top of page

Privacy Policy

We respect your privacy and are committed to protecting the personal data of our users. In this Privacy Policy, we explain which personal data we collect, how we use it, with whom we share it, and what rights and choices you have regarding your data. This policy is aligned with the European GDPR and California CCPA regulations to ensure a high level of data protection.

Types of Personal Data We Collect

When using our online store, we may collect different types of personal data that we need to process orders and provide our service. This data may include:

  • Identifying information: Name and surname, shipping and/or billing address, email address, and phone number (so we can deliver the product and contact you regarding the order).

  • Payment information: Data required for payment, such as credit/debit card number or PayPal account details. Note: We do not store your payment information on our site; this data is entered directly via secure payment gateways (Stripe or PayPal) and processed in accordance with their privacy policies. Our payment providers are compliant with strict PCI-DSS security standards for protecting payment information.

  • Order data: Details about the products purchased, the amount and date of the order, and the delivery status.

  • User account: If you register on our site, we collect login data (such as username and password) and possibly your order history and preferences (for example, cart contents or wish list) to facilitate future purchases.

  • Technical and analytics data: When you visit our site, certain information is collected automatically. This may include your IP address, browser type, operating system, access time, and behavior on the website (e.g., which pages you visited). This data helps with security, fraud prevention, and improving site functionality.

  • Cookies: Through cookies we may collect information about your browsing activities on our site (see the Cookies section below).

All of the above data is collected only to the extent necessary to fulfill the specific purpose of providing our service. We do not request special categories of personal data (such as sensitive personal data) for the purposes of a normal purchase.

How We Use Your Data

We use personal data exclusively for legitimate and limited purposes. Below, we clarify the main ways we use the collected data:

  • Order processing and delivery: Your name, address, and contact information are used to process your order, send the product to your address, and send notifications about the status of your order (e.g., order confirmation, shipping information). Without this data, we cannot fulfill the agreed purchase of the product.

  • Payment and verification: Payment data is used solely to charge for the ordered products via the selected payment method (Stripe, PayPal). As noted, this data is processed through secure payment service providers, and we retain only the information necessary for transaction records (e.g., the amount and success of the payment, the last four digits of the card or the PayPal email).

  • Customer support and communication: We use your contact information (such as email and phone) to contact you in case of inquiries, to provide support, or to resolve any complaints, returns, or product exchanges. We may also inform you of important information related to your order (e.g., delivery delays, payment issues).

  • Legal obligations: In certain cases we are obligated to retain or review your data to comply with legal obligations. For example, transaction data is kept for accounting purposes (issuing invoices, maintaining sales records) in accordance with tax and financial regulations. We may also use personal data to comply with legitimate requests from competent authorities or to prevent unlawful activities (e.g., fraud).

  • Service improvement: Analysis of technical data (such as page visits, usage of our online store, etc.) helps us understand how customers use the site and optimize the user experience. We use this analytical information in aggregate form, without drawing conclusions about the identity of individuals. It is important to note that we do not currently use Google Analytics or similar third-party marketing analytics tools, so your behavior is not being tracked for marketing purposes. If we introduce such tools in the future, we will inform you in advance and update this Privacy Policy.

  • Marketing communication (optional): If you voluntarily give us consent (e.g., by signing up for our newsletter during checkout or via a form on the site), we may occasionally use your email address to send news about our products, special offers, and promotions. If you are not currently subscribed to such communications, you will not receive marketing emails. You have the option to unsubscribe from our mailing list at any time by clicking the "Unsubscribe" link in any promotional email or by sending a request to our contact address.

All processing purposes are aimed at providing and improving our service. We do not use your data for any incompatible purpose without your explicit consent.

With Whom We Share Personal Data

We do not sell your personal data to any third parties. However, certain data sharing with trusted partners is necessary to perform the service (e.g., payment processing, product delivery). The third parties with whom we share data act as data processors or independent data controllers for the purpose of fulfilling your order and maintaining our service. These third parties include:

  • Payment service providers: We use Stripe and PayPal for secure processing of credit card payments and PayPal transactions. When you make a payment, certain financial data (such as the card number, cardholder name, billing address, or PayPal account information) is shared directly with the chosen payment service provider in order to authorize and charge the payment. These providers may process your personal and transaction data in accordance with their privacy policies. We do not receive or store your full card details (except possibly anonymous transaction identifiers or part of the card number for record-keeping).

  • Order automation service (AutoDS): Our store uses the AutoDS platform to automate the retrieval and processing of orders in the dropshipping process. This means that details of your order (such as your name, delivery address, and the product ordered) may be forwarded through the AutoDS system so that the order is automatically sent to our supplier or sales partner who ships the product. AutoDS acts as a data processor on our behalf – it processes data solely to fulfill your order and is not authorized to use it for other purposes.

  • Suppliers and logistics partners: If necessary, we will share your delivery information (name, address, phone) with our supplier or the shipping company that delivers the package. This is required for the product to reach you. These partners may use your data only for the purpose of delivering your order and are obligated to keep it confidential.

  • E-commerce platform (Wix): Our website is built on the Wix platform. Wix, as our technology service provider, may have access to certain data (e.g., data stored in the web store database) in order to enable the site’s functionality. Wix may also use basic cookies or tools for site stability and security. All data on Wix’s servers are protected by contract, and Wix does not use them for its own advertising purposes.

  • Other service providers: In the event that we use additional service providers, such as a newsletter mailing service or external customer support tools, it is possible that they too would gain access to the minimal data needed to perform that service (e.g., your email for sending newsletters, or your name and email if you contact us via a contact form). We do not currently use such additional services (besides those listed above), but if we introduce them, we will list them here and ensure they uphold data protection standards.

All third parties we work with are carefully selected to meet high privacy and security standards. We have entered into appropriate data processing agreements with them or rely on their official privacy policies that guarantee the protection of your data. Your data is not shared with anyone outside of the aforementioned circle, unless we are required to do so by law (for example, at the request of a court or a competent regulatory authority).

Cookies and Similar Technologies

What are cookies? Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit a website. Cookies allow us to recognize your browser on your next visit, remember your preferences, and improve the site’s functionality.

How we use cookies: On our site, we primarily use cookies to ensure the proper functioning of the online store and a better user experience. For example, cookies are necessary for the shopping cart to work (remembering the products you added), for logging into your account, or for remembering your language/currency choice. These cookies fall under necessary (mandatory) cookies and cannot be disabled if you want to use our services, because without them the site cannot function properly.

In addition to necessary cookies, we may also use functional cookies that remember certain choices of yours (e.g., to display recently viewed products) and statistical cookies for anonymous analytics of visits (e.g., number of visitors, most popular pages). However, as noted earlier, we currently do not use Google Analytics or similar third-party tools for tracking visits or advertising, which means that no third-party marketing cookies (such as cookies for Facebook Pixel, Google Ads, etc.) are being placed on your device through our site. If we decide to use such tools in the future, we will seek your consent before setting any non-essential cookies and update this policy.

Consent banner: When you first visit our site, you will be shown a banner (notice) about the use of cookies. In that banner, you have the option to accept all cookies or adjust your preferences. We recommend that you leave at least the necessary cookies enabled so that the site can function. For all other types of cookies, we will seek your active consent. You can change your selection at any time – for example, via the "Cookie Settings" link in the footer of the site (if available) or through your browser settings.

Managing cookies: If you do not want cookies to be stored on your device, you can adjust your internet browser settings to refuse cookies. You can also delete cookies that have already been stored. Note that blocking cookies may affect the functionality of our website and others – some features (such as the cart, payment, or login) might not work without cookies.

We may publish more information on how we use cookies in a separate Cookie Policy if a more detailed explanation is required. For now, this basic notice covers the key points: we use cookies solely for functionality and service improvement, with your knowledge and consent.

Your Rights Regarding Personal Data

We want to enable you to have full control over your personal data. In accordance with the General Data Protection Regulation (GDPR) and other applicable laws, you have a number of rights that you can exercise at any time. These rights include[4]:

  • Right of access: You have the right to request confirmation of whether we are processing your personal data, and to obtain a copy of all personal data we hold about you. This allows you transparency regarding what information we have.

  • Right to rectification: If you notice that some of your personal data is incorrect or incomplete (e.g., you changed your address or surname), you have the right to request the correction or completion of that data to ensure that the information we have is accurate.

  • Right to erasure ("right to be forgotten"): In certain circumstances you can request that we delete the personal data we hold about you. For example, if the data is no longer necessary for the purposes for which it was collected, you have withdrawn the consent on which the processing was based, or you believe that we are processing your data unlawfully – you have the right to request deletion. Note that there are exceptions; for instance, data that we are legally required to retain (such as accounting records) cannot be deleted for as long as the legal retention obligation lasts. You will be informed of such exceptions if they apply.

  • Right to restrict processing: You have the right to request that we temporarily limit the processing of your data in certain situations – for example, while we verify the accuracy of the data or in case you have objected to processing. When processing is restricted, we will only store the data and not use it further until the restriction is lifted.

  • Right to data portability: For data that you have provided to us and that we process by automated means on the basis of your consent or for entering into or performing a contract, you have the right to receive that data in a structured, commonly used, machine-readable format. You also have the right to have that data transmitted directly to another controller at your request, if technically feasible. This option makes it easier for you to transfer your data, for example, to another service.

  • Right to withdraw consent: In cases where the processing of your data is based on your consent (e.g., for receiving a newsletter), you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing before the withdrawal, but it means that we will no longer process your data for that purpose going forward.

  • Right to object: You have the right to object to the processing of your personal data when it is based on our legitimate interest. In such cases, we will stop processing your data for that purpose unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims. If we ever use your data for direct marketing (which we currently do not do without your consent), you have the right to object at any time and we will immediately stop using your data for that purpose.

In addition to these general rights that apply to all users, residents of the state of California (USA) have additional rights under the California Consumer Privacy Act (CCPA). Those rights, if you are a California consumer, include:

  • Right to notice: The right to be informed about the categories of personal data we collect and the purposes of their collection, at the time of or before the point of collection. This Privacy Policy also serves as such notice.

  • Right of access ("right to know"): The right to request details about the personal data we have collected about you in the last 12 months, including the categories of data, the sources from which the data was collected, the purpose of collection, and the third parties with whom we have shared that data. You also have the right to request a copy of the specific personal data collected about you.

  • Right to deletion: The right to request that we delete the personal data we have collected from you (subject to certain legal exceptions, e.g., if the data is needed to complete a transaction, fulfill legal obligations, detect security incidents, etc.). If you submit a valid deletion request, we will delete your personal data from our records (and instruct our service providers to do the same) unless an exception applies.

  • Right to opt-out of data sale ("opt-out"): CCPA gives you the right to request that we do not sell your personal data to third parties. We emphasize that we do not sell your personal data now nor do we plan to do so. Accordingly, we do not share your data for commercial purposes except to provide the service as described. Nevertheless, you have the right to request that your data not be shared for purposes that CCPA defines as a "sale."

  • Right to non-discrimination: We guarantee that we will not discriminate against you for exercising any of the aforementioned rights. This means we will not deny you service, charge you a different price, or provide a lower level of service because you submitted a privacy rights request. All users have equal rights and service quality with us, regardless of the exercise of these rights.

Exercising rights: You can exercise your rights by contacting us via the email or postal address provided in the Contact section. For certain requests, we may need to verify your identity (to protect your privacy) – for example, by asking you to reach out from the email address you registered with us or by requesting another form of identification. We will strive to respond to your requests as soon as possible, and at the latest within the legal deadline (usually 30 days for GDPR requests). For very complex or multiple requests, this period may be extended with notice.

If you believe that your rights have been violated or you are not satisfied with our response, you have the right to lodge a complaint with the competent data protection supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP), or you can contact the authority in the EU country where you reside. California residents with complaints can also contact the California Attorney General’s office. Of course, we would appreciate if you first attempt to resolve any issue with us directly – your privacy is extremely important to us and we will do everything we can to help.

Security and Data Retention

We take reasonable physical, technical, and organizational measures to protect your personal data from unauthorized access, loss, misuse, or disclosure. For example, our website uses SSL encryption (https) for secure transmission of information; access to personal data is limited only to authorized individuals who need it to perform their job; and our partners (Stripe, PayPal, AutoDS) also use high security standards in their operations. We have already mentioned that the payment service providers follow PCI-DSS standards to protect payment data. We regularly monitor our system for vulnerabilities and strive to use industry-accepted protection practices.

However, it is important to note that no data transmission over the Internet or method of electronic storage is 100% secure. Although we strive to protect your data, we cannot guarantee absolute security for information transmitted via the Internet. Any transmission is at your own risk. Once we receive your data, we apply strict security procedures to prevent unauthorized access.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a different obligation exists by law (e.g., accounting and tax regulations may require storing transaction data for a certain number of years). When your data is no longer needed for any legitimate purpose and we are not required to keep it, we will securely delete or anonymize it.

Changes to this Privacy Policy

We may occasionally update this Privacy Policy to reflect changes in our data processing practices or due to changes in legal requirements. When we make significant changes, we will notify you in a noticeable way on our website (for example, by posting a prominent notice or sending an email notification if applicable) and update the date of the last modification at the bottom of the document.

We recommend that you review this page periodically to stay informed about any changes. The date of the last update will be clearly indicated for reference. Your continued use of our website and services after the changes take effect constitutes acceptance of the updated Privacy Policy.

Contact

If you have any questions regarding this Privacy Policy, our data processing practices, or if you would like to exercise any of your rights, please feel free to contact us.

Contact details of the data controller:
Store/Legal entity name: BalonBoom
Email address: balonboom.store@gmail.com

We will respond to your inquiry or request as soon as possible, and no later than the applicable legal deadline. Your privacy is important to us, and we strive to be as transparent and accommodating as possible in addressing any questions related to personal data.

Effective date of this Privacy Policy: January 13, 2026

bottom of page