Latest Update: 16th Jan 2023
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. Any changes will be reflected in this document with 30 days notice from the date of posting.
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.performancelab.com (the 'Site').
We are committed to protecting your privacy. We implement technical and organizational measures to secure your Personal Information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of your Personal Information.
Our e-commerce platform is Level 1 PCI DSS compliant – you can read more about PCI DSS here: https://www.pcicomplianceguide.org/faq/
To better protect your privacy, we, Performance Lab Ltd. and our affiliates and subsidiaries (collectively, 'Perfomance Lab', 'we', 'us', or 'our'), provide this Privacy Policy explaining how we collect, use, and disclose Information (defined below) that we obtain about visitors to all of our Site and the products and services available through our Site. We also explain the choices you can make about the way your Information is collected and used through our Site or Services.
Who We Are
Performance Lab Limited is UK Limited Company number 12185794. Our Registered Office is 7 Clarendon Place, Royal Leamington Spa, England, CV32 5QL
This site is owned and operated by Performance Lab Ltd, in order to operate the site and to deliver our goods and services the company collects, uses and is responsible for certain personal information about you.
When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (and in the United Kingdom) and we are responsible as 'controller' of that personal information for the purposes of those laws.
As some Performance Lab affiliates are based outside of the European Economic Area, these affiliates have appointed Performance Lab Limited to be their representative within the EEA as necessary. Contact details are available.
Personal Information We Collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as 'Device Information.'
We collect Device Information using the following technologies:
- 'Cookies' are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org
- 'Log files' track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- 'Web beacons,' 'tags,' and 'pixels' are electronic files used to record information about how you browse the Sites.
Additionally when you make a purchase, or attempt to make a purchase, through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card number or PayPal ID), email address, and phone number. We refer to this information as 'Order Information.'
This information is mandatory, which means that it will not be possible to purchase a product from the Site without it.
When we talk about 'Personal Information' in this Privacy Policy, we are talking about both Device Information and Order Information.
How Do We Use Your Personal Information?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you. Via our customer service program, in response to reviews, via social media or email.
- Screen our orders for potential risk or fraud.
- Provide you with information or offers relating to our products or services, in line with the preferences you have shared with us.
- Reviewing the functionality and effectiveness of the Site.
- Analysing trends.
- New product development.
- Manage our affiliate marketing program
- Collecting reviews and testimonials.
- Maintain tax and revenue records
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site and to assess the success of our marketing and advertising campaigns).
Sharing Your Personal Information
We share your Personal Information with third parties as Data Processors to help us use your Personal Information.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
- We use Shopify to power our online store — you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy
- We use PayPal to process payments for products ordered from the Sites — you can read more about how PayPal uses your Personal Information here: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
- We also use Amazon Pay to process payments for products ordered from the Sites — you can read more about how Amazon Pay uses your Personal Information here: https://pay.amazon.com/uk/help/201751600
- We do not record or store any financial information taken through the Sites, and cannot take any payments by mail order or telephone.
- We use Google Analytics to help us understand how our customers use the Sites — you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/ You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
- Our marketing includes an affiliate program, where commissions are made on sales resulting from referrals or recommendations. This program is operated and managed on our behalf by our sister company Uber Network Ltd ( www.ubernet.com), utilising the Post Affiliate Pro platform— you can read more about how Post Affiliate Pro uses your Personal Information here: https://www.postaffiliatepro.com/privacy-policy/
- We use Gorgias to help us Deliver and manage our customer service program — you can read more about how Gorgias uses your Personal Information here: https://www.gorgias.com/privacy/privacy
- We use Klaviyo to deliver marketing communications we believe may be of benefit to, or interest you. This includes order confirmation details and notices of special offers — you can read more about how Klaviyo uses your Personal Information here: https://www.klaviyo.com/legal/privacy/privacy-notice
- We use Reviews.io to collect and publish reviews and testimonials — you can read more about how Reviews.io uses your Personal Information here: https://www.reviews.io/front/user-privacy-policy/
- Rakuten Advertising is a third-party company that uses cookies on the website, you can view their privacy policy at this address: https://rakutenadvertising.com/legal-notices/services-privacy-policy/
- Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As Data Controller Performance Lab Ltd is satisfied that all Data Processors have provided appropriate safeguards and that enforceable data subject rights and effective legal remedies for data subjects are available.
You can view the full list of cookies we use on our site here.
In the event of any concern or issue please contact our DPO by email at: dpo@performancelab.com
Do Not Track
Please note that we do not alter the Site's data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
If you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Sites), or otherwise to pursue our legitimate business interests. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
GDPR Necessity
We need to process your personal information in order to:
- Perform our contract with you (see Article 6.1.b of the GDPR).
- Comply with our legal obligations (see Article 6.1.c of the GDPR).
- Pursue legitimate business interests of our own related to operating the Sites and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
- Establish, exercise or defend legal claims, where necessary (see Article 9.2.f of the GDPR).
- Operate an online review platform in compliance with, for example, the Unfair Commercial Practices Directive, ICPEN's guidelines on online reviews and endorsements, The Consumer Protection from Unfair Trading Regulations 2008, The Competition and Markets Authority's guidance on online reviews and endorsements.
Some of these grounds for processing your personal data overlap, so there may be several reasons which justify us processing your personal information.
In those limited circumstances where you have expressly given your consent to us to process your personal data (see Article 6.1.a of the GDPR), for example, when subscribing to our newsletters, you are free to revoke your consent at any time. However, please be aware that we may have the right to continue to process your information if it can be justified on one of the other legal bases mentioned above.
You have the right to object to how we process your personal information, or to ask us to restrict the processing.
If you would like more information about our legal basis for processing your personal information, please contact our Data Protection Officer (DPO).
Data Retention
When you place an order through the Sites, we will maintain your Order Information for our records unless and until you ask us to delete this information. Inactive data that is not subject to mandatory storage periods is deleted after two years.
Minors
The Site is not intended for individuals under the age of 18. All Site users attest that they are over 18.
Data Controller
Performance Lab Ltd is the Data Controller of the Personal Data you enter to create and maintain your account.
We are also the Data Controller of the information which is disclosed to other services as Data Processors.
You are the Data Controller for content you choose to disclose on the Sites in a review and for the personal data disclosed when you connect your Social Network profile(s) with our profiles.
Access
You can email dpo@performancelab.com and request information about your personal data.
Upon receiving your request, we will let you know what personal information we have about you and whether that data is portable.
We reserve the right to block access to our sites and delete your Account on the Sites if, in our assessment, we find anything violates applicable laws, third party rights or our User Guidelines, or is inconsistent with the purpose of the Sites.
If we block access to or delete your Account, we will inform you of the reason for blocking or deleting your Account by sending an email to the address you provided when you created your Account.
A block notice on an account will last for two years and is considered a legitimate business purpose under Article 6.1.f of the GDPR and not subject to deletion upon request.
Other Rights
In addition to the rights set out above concerning your Personal Data, you also have the following rights:
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
- Our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent. You may withdraw your consent by emailing us at dpo@performancelab.com
In some circumstances, these rights may be limited or conditional. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions about the data processing activities performed by us, you are welcome to contact our DPO by email at: dpo@performancelab.com
Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at dpo@performancelab.com or by mail using the details provided below:
Data Protection Officer, Performance Lab Ltd. 7 Clarendon Place, Royal Leamington Spa, CV32 5QL, United Kingdom.