All inquiries, requests, and complaints regarding the processing of personal data should be directed to the email address: contact@doestimate.com
or in writing to AWAREGROUP Sp. z o.o., ul. Sw. Mikolaja 8/11 lok. 208, 50-125 Wroclaw, Poland.
1. Data Controller
The controller of personal data is AWAREGROUP Sp. z o.o. based in Wroclaw, ul. Sw. Mikolaja 8/11 lok. 208, 50-125 Wroclaw,
KRS: 0000966637, NIP: 9151821509, owner of the beAutomated and doEstimate brands (hereinafter: "Controller").
2. Collected Personal Data
In connection with the use of the doEstimate Platform, the Controller collects the following categories of data:
First and last name – provided in the Form for user identification and Estimate personalisation.
Email address – provided in the Form for delivering the Estimate and any service-related communication.
Phone number – provided in the Form to enable contact by the beAutomated team.
Functional design (PDF file) – submitted by the User for the purpose of generating an Estimate; may contain technical building data and potentially third-party personal data (e.g., designer names, addresses).
Device IP address – collected automatically for technical, security, and statistical purposes.
Cookie data – used for technical and functional purposes (details in the Cookie Policy).
Language preference and display settings data – stored locally in the User's browser.
Email address – provided in the newsletter form (optionally) for the purpose of receiving marketing communications.
3. Purposes and Legal Bases for Data Processing
Service performance – processing the functional design and generating the Estimate (Art. 6(1)(b) GDPR – performance of a contract / taking steps at the request of the data subject prior to entering into a contract).
User communication – sending the Estimate to the email address, potential telephone contact regarding the service (Art. 6(1)(b) GDPR).
Platform improvement – analysis of submitted functional designs in anonymised form to improve AI algorithms, Computer Vision models, and the Service Provider's proprietary models (Art. 6(1)(f) GDPR – legitimate interest of the Controller).
Security – protection of the Platform against abuse, attacks, and unauthorised access (Art. 6(1)(f) GDPR).
Legal obligations – maintaining documentation required by law (Art. 6(1)(c) GDPR).
Establishing and pursuing claims or defending against them (Art. 6(1)(f) GDPR).
Newsletter and marketing communications – sending commercial information by electronic means (Art. 6(1)(a) GDPR – User consent).
Operating the website and ensuring its proper functioning (Art. 6(1)(f) GDPR).
4. Automated Decision-Making and Profiling
1The Platform uses automated data processing, including artificial intelligence (AI) systems, Computer Vision models, large language models (LLMs), and the Service Provider's proprietary models enriched with external solutions, to analyse submitted functional designs and generate Estimates.
2This process constitutes automated decision-making within the meaning of Art. 22 GDPR, as the Estimate is generated without human involvement.
3The Estimate is purely informational and indicative – it does not produce legal effects for the User nor similarly significantly affect them. A final quote requires verification by the beAutomated team.
4The User has the right to: (a) obtain human intervention from the Controller, (b) express their point of view, (c) contest the generated Estimate – by contacting: contact@doestimate.com.
5The Platform does not profile Users for marketing purposes based on submitted functional designs.
5. Data Processors and Recipients
Personal data may be entrusted for processing to the following categories of entities:
1Google LLC (Google Cloud, Gemini AI) – processing of functional designs using artificial intelligence models; servers may be located in the USA and other countries outside the EEA.
2OpenAI, L.L.C. – data processing using language models; servers in the USA.
3Anthropic, PBC – data processing using language models; servers in the USA.
4Brevo (Sendinblue) – newsletter and email marketing communication management.
5Langfuse GmbH – monitoring and analysis of AI system performance (observability).
6Hosting service provider – data storage and server infrastructure management.
7SMTP service provider – delivery of emails containing Estimates.
8Accounting service providers – to the extent required by applicable law.
In addition, the Controller uses proprietary AI models enriched with external provider solutions to improve the quality of functional design analysis.
The Controller has entered into appropriate Data Processing Agreements (DPAs) with each of the above-listed data processors, in accordance with the requirements of Art. 28 GDPR.
6. Data Transfers Outside the European Economic Area (EEA)
1In connection with the use of third-party services (Google, OpenAI, Anthropic), personal data, including the content of submitted functional designs, may be transferred for processing to third countries, including the United States of America.
2Data transfers are carried out on the basis of appropriate legal safeguards provided for in GDPR, including: (a) Standard Contractual Clauses (SCCs) approved by the European Commission, (b) European Commission adequacy decisions, (c) binding corporate rules applied by data processors.
3The Controller implements technical measures aimed at anonymising personal data before transferring it to external systems; however, the full effectiveness of such mechanisms is not guaranteed.
4The User has the right to obtain a copy of the safeguards in place – to do so, please contact: contact@doestimate.com.
7. Data Retention Periods
User personal data (first name, last name, email, phone) – stored for a period of 1 year from the date the Form was submitted, or until consent is withdrawn, whichever occurs first.
Functional designs (PDF files) – stored for a period of 1 year from the date of submission, after which they are permanently deleted from the Controller's systems.
Generated Estimates – stored for a period of 1 year from the date of generation.
Newsletter data – stored until consent is withdrawn by the User (unsubscription).
System logs and technical data (IP address) – stored for up to 90 days for security and diagnostic purposes.
Data required by law (e.g., tax documentation) – stored for the period required by applicable regulations.
8. Data Security
1The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or modification.
2Communication between the Platform and the User is encrypted using the SSL/TLS protocol.
3User session identifiers are hashed using the SHA-256 algorithm before being stored in the database.
4Personal data is stored on servers secured in accordance with industry standards.
5Despite implementing appropriate safeguards, the Controller cannot guarantee absolute security of data transmitted over the Internet.
9. Data Breach Notification
1In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the Controller shall report the breach to the President of the Personal Data Protection Office (UODO) within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR.
2If the breach is likely to result in a high risk to the rights and freedoms of the User, the Controller shall promptly notify the User, in accordance with Art. 34 GDPR.
10. Children's Data
The Platform is not intended for persons under 16 years of age. The Controller does not knowingly collect personal data from persons under 16.
If the Controller becomes aware that personal data has been collected from a person under 16 without the consent of a legal guardian,
immediate steps will be taken to delete such data.
11. User Rights
In accordance with GDPR, every person whose data we process has the right to:
1Access their personal data (Art. 15 GDPR).
2Be informed about data processing (Art. 12 GDPR).
3Rectification of personal data (Art. 16 GDPR).
4Withdrawal of consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7(3) GDPR).
5Erasure of data – right to be forgotten (Art. 17 GDPR).
6Restriction of processing (Art. 18 GDPR).
7Data portability (Art. 20 GDPR).
8Object to processing based on the Controller's legitimate interest (Art. 21 GDPR).
9Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them (Art. 22 GDPR).
10Lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl) (Art. 77 GDPR).
To exercise the above rights, please contact the Controller at: contact@doestimate.com.
The Controller shall process each request without undue delay, no later than within 30 days of its receipt.
12. Changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy. The Controller shall inform of material changes by publishing
an updated version of the Policy on the Platform together with the effective date of the changes. Continued use of the Platform
after publication of the amended Privacy Policy constitutes acceptance of the changes.