Welcome to andri.ai, a product of Skywalker Systems B.V., registered in The Netherlands. This Data Collection & Processing Policy (“Policy”) outlines how we collect, process, store, and distribute legal data and other personal data in connection with our services. Our practices are designed to comply with applicable legal requirements, including EU data protection regulations (such as the GDPR), and to respect intellectual property rights of third parties.
1. Data Processing Roles
Under the EU General Data Protection Regulation (“GDPR”):
- You are the Data Controller of any personal data you provide to us.
- Skywalker Systems B.V. acts as the Data Processor, processing data only on your behalf and according to your instructions.
- In some contexts, Skywalker Systems B.V. may also act as a joint controller (e.g., for data relating to usage analytics and product development). Where we act in a joint controller role, we will inform you accordingly and detail our respective responsibilities.
2. Processing Purposes & Legal Basis
We process personal data and legal data for the following specific purposes:
- To provide and maintain the andri.ai service.
- To improve our legal AI capabilities and related offerings.
- For any purposes explicitly set forth in our service agreement or in any supplemental agreements you accept.
Our processing is based on:
- Contract Performance (Article 6(1)(b) GDPR): Where processing is necessary for the performance of our contract with you.
- Legitimate Interests (Article 6(1)(f) GDPR): Where we have a legitimate interest in processing data—e.g., to enhance our AI technology—unless overridden by your fundamental rights and freedoms.
- Consent (Article 6(1)(a) GDPR): Where required by law, we obtain your explicit consent.
- Compliance with Legal Obligations (Article 6(1)(c) GDPR): Where necessary to comply with legal obligations, including obligations under EU or Member State law.
3. Introduction to Our Legal Data Collection
At andri.ai, we manually collect and summarize publicly available legal data from trusted sources, including BAILII, uitspraken.rechtspraak.nl, and judiciary.uk, in accordance with their terms of use. We ensure that any summarized data is clearly attributed, and users are provided with direct links to the original sources for verification and further review.
4. Publicly Available Information and AI Training
4.1 Sources of Public Information
To develop and improve our AI platform, Andri.ai accesses publicly available legal information from authorized sources, including:
- Court judgments and decisions from official court websites and legal databases
- Public legal filings and documents
- Statutes, legislation, and regulatory materials
- Public legal briefs and submissions
- Academic legal publications and journals
- Official government legal resources
This information is similar to what law firms and legal professionals routinely access to serve their clients effectively.
4.2 Processing of Public Information
Some publicly available information may contain references to individuals and, in certain jurisdictions, may be considered Personal Data. We process this information:
- Only to provide context for customer queries and improve our AI's responses
- To train our AI models to understand legal concepts and precedents
- To enhance the accuracy and relevance of our legal analysis
- Never with the intention to identify or profile individuals
4.3 Privacy Rights and Public Information
We recognize that even publicly available information requires responsible handling:
- We respect privacy rights as outlined in our Privacy Policy
- We acknowledge that privacy rights may apply to public information in certain contexts
- We provide mechanisms for individuals to exercise their data protection rights
- We carefully assess and balance legitimate interests in processing public information against individual privacy rights
4.4 Safeguards and Limitations
To ensure responsible use of publicly available information, we implement the following safeguards:
- Regular reviews of our data collection practices
- Strict access controls and security measures
- Clear documentation of our legal basis for processing
- Transparent communication about our use of public information
- Regular assessments of privacy impacts
5. How We Collect Data
We collect legal information manually from publicly accessible sources such as BAILII, uitspraken.rechtspraak.nl, judiciary.uk, governmental websites, and other legal databases. Our process respects the limitations set by these third-party sites, which prohibit automated data scraping or bulk downloading. We only collect a reasonable amount of material needed for our legal AI services.
6. Summarizing and Using Data
Our team manually reviews and summarizes the collected legal data to provide helpful insights to users of our services. We ensure that all content is accurate, concise, and relevant to the legal context. We do not republish full judgments or other legal materials from BAILII, uitspraken.rechtspraak.nl, judiciary.uk, or similar sites, but provide summaries and direct links to the live version of each document, ensuring compliance with copyright and intellectual property requirements.
7. Attribution and Linking to Original Sources
We are committed to ensuring full transparency in our data collection practices. For every piece of summarized legal data:
- The original source (e.g., judiciary.uk) is explicitly cited.
- A direct link to the live version of the document is provided, enabling users to verify the source and access any updates or amendments.
This practice aligns with the copyright and usage policies of each respective platform.
8. Compliance with Third-Party Terms
Our data collection and summarization process is fully compliant with the terms and conditions of third-party sources. Specifically, we ensure:
- Manual data collection: We do not use automated scraping mechanisms, adhering to the restrictions placed by these platforms.
- Reasonable use: We do not impose excessive load on third-party servers, respecting their requirement to avoid bulk downloading.
- Attribution: We always provide proper attribution and direct links to the original source, as required by these platforms.
9. Intellectual Property and Copyright Compliance
We recognize that much of the legal material we use is protected by intellectual property rights. Specifically:
- Crown Copyright and Judicial Decisions: We comply with Crown Copyright guidelines for UK cases and applicable copyright laws for materials from judiciary.uk. We ensure any use of such material is accurate, includes proper attribution, and is within the scope of permitted use.
- Third-Party Copyright Owners: We respect the copyright of third parties (e.g., shorthand writers, courts, commercial publishers) and do not republish content where permission has not been granted.
10. Data Retention
We retain personal data and legal data for as long as necessary to fulfill the purposes for which the data was collected or as required by law, whichever is longer. The criteria used to determine retention periods include:
- Contractual necessity: Data is retained for the duration of any service agreements and potential post-contractual claims.
- Legal and regulatory requirements: Data is retained as required by EU or Member State laws, including tax, accounting, or employment laws.
- Business necessity: Data may be retained to maintain accurate business and financial records, or where reasonably necessary for legitimate business interests.
When data is no longer needed, we securely delete or anonymize it.
11. Data Subject Rights
If and to the extent that we process your personal data, you have certain rights under the GDPR and other applicable data protection laws, including:
- Right of Access: You can request a copy of personal data we hold about you.
- Right to Rectification: You can request corrections of inaccurate personal data.
- Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data, subject to legal or contractual obligations.
- Right to Restrict Processing: You can request that we limit the way we use your data.
- Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
- Right to Object: You can object to the processing of your data if processing is based on our legitimate interest.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact us at info@skywalkersystems.dev.
12. User Rights and Verification
We encourage our users to review the full legal documents from which our summaries are derived. Each summary contains a direct link to the live version of the document, ensuring transparency and enabling users to verify the original content.
13. Data Security & Breach Notification
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest.
- Regular security assessments and vulnerability scans.
- Access controls and authentication measures to prevent unauthorized access.
- Regular security training for staff to maintain awareness of data protection obligations.
In the event of a personal data breach, we will notify you (as the Data Controller) without undue delay and, where feasible, not later than 72 hours after becoming aware of it, in accordance with GDPR Article 33.
14. Cross-Border Data Transfers
All data processing occurs within the European Union (“EU”). We do not transfer personal data outside the EU or EEA unless:
- It is necessary for the performance of our contract with you.
- Appropriate safeguards are in place (such as Standard Contractual Clauses).
- You have given explicit consent for such transfers.
- It is otherwise permitted by applicable data protection legislation.
15. AI Regulation Compliance
We actively monitor and prepare for compliance with upcoming EU AI regulations, including:
- The proposed EU AI Act and implementing regulations.
- AI liability directives and related European data protection frameworks.
- Any national legislation relevant to AI-based products in EU Member States.
We commit to updating our practices and this Policy as these regulations come into effect or change over time.
16. Liability & Disclaimers
Accuracy of Summaries: While we endeavor to ensure the accuracy of our legal data summaries, the original live version of the document should be treated as the authoritative source for any legal or compliance matters. We disclaim liability for any errors or omissions in the summaries, and users should consult professional legal advice as needed.
Third-Party Content: We are not responsible for the content, privacy, or security practices of any third-party websites or platforms from which we collect or link data.
17. Changes to This Policy
We may update this Data Collection & Processing Policy from time to time to reflect changes in our practices or to remain compliant with new legal standards. Any changes will be posted on this page and accompanied by an updated “Last updated” date. Your continued use of andri.ai after any changes have been made indicates your agreement with the revised Policy.
18. Contact Us
For any data protection or privacy-related queries:
- Data Protection Officer: info@skywalkersystems.dev
- Email: info@skywalkersystems.dev
- Address: Skywalker Systems B.V., The Netherlands
- Supervisory Authority: Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
By using andri.ai, you acknowledge that you have read and understood this Data Collection & Processing Policy. We remain committed to transparency, accountability, and full compliance with EU data protection regulations in our collection and processing of both legal and personal data.