Privacy Policy

With the security of your personal data in mind, we have developed this privacy policy. The protection of personal data and all processed or generated information is a priority for our COMPANY. We operate in many areas, and our tools and software are used to manage numerous processes, enterprises, and entities. We strive to ensure that our services are of the highest standard. We feel a particular responsibility for the security of personal data processed by us in connection with our activities. Our primary goal is to meet the informational obligation related to the processing of personal data at the highest level and in accordance with current regulations, i.e., the Act of May 10, 2018, on personal data protection (Journal of Laws 2019, item 1781) and the Regulation of the European Parliament and the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"). In this policy, we inform about the legal bases for processing personal data, ways of collecting and using personal data, and the rights of data subjects.

What do we understand by personal data and its processing?

Personal data are all information relating to an identified or identifiable living natural person. Individual pieces of information, which combined can lead to identifying a person's identity, also constitute personal data. By processing personal data, we understand the performance of all operations on personal data, regardless of whether they are carried out automatically or not (e.g., collecting, storing, recording, organizing, modifying, viewing, using, sharing, restricting, deleting, or destroying).

When does this privacy policy apply?

This privacy policy applies in every case where NISSYSTEMS is the administrator of received, collected, transferred, entrusted personal data. This includes all cases where NISSYSTEMS processes personal data obtained directly from the person concerned, as well as cases where personal data are obtained from other sources. NISSYSTEMS fulfills its informational obligations in accordance with the requirements set out in Articles 13 and 14 of the GDPR.

Who is the administrator of your personal data?

NISSYSTEMS, located at ul. Jana Kazimierza 30/125, 01-248 Warsaw, entered into the register of entrepreneurs, kept by the District Court for the capital city of Warsaw, XII Commercial Division of the National Court Register , under KRS number 0001026651, with a share capital (fully paid-up) of PLN 5,000.00, tax identification number NIP 5273048706, REGON 524811610. Contact with the Data Protection Officer at NISSYSTEMS can be made via email: iod@nissystems.pl, phone: 48 728 203 802.

What data do we process?

Dear Users, we process data that you provide to us or share during the browsing of our website and its use, as well as the realization of our services on your behalf. We also conduct automated analysis of your activity onour websites. The personal data we collect are provided voluntarily by you, yet they are essential for providing our services, such as queries processed through the contact form, newsletter implementation, and order fulfillment in our online store. We collect only those data that are necessary for the realization and provision of services included in the forms available on our websites, in the following scope:

• Contact and address data (such as residential address, correspondence address, phone numbers, or email address);
• Financial data, including transaction-related data (e.g., details of financial transactions);
• Technical and search data on the website, which may be personal data (e.g., IP addresses, cookie identifiers, browsing history, etc.).

What is the purpose of processing your personal data and what is the legal basis and rationale?

• Conclusion and performance of a contract with a client or contractor – Article 6 (1)(b) and (f) of the GDPR

For the duration of the contract and after its expiration until the expiration of claims arising from it, in connection with actions undertaken for the conclusion or implementation of the contract, in justified purpose, contact with employees/co-workers of clients and contractors.

• Handling complaints and claims – Article 6 (1)(b) and (f) of the GDPR

After the warranty period expires or the claim is settled. The Administrator, in connection with handling complaints, contacts in a justified purpose with employees/co-workers of clients.

• Pursuing claims or defending against legal claims – Article 6 (1)(f) of the GDPR

For the duration of proceedings concerning pursued claims, i.e., until their final resolution, and in the case of enforcement proceedings until the final satisfaction of pursued claims. The Administrator may process data of employees/co-workers of clients or contractors in a justified purpose in connection with pursuing claims or defending against legal claims.

• Archiving of documents, i.e., contracts and settlement documents – Article 6 (1)(c) of the GDPR

For periods indicated by legal provisions, and if no specific periods are indicated for certain documents, as long as their storage falls within the legally justified purpose of the administrator regulated by the time of possible pursuit of claims.

• Conducting statistics – Article 6 (1)(f) of the GDPR

Until the conduct of another processing operation indicated in this table. We do not store personal data solely for statistical purposes. Having information about the statistics conducted by the Administrator allows for the improvement of ongoing activities.

• Conducting marketing activities without the use of electronic communication means – Article 6 (1)(f) of the GDPR

Until the objection is raised, i.e., expressing in any way that you do not wish to remain in contact with us and receive information about our activities. Conducting marketing activities promoting the business.

• Conducting marketing activities using electronic communication means – Article 6 (1)(a) of the GDPR

These activities, due to other applicable regulations, in particular the Telecommunications Law and the Act on Providing Services by Electronic Means, are conducted based on the consents held. Until the withdrawal of consent, i.e., expressing in any way that you do not wish to remain in contact with us and receive information about our activities, and after its withdrawal for the purposes of demonstrating the correctness of fulfilling the legal obligations incumbent on NISSYSTEMS and the related claims. Conducting marketing activities promoting the business using email addresses and phone numbers.

How long do we process personal data? What are the criteria for determining such periods?

The period of processing personal data depends on the purposes for which they were collected and the legal obligations imposed on NISSYSTEMS in this regard, as well as in the case of given consent, until its withdrawal, limitation, or other actions initiated by you that limit the previously expressed consent.

NISSYSTEMS processes data for the period necessary to achieve the processing objectives. For example, NISSYSTEMS stores data in terms of executing a contract until its completion, and then in a legally justified interest for securing potential claims or until the expiration of the legal obligation to store data resulting from legal provisions. These provisions may particularly involve the obligation to store accounting (tax) documents related to the contract, obligations arising from anti-money laundering and counter-terrorism financing regulations, fulfilling international tax obligations, and regulations on automatic exchange of tax information with other countries.

In the case of conducting court or out-of-court proceedings, the periods for data storage may be extended, e.g., due to interruption or suspension of the limitation period for claims.

It should be remembered that data can be processed/stored separately due to appropriate goals or legal bases of processing (e.g., revoking consent to process data for third-party marketing will not cause NISSYSTEMS to stop processing data due to other legal conditions).

What rights do you have as data subjects?

In accordance with applicable regulations, you have the following rights in relation to the processing of your personal data by other entities of the NISSYSTEMS Group and trusted partners:

• The right to access your data, including obtaining a copy of the data;
• The right to request rectification of data;
• The right to delete data (the right to be forgotten);
• The right to lodge a complaint with the data protection supervisory authority, which in Poland is the President of the Personal Data Protection Office – https://www.uodo.gov.pl/pl (in case of comments or doubts, we encourage you to contact us first);
• The right to restrict data processing;
• The right to object (objection to processing, objection to direct marketing, including profiling, justified objection to processing data in the legitimate interest of the administrator).

If the data is processed based on consent or as part of the service provided (data is necessary for providing the service), you may additionally exercise the following rights:

• The right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. If your data is processed based on consent or for the purpose of contract fulfillment (necessary for providing the service);
• The right to data portability, i.e., to receive your personal data from the administrator in a structured, commonly used, machine-readable format to transmit them to another administrator.

To exercise the above rights, please contact us in the contact section and fill out the appropriate form https://nissystems.pl/contact/, or send correspondence to NISSYSTEMS.

In the case of requests for rectification, deletion, or limitation of the processing of personal data, we will inform the recipients of these data, to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort, and at your request regarding your data, we will inform you about these recipients.

To whom do we disclose the data?

Your data may be transferred to entities processing personal data on behalf of the administrator, including companies within the NISSYSTEMS GROUP, IT service providers, marketing agencies. These entities process the data based on a contract with the administrator and strictly according to his instructions. In such cases, third parties are required to maintain confidentiality and information security and to verify that they provide appropriate measures to protect personal data.

Your data may also be made available to entities authorized to obtain them based on applicable law, e.g., law enforcement agencies. Within the scope allowed by applicable laws, we may also disclose your data to institutions dealing with debt collection and trading in receivables.

The processing is based on voluntary consent by trusted entities of your personal data, which are provided in the browsing history of the website and online store, for marketing purposes (including automated analysis of activity on the website, including placing internet markers, including cookies) on your devices and reading such markers, the above data may be provided to our trusted partners.

List of trusted partners:

• Google Analytics (more information and a browser add-on to block Google Analytics: tools.google.com);
• Facebook (more information on the website: www.facebook.com);
• Microsoft (more information on the website: privacy.microsoft.com/pl-pl/privacystatement).

Processing Data in Cookies

In a limited scope, we may collect personal data automatically through cookies on our website. Cookies are small text files stored on the user's computer or other mobile device while using internet services. These files serve, among other things, to use various functions provided on a given website or to confirm that a user has seen certain content from a website. Among cookies, there are those that are necessary for the functioning of the COMPANY's website. These necessary cookies are used to:

• Maintain user sessions;
• Save the state of the user's session;
• Enable authorization using the Login Service;
• Store information allowing anonymous user login;
• Store information necessary for the operation of the online shopping cart for internet purchases through the COMPANY's online store;
• Monitor service availability.

Another category of cookies are those that are not necessary for the use of the service, but facilitate its use. They are used to:

• Restore the last visited view upon the next login to the product;
• Remember the user's choice regarding stopping the display of a selected message or displaying it a specified number of times;
• Restore the user's session;
• Remember the last category selected in the product;
• Check whether saving to cookies is functioning correctly;
• Enable automatic login to the product (the “remember me” option);
• Adapt the content of products to user preferences;
• Set the preferred language, currency, font size, and other properties that facilitate working with the application;
• Restore the last search result in the product;
• Display the last viewed products in the online store;
• Display the last chosen sorting parameter.

NISSYSTEMS also uses services of third parties, whose list is constantly changing, and which use cookies for the following purposes:

• Monitor traffic on our website;
• Collect anonymous, aggregated statistics that help us understand how users use our website and allow us to continuously improve our products;
• Determine the number of anonymous users of our website, necessary for analyzing the use of NISSYSTEMS services;
• Control how often selected content is shown to users;
• Control how often users choose a particular service;
• Study sign-ups for newsletters;
• Use a personalized recommendation system for e-commerce;
• Use communication tools;
• Integrate with social media platforms;
• Conduct online payments.

Contents from external providers may include cookies from other entities. Therefore, users are advised to familiarize themselves with the policies on using cookies for website management by external providers.

Users can manage cookies used by the COMPANY or by external providers by changing the settings of their internet browser. Further information on this subject can be found in the document “How to manage cookies?” – here is the link. NISSYSTEMS informs that rejecting cookies may result in the improper functioning of our services or, in some cases, prevent the use of our products.

This document was published on: November 10, 1023.