Privacy Policy



AI Books Privacy Policy

This Privacy Policy (the “Policy”) is for informational purposes and sets forth CampusAI’s processing of personal data (“Data”) in accordance with legal requirements, including the RODO.



§ 1 General provisions

  1. This privacy policy of AI Books (the “Website”) is for informational purposes only, which means that it does not create any obligations for Website Service Recipients. The Privacy Policy primarily contains rules regarding the Administrator’s processing of personal data on the Website, including the basis, purposes and scope of personal data processing and the rights of data subjects, as well as information regarding the use of cookies and analytical tools on the Website.
  2. The Administrator of the personal data is CampusAI with its registered office in Warsaw (ul. Chmielna 73, 00-801 Warsaw, Poland), registered under KRS: 0001030100, NIP: 5273051714, share capital: PLN 5,501,405.00; e-mail address: info@campusai.pl – hereinafter referred to as the “Administrator” and which is also the Service Provider of the Website.
  3. Personal data is processed by the Administrator in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “RODO” or “RODO Regulation”. Official text of the RODO Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
  4. The use of AI Books, including entering into contracts, is voluntary. Likewise, the provision of personal data by the Service User is voluntary, subject to two cases: 1) Entering into agreements with the Administrator – failure to provide personal data necessary for the conclusion and execution of a Sales Agreement or an agreement for the provision of an Electronic Service, in the cases and to the extent specified on the Website and in the Terms and Conditions and this Privacy Policy, prevents the conclusion of such an agreement. In such a situation, the provision of personal data is a contractual requirement, and if the data subject intends to conclude an agreement with the Administrator, he/she is obliged to provide such data. In each case, the scope of data necessary to conclude a contract is previously indicated on the Website and in the Terms and Conditions; (2) Statutory obligations of the Administrator – providing personal data is a requirement under applicable laws that require the Administrator to process such data (e.g. for accounting purposes). Failure to provide such data will prevent the Administrator from fulfilling the obligations imposed on it.
  5. The controller shall exercise special care to protect the interests of persons whose personal data are processed by it, and in particular shall be responsible for ensuring that the data collected meet the following requirements: 1) they are processed in accordance with applicable laws; 2) they are collected for clearly defined lawful purposes and are not subject to further processing in a manner contrary to those purposes; 3) they are reliable and adequate in relation to the purposes for which they are processed; 4) are stored in a manner that allows identification of the subjects only for the period necessary to fulfill the purpose of processing; and 5) are processed in a manner that ensures their adequate security, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction or damage, through the use of appropriate technical and organizational measures.
  6. Taking into account the nature, scope, context and purposes of the processing, as well as the risk of violation of the rights or freedoms of natural persons of varying degrees of probability and severity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing complies with this Regulation and can demonstrate such compliance. These measures shall be regularly reviewed and updated as necessary. The Administrator shall apply technical solutions that prevent unauthorized persons from obtaining and modifying personal data sent electronically.



§ 2 Basis for data processing

  1. The controller is authorized to process personal data in cases where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract; (3) the processing is necessary for the fulfillment of a legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  2. Processing of personal data by the Administrator requires each time the existence of at least one of the grounds indicated in § 2. point. 1 of the Privacy Policy. The specific grounds for the Administrator’s processing of the personal data of the Website’s Service Recipients are indicated in the next section of the Privacy Policy – with respect to a given purpose of data processing by the Administrator.



§ 3 Purpose, basis, period and scope of data processing

  1. Each time, the purpose, basis, period and scope and recipients of the personal data processed by the Administrator result from the activities undertaken by a given Service Recipient on the Website.
  2. The Administrator is authorized to process personal data for the specified purposes, on the appropriate legal grounds, for the indicated periods, to the following extent:
  1. Personal data may be processed in order to execute a Sales Agreement or an Electronic Service Agreement, or to take action at the request of the data subject prior to the conclusion of the above agreements. The legal basis for this processing is Article 6(1)(b) RODO (performance of a contract) and Article 9(2)(a) RODO (consent – with regard to health data). The data are kept for the period necessary for the execution, termination or other expiration of the concluded contract. The scope of processed data includes at most the first and last name, e-mail address, telephone number, company name, business or registered office address and tax identification number (TIN) of the Service Recipient.
  2. Data may also be processed for direct marketing purposes, based on Article 6(1)(f) of the RODO (legitimate interest of the Administrator). The data shall be stored for the period of the existence of the Administrator’s legitimate interest, but no longer than the period of the statute of limitations for claims, which is three years for business activities and two years for sales contracts, in accordance with the provisions of the Civil Code. If the data subject expresses an effective objection, the processing of data for direct marketing purposes is discontinued. The scope of the processed data includes at most the first and last name, e-mail address, telephone number and previous purchase history with the Administrator.
  3. Personal data may also be processed for marketing purposes related to the promotion of the Administrator’s services and products, based on Article 6(1)(a) of the DPA (consent). The data is stored until the data subject withdraws consent. The scope of the data includes first and last name, e-mail address, telephone number and previous purchase history.
  4. With regard to the marketing of products and services of the Administrator’s partners, personal data may be processed on the basis of Article 6(1)(a) of the RODO (consent). The data is stored until the data subject withdraws his or her consent, and the scope includes a maximum of name, email address and phone number.
  5. For the purpose of bookkeeping, the Administrator processes personal data on the basis of Article 6(1)(c) of the RODO in conjunction with Article 74(2) of the Accounting Act of January 30, 2018. (Journal of Laws of 2018, item 395). The data shall be kept for the period required by law mandating the Administrator to keep accounting books, i.e. for five years from the beginning of the year following the fiscal year to which the data relates. The scope of the processed data includes the name, business address or registered office, company name and tax identification number (TIN) of the Service Recipient.
  6. The data may also be processed to establish, assert or defend claims that may be raised by or against the Administrator. The legal basis for the processing is Article 6(1)(f) of the RODO (legitimate interest of the Administrator), and the data retention period is the maximum of the statute of limitations for claims under the Civil Code – three years for a business and two years for a sales contract. The scope of processed data includes at most name, email address, telephone number, company name, business or registered office address, and Tax Identification Number.
  7. For the purposes of using the AI Books website and ensuring its proper functioning, the Administrator processes personal data on the basis of Article 6(1)(f) of the RODO (legitimate interest of the Administrator). The data is kept for the duration of the Administrator’s legitimate interest, not longer than the period of the statute of limitations for claims, in accordance with civil law (three years for business activities, two years for a sales contract).
  8. Finally, in order to conduct statistics and analysis of traffic on the Website, the Administrator processes data on the basis of Article 6(1)(f) of the RODO (the Administrator’s legitimate interest). The data is kept for the period of the Administrator’s legitimate interest, but no longer than the period of the statute of limitations for claims, in accordance with the Civil Code (three years for a business, two years for a sales contract).



§ 4 Recipients of data at AI Books

  1. In order to ensure the proper functioning of the Website, including the performance of Sales Agreements and Electronic Services, it is necessary for the Administrator to use the services of external entities, such as software providers or entities handling electronic and payment card payments. The Administrator entrusts data processing only to such entities that guarantee the implementation of appropriate technical and organizational measures so that data processing meets the requirements of the RODO Regulation and ensures the protection of the rights of data subjects.
  2. The Administrator does not transfer data in every case or to all recipients or categories of recipients listed in this privacy policy. The transfer of data occurs only if it is necessary for the specific purpose of processing personal data, and only to the extent necessary to achieve that purpose.
  3. Personal data of Service Recipients may be transferred to the following recipients or categories of recipients:
  1. Entities handling electronic or payment card payments – in case the Customer makes payments by electronic payment methods or payment card, the Administrator shall provide the Customer’s personal data to the selected payment processor to the extent necessary to process the payment.
  2. Providers of technical and organizational services – The Administrator cooperates with suppliers that provide solutions to enable business operations, including AI Books and the Electronic Services it provides, as well as the execution of Sales Agreements. The personal data of Service Recipients are shared with the providers listed below only to the extent necessary to fulfill the specified purpose of processing in accordance with this Privacy Policy. All suppliers guarantee an adequate level of personal data security. This group includes:


i. Hosting Providers
Data storage services are provided by:


ii. Email service providers
Email communication services to users are provided by Google Workspace.


iii. Business Management Software Vendors
The Salesforce CRM system is being used to handle customer relations.


iv. Marketing tool providers

  1. In terms of implementing marketing communications:
    • ActiveCampaign (newsletter mailing systems).
  2. In terms of data analysis and visualization:
    • Google Analytics 4 (website traffic analysis);
    • Google Tag Manager (tag management);
    • Google Looker Studio (analytics data visualization);
    • Microsoft Clarity (user behavior analysis).
  3. In terms of targeting and retargeting:
    • Meta (Facebook, Instagram);
    • Google Ads;
    • LinkedIn;
    • TikTok.


v. Technical support providers

  1. Carriers, freight forwarders and courier brokers – in the case of products requiring delivery, the Administrator shall make the personal data of the Customer available to the selected carrier, freight forwarder or courier broker to the extent necessary for delivery.
  2. Providers of social plugins and third-party tools – The Administrator uses tools and scripts that allow content from external sources to be displayed on the Website, which may result in the transfer of personal data to providers of such tools. In particular, as part of Meta’s social plug-ins (e.g., the “Like!” button, “Share” button, or logging in with a Facebook account), the Administrator shares personal information of Service Recipients with Meta Platforms Ireland Limited. The information transferred may include data about the device, pages visited, purchases made, ads displayed, and use of services, in accordance with Facebook’s privacy policy available at: https://www.facebook.com/about/privacy/.



§ 5 User profiling

  1. The RODO Regulation imposes an obligation on the Controller to provide information on automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the RODO Regulation. The Controller is obliged to provide relevant information on the principles of such decision-making, their significance and the expected consequences for the data subject. Accordingly, the Controller includes in this section of the privacy policy information regarding potential profiling that may take place in the processing of personal data.
  2. Profiling at AI Books involves the automatic analysis or prediction of a person’s behavior, such as adding a specific Product to a shopping cart, browsing specific pages of the Service, or analyzing past purchase history. The purpose of profiling is to provide the Service Recipient with the most tailored services to his/her individual needs and preferences. Profiling requires the Administrator to have the Service Recipient’s personal data, which makes it possible, for example, to send a discount code as a response to certain user actions.
  3. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if the decision produces legal effects with respect to him or her or otherwise affects him or her in a similarly significant manner.



§ 6 Rights of the data subject

  1. Right of access, rectification, restriction, erasure or data portability – the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure (“right to be forgotten”), restriction of processing, objection to processing and data portability. Detailed conditions for exercising these rights are set forth in Articles 15-21 of the RODO Regulation.
  2. Right to withdraw consent at any time – if personal data is processed by the Controller on the basis of the data subject’s consent (Article 6(1)(a) or Article 9(2)(a) RODO), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of the processing that took place before the withdrawal of consent.
  3. The right to lodge a complaint with a supervisory authority – the person whose data is processed has the right to lodge a complaint with a supervisory authority in accordance with the provisions of the RODO and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
  4. Right to object – the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of his or her personal data that takes place on the basis of Article 6(1)(e) (public interest) or (f) (legitimate interest of the Controller), including profiling under these provisions. The Administrator may process the data further only if it demonstrates the existence of overriding legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or if the processing is necessary for the establishment, investigation or defense of claims.
  5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his or her data for such marketing, including profiling, as long as it is related to direct marketing.
  6. Exercise of rights – in order to exercise his/her rights, the data subject may contact the Administrator by sending the relevant request in writing or by e-mail to the Administrator’s address indicated at the beginning of the privacy policy or through the contact form available on the Website.



§ 7 Cookies and analytics

  1. Cookies are small text information, stored in the form of text files, which are sent by the server and stored on the side of the user visiting the Website (e.g. on the hard drive of a computer, laptop or smartphone memory card, depending on the type of device used by the visitor).
  2. Cookies that can be sent by the AI Books website fall into different categories according to certain criteria.
  1. Due to the provider, cookies may be the Administrator’s own, i.e. created directly by the Administrator’s Website, or belong to third parties, independent of the Administrator.
  2. With regard to the period of storage on the user’s device, cookies may be of a session nature – in which case they are stored until the user logs out of the Website or shuts down the Internet browser – or permanent, i.e. stored for the period specified in the parameters of the cookie or until they are manually deleted by the user.
  3. In terms of the purpose of use, cookies can be divided into: Essential, which enable the AI Books website to function properly; Functional or Preference, which allow the website to be tailored to the user’s individual preferences; Analytical and Performance, which collect data about how the website is used; and Marketing, Advertising and Social, which collect information about the user for the purpose of displaying personalized advertising and marketing activities, including on external sites such as social networks.
  1. The Administrator may process data contained in Cookies when visitors use the Website for the following specific purposes:
  1. Identification of Service Recipients as logged in on the Website and informing about their login status – for this purpose necessary Cookies are used. Another purpose is to remember Products added to the shopping cart in the process of placing an Order, which also requires the use of Cookies necessary.
  2. Necessary and functional/preference cookies are used to remember data entered by Service Recipients in Order Forms, surveys or when logging into AI Books.
  3. In order to customize the content of the AI Books website to the individual preferences of the Customer and to optimize the use of the Website, functional/preference cookies are used.
  4. The Administrator uses analytical and performance cookies to keep anonymous statistics that enable analysis of the use of the Website.
  5. As part of analytics and remarketing activities, the Administrator uses tools such as Google Analytics 4, Google Tag Manager, Google Looker Studio, Microsoft Clarity and platform pixels (Meta, Google Ads, LinkedIn, TikTok). These tools allow us to study the behavior of visitors to the Website by anonymously analyzing their activity (e.g. repeated visits to specific pages, keywords used) in order to create user profiles and provide them with ads tailored to their anticipated interests. Cookies are used for, among other things, retargeting, lookalike targeting and exclusions.
  6. These activities also rely on the use of tools provided by Google Ireland Ltd. and Meta Platforms Ireland, which enables the presentation of personalized ads on other websites belonging to their advertising network.
  1. In the most popular web browsers, you can check what cookies are currently being sent by the AI Books website, as well as get information about their provider and storage period. In Chrome browser, just click the padlock icon on the left side of the address bar, and then go to the “Cookies” tab. In Firefox, click the shield icon on the left side of the address bar, then go to the “Allowed” or “Blocked” tab and select options such as “Inter-site tracking cookies”, “Social network tracking elements” or “Content with tracking elements”.
  1. In Internet Explorer, go to the “Tools” menu, then “Internet Options,” the “General” tab, the “Settings” tab, and select the “View Files” option. In the Opera browser, click the padlock icon on the left side of the address bar and go to the “Cookies” tab to access this information. In the Safari browser, go to the “Preferences” menu, go to the “Privacy” tab and click “Manage site data.”
  2. Regardless of your browser, you can use tools available online, such as https://www.cookiemetrix.com/ or https://www.cookie-checker.com/, to obtain detailed information about the cookies used by a particular website.



§ 8 Final provisions

  1. Developments in technology and expansion of our offerings may result in changes to this Policy, which we will notify you of via the Platform or by email.
  2. This Privacy Policy applies only to the Administrator’s Website.
  3. Date of last modification of the Policy: 7.11.2024 r.



CampusAI P.S.A.
ul. Chmielna 73
00-801 Warszawa

NIP: 5273051714
KRS: 0001030100
REGON: 525037867

Facebook Linkedin Instagram
AI Books jest częścią ekosystemu: