Policy on the processing of personal information

1. General Provisions
This policy on the processing of personal data has been developed in accordance with the requirements of Poland’s Personal Data Protection Act of May 10, 2018, and aligns with the European Union’s General Data Protection Regulation (GDPR) of April 27, 2016. It establishes the procedures for processing personal data and the measures implemented by “Nexus Digital Products” (hereinafter referred to as “the Operator”) to ensure the confidentiality and security of such personal data.
1.1. The Operator prioritizes respecting the rights and freedoms of individuals regarding the processing of their personal data, including safeguarding their rights to privacy and family secrecy, which are fundamental to the Operator’s operations.
1.2. This Policy on the Processing of Personal Data (hereinafter referred to as the “Policy”) applies to all data that the Operator may obtain about visitors to its website https://nexgoods.net.

2. Basic Concepts
2.1. Automated processing of personal data – the process of handling personal data using computer technologies.
2.2. Blocking of personal data – a temporary suspension of the processing of personal data (except when processing is necessary to clarify personal data).
2.3. Website – a collection of graphic, informational materials, computer programs, and databases available on the internet at https://nexgoods.net.
2.4. Information system of personal data – a set of personal data stored in databases, information technologies, and technical means ensuring their processing.
2.5. Depersonalization of personal data – actions that render it impossible to identify the personal data subject without additional information.
2.6. Processing of personal data – any action (operation) or set of actions with personal data, including collecting, recording, systematizing, accumulating, storing, clarifying (updating, modifying), extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, and destroying personal data.
2.7. Operator – an entity, organization, or individual that organizes and/or performs the processing of personal data independently or in conjunction with others, determining the purpose and actions involved in processing personal data.
2.8. Personal data – any information directly or indirectly relating to an identifiable individual.
2.9. Personal data allowed by the subject for distribution – personal data to which an unlimited number of people may have access based on the subject’s consent, in accordance with relevant legal requirements.
2.10. User – any visitor to the https://nexgoods.net website.
2.11. Providing personal data – actions aimed at disclosing personal data to specific individuals or groups.
2.12. Dissemination of personal data – any actions intended to make personal data available to an indefinite number of people or to publicize it through various media channels.
2.13. Cross-border transfer of personal data – transfer of personal data outside of Poland to a foreign authority, individual, or legal entity.

3. Basic Rights and Duties of the Data Processor
3.1. The data processor has the following rights:

to receive reliable information and/or documents containing personal data from the data subject;
to continue processing personal data in the absence of consent from the data subject if there are lawful grounds for such processing specified by the Personal Data Protection Act and GDPR, including cases in which the data subject withdraws their consent or requests the cessation of processing;
to independently determine the necessary and sufficient measures required to fulfill obligations imposed by the Personal Data Protection Act and GDPR unless otherwise specified by related legislation.

4. Basic Rights and Obligations of Personal Data Subjects
4.1. Subjects of personal data have the right to:

Receive information regarding the processing of their personal data, with the exception of cases provided by law. The information shall be provided to the personal data subject by the Operator in a form accessible to them, without containing
Require the Operator to clarify their personal data, to block or delete them if the personal data is incomplete, outdated, inaccurate, obtained unlawfully, or not necessary for the declared purpose of processing. They may also take measures provided for by law to protect their rights.
Put forward a condition for obtaining prior consent when personal data is processed in order to promote goods, works, and services on the market.
Withdraw consent to processing personal data, as well as send a request to cease processing personal data.
Appeal to the authorized body for protection of the rights of personal data subjects or to court against illegal actions or omissions of the Operator when processing their personal data.
Exercise other rights provided by legislation.

4.2. Subjects of personal data are obligated to:

Provide the Operator with accurate and reliable data about themselves.
Inform the Operator about changes or updates to their personal data.

5. Principles of Personal Data Processing
5.1. The processing of personal data shall be carried out on the basis of legality and fairness. 5.2. Personal data shall be processed only for specific, pre-determined, and legitimate purposes. It is prohibited to process personal data incompatible with the stated purposes for collecting such data.
5.3. Databases containing personal data processed for different purposes that are incompatible with each other shall not be combined. 5.4. Only personal data relevant to the purposes of its processing are subject to being processed. 5.5. The scope and content of the processed personal data must correspond to the declared purposes of processing. Redundant personal data with respect to the declared objectives of its processing is not permitted.
5.6. During the processing of personal data, accuracy, sufficiency, and relevance of such data to the purposes of data processing are ensured. The operator shall take the necessary measures to remove or correct incomplete or inaccurate personal data. 5.7. Personal data are stored in a form allowing identification of the data subject, for no longer than is required by the objectives of personal data processing. If a law, contract, or other agreement between the parties establishes a specific period for storage of personal data, it shall be followed. Upon reaching the objectives of processing or the loss of necessity to achieve those goals, personal data are destroyed or rendered anonymous. The operator ensures removal or correction of incomplete or inaccurate data.

6. Purposes of Personal Data Processing
The purpose of processing is to provide information to the User through emails. The personal data processed include:

Full Name
Email address
Phone numbers
Year, month, day and place of birth
Photos

In addition, the Operator’s statutory documents and contracts concluded between the Operator and the individual are also considered.
The types of personal data processed encompass collection, recording, organization, accumulation, storage, erasure, and depersonalization.
One of the methods of processing involves sending newsletters to the provided email address.

7. Conditions for the Processing of Personal Data
7.1. The processing of personal data shall be carried out with the consent of the data subject to the processing of their personal data. 7.2. The processing of personal data is required to achieve the objectives stipulated by an international agreement of the European Union or by law, to fulfill the functions, powers, and obligations assigned to the operator by the legislation of the European Union. 7.3. The processing of data is necessary for administration of justice, execution of a court decision, an act by another body or official that is subject to enforcement in accordance with EU legislation on enforcement proceedings. 7.4. The processing is required for performance of an agreement in which the data subject is a party, beneficiary, or guarantor, or for concluding an agreement on their own initiative or on behalf of the data subject, who will become a beneficiary or a guarantor. 7.5. The processing is necessary to exercise rights and legitimate interests of the operator, third parties, or to pursue socially significant objectives, provided that the data subject’s rights and freedoms are not infringed. 7.6. The data can be made publicly available, either by the data subject themselves or at their request. 7.7. Processing of data subject to mandatory publication or disclosure in compliance with law is conducted.
The processing of information is necessary to safeguard the rights and interests of the controller or third parties or to accomplish socially significant objectives. However, it must be ensured that the rights and liberties of the data subjects are not compromised.
If the data is made publicly accessible, it can be accessed by an unlimited number of individuals. This includes data that has been made available by the data owner or at their request (hereinafter referred to as “publicly available data”).
Processing of data that is subject to publication or compulsory disclosure in accordance with applicable law takes place.

8. The procedure for collecting, storing, transferring, and other types of processing of personal data The security of personal data processed by the operator is ensured through the implementation of legal, organizational, and technical measures that fully comply with the requirements of the current legislation in the field of personal data protection.
8.1 The operator guarantees the safety of personal data and takes all necessary measures to prevent unauthorized access to personal data.
8.2 The operator will never share the user’s personal data with third parties, except in cases related to the implementation of applicable laws or when the user has given consent to the operator to share their data with a third party to fulfill obligations under a civil law contract.
8.3 In the event of any inaccuracies in personal data, the user can notify the operator by sending an email to info@nextgoods.net with the subject line “Updating personal data.”
8.4 The duration of personal data processing is determined by the achievement of the purposes for which the data were collected, unless a different period is specified in the contract or by applicable law.
8.5 The user can withdraw their consent to personal data processing at any time by sending a notification to the operator via email to the operator’s email address info@nexgoods.net with the subject line “Withdrawal of consent to personal data processing.”
8.6 All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these entities (operators) in accordance with their user agreements and privacy policies. The operator is not responsible for the actions of third parties, including the service providers mentioned in this paragraph.
8.7 The prohibitions imposed by the user on the transfer (except for granting access), as well as on the processing or processing conditions (except for obtaining access) of personal data permitted for distribution, do not apply in cases of processing personal data in the public interest, as determined by the legislation of the European Union.
8.8 The operator ensures the confidentiality of personal data when processing it.
8.9 The operator stores personal data in a form that allows for the identification of the data subject, for no longer than necessary for the purposes of personal data processing, unless a longer period is specified by law, an agreement to which the data subject is a party, beneficiary, or guarantor.
8.10 The termination of personal data processing may be based on the achievement of the objectives of personal data processing, the expiration of the user’s consent, the withdrawal of consent by the user, or the requirement to cease processing personal data, as well as the detection of unlawful processing of personal data.

9. The operator performs the following actions with the personal data received:
9.1. The operator collects, records, organizes, accumulates, stores, clarifies (updates, modifies), extracts, uses, transfers (distributes, provides, accesses), de-identifies, blocks, deletes, and destroys personal data.
9.2. The operator conducts automated processing of personal data upon receiving and/or transmitting the received information through information and telecommunication networks, or without such transmission.

10. Cross-border transfer of personal data
10.1. Prior to initiating activities for cross-border transfer of personal data, the operator is required to inform the authorized body for the protection of the rights of personal data subjects of their intention to engage in such transfer (this notification is separate from the notification of the intention to process personal data).
10.2. Before submitting the aforementioned notification, the operator must obtain relevant information from the authorities of a foreign state, foreign individuals, or foreign legal entities to whom the cross-border transfer of personal data is planned.

11. Confidentiality of personal data
The operator and other individuals who have gained access to personal data are obligated to keep such data confidential and not disclose it to third parties or distribute it without the consent of the personal data subject, unless otherwise provided by law.

12. The Final Provisions
12.1. The User can seek clarification on any matters of interest regarding the processing of their personal data by contacting the Operator via email at info@nexgoods.net.
12.2. This document will reflect any modifications to the Operator’s personal data processing policy. The policy remains in effect until a new version is issued.
12.3. The current version of the Policy is publicly available on the internet at https://nextgoods.net/privacy-policy.