Privacy Policy STX Next

Information clause for recruitment purposes

The Controller is acting within the STX Next Group. Regardless of the location where you apply for the position, the controller of your personal data is STX Next spółka akcyjna (ul. Mostowa 38, 61-854 Poznań, KRS [company registration number]: 0000967074), hereinafter referred to as: the Controller

If you are applying for a position in one of the following locations, the local company within the STX Next Group will support such a recruitment process:

Germany: STX Next GmbH

United Kingdom: STX Next Limited

Mexico: STX Next S. DE R.L. DE C.V.

USA: STX Next Inc.

Your personal data will be processed for the purpose of:

  1. Conducting recruitment processes, including assessing your skills, in relation to the position on which you are applying for.

The legal basis for the processing is:

  • taking actions prior to the conclusion of the contract at the request of the data subject (Article 6(1)(b) of the GDPR)
  • in the case of employment under an employment contract, employment-related legal regulations, in particular labour law (Article 6(1)(c) of the GDPR),
  • consent (Article 6(1)(a) of the GDPR), if the application you have submitted contains personal data that is not required by law or by the Controller on the position on which you are applying for. By clicking the “send” button and submitting your application it will constitute your consent to the processing of data provided.
  1. Verifying your language skills by taking a test of your English level conducted by a language school with which the Controller cooperates. In this case, the Controller will pass on your personal data such as your name, surname and e-mail address.

The legal basis for processing is the Controller’s legitimate interest in verifying candidates who have sent their application (Article 6(1)(f) of the GDPR).

  1. Processing your personal data for future recruitment processes if you have given your consent (Article 6(1)(a) of the GDPR).
  1. Asserting and protection against claims.

The legal basis for processing is our legitimate interest in protecting ourselves against claims (Article 6(1)(f) of the GDPR).

  1. Sending marketing content if you have given consent (Article 6(1)(a) of the GDPR).

Where the legal basis for processing is consent, it may be withdrawn at any time. Revocation of consent does not affect the lawfulness of the processing which was carried out on the basis of the consent prior to its revocation.

The Controller may also collect your personal data from publicly available sources such as LinkedIn or through referrals received from the Controllers’ co-workers within the internal referral programme. 

The provision of personal data is voluntary but necessary for the consideration of the application in the recruitment process.

In the case of candidates who are foreign nationals, it may become necessary to supplement the personal data provided and to present the relevant documents to allow the Controller to verify a possibility of employment in accordance with the applicable law.

Personal data will be processed for the purposes of recruitment and kept for a period of 6 months after the end thereof in order to assert or defend against possible claims.

If you have given your consent for future recruitment purposes, your personal data will be kept for a further 2 years from the end of the recruitment process in which you participated or until you withdraw your consent. Before the end of this period, we will contact you to allow you to update your personal data, extension or withdraw your consent.

In relation to the processing of personal data you have the following rights: right to access the data, right to rectify the data, right to erase the data and also the right to restrict the data processing, data portability, object to the processing and also right to lodge a complaint with the President of the Office for Personal Data Protection.

Recipients of personal data may be service providers acting on behalf of the Controller, in particular IT system and service providers, accounting service providers, legal departments or language schools and other companies within the STX Next Group where this is justified by the ongoing recruitment process.

In some cases personal data may be transferred to a third country due to used IT systems. In these cases the Controller ensures an adequate level of protection of transferred data through cooperation with processors in a country for which an adequacy decision has been issued or by using standard contractual clauses issued by the European Commission.

Within the STX Next Group, personal data may be transferred to third countries such as the United Kingdom, USA and Mexico.

The transfer of personal data to the UK is based on an adequacy decision issued by the European Commission, which has recognised the UK as a country providing an adequate level of protection. Thus, data transfer to the UK is possible without the need for additional safeguards.

In the case of Mexico and USA, the European Commission has not issued a decision finding an adequate level of protection. The transfer of personal data to Mexico and USA is based on standard contractual clauses. The Controller’s assessment of the data transfer to Mexico and USA has shown that standard contractual clauses will provide adequate safeguards for the transfer of data.

Information and a copy of the security features can be obtained by sending an email to the Controller at:

Your personal data will not be subject to automated decision making, including profiling.

You can contact the Controller in all matters related to the protection of your personal data via e-mail: or phone: 48 61 610 01 92.