PRIVACY POLICY

We are PERFOMANCE ACADEMY Inc. (owner of e-com.house brand), based in Warsaw (address: ul. Jasna 1 room 436, 00-013; registration: District Court for the capital city of Warsaw in Warsaw XII Commercial Department of the National Court Register, NCR/KRS number: 0000696799; tax ID number: 7010720998; share capital: PLN 10,000.00; “PERFORMANCE ACADEMY”). We are the controller of your personal data, no matter your nationality, citizenship, or current residence – as long as you remain a living person. If you want to contact us about your privacy and specifically about our processing of your personal data, you can use this e-mail address: contact@ecom.house – we have not appointed a Data Protection Officer because our core activities do not require regular and systematic monitoring of data subjects on a large scale or consist of large-scale processing of special categories of personal data and data relating to criminal convictions or offences; nor are we a public authority or entity.

Due to the processing of your personal data in connection with our business activities, we are subject to privacy laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; “GDPR”). In this privacy policy (“Privacy Policy”), we will tell you what personal data we process, for which purposes and on which basis, whom we share it with, and we will draw your attention to the rights that the GDPR grants to data subjects such as yourself. We will also carry out our duty to inform elsewhere, especially on our website (https://ecom.house and relevant subpages; collectively, the “Website”), providing you with specific and appropriate notices.

Before we take a further dive into this Privacy Policy, we should apprise you of two basic definitions that will help us all navigate on the high seas of the GDPR. First, the concept of personal data includes information about an identified or identifiable natural person, such as, for example: name, surname, identification number, location data, Internet identifier. Secondly, the processing of personal data is in principle any activity which is performed on personal data, whether or not by automatic means, for example, the collection, storage, recording, organization, alteration, consultation, use, disclosure, restriction, erasure or destruction. By the way, I kindly ask you not to provide me at all, and in particular through the Website, with information defined by the GDPR as special categories of personal data, such as information about race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information about physical or mental health, genetic data, biometric data, information about sexual life or sexual orientation and criminal history.

We generally process only the personal information that you have provided us with, whether by contacting us via instant messengers integrated with our Website, appropriate form on the Website, or email, or by leaving comments in the forum section of our blog, or by subscribing to our newsletter. Our processing of your personal data serves quite obvious purposes, which you define yourself or may recognize without any problems – for example, we reply to your questions and, at your request, send you our commercial offer or information (newsletter, etc.). Should we contemplate processing your personal data for a purpose other than that for which they were originally obtained, we will let you know and try our best to obtain your consent for the processing for the new purpose. Likewise, if we obtain your personal data from third parties, we will provide you with the relevant information within a reasonable period after obtaining your personal data or at the latest at the time of our first communication with you.

If we ask for your consent to the processing of your personal data, we will make sure your agreement is free, properly informed, specific and unambiguous, and that you are aware that you may withdraw your consent to further processing of your personal data at any time. This may not always be a checkbox, but we will never take your consent for granted until you have given us a clear indication that you agree to our processing of your personal data.

In other cases, our processing of your personal data may be based on the premise that it is necessary for the performance of a contract between us or to take action, at your request, prior to the conclusion of our contract. It may also be the case that a comparison of your interests or fundamental rights and freedoms with our or third parties’ interests will enable us to lawfully process your personal data, whether for the purpose of direct marketing or to ensure network and information security – we will inform you of the prevailing interests of ours or third parties.

In any case, we will provide you with adequate information explaining the basis and purposes of our processing of your personal data whenever we collect such data. Regardless of whether the basis for our processing of your personal data is consent, contract, legitimate interest or any other ground that legitimizes the processing, we will make sure that the scope of your personal data collected or otherwise processed is as small as possible, unless you decide to provide us with personal data in a larger amount or for a longer period than necessary. For example, if you would like to make an appointment for a free consultation, we will only ask you for personal data that are necessary to carry out the consultation – that is, your name, email address. Unless we proceed to the stage of preparation, conclusion, or performance of the contract or unless you give us your consent to the processing of your personal data for a specific purpose, your personal data processed in connection with the consultation will be deleted from our information systems or data filing systems or anonymized.

Furthermore, we would like to draw your attention to your rights to request access to your personal data, to rectify, erase or limit the processing, and to object to the processing, including your absolute right to object to the processing for the purposes of direct marketing, and to the transfer of data. At this point, however, we must highlight that while access to personal data, including the right to obtain a copy of the data, as well as the possibility of rectifying such data are almost unlimited, the right to erase personal data (the right to be forgotten) is subject to limitations and cannot be performed if the processing is necessary for us to establish, pursue, or defend my claims. Similarly, your request to receive personal data in a structured, commonly used and machine-readable format or to transmit personal data to another controller will be satisfied only in respect of personal data provided by you and processed by us by automated means on the basis of consent or contract. In any case, you have the right to lodge a complaint with the supervisory authority.

As long as your personal data are processed by us, they will be processed using appropriate technical and organizational means, including appropriate staff and encryption mechanisms, in order to meet the requirements of the GDPR and to protect your rights. If we decide to entrust the processing of your personal data to third parties – and we will do so in the case of using external IT resources, cloud applications or services, and the like – we will cherry-pick only the processors providing sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects your rights. The list of processors is as follows: Pipedrive Inc, GetResponse sp. z o.o., Google LLC, Facebook Inc., Hotjar Ltd, H88 SA – and we promise to update it on an ongoing basis.

The Website uses cookies and similar technologies (collectively, „Cookies”), which you can however disable by using the settings of your web browser. You can learn more about the Cookies we use here. In order to reach you with our marketing messages outside the Website (remarketing) we use the services of external suppliers, such as Google or Facebook. To this end, external suppliers install, for example, an appropriate code or pixel to download information about your activity on the Website. We use the data concerning your activity, such as search history, clicks, visits, history and your activities related to our e-mail communication with you, to create your profile, corresponding to your interests and preferences. Then, to the so created profile we customize the marketing information about our services which may be of interest to you. In conclusion, we would just like to point out that we prefer the service providers and other recipients of your personal data who process data in the European Economic Area; although we do not intend to transfer your personal data to a third country, if that were to happen, we will select a country or the recipients who provide an adequate level of protection, for example in the framework of self-certification within the Privacy Shield program.

The Website may contain active links to other websites on the Internet, managed by entities not related to us, in accordance with the rules adopted autonomously and sometimes not respecting the requirements of the GDPR. We recommend that you read the relevant privacy policies before using those sites.