Privacy Policy

1. Data Controller

The controller of your personal data is nex-IT IT Services (hereinafter: "Controller").

For matters related to personal data protection, please contact us at: biuro@nex-it.pl

2. Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes:

• Responding to inquiries – based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest of the Controller in communicating with clients)
• Contract performance – based on Art. 6(1)(b) GDPR (necessity for contract performance or pre-contractual steps)
• Legal obligations – based on Art. 6(1)(c) GDPR (tax and accounting obligations)
• Marketing of own services – based on Art. 6(1)(f) GDPR (legitimate interest of the Controller)

3. Scope of Processed Data

Depending on the purpose of processing, we may collect the following data:

• First and last name
• Email address
• Phone number
• Company name
• Business address
• Tax identification number
• Message and correspondence content

4. Data Retention Period

Your personal data is stored for the following periods:

• Contact inquiries – until the end of correspondence, then for the limitation period for potential claims (maximum 3 years)
• Contracts and invoices – for the period required by tax and accounting law (5 years from the end of the calendar year)
• Data processed based on consent – until consent is withdrawn

5. Rights of Data Subjects

You have the following rights:

• Right of access – to obtain information about processed data
• Right to rectification – to correct inaccurate data
• Right to erasure – to request deletion of data ("right to be forgotten")
• Right to restriction of processing – in certain circumstances
• Right to data portability – to receive data in a machine-readable format
• Right to object – to processing based on legitimate interest
• Right to withdraw consent – at any time, without affecting the lawfulness of processing before withdrawal

To exercise these rights, please contact us at: biuro@nex-it.pl

6. Data Recipients

Your data may be shared with the following categories of recipients:

• Hosting and IT service providers
• Accounting and legal service providers
• Government authorities (when required by law)

Data is not transferred to third countries or international organizations.

7. Cookies

The website uses cookies to ensure proper functioning of the service and to analyze website traffic.

We use the following types of cookies:

• Necessary – required for proper website functioning
• Analytics – help understand how users interact with the website

You can manage cookie settings in your web browser.

8. Data Security

The Controller applies appropriate technical and organizational measures to ensure the security of processed personal data, including:

• Data transmission encryption (SSL/TLS)
• Data access control
• Regular backups
• Security system updates

9. Right to Lodge a Complaint

If you believe that the processing of personal data violates GDPR provisions, you have the right to lodge a complaint with the supervisory authority:

President of the Personal Data Protection Office
ul. Stawki 2, 00-193 Warsaw, Poland
www.uodo.gov.pl

10. Changes to Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy. Users will be informed of any changes through publication of the updated version on this page.