This document explains how Baloir Group s.r.o. (“Baloir”, “we”, “our”) collects and processes your personal data when you visit baloir.com, create an account, place an order, or apply as a seller. It supplements our Cookie Policy and Terms & Conditions. If any translation differs, the Czech original prevails.
1. DATA CONTROLLER
Baloir Group s.r.o.
Company reg. no. / IČO: 123456789 | VAT ID: 123456789
Registered address: Školská 660/3, Praha 1 , 110 00
E‑mail: info@baloir.com
2. WHO THIS POLICY COVERS
– Visitors of baloir.com
– Buyers creating an account or order
– Sellers applying to list products
– Newsletter subscribers and support contacts
3. DATA WE PROCESS
3.1 Buyers
– Name, shipping & billing address
– E‑mail, phone number
– Order details, Stripe payment token
– IP address, device/browser, cookie IDs, GA4 analytics
3.2 Sellers
– Legal entity name, registration number, VAT ID
– Registered address, representative contact
– IBAN for payouts
– ID scan / registry extract (KYC, kept ≤ 30 days)
– KYC metadata (file hash, result, date) — stored 10 years
3.3 Technical logs
– Server logs (Hetzner, Germany)
– Country inferred from IP, user‑agent strings
4. PURPOSES AND LEGAL BASES
– Fulfilling the purchase contract (order processing) — data 3.1 — GDPR art. 6 (1)(b)
– Invoicing & VAT (OSS) — data 3.1, 3.2 — art. 6 (1)(c)
– KYC / AML compliance (DSA, DAC7) — data 3.2 — art. 6 (1)(b)(c)(f)
– Fraud prevention & security — data 3.1–3.3 — art. 6 (1)(f)
– UX analytics (GA4, IP anonymised) — cookie ID — art. 6 (1)(f)
– Marketing e‑mails — e‑mail — art. 6 (1)(a) — consent
5. COOKIES
Non‑essential analytical and marketing cookies are set only after you give consent via the Complianz banner. Details: /cookie-policy-eu.
6. DATA RECIPIENTS
– Hetzner Online GmbH (DE) — hosting
– Stripe Payments Europe Ltd. (IE/US) — payments & KYC
– Sendcloud BV (NL) — shipping labels
– Google Ireland Ltd. (IE) — GA4 analytics
– Competent authorities when legally required
7. INTERNATIONAL TRANSFERS
Stripe may process data in the United States; transfers rely on EU Standard Contractual Clauses (SCC 2021/914).
8. RETENTION PERIODS
– Buyer & seller accounts — active + 5 years
– Financial/VAT records — 10 years (Czech Accounting Act 563/1991)
– Server logs & anti‑fraud — 2 years
– KYC document scans — deleted after 30 days; metadata — 10 years
– Marketing subscription — until consent is withdrawn
After expiry, data are erased or anonymised within 30 days.
9. YOUR RIGHTS
Access, rectification, erasure, restriction, portability, objection, complaint to the Czech DPA (ÚOOÚ).
Requests via baloir.com/support — response within one month (may extend by two months if complex). Unfounded/repetitive requests may attract a €20 fee.
10. SECURITY MEASURES
TLS 1.3 encryption, databases encrypted at rest, role‑based access, two‑factor authentication, daily backups, 72‑hour breach‑notification protocol.
11. AUTOMATED DECISIONS
No automatic rejection of seller onboarding or buyer orders; flagged cases are manually reviewed.
12. CHILDREN
The service is not directed to persons under 16; we do not knowingly collect their data.
13. CHANGES TO THIS POLICY
We notify material changes 14 days in advance (e‑mail + dashboard banner). Continued use after the effective date signifies acceptance.
No products in the cart.