1. The controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), is World Chess Community IM Paweł Weichhold, Sportowa 9, 76-200 Strzelino, Poland, Tax Identification Number: 8393046628.

2. The e-mail address of the data controller is: contact@imchessbrain.com.

3. Pursuant to Article 32(1) of the GDPR, the Controller complies with personal data protection principles and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure of, or unauthorized access to personal data processed in connection with its business activities.

4. Providing personal data by the client is voluntary, but necessary in order to conclude an agreement with the Controller.

5. The Controller processes personal data to the extent necessary for the performance of the agreement or provision of services to the data subject.

The Controller processes personal data for the following purposes:

a) preparation of an offer in response to customer interest, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

b) conclusion and performance of agreements with customers, based on the concluded agreement (Article 6(1)(b) GDPR);

c) provision of electronic services via the online platform, based on the concluded agreement (Article 6(1)(b) GDPR);

d) handling complaint procedures, based on legal obligations imposed on the Controller under applicable law (Article 6(1)(c) GDPR);

e) accounting activities related to issuing and receiving accounting documents, based on tax law obligations (Article 6(1)(c) GDPR);

f) archiving data for the purpose of establishing, pursuing, or defending claims, or demonstrating facts, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

g) contact by telephone or e-mail, in particular in response to inquiries directed to the Controller, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

h) sending technical information regarding the functioning of websites and services used by the customer, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

i) marketing, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR), or is carried out based on previously granted consent (Article 6(1)(a) GDPR).

1. Recipients of personal data processed by the Controller may include entities cooperating with the Controller where necessary for the performance of an agreement concluded with the data subject, such as electronic payment operators or banking institutions handling installment payments.

2. Recipients of personal data processed by the Controller may also include subcontractors whose services are used by the Controller in processing data, such as accounting offices, law firms, and IT service providers (including hosting providers).

3. The Controller may be obliged to disclose personal data pursuant to applicable legal provisions, in particular to authorized public authorities or institutions.

4. The Controller does not use website traffic analysis tools, advertising tracking tools, remarketing tools, Google Analytics, Google Tag Manager, Meta Pixel, or Google Ads tracking on the Website.

5. Personal data may be transferred outside the European Economic Area only where this is necessary in connection with the use of service providers supporting the operation of the Website, online platform, email communication, payment processing, course delivery, or other services used by the Controller. In such cases, the Controller relies on appropriate safeguards required under the GDPR, where applicable.

1. The Controller stores personal data for the duration of the agreement concluded with the data subject and after its termination for purposes related to pursuing claims arising from the agreement and fulfilling obligations resulting from applicable law, but no longer than the limitation period provided for under the Polish Civil Code.

2. The Controller stores personal data contained in accounting documents for the period required by tax law.

3. The Controller stores personal data processed for marketing purposes for a period of 10 years, but no longer than until consent for processing is withdrawn or an objection to processing is raised.

4. The Controller stores personal data for purposes other than those specified in sections 1–3 for a period of one year, unless consent is withdrawn earlier and processing cannot continue on a legal basis other than consent.

1. Every data subject has the right to:

a) access – obtain confirmation from the Controller whether personal data concerning them is being processed and obtain information regarding processing purposes, categories of data, recipients, storage periods, and rights related to processing (Article 15 GDPR);

b) obtain a copy of data – receive a copy of processed data; the first copy is free of charge, while additional copies may be subject to a reasonable administrative fee (Article 15(3) GDPR);

c) rectification – request correction of inaccurate personal data or completion of incomplete data (Article 16 GDPR);

d) erasure – request deletion of personal data if there is no longer a legal basis for processing (Article 17 GDPR);

e) restriction of processing – request restriction of processing under circumstances specified in Article 18 GDPR;

f) data portability – receive personal data in a structured, commonly used, machine-readable format and request transfer to another controller where applicable (Article 20 GDPR);

g) object – object to processing based on the Controller’s legitimate interest, including profiling (Article 21 GDPR).

2. To exercise the above rights, the data subject should contact the Controller using the contact details provided and indicate which right they wish to exercise and to what extent.

3. The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office in Warsaw.

1. The Controller does not use automated decision-making that produces legal effects concerning the data subject or similarly significantly affects them.

2. The Controller does not use advertising profiling, remarketing tools, Meta Pixel, Google Ads tracking, Google Analytics, or Google Tag Manager on the Website.

3. The Controller may use basic segmentation of contacts for email communication purposes, for example based on the form completed by the User, purchased product, course access status, or previous interaction with the Controller’s services. Such segmentation is used only to provide relevant information, service updates, educational content, or information about the Controller’s offers.

4. The data subject may object at any time to the processing of their personal data for direct marketing purposes.

1. The Controller does not use Google Analytics 4, Google Tag Manager, Meta Pixel, Google Ads tracking, remarketing cookies, advertising cookies, or other non-essential tracking tools on the Website.

2. The Website may use only technical, necessary, or functional cookies and similar technologies required for the proper operation of the Website, including form submission, checkout, payment processing, account access, course access, and maintaining the User’s session.

3. More information about cookies used on the Website is available in the Cookie Policy.

1. The Controller does not use Meta Pixel, Google Ads remarketing, Facebook remarketing, or other advertising tracking technologies on the Website.

2. The Controller does not track Users across other websites for advertising purposes.

3. The Controller may conduct marketing communication by email only in accordance with applicable law and based on the appropriate legal basis, such as the User’s consent or the Controller’s legitimate interest, where applicable.

4. The User may unsubscribe from marketing emails at any time by using the unsubscribe link included in the email or by contacting the Controller directly.