PRIVACY POLICY AND PERSONAL DATA PROCESSING

The privacy of visitors to our website is very important to us and we make every effort to protect it. This policy explains what we do with your personal data. Consent to the use of cookies in accordance with the terms of the cookie policy during your first visit to our website allows us to use cookies on each subsequent visit to our website.

 

1. 1. The administrator of personal data is NeXa Limited Liability Company with its registered office in Warsaw, Nowogrodzka Street No 10/5, postcode 00-511 Warsaw, e-mail address for contact: [email protected] (hereinafter referred to as the “Administrator”).
   2. The processing of personal data by the Administrator takes place on the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).
   3. Personal data means information about an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular on the basis of an identifier such as name and surname, identification number, location data, online identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
   4. The following types of personal data may be collected, stored and used:
      1. information about the computer, including IP address, geographical location, browser type and version and operating system;
      2. information about your visits to and use of this website, including referral source, length of visit, page views and website navigation paths;
      3. information, such as your email address, that you provide when you register on our website;
      4. information that you enter when you create a profile on our website, such as your name, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details;
      5. information, such as your name and email address, that you provide to set up subscriptions to our emails or newsletters;
      6. information that you enter when you use the services on our website;
      7. information that is generated when you use our website, including when, how often and under what circumstances you use it;
      8. information contained in any correspondence that you send to us by email or through our website, including the communication content and metadata;
      9. any other personal data that you send to us.
   5. Personal data will be processed by the Administrator only for the purposes for which they were provided or collected and on the principles regulated in the GDPR and other applicable legal provisions.
   6. Personal data will be processed by the Administrator on the basis of consent to their processing or on the basis of other premises indicated in the GDPR.
   7. Personal data will be processed for the following purposes:
      
      1. providing services electronically in the scope of sharing content collected on the website – the legal basis for processing is the activities necessary to perform the contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract (Article 6 paragraph 1 letter b of the GDPR),
      2. enabling contact with the Administrator using the contact form – the legal basis for processing is the consent of the data subject (Article 6 paragraph 1 letter a of the GDPR),
      3. analytical and statistical – the legal basis for data processing is the necessity of processing to implement the legitimate interest of the Administrator, in this case the continuous development of the website (Article 6 paragraph 1 letter f of the GDPR),
      4. any determination, investigation or defense against claims – the legal basis for data processing is the necessity of processing to implement the legitimate interest of the Administrator, in this case the possibility of determining, investigating or defense against claims (Article 6 paragraph 1 letter f of the GDPR).
   8. Each person whose data is processed has the right to demand from the Administrator:
      • immediate rectification of their personal data if they are incorrect;
      • supplementation of incomplete personal data;
      • deletion of personal data;
      • restriction of the processing of personal data;
      • sending personal data to another Administrator (right to transfer data);
      • object to the processing of personal data.
   9. If the data subject submits a request to the Administrator based on art. 15-22 of the GDPR, the Administrator shall provide information on the actions taken in connection with the request without undue delay – and in any case within one month of receiving the request – on the actions taken in connection with the request submitted. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests, in which case the Administrator shall inform about such extension of the period within one month of receiving the request, stating the reasons and justification for the delay.
   10. If the Administrator does not take action in connection with the request submitted, it shall inform the person immediately – no later than within one month of receiving the request – of the reasons for not taking action. This person has the right to lodge a complaint with the supervisory authority and to use legal remedies before a court.
   11. The data subject is entitled to obtain confirmation from the Administrator as to whether their personal data are being processed. If this is the case, the Administrator is obliged to provide access to this data and information including:
       
       1. he purposes of data processing;
       2. the categories of personal data;
       3. information on the recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organisations;
       4. information on the planned period of storage of personal data and, if this is not possible, on the criteria for determining this period;
       5. information on the right of the data subject to request from the Administrator to rectify, delete or limit the processing of personal data and to object to the processing of personal data;
       6. information on automated decision-making, including profiling, the principles of their making, the significance and expected consequences of such processing for the data subject, information on the right to lodge a complaint with the supervisory authority;
       7. if the personal data have not been collected from the data subject – all available information on the source of obtaining the personal data.
   12. The rights referred to in point 8 above are exercised on the basis of an appropriate request sent to the Administrator, sent by e-mail to the following address: [email protected] or in writing to the address NeXa Sp. z o.o. [Warsaw, Nowogrodzka Street No 10/5, postcode 00-511 Warsaw], containing data identifying the Client and the scope of the request.
   13. If a person has given consent to the processing of personal data, this consent may be withdrawn at any time (the right to be forgotten) without affecting the lawfulness of the processing of personal data carried out on the basis of the consent granted before its withdrawal. The obligation to delete personal data by the Administrator does not apply to situations where processing is necessary to establish, pursue or defend claims and in cases indicated in applicable legal provisions, including in particular in art. 17 sec. 3 of the GDPR.
   14. Each person whose personal data is processed by the Administrator has the right to request that the Administrator restrict the processing of personal data in a situation where:
       
       1. the person whose data is processed questions the accuracy of the personal data – for a period allowing the Administrator to check the accuracy of the data;
       2. the processing of personal data is unlawful, and the person whose data is processed opposes the deletion of personal data, requesting the restriction of their processing;
       3. The Administrator no longer needs the personal data for the purposes of interruption, but the data subject needs them to establish, pursue or defend claims;
       4. the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the objection of the data subject.
   15. If the processing of personal data has been restricted, personal data may be processed – with the exception of storage – only with the consent of the data subject or for the purpose of establishing, pursuing or defending claims or for the protection of the rights of another natural or legal person or for important reasons of public interest of the European Union or a Member State.
   16. If the Administrator plans to continue processing personal data for a purpose other than the purpose for which the personal data were collected, before such further processing, the Administrator shall inform the data subject of the other purpose of processing and provide them with all relevant information.
   17. Personal data may be processed by the Administrator for the purpose of sending commercial information to the data subject with their consent, as well as for the purpose of direct marketing by the Administrator.
   18. The person whose personal data is being processed has the right to object at any time – with the acts related to their particular situation – in relation to the processing of their personal data based on legitimate interests pursued by the Administrator or by a third party.
   19. If personal data are processed by the Administrator for the purposes of direct marketing, the person whose personal data is being processed has the right to object at any time to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that the processing is related to direct marketing. The right to object can be exercised through automated means using technical specifications. In the event of an objection to processing for direct marketing purposes, the personal data will no longer be processed for this purpose.
   20. The Administrator, with the consent of the person whose data is being processed, may process personal data in order to research the person in terms of their behavior and preferences (so-called profiling) with the intended results of such research solely for the purpose of improving the quality of services provided by the Administrator, as well as for statistical purposes. Profiling is carried out in particular via cookies.
   21. Detailed regulations regarding cookies are included in the Cookies Policy located at https://nexaconsulting.pl/cookies-policy
   22. The personal data provided may be processed only by the Administrator or by persons authorized to process personal data based on an appropriate authorization or agreement and if the processing is provided for by applicable law. The transfer of personal data will take place only in order to ensure the proper implementation of the agreement and services provided by the Administrator, as well as to secure the legitimate interests of the Administrator.
   23. The Administrator undertakes to protect personal data using appropriate technical and organizational measures to ensure the protection of personal data, in particular by securing them against making personal data available to unauthorized persons and makes every effort to secure personal data against unauthorized access or use.
   24. The Administrator’s customer personal database is subject to legal protection. This data is particularly protected and secured against access by unauthorized persons.
   25. The Administrator does not transfer, sell or lend the collected personal data to other persons or institutions, unless it does so with the consent or at the request of the data subject or in accordance with applicable law, in particular at the request of the competent and authorized state authorities.
   26. The Administrator may disclose aggregate, general statistical summaries to cooperating companies and websites. These summaries do not contain personal data. The anonymous information collected in this way will be used to provide the Administrator’s customers with better service, compile and analyze statistical data and trends, administer the website and improve it.
   27. The period of personal data processing by the Administrator depends on the purpose of processing. As a rule, data is processed:
       
       1. for the duration of the service;
       2. until the consent is withdrawn;
       3. until an effective objection to data processing is filed in cases where the legal basis for data processing is the legitimate interest of the Administrator.
   28. The data processing period may be extended if processing is necessary to establish, pursue or defend against potential claims, and after this period only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
   29. The Administrator will not make automated decisions based on personal data, including decisions resulting from profiling.