Privacy Policy

1. Personal Data Controller

The controller of personal data processed via the ntss.io website is NT Solution Systems Sp. z o.o., with its registered office at 10-683 Olsztyn, Władysława Trylińskiego 2, NIP: 7394029181, REGON: 544024261, KRS: 0001224918, contact e-mail address for data protection matters: kontakt@ntss.io

The Controller is responsible for the lawful, secure and transparent processing of users’ personal data.

2. Scope and Sources of Data

The Controller may process personal data obtained:

a) automatically during the use of the website, in particular in the form of technical and operational data,

b) directly from the user, in particular via the contact form, e-mail, telephone contact or in the course of further correspondence;

The scope of processed data may include, in particular:

name and surname, company name, e-mail address, telephone number, message content, data contained in correspondence, data relating to an enquiry or cooperation, IP address, date and time of connection, information about the device, operating system, browser, and basic technical data related to the use of the website.

3. Purposes and Legal Bases for Processing

Personal data may be processed for the following purposes:

a) handling contact and correspondence

for the purpose of responding to a message sent via the contact form, e-mail or by telephone.

Legal basis:
Article 6(1)(f) GDPR – the legitimate interest of the Controller consisting in conducting communication and handling enquiries, and if the contact concerns pre-contractual activities – Article 6(1)(b) GDPR.

b) presenting an offer, conducting commercial discussions and taking steps prior to concluding a contract

for the purpose of preparing an offer, responding to an enquiry and taking steps aimed at concluding a contract.

Legal basis:
Article 6(1)(b) GDPR – actions taken at the request of the data subject prior to entering into a contract,
or Article 6(1)(f) GDPR – the legitimate interests of the Controller consisting in maintaining business relationships.

c) performance of a contract or cooperation

where a contract is concluded, data may be processed for the purpose of its performance, day-to-day working contact, settlements and ongoing cooperation support.

Legal basis:
Article 6(1)(b) GDPR.

d) fulfilment of legal obligations

to the extent that processing is necessary to fulfil obligations arising from legal provisions, in particular tax, accounting or claim-related obligations.

Legal basis:
Article 6(1)(c) GDPR.

e) bezpieczeństwo serwisu i administrowanie nim

for the purpose of ensuring website security, detecting abuse, protection against attacks, maintaining technical logs, diagnosing errors and ensuring the proper functioning of the website.

Legal basis:
Article 6(1)(f) GDPR – the legitimate interest of the Controller consisting in protecting the website and its users.

f) establishing, pursuing or defending claims

where necessary to demonstrate specific circumstances, defend the Controller’s rights or pursue receivables.

Legal basis:
Article 6(1)(f) GDPR – the legitimate interests of the Controller.

g) processing based on consent

if, in a given case, the user gives consent to the processing of data or to the use of specific technologies, the data may also be processed on that basis.

Legal basis:
Article 6(1)(a) GDPR.

4. Is the provision of data mandatory?

As a rule, providing data is voluntary, but it may be necessary for:

  • receiving a response to a message,
  • receiving an offer,
  • taking steps prior to entering into a contract,
  • concluding or performing a contract,
  • fulfilling obligations arising from legal provisions.

Failure to provide data may make it impossible to contact you, present an offer, or deliver a specific service or cooperation.

5. Data recipients

Personal data may be disclosed to entities cooperating with the Controller only to the extent necessary for the purposes of processing, in particular:

providers of hosting and website maintenance services, providers of e-mail and IT infrastructure services, entities providing technical, IT or administrative support, entities handling accounting or legal advisory services, and authorised public authorities, where disclosure is required by law.

The Controller does not sell personal data to third parties.

6. Data retention period

Data will be retained for the period necessary to achieve the purpose for which they were collected, and then for the period required by law or necessary to secure potential claims.

In particular:

technical data and server logs – for the period necessary to ensure security, diagnostics and the proper functioning of the website.

data related to correspondence and commercial enquiries – for the duration of the contact, and then for the period necessary for archiving and for establishing, pursuing or defending claims;

data related to the performance of a contract – for the duration of the contract, and then for the period required by law, in particular tax and accounting, and for the limitation period for claims;

data processed on the basis of consent – until the consent is withdrawn or until the purpose of processing ceases to exist, whichever occurs first;

7. Rights of data subjects

A person whose data is concerned is entitled – in cases provided for by GDPR – to:

  • access to data,
  • obtaining a copy of the data,
  • rectification of data,
  • erasure of data,
  • restriction of processing,
  • data portability,
  • objecting to processing based on the Controller’s legitimate interest,
  • withdrawal of consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before its withdrawal,
  • lodging a complaint with the President of the Personal Data Protection Office.

To exercise these rights, you may contact the Controller at: kontakt@ntss.io

8. Automated decision-making and profiling

Users’ personal data are not used for decision-making based solely on automated processing, including profiling, which would produce legal effects concerning the user or similarly significantly affect them.

9. Transfer of data outside the European Economic Area

As a rule, users’ personal data are processed within the European Economic Area.

However, if in connection with the use of certain tools, infrastructure providers, mail services, technical resources or external services, data were to be transferred outside the European Economic Area, the Controller will ensure the application of appropriate legal mechanisms required by GDPR, in particular standard contractual clauses or other legal bases legitimising such transfer.

10. Cookies and similar technologies

The ntss.io website uses cookies and similar technologies, including solutions designed to remember user settings, ensure security, support the proper functioning of the website and operate the consent management mechanism.

To the extent permitted by law, the website may use technologies necessary for:

the proper display of the website, ensuring security, remembering the selected language or user settings, and recording choices made in the cookies banner.

Where user consent is required for specific technologies, they are activated in accordance with the choice made via the cookies banner or the consent management tool available on the website.

The user may change their consent settings at any time by using the consent management mechanism available on the website.

Detailed information regarding the cookies and similar technologies used, their purposes, duration and the way settings are managed can be found in the separate Cookies Policy.

11. Contact for data protection matters

For matters relating to the processing of personal data, the exercise of rights under the GDPR, or questions related to this Privacy Policy, you may contact the Controller:

  • e-mail: kontakt@ntss.io
  • in writing: NT Solution Systems Sp. z o.o., ul. Władysława Trylińskiego 2, 10-683 Olsztyn

The Controller has not appointed a Data Protection Officer.

12. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time, in particular in the event of:

  • changes in legal regulations,
  • changes in the way the website operates,
  • changes in the scope of services provided,
  • implementation of new technical or organisational tools.

The current version of the Privacy Policy is published on the ntss.io website.

Date of last update: 26 March 2026.