Privacy Policy- General Provisions
1.1. This Privacy Policy describes how Bons.Balloons SIA, Flokšu iela 6, Dreilini, LV-2130, Latvia (hereinafter referred to as the "Data Controller") collects, processes, and stores personal data obtained from its clients and persons visiting the website (hereinafter referred to as the "Data Subject" or "You").
1.2. Personal data means any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing means any operation or set of operations performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
1.3. The Data Controller complies with the data processing principles set out by law and confirms that personal data is processed in accordance with applicable legislation.
- Collection, Processing, and Storage of Personal Data
2.1. The Data Controller collects, processes, and stores personal identification information mainly through the website and email.
2.2. By visiting and using the website services, you consent to the use and management of any information you provide in accordance with this Privacy Policy.
2.3. The Data Subject is responsible for ensuring that the personal data provided is accurate, complete, and up to date. Deliberate submission of false information is considered a breach of this Privacy Policy. The Data Subject must immediately notify the Data Controller of any changes to the submitted personal data.
2.4. The Data Controller is not liable for any losses incurred by the Data Subject or third parties resulting from false personal data provided.
- Processing of Client Personal Data
3.1. The Data Controller may process the following personal data:
3.1.1. Name and surname
3.1.2. Contact information (email address and/or phone number)
3.1.3. Transaction data (purchased goods, price, payment information, etc.)
3.1.4. Any other information submitted during the purchase of services or products on the website or during communication with us.
3.2. In addition, the Data Controller reserves the right to verify the accuracy of the provided data using publicly available registers.
3.3. The legal basis for processing personal data is pursuant to Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) The Data Subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the Controller is subject;
f) Processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, particularly when the Data Subject is a child.
3.4. The Data Controller stores and processes the Data Subject's personal data as long as at least one of the following criteria is met:
3.4.1. The personal data is necessary for the purposes for which it was collected;
3.4.2. The Data Controller and/or the Data Subject can exercise their legitimate interests, such as submitting objections or pursuing claims in court according to applicable laws;
3.4.3. There is a legal obligation to retain data, for example, under the Accounting Law;
3.4.4. The Data Subject's consent to data processing remains valid if no other legal basis for processing exists.
Once these criteria cease to apply, the retention period of the personal data ends and all relevant data is irreversibly deleted from computer systems and electronic and/or paper documents containing such data, or these documents are anonymized.
3.5. To fulfill its obligations towards you, the Data Controller may disclose your personal data to partners, data processors performing necessary processing on our behalf, such as accountants, courier services, and others. The data processor acts as a data controller.
3.6. The Data Controller implements organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
- Rights of the Data Subject
4.1. According to the GDPR and Latvian laws, you have the right to:
4.1.1. Access your personal data, receive information about its processing, and request a copy of your data in electronic format, including the right to data portability;
4.1.2. Request correction of inaccurate, incomplete, or outdated personal data;
4.1.3. Request deletion of your personal data ("right to be forgotten"), except when the law requires data retention;
4.1.4. Withdraw your consent to data processing at any time;
4.1.5. Restrict the processing of your personal data — the right to request temporary suspension of all data processing;
4.1.6. Lodge a complaint with the Data State Inspectorate.
Requests to exercise your rights can be submitted by filling out a form in person at Flokšu iela 6, Dreilini, LV-2130, Latvia, or electronically by emailing the customer support service at bons.balloons@gmail.com.
- Final Provisions
5.1. This Privacy Policy is developed in accordance with the European Parliament and Council Regulation (EU) 2016/679 (General Data Protection Regulation) dated April 27, 2016, on the protection of natural persons concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC, as well as applicable laws of the Republic of Latvia and the European Union.
5.2. The Data Controller reserves the right to amend or supplement this Privacy Policy at any time without prior notice. Amendments take effect upon publication on the website
https://bonsballoons.com.