Privacy Policy
1. Introduction
This Privacy Policy explains how the nech processes personal data in connection with the use of its website, business communications, enquiries, and related advisory and commercial activities.
The nech is committed to processing personal data lawfully, fairly, and transparently, in accordance with applicable data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or GDPR) and applicable Polish data protection legislation.
This Privacy Policy applies to personal data collected through this website, by email, through contact forms, in connection with business enquiries, and during pre-contractual and business relationship activities.
2. Data Controller
The controller of your personal data is the nech, operated by Dmytro Nechyporenko.
Address: 16, William Heerlein Lindleya Str., Warsaw, Poland 02-013
Email: info@thenech.com
If you have any questions about this Privacy Policy or the processing of your personal data, you may contact us at: info@thenech.com
3. Data Protection Contact
If you have any questions regarding the processing of your personal data or wish to exercise your rights under applicable data protection law, you may contact us at: info@thenech.com
4. Whose Data We Process
We may process personal data relating to:
• website visitors
• individuals who contact us by email or through the website
• prospective clients
• representatives, employees, officers, consultants, or contact persons of our clients, partners, suppliers, and counterparties
• individuals who subscribe to newsletters or other business communications, where such functionality is used
• individuals who interact with us in a professional or business context
5. Categories of Personal Data We May Process
Depending on how you interact with us, we may process:
• your name
• email address
• phone number
• company name
• job title
• business address
• the content of your enquiry or correspondence
• information voluntarily included in contact forms or email messages
• meeting and scheduling details
• website usage data such as IP address, browser type, device information, pages visited, approximate location, referring URLs, timestamps, and technical logs
• marketing and preference data, such as preferences relating to communications, subscription choices, and engagement with our communications
• other information voluntarily provided by you in the course of an enquiry, business discussion, or cooperation process
We do not intentionally collect special categories of personal data unless this is clearly necessary, lawful, and appropriately protected.
6. Sources of Personal Data
We may collect personal data:
• directly from you
• from your employer or organisation, where you act as its representative or contact person
• through our website and website tools
• from public professional sources, such as company websites, LinkedIn profiles, public registers, conference materials, and other business networking sources
• from business referrals, professional introductions, and trusted partners
7. Purposes of Processing and Legal Bases
We process personal data only where we have a lawful basis to do so under Article 6 GDPR. GDPR requires controllers to identify a lawful basis for each processing purpose and to inform data subjects about it.
a) Responding to enquiries and contact requests
We process personal data to respond to messages, arrange discussions, assess business needs, and handle incoming enquiries.
Legal basis:
• Article 6(1)(b) GDPR, taking steps at your request prior to entering into a contract
• Article 6(1)(f) GDPR, our legitimate interest in handling business communications and responding to enquiries
b) Pre-contractual discussions and business relationship management
We process personal data to assess potential cooperation, prepare proposals, negotiate terms, manage relationships, and coordinate business communications.
Legal basis:
• Article 6(1)(b) GDPR
• Article 6(1)(f) GDPR, our legitimate interest in managing business relationships and commercial activities
c) Performance of contracts
We process personal data where necessary to perform contracts with clients, suppliers, and service providers.
Legal basis:
• Article 6(1)(b) GDPR
d) Compliance with legal obligations
We process personal data where necessary to comply with legal obligations under applicable law, including accounting, tax, record-keeping, compliance, and legal defence obligations.
Legal basis:
• Article 6(1)(c) GDPR
e) Website administration, security, and technical operation
We process technical and usage data to maintain website functionality, security, diagnostics, and protection against abuse or unauthorised access.
Legal basis:
• Article 6(1)(f) GDPR, our legitimate interest in ensuring website security and reliable operation
f) Analytics and website performance improvement
Where analytics tools are used, we may process personal data to understand website traffic, measure performance, improve content, and optimise user experience.
Legal basis:
• Article 6(1)(a) GDPR, consent, where required for cookies or similar technologies
• Article 6(1)(f) GDPR, legitimate interest, only where applicable and lawful for strictly necessary or comparable low-impact processing
g) Direct marketing and business communications
We may process personal data to send business updates, newsletters, service-related marketing communications, or invitations to relevant industry content or events, where permitted by law.
Legal basis may include:
• Article 6(1)(a) GDPR, consent, where required
• Article 6(1)(f) GDPR, legitimate interest in promoting our services and maintaining business relationships, where lawful and proportionate
Where electronic marketing consent is required under applicable law, we will rely on consent. The GDPR also gives data subjects the right to object to processing for direct marketing at any time.
h) Establishing, exercising, or defending legal claims
We may process personal data where necessary to protect our legal rights and interests.
Legal basis:
• Article 6(1)(f) GDPR, legitimate interest in legal protection and dispute management
8. Cookies and Similar Technologies
Our website may use cookies and similar technologies for technical operation, security, analytics, preferences, and communications-related purposes.
Where required by law, we will ask for your consent before placing or using non-essential cookies or similar technologies on your device.
Strictly necessary technologies may be used without consent where they are required for the operation, security, or core functionality of the website.
You can manage your cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may affect the functionality of the website.
If you use tools such as browser controls or consent settings to withdraw consent, we will respect those preferences going forward, subject to technical limitations and legal requirements.
9. Whether Providing Data Is Mandatory
In most cases, providing your personal data is voluntary.
However, some data may be necessary:
• to respond to your enquiry
• to communicate with you
• to assess a potential cooperation
• to enter into or perform a contract
• to comply with legal obligations
If you do not provide certain data, we may be unable to respond properly, continue discussions, or provide requested services.
10. Recipients of Personal Data
We may disclose personal data to:
• IT and website hosting providers
• email, cloud storage, and communications providers
• CRM and business administration tools
• analytics, consent management, or website performance providers, where used
• professional advisers, including lawyers, accountants, auditors, and compliance advisers
• banks, payment institutions, and accounting providers, where relevant
• selected service providers and processors acting on our behalf under appropriate contractual safeguards
• courts, regulators, supervisory authorities, and public authorities where disclosure is required by law
We do not sell personal data.
11. International Transfers
As a rule, we aim to process personal data within the European Economic Area.
However, some of our service providers may process personal data outside the EEA or make data accessible from outside the EEA, including where global cloud or software providers are used.
Where personal data is transferred outside the EEA, we will ensure that an appropriate transfer mechanism is in place, such as:
• an adequacy decision issued by the European Commission
• the European Commission’s Standard Contractual Clauses
• another lawful mechanism recognised under GDPR
You may request further information about the safeguards used for international data transfers. GDPR regulates transfers outside the EEA under Chapter V.
12. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, tax, compliance, and evidential purposes.
Retention periods may vary depending on the category of data and purpose of processing. As a general approach:
• enquiry data is kept for the period needed to respond and follow up, and for a reasonable period thereafter in case of further business discussions
• contract-related data is kept for the duration of the contract and for the period required by law or necessary to handle claims
• accounting and tax records are retained for the period required under applicable law
• marketing data is retained until you withdraw consent, object, unsubscribe, or until the data is no longer needed for that purpose
• technical logs and website security data are retained for as long as necessary to ensure security, integrity, and troubleshooting
After the relevant retention period, data will be deleted, anonymised, or otherwise securely disposed of.
13. Your Rights Under GDPR
Subject to applicable law and the conditions set out in GDPR, you may have the right to:
• request access to your personal data
• request rectification of inaccurate or incomplete personal data
• request erasure of your personal data
• request restriction of processing
• object to processing based on legitimate interests
• object at any time to processing for direct marketing purposes
• withdraw consent at any time, where processing is based on consent
• receive your personal data in a structured, commonly used, and machine-readable format, and request its transfer where applicable
• not be subject to a decision based solely on automated processing, including profiling, where such right applies
To exercise your rights, contact us at: info@thenech.com
We may need to verify your identity before responding to your request. GDPR requires controllers to inform data subjects about these rights and to handle requests without undue delay, generally within one month.
14. Right to Lodge a Complaint
If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority.
For processing falling under Polish supervision, the competent authority is:
President of the Personal Data Protection Office
Urząd Ochrony Danych Osobowych
ul. Stanisława Moniuszki 1A
00-014 Warsaw
Poland
You may also lodge a complaint with the supervisory authority in the EU or EEA country of your habitual residence, place of work, or place of the alleged infringement, where applicable. The right to lodge a complaint with the President of the Personal Data Protection Office is confirmed by UODO.
15. Security
We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, or other unlawful processing.
These measures are proportionate to the nature of the data, the purposes of processing, and the risks involved, and may include access controls, confidentiality measures, backups, secure service providers, internal process controls, and data minimisation practices.
However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. GDPR requires controllers and processors to implement appropriate technical and organisational security measures.
16. Third-Party Websites and Platforms
Our website may contain links to third-party websites, platforms, or services.
This Privacy Policy does not apply to third-party websites or services, and we are not responsible for their privacy practices, content, or security. You should review their privacy notices separately.
17. Business Contacts and B2B Communications
Where we process personal data relating to employees, representatives, or contact persons of clients, suppliers, partners, or prospective counterparties, we do so for the purposes of business communication, relationship management, contract performance, project coordination, and commercial cooperation.
In such cases, the legal basis will usually be:
• Article 6(1)(b) GDPR, where the data relates to pre-contractual or contractual action
• Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests in conducting and managing business relationships
18. Children
This website and our services are intended for professional and business use. They are not directed to children.
We do not knowingly collect personal data from children through this website. If you believe that personal data relating to a child has been provided to us unintentionally, please contact us so that we can take appropriate action.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, regulatory, operational, or technological changes.
The current version will always be published on this website with the updated effective date shown at the top of the document.
20. Contact
If you have any questions about this Privacy Policy or the processing of your personal data, please contact:
the nech
operated by Dmytro Nechyporenko
16, William Heerlein Lindleya Str.
Warsaw, Poland 02-013