I. What document is this?
The information contained in the policy is of a general nature. Detailed information concerning the processing of specific personal data is provided each time when such data are obtained in the form of an information clause placed in a visible and accessible place. It concerns, in particular, information about the purpose and legal basis of the processing of personal data, the period for which the data will be kept and recipients to whom the data will be transferred.
Any words, expressions and abbreviations appearing on this website and beginning with a capital latter (e.g. Seller, Online Shop, Electronic Services) should be understood in accordance with the definition laid down in the Online Shop’s Terms and Conditions available at the address https://balaganstudio.com/pl/.
Should there be any doubts or discrepancies between the Policy and the consents given by a given person irrespectively of the provisions of the Policy, the voluntarily given consents or the provisions of law shall always be the basis for the Controller’s actions or for the determination of the scope of actions by the Controller. In the event of such discrepancy between the Policy and the contents of the information clauses provided by the Controller during the collection of personal data (usually under the forms in the Online Shop), the information provided under the above-mentioned information clauses shall prevail.
II. Who is the Controller of your Data?
The controller of the personal data collected:
You can contact also the data protection officer at the above contact details.
If you give additional consent, our partners (listed below) will also be the controllers of the data obtained on the basis of your activity online using the technologies such as cookies.
Slava is collecting your contact personal data (name and last name, phone number and email adress, delivery adress data) just during order's pick up and delivery process.
III. How do we take care of your Data?
The Customer’s personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU No. L 119/1) (hereinafter also as: the “GDPR”) and other personal data protection regulations that are currently applicable, i.e. throughout the period of processing.
Personal data shall mean information concerning an identified or identifiable natural person (hereinafter referred to as: the “Personal Data”).
An identifiable natural person is a person who can be directly or indirectly identified, in particular, on the basis of an identifier such as the given name and surname, identification number, data concerning location, Internet ID or one or more specific factors describing the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.
The Controller shall take special care for the purpose of protecting the data subjects’ interests, in particular, ensuring that the data collected by the Controller are:
processed lawfully, fairly and in a transparent manner in relation to the data subject;
collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
IV. For what purposes are the data concerning you used?
Each purpose and scope of the data processed by the Controller results from the Customer’s consent or provisions of law and is clarified as a result of the actions taken by the Customer in the Online Shop or within other channels of communication with the Customer. For example:
(I) the Customer’s Personal Data may be processed for the purpose of awarding, presenting or giving offers and promotions dedicated for the Customer that are customized to the Customer's preferences to the maximum possible extent (which can affect the Customer significantly) only if the Customer has given consent thereto (the option is not available to persons who have not);
(II) if the Customer decides not to pursue the purchase in the Online Shop and makes only a Reservation of the selected Goods, such Customer’s Personal Data shall not be transferred to the carrier delivering the shipments commissioned by the Controller.
Possible purposes of the processing of the Customers’ Personal Data by the Controller shall include, in particular:
1) conclusion and performance of the Contract for the Provision of Services (Account) or taking actions requested by the future Customer prior to such conclusion (we process your data in order to keep your Account so that you can enjoy the benefits it offers, such as ordering without the need to fill in the forms every single time, access to your shopping history, management of your consents in the service, etc., and to enable you to use other services available on our website);
2) conclusion and performance of the Contract for the Sale or taking actions requested by the future Customer prior to such conclusion (we need your data to complete your order and perform the concluded contract, in particular, to confirm that the order has been placed and a reservation has been made or that the selected Goods have been shipped, as well as to contact you);
3) receiving and handling complaints;
4) presenting advertisements, offers or promotions (discounts) relating to the goods or services of the Controller or its partners (the updated list of the partners is available in the Online Shop) that are dedicated to all recipients;
5) assessment and analysis of the Customer’s activity and information about the Customer, including within the automated processing of the Personal Data (profiling), for the purpose of presenting general advertisements, offers or promotions (discounts) relating to the goods or services of the Controller or its partners in a manner customized to that Customer’s interests (however, without significantly affecting the Customer’s decisions), as well as market and statistical analyses;
6) exercise and defence of claims, including third party claims - in the case of using most of the Online Shop’s functionality;
7) fulfilment of legal obligations resulting from the provisions of law, e.g. tax and accounting regulations, especially in the case of contracts against payment;
8) keeping correspondence with Customers, including replying to the Customers’ messages.
In the case of an adult Customer, upon such Customer’s additional consent, the Personal Data may be also processed for the purpose of presenting, creating, awarding and executing advertisements, offers or promotions (discounts) dedicated to that Customer and relating to the goods or services of the Controller or its partners, that are to the maximum possible extent customized to the Customer’s preferences (profiling), as a result of automated decision-making, which could cause legal consequences for the Customer or significantly affect the Customer, e.g. through a short-term discount dedicated only for the Customer for specific Goods that the Customer has recently viewed in our shop (the option is not available to persons who are not of legal age or who have not given their consent thereto).
V. What data concerning you do we use exactly?
The Controller may process, in particular, the following Personal Data of the Customers using the Online Shop:
Personal Data provided in the form of registration of an Account or while placing an order in the Online Shop (in particular, given name and surname; e-mail address; contact phone number; address [street name and number, apartment number, postal code, town, country], address of the place of residence/business/registered office [if different than the delivery address], bank account number, and, in the case of Customers who are not consumers, also the business name and tax identification number [NIP] and other data collected during the use of the Online Shop;
Personal Data provided in the contact form or provided while making a complaint;
other data, in particular, data obtained on the basis of the Customer's activity on the Internet or in mobile applications, including the data obtained through the Online Shop or other channels of communication with the Customer, using cookies or similar technologies.
VI. Are you obliged to provide us with your data and what are the consequences if you don’t?
The provision of Personal Data by the Customer in the Online Shop is voluntary, however, it is necessary for the use of particular functionality of our shop, for example, to place an Order and account for it (conclusion and performance of a Contract for the Sale) or register an Account (conclusion and performance of a Contract for the Provision of Services) or use our forms.
Each time, the scope of data required for the conclusion of a given contract shall be specified in the Online Shop (we indicate the data the provision of which is necessary in order to conclude the contract/ use a particular functionality) through other channels of communication with the Customer or in the Terms and Conditions. Non-provision of Personal Data may result in the impossibility to complete the above-mentioned actions.
VI. On what legal basis do we use the information about you?
The basis of the processing of the Customer’s Personal Data is, most of all, the fact that it is necessary for the performance of the contract to which the customer is party or in order to take steps at the request of the customer prior to entering into the contract (Art. 6 (1) (b) of the GDPR). It concerns, above all, the Personal Data provided in the Account registration form, at the moment of placing the Orders and conclusion of a Contract for the Sale in the Online Shop. Also in the case of Personal Data provided to us in connection with a Customer’s complaint, the legal basis for the processing thereof is the need to complete / handle the contract for the sale of the goods being complained about.
In the case of processing of data for the above-mentioned marketing purposes, the basis for such processing is the fulfilment of purposes resulting from legitimate interests pursued by the Controller or its partners (Art. 6 (1) (f) of the GDPR), whereas in such case the partners do not participate in the processing of the Customer’s data). On the other hand, in the scope in which the Controller’s partners may have direct access to such information, the legal basis of such processing is the voluntary consent given by the Customer (Art. 6 (1) (a) of the GPDR). The legal basis of presenting, creating, awarding and executing advertisements, offers or promotions (discounts) dedicated to a given Customer that are based only on automated processing, including profiling, to the maximum possible extent customized to the Customer’s preferences, that could significantly affect the consumer decisions of the Customer, is the voluntary consent given by the Customer (Art. 6 (1) (a), Art. 22 (2) (c) of the GPDR). However, it concerns only adult Customers.
If for other purposes, the Customer’s Personal Data may be processed on the basis of:
1) voluntary consent - e.g. on the occasion of giving consent to other forms of marketing than specified above (Art. 6 (1) (a) of the GDPR);
2) applicable provisions of law - if the processing is necessary for fulfilment of a legal obligation to which the Controller is subject, e.g. where the Controller accounts for the concluded contracts for sale (Art. 6 (1) (c) of the GDPR);
3) the need for other purposes than those of the legitimate interests pursued by the Controller or a third party, in particular for the purpose of establishment, exercise or defence of legal claims, keeping of correspondence with Customers, also through contact forms (including replying to the Customers’ messages), market and statistical analyses (Art. 6 (1) (f) of the GDPR);
VIII. Is your data subject to profiling and what does it mean for you?
For the purposes of presenting general advertisements, offers or promotions (discounts) dedicated to all Customers in a manner customized to the preferences of a given Customer, the Controller may obtain information about such preferences, e.g. by analysing how frequently the Customer visits the Online Shop. It allows for a better understanding of the Customer’s expectations and customizing to the Customer’s needs, however, without affecting the Customer’s decisions to a significant extent. Thanks to the Controller’s use of advanced technologies, the above actions will be frequently performed by the system in an automated manner, allowing for the contents to be more recent and for the Customer to see it sooner.
In the event of adult Customers, the above-mentioned analysis of interests or preferences will also serve the purpose of creating, awarding, executing of dedicated and to the maximum possible extent customized advertisements, offers or promotions (discounts) in an automated manner, which could cause legal consequences for the Customer or significantly affect the Customer, potentially limiting the access thereto by other Customers (the option shall not be available to Customers who are not of age and have not given their consent to such actions taken by the Controller). Our actions are different from the regular “profiling” (e.g. customizing our messages and banners to your interests) in the way that the result thereof can significantly affect your choices as a consumer, e.g. the result thereof could be a very beneficial time-limited offer dedicated only to you on the basis of your shopping history and activity on our website, whereas other Customers of ours will not have access to such offer. The more frequently the given Customer uses the services of the Controller and purchases Goods from the Controller, the better the special offers and surprises could be prepared for the Customer.
IX. To whom may we transfer your data?
Each and every list of recipients of the Personal Data processed by the Controller from time to time arises out of the scope of services used by the Customer.
The list of recipients of data results also from the consents given by the Customer or from the law, and shall be clarified as a result of actions taken by the Customer in the Online Shop.
The Controller’s partners may participate in the processing to a limited extent, in particular, those who provide technical help with the effective operation of the Online Shop, including the help with the sending of e-mails, and in the case of marketing actions -also in marketing campaigns), providers of hosting services or IT services, carriers or agents shipping the Orders, entities providing the service of electronic payments or payments by payment cards in the Online Shop, companies providing maintenance of the software, supporting the Controller in the marketing campaigns, as well as providers of legal and consultancy services.
X. Is your data transferred also to third countries (outside the European Economic Area)?
For the purposes of the Controller’s use of support tools for the current activity provided e.g. by Google, the Personal Data may be transferred to countries outside the European Economic Area, in particular to the United States of America (USA), Israel or another country where the cooperating entity receives the tools for the processing of personal Data with the cooperation of the Controller.
Proper protection of the Personal Data transferred has been ensured by the Controller by means of applying the standard data protection clauses adopted by the European Commission decision and contracts of entrusting the data to be processed in compliance with the GDPR requirements. In the event of transferring the data from Europe to the USA, some entities located there may additionally ensure a proper level of data protection under the so-called Privacy Shield (more information on this matter is available at https://www.privacyshield.gov/).
The Customer has the right to obtain a copy of the security measures applied by the Controller in relation to the transfer of Personal Data to third countries by contacting us.
XI. What rights do you have?
At all times, each Customer has the following rights:
the right to lodge a complaint with the President of the Office of Personal Data Protection;
the right to transfer the Personal Data which the Customer provided to the Controller and which is processed by automated means, and the processing takes place on the basis of a consent or contract, e.g. to another controller;
the right to access the Personal Data (including, e.g. obtaining the information what Personal Data are processed), including, obtaining a copy of the Personal Data;
the right to demand that the processing of Personal Data be rectified or restricted (e.g. if the Personal Data are inaccurate) or that the Personal Data be deleted (e.g. if they were processed unlawfully);
the right to withdraw the consent given to the Controller at any time, whereas such withdrawal does not affect the lawfulness of processing carried out by the Controller based on consent before its withdrawal.
the right to oppose the processing of Personal Data concerning the Customer for the purposes of legitimate interests of the Controller or a third party, including, in particular, the processing for marketing purposes, including profiling (if there are no other important legitimate reasons for the processing above the interests of the Customer).
XII. For how long will we keep your data?
The Personal Data may be stored for the duration of the use of the Online Shop (whereas they may be deleted after three years following the last activity of the Customer in the Online Shop), in the event of marketing activities - until the Customer opposes, and if related to cookies and similar technologies - depending on the technical issues - until the deletion of the files using the browser / device settings (whereas deletion of the files does not always mean deletion of the Personal Data obtained through the files, hence the possibility to oppose).
If the processing of Personal Data depends on the consent given by the Customer, such Personal Data may be processed until the consent has been withdrawn.
In each case:
1) the Personal Data will be kept also if the provisions of law (e.g. accounting or tax regulations) require the Controller to process such data;
2) we will keep the Personal Data for longer in case the Customer brings any claims against the Controller, for the purpose of exercise of claims by the Controller, or exercise or defence of third party claims, throughout the limitation period of such claims specified by the provisions of law, in particular, the Civil Code.
Depending on the scope of Personal Data and purposes of the processing, the Personal Data may be kept for various periods of time.
In each case, the longer period of storing the Personal Data shall prevail.
XIII. Will you be sent commercial information (e.g. to your e-mail address)?
The Controller has the technical possibility to communicate with the Customer remotely (e.g. by e-mail).
Commercial information concerning the commercial activity carried on by the Controller or entities working with the Controller may be sent only on the basis of a consent given by the Customer.
I. Who is concerned by cookies?
Due to the fact that the cookie technology applied by the Controller (or a technology of a similar functionality) collects information about each person visiting the Online Shop, the below provisions of the Policy shall apply to the persons using the Online Shop regardless of whether they become the Online Shop’s Customers or not (whether they place Orders, make reservations of Goods or have an Account), (hereinafter also the “Visitors”).
II. What technology do we use?
The Online Shop uses the technology storing and obtaining access to the information on the computer or other device connected to the network (in particular, using cookies or similar solutions) for the purpose of ensuring maximum comfort during the use of the Online Shop, including statistical purposes and purposes concerning customization of the presented marketing contents of the Controller, its partners and advertisers, to the Visitor’s interests. During a visit in the Online Shop, data concerning the Visitor’s activity online may be collected automatically.
Due to the fact that the Controller may use solutions of a functionality similar to that of cookies, the below provisions of the Policy shall be applied to those solutions respectively.
III. What are “cookies”?
Cookies are short text files sent by the server and saved on the device of the Visitor (usually on the hard drive of the computer or on a mobile device). They store information that the Online Shop might need in order to adjust to the methods of use of the Online Shop by the Visitor and to collect statistical data concerning the Online Shop (e.g. what websites have been visited, what elements have been downloaded) and data concerning the domain name of the internet service provider or country of origin of the Visitor.
IV. Do cookies collect your personal data?
With regard to the information collected by cookies that may be attributed to a specific person, the provisions of the Policy concerning Personal Data, in particular, concerning the rights of data subjects, shall apply. The information concerning the data collected by cookies can be also found in the information clause placed in a visible and easily accessible place during the first visit to the Online Shop.
The cookie technology applied by the Online Shop allows for the Controller to learn information about the preferences of the Visitor - e.g. through analysing how frequently the Visitor visits the Online Shop. Analysis of online activity helps in better understanding of habits and expectations of visitors and in customization to their needs and interests. This technology makes it possible to present Visitors the advertisements customized to their needs and interests and to prepare better special offers and surprises for the adult Visitors who have agreed thereto.
On the basis of cookies, the Controller uses also the technology allowing for reaching the Visitors who have visited the Online Shop before with marketing content during their use of other websites.
VII. Can you oppose the use of information coming from cookies?
The Visitor may oppose the actions of the Controller taken for the purpose described above. If the Visitor has given consent to, inter alia, presenting, creating, receiving and executing dedicated advertisements, offers or promotions customized to the Visitor's preferences, such consent may be withdrawn at any time, however, it shall not affect the legality of the processing performed before the withdrawal of the consent.
VIII. What type of cookies do we use and are they harmful?
The cookies used by the Online Shop are not harmful either for the Visitor or for the computer/end device used by the Visitor, therefore, we recommend that you do not disable them in your browsers. The Online Shop uses two types of cookies: session cookies, that are saved on the computer or mobile device of the Visitor until the moment of logging out of the website or disabling the software (Internet browser), and permanent cookies, that remain in the Visitor’s device for the period specified in the cookie parameters or until they have been manually deleted in the browser.
IX. For how long will we keep the information collected by cookies?
Depending mostly on the purposes and legal basis of the processing of Personal Data collected by cookies, they may be stored for the period specified in the Policy.
The Personal Data concerning a Visitor who is not a Customer that have been collected by cookies shall be stored until such person opposes thereto. The Controller may remove the Personal Data if they have not been used for marketing purposes for 3 years, unless the law requires the Controller to process the Personal Data for a longer time.
A part of the Personal Data may be stored longer in case the Visitor brings any claims against the Controller or for the purposes of exercise or defence of legal claims (including third party claims) by the Controller in the period of limitation of the claims as specified by the law, in particular, the Civil Code.
In each case, the longer period of storing of the Personal Data shall prevail.
X. Third party cookies.
The cookies used by the Controller serve mostly the purpose of optimizing the service of the Visitor during the visiting of the Online Shop. However, the Controller cooperates with other companies in the scope of the marketing (advertising) activity conducted. For the purposes of the cooperation, the browser or other software installed on the Visitor’s device shall also save cookies from entities conducting such marketing activity who may become the Controller of the Customer’s personal data. The cookies sent by such entities shall ensure that the Visitor is presented only with the advertisements that are in line with the Visitor’s individual interests and needs. In the view of the Controller, displaying a customized advertisement is more attractive for the Visitor than an advertisement that is unrelated to the Visitor’s needs. It would be impossible without cookies because it is the companies cooperating with the Controller who provide the advertising content to the Visitors.
XI. How do you delete/block cookies?
The Visitor may change the method of using cookies by managing the consents given in the privacy settings on our website or in the browser, and the Visitor may block or delete the cookies from the Online Shop (and other websites). For this purpose the browser settings should be changed. The method for deleting cookies varies depending on the browser used. The information on how to delete cookies should be found in the tab “Help” of a given browser. Deleting cookies does not mean deleting the Personal Data by the Controller of the Personal Data obtained through the cookies.
For example, in Internet Explorer cookies can be modified in the following settings: Tools -> Internet options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; whereas in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookie files. The access paths may differ depending on the version of the browser.
Detailed information on the management of cookies on a mobile phone or another mobile device may be found in the user manual / operating manual of the given phone or mobile device.
It is also possible to block third party cookies and, at the same time, accept the cookies used directly by the Controller (the option: “block third party cookies”).
XII. What are the consequences of deleting or blocking the cookies?
3. General information
I. How can you contact us?
You can contact the Controller at any time by sending a message by traditional mail or e-mail to the Controller’s address specified in the introduction of this Policy.
The Controller keeps the correspondence for statistical reasons and to ensure the best and fastest reaction to the appearing questions, as well as in the scope of complaint handling and any potential decisions concerning administrative interventions in a given Account taken on the basis of reports. The addresses and data collected in this manner shall not be used for communication in other purposes than execution of the report.
In the event of contacting the Controller for the purpose of particular actions (e.g. making a complaint through a form), the Controller may once again request the person to transfer the data, including personal data, e.g. given name, surname, e-mail address, etc., for the purpose of confirming the identity of that person and enabling a return contact in the given matter, as well as completion of the action in question. It is not mandatory to transfer such data, but it may be necessary for the completion of the actions or obtaining the information desired by that person.
II. How do we safeguard your data?
Taking into consideration the current state of technical knowledge, cost of implementation and the nature, scope, context and purposes of the processing and the risk of infringement of rights or freedoms of natural persons, with different levels of probability and significance of threat, the Controller shall take technical and organizational measures ensuring protection of the processing of Personal Data that are appropriate for the threats and the category of data covered with the protection, in particular, the Controller shall ensure protection of the data from access by unauthorized persons, collection by unauthorized persons, processing contrary to the applicable regulations and from change, loss, damage or destruction. Communication of the information about the technical and organizational measures ensuring protection of the processing of data to the public can impair the effectiveness of the protection, hence, jeopardize the proper protection of the Personal Data.
The Controller shall provide, for example, the following appropriate technical measures preventing the Personal Data sent electronically from being obtained and modified by unauthorized persons:
1) Protecting the filing systems from unauthorized access;
2) SSL Certificates on the Online Shop’s websites, on which the Personal Data are being provided;
3) Encrypting of data for the purpose of authorization of the person using the Online Shop’s functionality;
4) Access to the Account only after entering the individual login and password;
5) Links to other websites.
The Online Shop may contain links to other websites. The Controller recommends reading the terms and conditions and privacy policies of other websites. This Policy concerns only the specified actions of the Controller.
III. Can this policy be changed and how are you going to find out about it?
The Controller may amend the Policy in the future, inter alia, for the following important reasons:
1) in the event of a change of applicable regulations, in particular, in the scope of Personal Data protection, telecommunication law, electronically supplied services, and regulations concerning consumer rights, affecting the Controller’s rights and obligations or the data subject’s rights and obligations;
2) development of the functionality or of the Electronic Services dictated by the progress in Internet technology, including application/implementation of new technological or technical solutions affecting the scope of the Policy.
3) Each time, the Controller shall post the information about the changes to the Policy on the websites of the Online Shop. Together with each change, the new version of the Policy shall be published with the new date.
IV. Since when is this version of the Policy binding?
This version of the Policy has been binding since 09.2022.