Skip to content
Nextriv

Privacy policy

This policy explains what personal data we process in connection with your use of nextriv.pl / nextriv.com, on what legal basis, how long we keep it and what rights you have under the GDPR. Data processing within the Nextriv application (nextriv.app) is described in separate documents accepted upon account registration.

Last updated:

Draft version — pending legal review

1. Data controller

The controller of personal data collected via the website is Thermonext Michał Sendrowski with its registered office at ul. Olszowa 8B, 18-400 Konarzyce, Poland, tax ID (NIP) 7182165488 (the “Controller”, “we”).

For any matters concerning personal data, you can contact us by e-mail at [email protected] or in writing at our registered address.

2. What data we process and where it comes from

We only process data that you provide yourself or that your browser generates during your visit:

  • Contact and demo request forms: e-mail address and — if provided — name, company name, phone number, industry and message content.
  • Newsletter: e-mail address.
  • Technical visit data: IP address, cookie identifiers, browser and device information and visit statistics — to the extent described in the Cookie policy and only in line with the consents you have given.

3. Purposes and legal bases of processing

We process data for the following purposes and on the following bases:

  • Handling enquiries from the contact and demo forms — steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR) and, for enquiries unrelated to a contract, our legitimate interest in conducting correspondence (Art. 6(1)(f) GDPR).
  • Sending the newsletter — your voluntary consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.
  • Analytics, visit statistics and possible marketing activities — your consent given in the cookie banner (Art. 6(1)(a) GDPR in conjunction with electronic communications law).
  • Website security (including protecting forms against bots) — our legitimate interest (Art. 6(1)(f) GDPR).
  • Establishing, exercising or defending legal claims — our legitimate interest (Art. 6(1)(f) GDPR).

4. Data recipients

We do not sell your data. We share it only with trusted service providers acting on our behalf (processors) or as independent controllers within their own services:

  • Cloudflare — website hosting and delivery (CDN), form handling, and protection against bots and abuse.
  • Resend — e-mail delivery (system replies, newsletter).
  • Google — analytics tools (visit statistics) operating only after consent, respecting Consent Mode v2 settings.
  • Microsoft — e-mail and office tools used to handle correspondence.
  • SMSAPI — SMS gateway used in communication (in particular for Nextriv service notifications).
  • Entities supporting our business under law or contracts: e.g. accounting and legal services, as well as public authorities where disclosure is required by law.

5. Transfers outside the EEA

Some of our providers (including Cloudflare, Google, Microsoft and Resend) are established or operate data centres outside the European Economic Area, in particular in the USA. In such cases, transfers rely on GDPR-approved mechanisms: adequacy decisions (including the EU–US Data Privacy Framework for certified providers) or Standard Contractual Clauses (SCCs) with supplementary safeguards.

You can obtain information about the safeguards applied by a specific provider by contacting us at the address given in section 1.

6. How long we keep data

Retention depends on the purpose of processing:

  • Form correspondence — for the time needed to handle the matter, and then for the limitation period of any claims related to the correspondence.
  • Newsletter — until consent is withdrawn (unsubscribing); after that we may keep limited data evidencing that consent was given and withdrawn (accountability).
  • Analytics data — for the periods described in the Cookie policy and the configuration of the analytics tools.
  • Data processed on the basis of consent — at the latest until consent is withdrawn.

7. Your rights

Under the GDPR you have the following rights:

  • the right of access to your data and to obtain a copy (Art. 15),
  • the right to rectification (Art. 16),
  • the right to erasure (Art. 17),
  • the right to restriction of processing (Art. 18),
  • the right to data portability for data processed on the basis of consent or a contract (Art. 20),
  • the right to object to processing based on legitimate interest (Art. 21),
  • the right to withdraw consent at any time — without affecting the lawfulness of processing carried out before withdrawal.

8. Complaint to the supervisory authority

If you believe we process your data unlawfully, you may lodge a complaint with the President of the Polish Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl. We encourage you to contact us first — most issues can be resolved directly.

9. Voluntary nature of data provision and automated decisions

Providing data is voluntary but necessary for the given purpose: without an e-mail address we cannot reply to a form message or send the newsletter.

We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you.

10. Changes to this policy

This policy may be updated, e.g. when providers or regulations change. The current version, with the last-updated date, is always available on this page. We will communicate material changes visibly on the website.