the given function.

If we use an external AI provider as a processor, the transfer should be based on an appropriate data processing agreement or another equivalent mechanism required by GDPR. Information about current providers and processing rules may be updated in this policy.

8. Data recipients

Data may be shared with the following categories of recipients:

• hosting, email, IT service and server administration providers,
• providers of analytics and cookie tools, such as Google Analytics, Hotjar and Cookiebot - in accordance with cookie consent settings,
• AI model providers used to prepare a report or analysis,
• entities supporting the technical operation of the website, databases, forms and communication,
• public authorities or authorized entities if disclosure is required by law.

9. Transfers outside the European Economic Area

Some IT, analytics or AI service providers may process data outside the European Economic Area. In such a case, safeguards required by GDPR should be applied, in particular standard contractual clauses, adequacy decisions or other required protections.

10. Data retention period

We retain data for the period necessary to achieve the purposes for which it was collected:

• contact form correspondence - generally up to 24 months from the last contact, unless longer retention is needed to defend or pursue claims,
• scanner data, report, prompt, AI model response and metadata - generally up to 6 months from report generation, unless further contact or a project justifies longer retention,
• service process diagnosis data, result, report and metadata - generally up to 6 months from report generation, unless further contact or a project justifies longer retention,
• technical logs and security data - generally up to 90 days, unless longer retention is needed to analyze an incident, abuse or claim,
• data processed on the basis of consent - until consent is withdrawn or the processing purpose no longer exists.

11. Public link to a diagnosis report

A diagnosis report may be available through a public link containing a token. Anyone with such a link may be able to view the report. Do not publish the report link if you do not want other people to access it.

Elistar may mark scanner or diagnosis report pages as noindex to limit indexing by search engines, but this is not equivalent to full access protection.

12. Rights of the data subject

You have the right to:

• access your data,
• rectify your data,
• erase your data,
• restrict processing,
• data portability - where applicable,
• object to processing based on legitimate interest,
• withdraw consent at any time, where processing is based on consent,
• lodge a complaint with the competent supervisory authority.

To exercise your rights, write to: info@elistar.pl.

13. Voluntary provision of data

Providing data is voluntary, but it may be necessary to handle an inquiry, generate a diagnosis report, send a verification code or contact you back.

14. Automated decision-making

Data provided in the form and scanner may be analyzed automatically in order to prepare a report or organize a submission. However, we do not use this data for automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

15. Cookies and analytics tools

The website uses cookies and similar technologies. Detailed information is available in the Cookie Policy.

16. Changes to this policy

This policy may be updated, in particular in the event of changes to website functions, technology providers, AI tools, legal requirements or the way data is processed.