1. Who is the Administrator of my personal data?

The administrator of personal data of all customers of the Balsamique online store is Alba Thyment sp. Z oo with its registered office at ul. Szkolna 98, 62-002 in Suchy Las, entered into the register of entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number KRS 0000152323, NIP: 7820026054, REGON: 63251406600000 (hereinafter: Administrator) .

Contact details of the Personal Data Administrator:
Alba Thyment sp. Z o. O. Operating through the Balsamique online store
  • Address: ul. Szkolna 98, 62-002 Suchy Las
  • Phone: +48 618 115 407
  • E-mail: info@balsamique.pl
The administrator is responsible for the use of personal data in a safe manner and in accordance with applicable law.

The obligation to provide customers with this information clause results from the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation, hereinafter: GDPR).

2. Who can I contact in matters related to the processing of my personal data?

In all matters related to the processing of your personal data by the Administrator, you can contact:
  • at the e-mail address: rodo@balsamique.pl
  • under the telephone number: +48 618 115 407
  • or in person at the headquarters of Alba Thyment sp. z oo in Suchy Las 62-002 at Szkolna 98 Street.


3. What is the source of my data - where are they obtained from?

We obtain personal data directly from you - you provide them to us, for example, when registering a customer account in the Balsamique online store, purchasing goods, paying for an order, placing an order, etc. In some situations, we may obtain personal data from third parties - such a situation occurs e.g. in if the Customer purchases a gift card for a third party.

4. What is the scope of personal data processed by the Administrator, the purpose of processing and the storage time of personal data?

Due to the fact that we sell goods to our clients, as well as provide various services, we process your personal data for various purposes, to a different extent and on a different legal basis specified in the GDPR. In addition, depending on the purpose of processing your personal data, the processing time of this data differs. In order to provide you with the most transparent information, we have grouped them according to the purpose of processing your personal data.

Purpose of processing: Registration of the Customer's account in the Balsamique online store

Data scope: E-mail address, user's password, first name, last name, street, house number or apartment number, country, telephone number, shipping data (if different from the address provided). If an entrepreneur is creating the Customer's account, it is necessary to provide the following data: company, tax identification number, street, house number or apartment number, country, telephone number, shipping details (if different from the address provided), name and surname of the contractor's representative

Legal basis: The processing of personal data is necessary in order to use the Balsamique online store as a registered user. In other words, in order for the user to register in the Balsamique online store, it is necessary to process personal data, otherwise the Administrator cannot manage the registration. The legal basis for the processing of personal data is Art. 6 sec. 1 lit. f GDPR, i.e. the Administrator's legitimate interest in the right to manage user registration in the Balsamique online store.

Duration of personal data storage: We will process your personal data for as long as you maintain your status as a registered user of the Balsamique online store (i.e. until you decide to deregister).

Purpose of processing: Conclusion and performance of a sales contract or a contract for the provision of services via the Balsamique online store:

For this purpose, personal data is processed mainly in order to:

a) contact the customer in order to inform him about updates regarding the placed order or provide him with information related to the ordered products or services,
b) manage payments for purchased products, regardless of the selected payment method,
c) activate the necessary mechanisms to prevent possible abuses against the customer and against us during the purchasing process,
d) manage any post-purchase returns, and to manage product availability inquiries, product reservations, or service provisioning,
e) for invoicing purposes and to issue receipts and invoices for purchases made via the Balsamique online store,
f) provide the opportunity to use other available functions or services, such as the purchase and use of a Gift Card.

Data scope: E-mail address, first name, surname, street, house number or apartment number, country, telephone number, shipping data (if different from the address provided), bank account number, transaction amount, bank name. If the buyer is an entrepreneur, the following data are processed: company, tax identification number, street, house number or apartment number, country, telephone number, shipping data (if different from the address provided). If the name and surname of the person placing the order on behalf of the Contractor is provided, this data is also processed.

Legal basis: The processing of your personal data is necessary to perform the sales contract or provide services to you. In addition, we believe that we have a legitimate interest to perform the necessary checks to detect and prevent fraud when making purchases by customers. In our opinion, the processing of this data is positive for all parties involved in the process of making payments for purchases, as it allows taking appropriate measures to protect it against fraud attempts by third parties. The legal basis for the processing of personal data is Art. 6 sec. 1 lit. b and f GDPR.

Duration of personal data storage: We will process your personal data for the time needed to manage the purchase of products or services purchased by you, including possible returns, complaints or complaints related to a specific product or service. We will process the data at the latest until the expiry of the claims under the contract of sale or provision of services.

Purpose of processing: Remote purchase of goods or ordering a service (including special orders), inquiry

Data scope: Name, surname, street, house number or apartment number, country, telephone number, shipping details (if different from the address). We may also process your e-mail address or telephone number. If the contracting entity is an entrepreneur, the following data are processed: company, tax identification number, street, house number or apartment number, country, telephone number, shipping data (if different from the address provided). If the name and surname of the person placing the order on behalf of the Contractor is provided, this data is also processed.

Legal basis: The processing of customer data is necessary to perform the sales contract or provide services to you. In addition, we believe that we have a legitimate interest to perform the necessary checks to detect and prevent fraud when making purchases by customers. The legal basis for the processing of personal data is Art. 6 sec. 1 lit. b and f GDPR.

Duration of personal data storage: We will process your personal data for the time needed to manage the purchase of products or services purchased by you, including possible returns, complaints or complaints related to a specific product or service. We will process the data at the latest until the expiry of the claims under the contract of sale or provision of services.

Purpose of processing: Customer service

Data scope: For this purpose, we only process personal data that is absolutely necessary to manage requests and requests, e.g. name, surname, address, e-mail address, telephone number.

Legal basis: We believe that we have a legitimate interest in handling requests and inquiries from our clients. The processing of personal data for this purpose is beneficial for customers, as it enables the provision of appropriate service and obtaining answers to questions asked. When the customer contacts us, in particular to manage events related to the order or the product or service purchased via the Balsamique online store, data processing is necessary for the performance of the sales contract or service contract. If the Customer's inquiry concerns the exercise of the rights that we inform about below or a complaint about our products or services, we are authorized to process personal data by the necessity to comply with our legal obligations. The legal basis for the processing of personal data is Art. 6 sec. 1 lit. c and f GDPR.

Duration of personal data storage: We will process the Customer's data for the time needed to handle his request or request, but not longer than for a period of 3 months.

Purpose of processing: Marketing

For this purpose, the data is processed mainly to send a newsletter regarding our products or services. Please remember that you can unsubscribe from the newsletter at any time, free of charge, by following the instructions contained in each correspondence we send. In addition, personal data is processed by us in order to conduct promotional activities (for example, to conduct competitions).

Data scope: e-mail address, name, last login location, activity (clicking on the newsletter link)

Legal basis: The legal basis for the processing of your data for marketing purposes is your consent to the processing of data for this purpose. The legal basis for data processing is Art. 6 sec. 1 lit. a GDPR.

Duration of personal data storage: We will process your personal data until you withdraw your consent to receive marketing messages (the so-called newsletter) via e-mail.

Purpose of processing: IT service

For this purpose, your personal data is processed mainly to provide proper IT support for sales contracts or service contracts carried out by us (including via the Balsamique online store), as well as to ensure the proper operation of the Balsamique website, sending a newsletter, etc.

Data scope: Data resulting from cookies [link to the Cookies Policy]

Legal basis: The legal basis for the processing of your data for IT service purposes is our legitimate interest in ensuring the proper operation of the Balsamique online store. The legal basis for data processing is Art. 6 sec. 1 lit. f GDPR.

Duration of personal data storage: We will process your personal data for the duration of the storage of cookies.

Purpose of processing: Statistics on the use of individual functionalities of the Balsamique online store and facilitating the use of the online store, ensuring the IT security of the store.

Scope of data: For these purposes, we process personal data regarding your activity in the Balsamique online store, such as: visited pages and subpages, the amount of time spent on each of them, as well as data about your search history, your IP address, location, device ID and browser and operating system data.

Legal basis: Our legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

Duration of personal data storage: We will process your personal data for the duration of the storage of cookies.

Purpose of processing: Establishing, pursuing and enforcing claims. Own accounting.

Scope of data: For this purpose, we may process some of the personal data provided by you: name, surname, company name, address of residence, NIP, REGON, PESEL, accounting, accounting and financial data or data regarding the claim (data regarding the use of our services, if the claims result from the way you use our services, other data necessary to prove the existence of the claim, including the extent of the damage suffered).

Legal basis: Our legitimate interest (Article 6 (1) (f) of the GDPR), consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities. In addition, we process data on the basis of art. 6 sec. 1 lit. c GDPR in connection with joke. 74 sec. 2 of the Accounting Act (i.e. due to the need to meet legal obligations, e.g. accounting, accounting, tax obligations).

Duration of personal data storage: The data is processed during the period of limitation of claims, resulting from the provisions of the Civil Code. We process all data processed for accounting purposes and for tax reasons for 5 years counted from the end of the calendar year in which the tax obligation arose. After the above-mentioned periods have elapsed, the data is deleted or anonymized.

5. Who is my personal data transferred to?

The Personal Data Administrator takes the utmost care to ensure the confidentiality of your personal data. Due to the need to fulfill contractual obligations and ensure the proper functioning of the Balsamique online store, personal data is transferred to the persons indicated below.

Service providers, including IT

We provide your personal data to service providers that we use to run the Balsamique online store. Suppliers provide the Administrator with technical, technological and organizational solutions, enabling the provision of services to customers and organizational management. We also provide data, among others server providers on which personal data is stored.

Suppliers and partners of logistics, transport and delivery services

We transfer your personal data to suppliers and partners providing logistic, transport and delivery services to us.

Administrator Service

We may transfer your data to providers of legal and advisory services and to the Administrator supporting the pursuit of due claims (in particular to law firms). In addition, we transfer your personal data to entities providing audit, financial, etc.

State authorities

We provide your personal data if requested by authorized state authorities, in particular organizational units of the prosecutor's office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

6. Are my data transferred outside the European Union?

We do not transfer your personal data outside the European Union.

7. Is the provision of data my obligation?

Providing some personal data is necessary in order to purchase our goods or use the services we offer. Providing other data is voluntary and is not necessary for the conclusion and performance of the contract. Required information is marked as mandatory on the Balsamique website or indicated as such by our employee. The consequence of not providing this data is the inability to sell goods to you or provide certain services by us. Apart from the data marked as obligatory, providing other personal data is voluntary.

8. What happens if the Customer provides us with third party data?

We offer features and services that require us to process the personal data of third parties provided to us by customers, such as when activating and shipping a Gift Card. If the Customers provide us with the Personal Data of third parties, it means that the Customer has informed the third party about the purposes and methods of their processing.

9. What are my rights?

The administrator, in connection with the processing of your personal data, ensures the implementation of your rights related to the processing of personal data, described below. You can exercise your rights by submitting a request for the data indicated in point 1.

The right to withdraw consent

You have the right to withdraw your consent to the processing of personal data for marketing purposes (i.e. in connection with the sending of the newsletter), if you have given it. Withdrawal of consent takes effect from the moment the consent is withdrawn. Withdrawal of consent does not affect the processing carried out by us in accordance with the law before its withdrawal. Withdrawal of consent does not entail any negative consequences for you. However, it will prevent us from sending you the newsletter any longer.

The right to object to the use of data

You have the right to object to the use of your personal data at any time if we process your data based on our legitimate interest, e.g. in connection with keeping statistics on the use of individual functionalities of the Balsamique online store and facilitating the use of the store. If your objection turns out to be justified and we have no other legal basis to process your personal data, we will delete your data, the use of which you objected to.

The right to delete data (the so-called "right to be forgotten")

You have the right to request the deletion of all or some of your personal data. You have the right to request the deletion of personal data if:

a) you have withdrawn your specific consent to the extent to which personal data were processed based on your consent,
b) your personal data are no longer necessary for the purposes for which they were collected or processed,
c) you objected to the use of your data for the purpose of keeping statistics on the use of the Website and satisfaction surveys, and the objection was considered justified,
d) your personal data is processed unlawfully.

Despite the request to delete personal data, we may retain certain personal data to the extent necessary for the purposes of establishing, investigating or defending claims. This applies in particular to personal data including: name, surname and e-mail address, which we keep for the purpose of handling complaints and claims related to the use of our services.

The right to limit data processing

You have the right to demand that the processing of your personal data be restricted. If you submit such a request, until it is considered, we will prevent you from using certain functionalities or services, the use of which will involve the processing of data covered by the request. You have the right to request the restriction of the use of your personal data in the following cases:

a) when you question the correctness of your personal data - then we will limit their use for the time we need to verify the correctness of your data, but no longer than for 7 days,
b) when the processing of your data is unlawful, and instead of deleting the data, you request the restriction of their use,
c) when your personal data are no longer necessary for the purposes for which we collected or used them, but you need them to establish, assert or defend claims,
d) when you have objected to the use of your data - then the restriction takes place for the time needed to consider whether - due to your special situation - the protection of your interests, rights and freedoms outweighs the interests that we pursue when processing your personal data.

The right to access data

You have the right to obtain confirmation from us as to whether we process your personal data, and if this is the case, you have the right to:

a) access your personal data,
b) obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR and the right to lodge a complaint with the supervisory authority, the source of this data, about automated decision making, including profiling, and about the security measures used in connection with the transfer of this data outside the European Union,
c) obtain a copy of your personal data.

The right to rectify data

You have the right to rectify and supplement the personal data provided by you. You can do it yourself in the Settings (Privacy) tab. With regard to other personal data, you have the right to request us to correct this data (if it is incorrect) and supplement it (if it is incomplete).

Right to data portability

You have the right to receive your personal data that you provided to us, and then send it to another personal data administrator of your choice, e.g. to another operator of similar websites. You also have the right to request that personal data be sent by us directly to such other administrator, if technically possible.

10. When do we fulfill your request?

If, in exercising the above-mentioned rights, you make a request to us, we comply with this request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if - due to the complexity of the request or the number of requests - we will not be able to meet your request within a month, we will comply with it within the next two months, informing you in advance about the intended extension of the deadline.

11. Cookies

We use cookies and other similar mechanisms to make it easier for customers to use the Balsamique online store, learn how they contact us and, in some cases, to show them advertisements tailored to their internet habits. Please read our Cookie Policy to learn more about cookies and similar mechanisms used by us, about their purpose and to learn other important information.