1. The Controller of your personal data is STX Next S.A. with its registered office in Poznań (61-854), ul. Mostowa 38, KRS [company registration number]: 0000967074, NIP [tax identification number]: 7781424849, REGON [statistical number]: 300013306, hereinafter referred to as: the Controller or STX Next.
2. As the Controller, STX Next pays special attention to the protection of privacy and confidentiality of personal data processed in connection with its business activity, including the data entered by users into the electronic forms on the domain and subdomains https://stxnext.com/. 
3. You can contact the Controller in all matters related to the protection of your personal data via e-mail: administrator@stxnext.pl, phone: 48 61 610 01 92 or the contact form on the website. 
4. STX Next shall act with due diligence when selecting and applying appropriate technical and organizational measures to protect personal data being processed. 
5. STX Next shall protect personal data against unauthorized access and processing in violation of applicable regulations.
6. Your personal data shall be processed by the Controller in accordance with the law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as 'GDPR').
7. Personal data collected by STX Next shall be: 
1. processed in a lawful manner,
2. collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes,
3. adequate and limited to what is necessary for the purposes for which they are processed,
4. corrected and, if necessary, updated,
5. kept for no longer than necessary to achieve the purpose of processing,
6. processed in a manner that ensures appropriate security.

1. Each time the purpose, scope and recipients of personal data processed by STX Next depend on whether you are only a website visitor, a potential or existing STX Next client or a candidate for the STX Next team.   
2. Your personal data may be processed in order to:
1. establish cooperation with STX Next, including verification of your data and preparation of an offer at your request, if you would like to enter into a contract with us - in this situation, data processing is necessary to take action at your request before entering into a contract (Article 6(1)(b) of the GDPR), 
2. answer your questions and requests submitted through the forms and contact addresses available at the stxnext.com website, including the interactive windows available on each subpage of the website - on the basis of the legitimate interest of STX Next (Article 6(1)(f) of the GDPR),
3. perform the provisions of an already concluded contract if you are an existing STX Next client or another entity cooperating with STX Next (Article (6)(1)(b) of the GDPR),
4. fulfil legal obligations of STX Next relating, inter alia, to accounting and taxation and for archival purposes (Article 6(1)(c) of the GDPR),
5. send marketing content, such as information about products and services, information about planned events and workshops, commercial information, questionnaires, newsletters, eBooks and other materials via electronic messages, on the basis of your voluntary consent (Article (6)(1)(a) of the GDPR) or, if the law allows it, on the basis of the legitimate interest of STX Next (Article (6)(1)(f) of the GDPR),
6. adapt and develop the functionalities of the website, including its structure and content to your needs and those of other users, produce aggregated statistics and maintain the security and quality of the services provided by STX Next - on the basis of the legitimate interest of STX Next (Article 6(1)(f) of the GDPR), 
7. contact you and carry out the recruitment process in connection with your submission of application documents on the STX Next recruitment subpage - in this situation data processing is necessary to take action at your request before entering into a contract (Article 6(1)(b) of the GDPR),
8. take application documents into account in future recruitment processes - on the basis of your voluntary consent (Article 6(1)(a) of the GDPR),
9. establish, exercise or defend any claims based on the legitimate interest of STX Next (Article 6(1)(f) of the GDPR).

The controller processes different personal data depending on the purpose and legal basis of the processing. STX Next may process in particular the following categories of your personal data: first and last name, e-mail address, address, data of your company, contact number, bank account number (for payment processing), data of contact persons from your company, IP address and other data necessary to achieve the purposes mentioned above (e.g. data provided by you in the contact form).

1. The period of personal data processing depends on the purpose and legal basis of the processing.
2. Personal data obtained through the contact form and other channels or addresses indicated for the communication will be processed for the duration of the communication or until an objection to the processing is raised, but no longer than 6 months from the date of the last contact, unless another legal basis for the processing of personal data applies.
3. The clients’ personal data will be processed for the duration of the contract, and after that period for the time necessary to comply with the law and to establish, exercise or defend against possible claims, but no longer than 6 years from the expiry or termination of the contract entered into with STX Next.
4. Personal data processed for the purpose of fulfilling the Controller’s legal obligations will be processed for the period resulting from the relevant legal regulations.
5. Personal data collected for the purpose of sending marketing content will be processed until you object to the processing or withdraw your consent. 
6. Personal data collected for the purposes of recruitment will be processed for the duration of the recruitment process, and if you consent to the processing of data for the purposes of future recruitment, they will be stored until your consent is withdrawn.

1. The recipients of your personal data may be business partners (e.g. subcontractors), technological partners (e.g. providers of IT services, marketing tools), logistics partners (e.g. courier companies) and organizational partners (e.g. consulting companies, accounting companies, accounting firms) of STX Next, as well as entities which process data on the basis of generally applicable law. 
2. Your personal data may be transferred to a third country outside the European Economic Area (EEA) or to an international organisation only in the cases and under the conditions provided for by the applicable legislation, e.g. when the European Commission has established that the third country or international organisation in question ensures an adequate level of protection or, in the absence of such a decision, where the controller has provided adequate safeguards (e.g. by applying binding corporate rules or standard data protection clauses adopted by the European Commission) and provided that there are enforceable rights of data subjects and effective legal protection measures.
3. Your personal data will not be subject to automated decision making, including profiling.
4. STX Next will take the utmost care to ensure that in the event of data being transferred to third parties, your data will be processed in accordance with the GDPR and this Privacy Policy. 
5. Regardless of the purpose of the processing, providing the data is voluntary, however, failure to provide them may prevent you, depending on the specific case, from entering into a contract, obtaining answers to questions, using selected services or functionalities, receiving marketing content from STX Next or participating in the recruitment process.  
6. The website contains references to external websites (e.g. LinkedIn, Facebook, Instagram, Twitter or Clutch). STX Next strongly recommends that you read the privacy policy and terms and conditions of use of each of these external sites, as they are in no way within the Controller's scope of liability.

1. You have the right to:
1. access the data, 
2. rectify the data,
3. erase the data,  
4. restrict the processing of the data,
5. data portability,
6. object to the processing of data which takes place on the basis of the Controller’s legitimate interest,
7. withdraw your consent (where processing is based on consent) at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

2. If you believe that the processing of your personal data violates the provisions of the GDPR, you also have the right to lodge a complaint with the President of the Office for Personal Data Protection (postal address: ul. Stawki 2, 00-193 Warsaw, Poland).

Please look it up in detail here.