Privacy Policy

Privacy Policy

Last updated: February 21, 2026

This Privacy Policy explains how NEXON Systems Sp. z o.o. ("We", "NEXON") collects, uses, and protects the personal data of website visitors and users of the "NEXON Vision" service (hereinafter "Service").

1. Data Controller

The entity responsible for processing your data is:

NEXON Systems Sp. z o.o.
01-343 Warszawa, Ul. Legionowa 31A, Poland.
Email: [email protected]
Phone: +48 514908198

We do not have a designated Data Protection Officer (DPO), but we are fully committed to addressing your privacy concerns. Please contact our support team for any inquiries.

2. Information We Collect

We collect information based on how you interact with us:

  • Website Visitors: IP addresses, browser types, cookie data, and basic analytics (e.g., Google Analytics) to improve user experience.
  • SaaS Users (Customers): Account Data (name, email, phone number, company name), Device Data (screen IP addresses, device types, OS versions, activity logs), Content (files, images, videos you upload for broadcasting), and Billing Data (transaction history).

3. How We Use Data

We use your data to provide access to the Service, manage screens, provide technical support, send transactional emails, improve our platform, and comply with legal obligations.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure the smooth operation of our website, analyze performance, and remember your preferences. You can manage your consent and choose which non-essential cookies to allow via our cookie banner upon your first visit.

5. Infrastructure & Security

Your data is stored on secure servers located within the European Union (Frankfurt, Germany). We protect your data using encryption in transit and at rest, strict access controls, and regular backups. Detailed technical measures are outlined in Annex 2.

6. Google API

If you use Google services integration (e.g., YouTube), our Service complies with the Google API Services User Data Policy. We do not use Google user data for advertising purposes and do not share it with third parties.

7. Data Retention

Active account data is retained for the duration of the agreement. If a subscription ends and is not renewed within 90 days, we reserve the right to permanently delete your data.

8. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ('right to be forgotten'): You can request the deletion of your data when it is no longer necessary.
  • Right to restriction of processing: You can ask us to pause the processing of your data.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to the processing of your data, including for marketing purposes.
  • Right to withdraw consent: You can withdraw your consent for cookies or other processing at any time.
  • Right to lodge a complaint: You have the right to complain to a supervisory authority (e.g., UODO in Poland) if you believe your rights are violated.

To exercise any of these rights, please contact us at [email protected].

ANNEX 1: DATA PROCESSING ADDENDUM (DPA)

Processor: NEXON Systems Sp. z o.o.
This DPA forms part of the agreement between the Customer identified in the Account ("Controller") and NEXON Systems Sp. z o.o. ("Processor").

  • Subject matter & duration: Processor processes Personal Data on behalf of Controller to provide "NEXON Vision" services. Duration: term of the Agreement plus deletion period (90 days).
  • Nature & purpose: Hosting, storage, transmission, logging, support, security, analytics.
  • Categories of Data Subjects: Controller’s authorized users and personnel.
  • Types of Personal Data: Identifiers, login credentials, device logs, content metadata. Special categories of data are not intended to be processed.
  • Processor obligations: Process only on documented instructions, maintain confidentiality, implement security measures (TOMs), assist with data subject requests, notify of breaches without undue delay, delete data at termination.
  • Sub-processing: Controller authorizes the use of sub-processors. Processor will impose strict data protection terms on them. Current sub-processors: DigitalOcean, LLC (Germany) for hosting; Okta, Inc. (USA/EU) for IAM; SendPulse Inc. (USA) for transactional emails; Google LLC (USA/EU) for analytics/integrations.
  • International transfers: Processor primarily hosts in the EU. For necessary transfers outside the EEA, Processor uses appropriate safeguards, including EU Standard Contractual Clauses.

ANNEX 2: TECHNICAL & ORGANISATIONAL MEASURES (TOMs)

  • Transport & storage security: HTTPS with TLS 1.2/1.3; encrypted backups; environment separation.
  • Access control: Role-based access (RBAC); least privilege; MFA for administrative access; secure hashed credential storage.
  • Operational security: Logging and monitoring of admin actions and device heartbeats; vulnerability management.
  • Availability: Automated backups (rolling 30-90 days) and infrastructure redundancy.
  • Incident response: Defined playbooks and breach notification procedures without undue delay.