Privacy Policy

PRIVACY POLICY

We are ECOMHOUSE sp z o.o., based in Warsaw (address: ul. Jasna 1 lok.414, 00-013; registration: District Court for the capital city of Warsaw in Warsaw XII Commercial Department of the National Court Register, NCR/KRS number: 0000696799; tax ID number: 7010720998; share capital: PLN 10,000.00; “Ecomhouse”). We are the controller of your personal data, no matter your nationality, citizenship, or current residence – as long as you remain a living person. If you want to contact us about your privacy and specifically about our processing of your personal data, you can use this e-mail address: [email protected] – we have not appointed a Data Protection Officer because our core activities do not require regular and systematic monitoring of data subjects on a large scale or consist of large-scale processing of special categories of personal data and data relating to criminal convictions or offences; nor are we a public authority or entity.

Compliance with Privacy Laws

Due to the processing of your personal data in connection with our business activities, we are subject to privacy laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; “GDPR”). In this Privacy Policy, we will inform you about:

  • What personal data we process
  • The purposes and legal bases for processing
  • With whom we share your data
  • Your rights under GDPR

We will also fulfill our informational obligations elsewhere, especially on our website (https://ecom.house) and relevant subpages (collectively, the “Website”), providing you with specific and appropriate notices.

Definitions

  • Personal Data: Information about an identified or identifiable natural person, such as:

    • Name, surname
    • Identification number
    • Location data
    • Internet identifier

  • Processing of Personal Data: Any activity performed on personal data, whether automated or not, such as:

    • Collection
    • Storage
    • Recording
    • Organization
    • Alteration
    • Consultation
    • Use
    • Disclosure
    • Restriction
    • Erasure
    • Destruction

Note: Please do not provide us, especially through the Website, with information defined by GDPR as special categories of personal data, such as:

  • Race or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Information about physical or mental health
  • Genetic data
  • Biometric data
  • Information about sexual life or sexual orientation
  • Criminal history

Purposes of Data Processing

We generally process only the personal information that you have provided us with, whether by:

  • Contacting us via instant messengers integrated with our Website
  • Using the contact form on the Website
  • Sending emails
  • Leaving comments in the forum section of our blog
  • Subscribing to our newsletter

Our processing of your personal data serves the following purposes:

  1. Responding to your inquiries
  2. Sending you our commercial offers or information (e.g., newsletters)
  3. Conducting statistics on the use of the Website

If we intend to process your personal data for a purpose other than those stated above, we will inform you and seek your consent for the new purpose. Similarly, if we obtain your personal data from third parties, we will provide you with the relevant information within a reasonable period after obtaining the data or at the time of our first communication with you.

Our processing of your personal data may be based on:

  • Consent: Your free, properly informed, specific, and unambiguous consent to the processing of your data. You are aware that you can withdraw your consent at any time.
  • Contract: Necessity for the performance of a contract between us or to take action at your request prior to entering into a contract.
  • Legitimate Interest: Balancing your interests or fundamental rights and freedoms with our or third parties’ legitimate interests, such as direct marketing or ensuring network and information security.

Your Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your personal data (right to be forgotten)
  • Restrict the processing of your data
  • Object to the processing, including for direct marketing purposes
  • Data Portability: Receive your data in a structured, commonly used, and machine-readable format or have it transmitted to another controller

Note: The right to erase personal data is subject to limitations and cannot be exercised if the processing is necessary for establishing, pursuing, or defending claims. Your request for data portability will only apply to data provided by you and processed based on consent or contract.

You also have the right to lodge a complaint with a supervisory authority.

Technical and Organizational Measures

As long as your personal data are processed by us, we ensure appropriate technical and organizational measures, including:

  • Encryption mechanisms
  • Appropriate personnel

If we decide to entrust the processing of your personal data to third parties (e.g., external IT resources, cloud applications, or services), we will select only those processors that provide sufficient guarantees for implementing appropriate technical and organizational measures to ensure compliance with GDPR and protect your rights. The list of processors includes:

  • Pipedrive Inc
  • GetResponse sp. z o.o.
  • Google LLC
  • Facebook Inc.
  • Hotjar Ltd
  • OVH Sp. z o.o.

We commit to updating this list regularly.