Privacy Policy

In force since 24.05.2021

Privacy Policy:

  1. This Privacy Policy defines the rules for the collection, processing and use of personal data obtained by website (hereinafter referred to as ‘’).

  2. This policy is also the fulfillment of the obligations of Open Nexus Sp. z o.o. as the Administrator specified in art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/WE (general regulation on data protection) (hereinafter: GDPR).

  3. The owner of and at the same time the Administrator of Personal Data is Open Nexus Sp. z o.o. with its registered office in 3, Bolesława Krzywoustego Street, postcode: 61-144 Poznań. District Court for Poznań - Nowe Miasto and Wilda in Poznań, 8th Economic Division of the National Court Register 0000335959, Tax Identification Number (NIP) 7792363577, National Business Registry Number (REGON) 301196705, share capital of 67.050 PLN, with bank account number 771160220200000148511753, email:, hereinafter referred to as ‘Open Nexus’.

  4. As the Personal Data Administrator, we were not required by law to designate Data Protection Officer. However, taking care of data, we assigned Data Protection Officer, whom you can contact via the following email address:, about any issue regarding processing of your personal data.

  5. Open Nexus takes special care to respect the data privacy of Users visiting

§ 1 How do we collect data?

  1. Open Nexus collects information about natural persons operating a business or professional activity (hereinafter referred to as "Entrepreneurs"), as well as the data of natural persons engaged in a legal activity not directly related to their activities. Open Nexus processes personal data of persons representing clients and their employees, provided by the above-mentioned subjects. In case of registration of Sub-accounts, data may be gather by the User.

  2. Personal data may be also gathered from cookie files (referred to later in the Policy) which include IP numbers.

  3. Users' personal data is collected on registration while creating a User Account on or while placing an offer in a Proceeding without registration.

  4. In case of registration on, the User sets his own Password to the Account on, and submits the following data:

    1. Name and surname;

    2. E-mail address;

    3. Telephone number;

    4. Tax Identification Number (NIP);

    5. Company name.

  1. If the user submits an offer without registration, in order to submit an offer the following data must be provided:

    1. E-mail address;

    2. Tax Identification Number (NIP) or PESEL (Polish - Universal Electronic System for Registration of the Population)

    3. Telephone number;

    4. Company name

      and optionally

    5. Name

    6. Surname

    7. Street and number

    8. Postal code

    9. City

  1. Apart from company name, Tax Identification Number and email address, which can be changed only by our Client Support Center (CWK), the rest of the data may be changed by the User after logging into the User Account or after contacting the Client Support Center (CWK).

  2. While using websites, additional information, which in certain circumstances may be regarded as personal data, is automatically registered through cookie files (including IP address assigned to your computer or external IP address of your Internet service provider, domain name, browser type, access time, the type of operating system),

  3. Navigation data can also be collected from Users, including information about links and references Users decide to click or other activities undertaken on

§ 2 How and why do we use collected data?

  1. In case of Registration on, Users' data is used to create an individual account of the User and to manage this account.

  2. Cookie files may be used to provide Users with better service, analyze statistical data and adapt to the Users' preferences, as well as administer

  3. Details included in the account registration form may be entrusted to and processed by external service providers in order to measure Users’ satisfaction.

  4. Contact details, name, surname and User’s company name will be presented on the website in order to present the business card of the User to the Buyer who conducts proceedings according to their regulations or in accordance with the Public Procurement Law.

  5. We use the collected personal data as follows:

    1. in order to fulfill the contract or to take actions to enter into the contract with an owner of personal data we process; (legal basis: art. 6 section 1 letter b) GDPR),

    2. to perform legal and accounting obligations incumbent on the Administrator, e.g. issuing invoices, storing accounting documents, which are the implementation of legitimized interest of the Administrator (legal basis: art. 6 section 1 letter f and c) GDPR),

    3. Administrator's internal administrative purposes, including the best adaptation of to the needs of Clients, maximization of the effectiveness of service, gaining knowledge about Clients and their needs, financial analysis and internal assessment of the User and his representatives, associates and employees conducted by contracting party in the scope of their proceedings (visible only for users who conduct this assessment and aimes at optimisation of functions) which are the implementation of legitimized interest of the Administrator (legal basis: art. 6 section 1 letter f) GDPR),

    4. in order to best adapt to the needs of Clients, maximize the effectiveness of service, gain knowledge about Clients and their needs, inform about our products, carry out financial analysis, on the basis of given consent (legal basis: art. 6 section 1 letter a) GDPR),

    5. possible investigation or defense against claims and for archival purposes if it is necessary for the Administrator to prove specific facts, which is the implementation of the Administrator's legitimized interest (legal basis: art. 6 section 1 letter. f) GDPR).

    6. for the purpose of marketing the Administrator's services and products related to the functionalities of and informing about them as the Administrator's legitimate interest (legal basis: art. 6 section 1 letter f) GDPR).

§ 3 Cookie mechanism, IP Address

  1. uses small files called Cookies. They shall be recorded by Open Nexus via on the computer of visitors to if the web browser allows it. A cookie typically contains the name of the domain where it comes from, its "expiration time" and a random individual number that identifies this file. The information collected by this type of files helps to tailor services offered by Open Nexus to individual preferences and to actual needs of visitors to It also gives a possibility to develop the overall viewing statistics of the information presented on

  2. Open Nexus uses two types of cookies:

    1. Session cookies: after ending the browser session or turning off the computer, stored information is deleted from the device memory. This mechanism does not allow session cookies to collect any personal data or any confidential information from the User’s computer,

    2. Persistent cookies: are stored on the hard drive of User’s computer and remain there until the User deletes them. Mechanism of persistent cookies, sent by, allows storing data only if it is allowed in the browser’s settings. The User can manage the cookie files himself through the browser’s settings.

  1. When you enter the website for the first time, a message regarding the use of cookies will appear at the bottom of the page, where you have the option of rejecting the use of the above-mentioned files by Open Nexus. In this case, a single cookie will be used in your browser to remember this setting (the storage period of this cookie is one year). By accepting cookies, you also accept files used in cooperation with Google (as mentioned below) which may transfer data, including potentially personal data, outside the European Union and the European Economic Area without an adequate level of personal data protection, in particular to The United States of America (hereinafter: USA). Therefore, there is a possibility that unauthorized entities, including in particular the US government authorities, may gain access to this data.

  2. Open Nexus uses its own cookies to authenticate the User on and to ensure that User's session on (after logging in) remains active and prevents the User from re-entering login and password on every page of

  3. Cookie mechanism is safe for computers of Users. In particular, the penetration of viruses into Users’ computers or other unwanted software or malware is not possible this way. However, in their own browsers Users have the possibility to limit or disable access of cookies to their own computers. When choosing this option, the use of will be possible, but without the functions requiring cookies by their nature.

  4. Please find some tips concerning the change of cookie settings (turning on and off) in the most popular web browsers:

    1. Firefox (see browser settings)

    2. Chrome (see browser settings)

    3. Microsoft Edge (see browser settings)

    4. Opera (see browser settings)

    5. Safari (see browser settings)

  5. Open Nexus may collect your IP addresses. The IP address is a number assigned to the computer of the visitor by his Internet service provider. IP number allows Users to access the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes during each connection to the Internet. The IP address is used by Open Nexus to diagnose technical problems with the server, to create a statistical analysis (for example at the determination of most frequently visited areas), as useful information for the administration and improvement of, as well as for security purposes and the possible identification of unwanted, automatic programs browsing the contents of and aggravating our server.

  6. contains links and references to other websites. Open Nexus is not responsible for the privacy policies applicable to them. For this reason we encourage you to read the privacy policies after leaving for pages managed by other administrators.

  7. For the sake of self-interest, and more precisely because of the interest in best adapting to the needs of clients, maximizing service efficiency, gaining knowledge about Clients and their needs within the meaning of art. 6 section 1 letter f) GDPR, when visiting Administrator’s websites, we use Google tools (AdWords and Analytics). Google uses cookies and through its operations it can be recognized as automated operations, including profiling. If you want to block the use of your data in the form of cookies, you can disable the installation of cookies by our website at any time, thanks to the appropriate setting of your web browser and in this way permanently prevent the installation of cookies.

  8. Open Nexus does not plan to entrust your personal data to countries outside the European Economic Area; however, due to the fact that it is currently not possible to limit Google's processing of personal data only to the European Economic Area, it is possible that some of the data will be saved on Google’s servers outside this area. In order to ensure the greatest possible security for visitors to the, when using Google Analytics, we use the IP Anonymization function, which minimizes the possibility of Google using the IP address contained in cookies. Thanks to this, as a rule, your IP address is anonymized already in the European Economic Area, and only in exceptional cases also in the USA. Google also uses standard contractual clauses in accordance with Article 46 of the GDPR (more here). At the same time, you can ensure that Google does not obtain information about your IP address on other websites by installing the following plug-in (link) or through the browser settings. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information taken from cookies using an appropriate tool (link). Google Analytics Terms of Service (link), Review of the Google Analytics safety rules (link), Google Privacy Policy (link). The main Google Analytics file ("_ga"), which enables the differentiation of individual users, is valid for a period of 2 years (link)

§ 4 Access to data and storage period

  1. Only authorized Open Nexus employees have direct access to personal data collected by What is more, we entrust collected personal data to our service providers to whom we commission services related to the processing of personal data, e.g. accounting companies, shipping companies, courier companies, opinion research companies measuring satisfaction with the use of our services or our service providers, e.g. the hosting company, where your data is stored and e.g. companies dealing with sending mail from

  2. Your data may also be disclosed to entities authorized to obtain it under applicable law, in particular the competent judicial authorities.

  3. Open Nexus provides registered Users with uninterrupted access to their data and the possibility to modify it at any time. In order to modify the data, the User must log in to his Account on The User is enabled to discontinue displaying his own personal data from the dataset in case of contract termination for the electronically provided services. This data, however, will be visible for Buyers, in the proceedings in which the User placed offers, in order to maintain documentation archive of proceedings for at least 5 years from the end of collecting offers in the particular proceeding. Open Nexus may refuse to delete User’s data if the User has violated the Rules and Regulations applicable to and when the preservation of data is necessary to explain the circumstances and determine responsibilities, in particular the claims filed by the User.

  4. In case of newsletter subscription, you have the possibility to remove your email address from the mailing list directly in the mail.

  5. We will store the personal data we process for the following period:

    1. in the scope of concluding and performing the contract, establishing, investigating or defending against claims, the data will be stored until its completion, and after that time may be stored for the period required by law or to secure any claims (limitation period, which in the case of a contract for the provision of services will, as a rule, amount to 3 years of the limitation period plus 1 year possible for the Administrator to use, which is an additional period resulting from the hypothetical possibility of submitting a claim just before the expiry of the limitation period),

    2. in the scope of data processed in order to perform legal obligations, personal data will be stored, as indicated in regulations, for the period of time required from the Administrator to store the data, e.g. tax documentation must be kept for a period of at least 5 years or in some cases longer,

    3. in the scope of internal administrative purposes and for archival purposes, the data will be stored until the fulfillment of legitimate interests of the Administrator constituting the basis for data processing,

    4. in the scope of data processed on the basis of personal data consent, they will be stored until the consent is withdrawn or the Administrator determines that the personal data has become outdated or the purpose of their processing has ceased.

§ 5 Rights related to the processing of personal data by the Administrator

  1. Persons whose personal data is processed have the following rights:

    1. the right to access personal data,

    2. the right to request correction of personal data,

    3. the right to request the deletion of personal data, unless special provisions and obligations arising from the submission of an offer and participation in proceedings do not exclude such a possibility;

    4. the right to request the restriction of personal data processing,

    5. the right to object to data processing due to the special situation of the person whose data is being processed,

    6. the right to transfer personal data,

    7. the right to withdraw, at any time, consent to the processing of personal data. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal,

    8. the right to lodge a complaint to the President of Personal Data Protection Office.

  1. Open Nexus does not intend to process data in order to make decisions in an automated manner.

  2. In order to enforce the above rights or obtain detailed information about them, please contact us, preferably to our email address:

  3. The above-mentioned rights may be limited on the basis of specific provisions of the GDPR or generally applicable law.

  4. Providing personal data is necessary for the implementation of the service and failure to provide it makes it impossible to conclude and perform the service, with the exception of personal data provided as a part of the consent (e.g. for the use of cookies or for sending a newsletter) - giving this data is not necessary for entering into the contract and service implementation. However, in the case of system cookies for, their provision is necessary for the proper functioning of the website.

§ 6 Security measures

  1. Open Nexus applies security measures for data protection against loss, misuse and alteration. Open Nexus is committed to protecting all your data in accordance with safety and confidentiality standards.

  2. In Open Nexus, personal data is protected in accordance with applicable Acts in a way that prevents access to them by third parties.

  3. If the User who has an account on lost his password in any way, gives a possibility to generate a new password to the account on by clicking on a special token sent to the User’s email address. The User's password is stored in the database in an encrypted form, in a way that makes it impossible to read.

  4. To generate a new password, the User has to enter his email address in the form available under the link ‘Forgot the password?’, given at the login form on The User will receive a message, on the email address provided on registration or saved at the last change of the profile. In this mail, the User can find a link to the dedicated form available on, through which the User will be able to set a new password.

  5. Open Nexus never sends any correspondence, including electronic correspondence, asking for login data, in particular for the access password of the User's Account. Furthemore, such information will never be requested by the telephone.

  6. Users’ safety is very important to us, so Open Nexus gives you the possibility to activate a two-step verification in your Account, free of charge. In order to additionally secure your Account, it is recommended that you activate a two-stage verification process. After switching it on, the system sends an additional security code to the User's email address, which must be entered in a special window of browser at the moment of logging in. The system allows you to save your browser for another 30 days until the next code is generated.

§ 7 Amendments to the Privacy Policy

  1. Open Nexus reserves the right to make amendments to the Privacy Policy.

  2. The previous version of this Privacy Policy can be found here.

  3. Any additional questions regarding this Privacy Policy should be addressed to:

Go to Rules and Regulations of