Privacy Policy

Last Updated: 15.06.2025

1. Introduction and Scope

This Privacy Policy describes how Giulio spółka z ograniczoną odpowiedzialnością (“Giulio”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use our online platform, services, and marketplace accessible via https://app.giulio.aihttps://giulioapp.com, and related sites (collectively, the “Platform”).

This policy applies to all users of the Platform, including individuals who register as or on behalf of “Buyers” (entities seeking to procure goods or services) and “Sellers” (entities offering goods or services). By accessing or using our Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Personal Data Controller

The controller of your personal data is Giulio spółka z ograniczoną odpowiedzialnością, with its registered office in Wrocław, 53-148 Wrocław, Poland, registered under KRS number 0001030618.

For all matters concerning your personal data, please contact us at: [email protected].

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from You: When you register for an account, create a Buyer or Seller profile, fill out forms, create a Request for X (“RFx”), submit a Proposal, or contact us for support.
  • Automatically When You Use the Platform: We collect technical and usage data, such as your IP address, browser type, device information, and your activity on the Platform (e.g., pages viewed, features used).
  • From Other Users: As a marketplace, we may receive information about you from other users. For example, a Buyer may provide information about a Seller, or vice versa, during the course of a procurement process.

4. Categories of Data We Process

We may collect and process the following categories of personal data:

  • Identity Data: First name, last name, username, job title, and company name.
  • Contact Data: Business email address, phone number, and business address.
  • Profile Data (Sellers): Information you provide in your public-facing Seller profile, such as company description, services offered, and professional credentials.
  • Transactional Data: Information contained within RFx documents (from Buyers) and Proposals (from Sellers), as well as details about Subscriptions and payments.
  • Technical Data: Internet Protocol (IP) address, login credentials, browser type and version, operating system, and other technical details about the device you use to access the Platform.
  • Usage Data: Information about how you navigate and interact with our Platform, including features used and time spent on pages.
  • Marketing and Communications Data: Your preferences for receiving marketing communications from us.

5. How and Why We Use Your Data (Lawful Basis)

We process your personal data only when we have a lawful basis to do so under the GDPR.

  • To Perform Our Contract with You (Article 6(1)(b) GDPR):
    • To create and maintain your account.
    • To provide you with access to the Platform’s core functionalities as a Buyer or Seller.
    • To process your Subscription payments and manage your plan.
    • Crucially, to facilitate the marketplace connection by sharing your data with other users as described in Section 6 below.
  • For Our Legitimate Interests (Article 6(1)(f) GDPR):
    • To operate, secure, and improve our Platform and services.
    • To analyze usage patterns to enhance user experience and develop new features.
    • To send you important service-related announcements (e.g., security alerts, changes to our terms). You cannot opt out of these essential communications.
    • To protect against fraud and abuse and to enforce our Terms of Service.
    • To respond to your support requests and inquiries.
  • With Your Consent (Article 6(1)(a) GDPR):
    • To send you marketing newsletters and promotional offers about our products and services. You can withdraw your consent at any time by using the “unsubscribe” link in the email or contacting us.
  • To Comply with a Legal Obligation (Article 6(1)(c) GDPR):
    • To comply with legal, regulatory, and accounting requirements (e.g., tax laws).

In the course of providing our Services, we may process the following types of personal data, including but not limited to:

  • To Provide and Manage Your Service Account: Name, Email Address, encrypted Password, and Company Information. We retain this data for the duration of your service contract and for an additional 3 years after its termination to comply with legal obligations and address potential legal claims.
  • To Send Marketing and Informational Communications: Name and email address. We will retain your data for this purpose until you withdraw your consent. You can withdraw your consent at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly at [email protected].
  • For Security Monitoring, Maintenance, and Service Improvement: IP Address, technical usage data (e.g., features used, session times), and device information. Raw data logs containing this information are retained for a maximum of 3 years After this period, the data may be retained indefinitely in an aggregated and fully anonymized form for statistical and analytical purposes, at which point it is no longer considered personal data.

6. How We Share Your Data: The Marketplace Function

Operating a marketplace requires the controlled sharing of information between users. By using the Platform, you acknowledge and agree to the following data sharing:

  • Sharing with Other Users:
    • If you are a Seller: Your public profile information (e.g., company name, description, services offered) will be visible to Buyers on the Platform. When you submit a Proposal, the content of that Proposal and your associated contact details will be shared with the specific Buyer who posted the RFx.
    • If you are a Buyer: When you post an RFx, details of that request (excluding any data you mark as private) may be visible to matched or invited Sellers. Your company name and the name of the contact person will be visible to Sellers to whom you grant access to your RFx.
  • Sharing with Service Providers (Data Processors): We share data with trusted third-party vendors who perform services on our behalf. These include:
    • Infrastructure & Hosting: Google Cloud Platform, Vercel.
    • Authentication & Security: Clerk.
    • Payment Processing: Stripe.
    • AI & Language Processing: OpenAI, Anthropic.
    • Communication & Email Delivery: SendGrid.
    • Database Management: MongoDB.
    • Other providers for analytics, version control, and support.
      These providers are contractually obligated to protect your data and are only permitted to use it to provide services to us. A full list is maintained and can be found in our documentation or by request.
  • For Legal Reasons: We may disclose your data if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • In a Business Transfer: If Giulio is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

7. International Data Transfers

Your personal data may be processed by our service providers in countries outside the European Economic Area (EEA). When we transfer data, especially, for data transferred from the EEA, UK, or Switzerland, we rely on the Standard Contractual Clauses (SCCs) as approved by the European Commission. You can find more details about our sub-processors and their locations on our Sub-processor List  which you can find https://giulioapp.com/data-processing-agreement/ in Appendix 1.

8. Your Data Protection Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): To request the deletion of your personal data, subject to certain legal limitations.
  • Right to Restrict Processing: To request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to our processing of your data based on our legitimate interests.
  • Right to Withdraw Consent: To withdraw your consent at any time for processing based on consent.
  • Right to Lodge a Complaint: To lodge a complaint with the relevant supervisory authority, which in Poland is the President of the Office for Personal Data Protection (UODO).

To exercise these rights, please contact us at [email protected]. Note that we may need to retain certain information for record-keeping purposes or to complete transactions you began prior to your request.

9. Data Security and Retention

We have implemented appropriate administrative, technical, and physical security measures to protect your personal data from unauthorized access, use, or disclosure. This includes data encryption, access controls, and firewalls.

We will retain your personal data for as long as your account is active or as needed to provide you with our services. We will also retain data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and personalize the Platform. For detailed information, please see our separate Cookie Policy .

11. Final Provisions

We reserve the right to change this Privacy Policy at any time. The current version will always be available on the Platform. This policy is governed by the laws of the Republic of Poland.