Privacy Policy

VILEO WEBSITE, APP AND VILEON AI CHAT
Version: III | Publication date: 18/05/2026

1. GENERAL INFORMATION AND SCOPE

   1.1. This Privacy Policy describes the principles of personal data processing in connection with the use of:

   • a) the website operating at the URL: Vileo and the PWA Vileo application (including social functions: profile, posts, comments, messages),
   • b) the Vileon AI chat available in the Vileo app.
     1.2. Vileo operates as a web application (PWA) and may use technologies such as cookies and local storage (details in point 11).
     1.3. Vileo is available to users with an active account in the Gdańsk Resident Card (GKM) system. Logging in to Vileo is performing using the GKM access data.

2. DATA CONTROLLER AND CONTACT

   2.1. The controller of personal data processed in connection with the use of Vileo and Vileona (hereinafter: "Controller", "we") is:
   OKE POLAND Sp. z o.o., ul. Jana z Kolna 11, 80-864 Gdańsk, Polska
   KRS: 0000220130
   NIP: 5832877673
   2.2. Contact regarding personal data: E-mail: rodo@oke.pl and kontakt@vileo.app.
   Correspondence address: ul. Jana z Kolna 11, 80-864 Gdańsk, with the note "Personal data".

3. GKM INTEGRATION AND DATA CONTROLLER ROLES

   3.1. The Data Controller in the GKM system is a separate entity. Information on data processing in GKM can be found in the documents and policies of GKM (website: jestemzgdanska.pl and the JestemzGdanska application).
   3.2. As part of the integration with GKM:

   • a) we receive from GKM only the minimum scope of data necessary to operate Vileo,
   • b) we process data from GKM as a separate Data Controller to the extent necessary to provide Vileo (we do not modify the source data in GKM),
   • c) we are the Data Controller for the data created by the user in Vileo (e.g. posts, messages).

4. WHAT DATA DO WE PROCESS?

   The scope depends on how you use the Vileo app and the Vileon chat. In general, we process:
   4.1. Data received from the GKM system (to the minimum extent necessary for the proper functioning of Vileo):

   • name and surname,
   • E-mail address,
   • age,
   • address: street, building number, apartment number, postal code, city.
     4.2. Data created in Vileo by the user:
   • unique user nickname,
   • Avatar (photo) added to the account
   • content published in the application (posts, comments, reactions, jpg, pdf attachments),
   • private and group message content,
   • reports of violations and correspondence with service support (e.g. complaints, account deletion) - only by e-mail,
   • technical and operational data: event logs, session IDs, IP address, browser/device information, language settings, application errors.
     4.3. Data in the Vileon AI chat (to the minimum extent necessary for the chat to work properly):
   • nickname – for conversation personalization,
   • district/neighborhood area - for local recommendations, if requested by the user (optional data),
   • conversation content (messages entered by the user) and the technical metadata of the conversation - deleted after the end of the conversation/chat - by clicking on the "refresh" icon in the chat window. IMPORTANT (Vileon AI Chat and User Content):
   • Please do not provide sensitive data (e.g. health information), document data, passwords, account numbers, payment card details, etc. in the Vileon chat or in public content (on the district board/wall in the Vileo application).
   • Vileon is an AI system; it can generate incomplete or incorrect responses. Do not use it for legal/medical/financial advice.

5. PURPOSES OF PROCESSING AND LEGAL BASES

   5.1. Provision of Vileo services (account, social features, messaging, content publication, integration with GKM). Basis: Article 6(1)(b) of the GDPR (contract/provision of services by electronic means).
   5.2. Providing the functionality of the Vileon AI chat. Basis: Article 6(1)(b) of the GDPR (contract/provision of services). If we introduce additional Vileon AI Chat functions beyond the necessary minimum (e.g. remembering preferences for more than 24 hours) - we will use the right basis (usually consent) and inform about it directly in the application and in the chat.
   5.3. Security, Abuse Prevention, Community Rules Enforcement, Reporting of Violations and Moderation. Basis: Article 6(1)(f) of the GDPR (legitimate interest of the Data Controller and users – security of the service and protection of rights) and - if applicable - Article 6(1)(c) of the GDPR (legal obligations).
   5.4. Handling inquiries, complaints and correspondence. Basis: Article 6(1)(b) of the GDPR (contract) and Article 6(1)(f) of the GDPR (handling of requests and quality improvement).
   5.5. Fulfilment of legal obligations (e.g. accounting, responses to requests from authorities). Basis: Article 6(1)(c) of the GDPR.

6. DATA RECIPIENTS

   6.1. Data may be disclosed only to the extent necessary for the operation of Vileo/Vileon:

   • authorized employees and associates of the Controller,
   • IT service providers (hosting, maintenance, monitoring, analytical tools) as processors on the basis of entrustment agreements,
   • GKM administrator - to the extent necessary to authenticate and verify authorizations,
   • authorized public authorities – when required by law.

7. TRANSFER OF DATA OUTSIDE THE EEA (TRANSFERS)

   7.1. As a rule, we do not process data outside the EEA.
   7.2. Details of transfer safeguards are available upon request.

8. HOW LONG DO WE RETAIN DATA?

   8.1. Account data and links to GKM: for the duration of using Vileo, and then for the period necessary to establish, pursue or defend claims (in accordance with limitation periods).
   8.2. Profile (nickname, avatar): until deleted by the user or when the account is deleted (subject to backups - clause 8.6).
   8.3. Published content and messages: until deleted by the user or when the account is deleted, unless longer retention is necessary (e.g. for proceedings regarding violations).
   8.4. Reports of violations and correspondence: until the matter is resolved and for the limitation period of claims.
   8.5. Technical and security logs: generally up to 12 months, unless longer retention is necessary for security and claims.
   8.6. Backups: data may remain in backups for a limited technical period - no longer than 3 months.
   8.7. Vileon AI Chat - Conversation Content and Conversation Metadata:
   

   • we store only until the end of the call/chat by refreshing the conversation window and no longer than 24 hours from the start of the conversation,
   • After this time, the conversation data is deleted.

9. DO WE MAKE AUTOMATED DECISIONS OR PROFILING?

   9.1. As a rule, we do not take decisions that produce legal effects on you or similarly significantly affect you based solely on automated processing (Art. 22 GDPR).
   9.2. We may use supporting automated mechanisms (e.g. anti-spam, abuse detection, preliminary content filtering) and local recommendations based on the neighborhood area you provide. In the event of account or content restrictions, we provide the opportunity to contact and clarify the matter (section 10).

10. YOUR RIGHTS

    10.1. You have the right to:

    • access your data,
    • rectify data,
    • delete data,
    • restrict processing,
    • data portability (where applicable),
    • object to processing based on Article 6(1)(f) of GDPR,
    • withdraw consent (when processing is based on consent) - at any time, without affecting the lawfulness of the processing before the withdrawal.
      10.2. Requests regarding your rights may be submitted to: rodo@oke.pl.
      10.3. You have the right to lodge a complaint with the President of the Office for Personal Data Protection.

11. COOKIES, LOCAL STORAGE AND PWA

    11.1. Vileo may store data on the user's end device (cookies, local storage and similar technologies) for the purpose of:

    • ensuring the operation of the session and necessary functions (essential cookies),
    • improving quality and safety (e.g. abuse detection),
    • analytics and statistics (optional cookies – only if consent is given).
      11.2. If required by law, we ask for consent to optional cookies/identifiers (e.g. analytical).
      11.3. You can withdraw your consent and change the settings in your browser.

12. DATA SECURITY

    12.1. We use technical and organizational measures appropriate to the risks (m.in. access control, authorizations, transmission encryption, monitoring, backups and updates).
    12.2. Safeguard details may be limited due to the protection of system security.

13. AI TRANSPARENCY (VILEON AI CHAT)

    13.1. When using the Vileon chat, we inform you that the user is interacting with the AI system.
    13.2. Vileon is not a substitute for a human being and can be wrong; decisions with significant consequences should not be based solely on Vileon's answers.
    13.3. The content of Vileon chat conversations is not transferred to any external entities and is not used to train AI models.

14. POLICY CHANGES

14.1. In the event of significant changes to the Privacy Policy, we will inform the users of the Vileo application and the Vileon AI chat by placing an appropriate notice in the application, and we will update the document version number and its date.