GPDR - Data protection Policy

GPDR - Data protection Policy

This Policy is established by Balio Studio S.R.L located at (e) Boulevard Initialis 28 to 7000, listed under the registration number: 0809111147 (hereinafter referred to as « the controller »)
The purpose of this Policy is to inform visitors of the website hosted at www.baliostudio.com (hereinafter referred to as the “website”) about how data is collected and processed by the controller.
This Policy is in line with the desire of the controller to act in full transparency, in compliance with its national provisions and the (EU) regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”)
The controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
Personal data is defined as all personal data relating to the user, that is any information which allows him or her to be identified directly or indirectly as a natural person.
If the user wishes to react to any of the practices described below, he can contact the data controller at the postal address or the email address specified in the « contact data » point of this Policy.

what data do we collect?

The data controller collects and processes the following personal data in accordance with the procedures and principles described below:
• its domain (automatically detected by the controller’s server), including the dynamic IP address;
• your e-mail address if you have previously disclosed it, for example by sending messages or questions on the website, contacting the controller via e-mail, participating in discussion forums, Accessing the restricted part of the website by identification, etc.;
• all information about the pages that the user has visited on the website;
• any information that the user has voluntarily provided, for example in connection with information surveys and/or registrations on the website, or by accessing the restricted part of the website through identification.
It is possible that the controller may also collect non-personal data. These data are qualified as non-personal data because they do not allow to directly or indirectly identify a particular person.

They may then be used for any purpose, such as to improve the website, products and services offered or advertising of the controller.

In the event that non-personal data are combined with personal data, so that an identification of the persons concerned is possible, these data will be treated as personal data until their reconciliation with a particular person is made impossible.

collection methods

The data controller collects personal data in the following manner:
• Web form
• Cookies

purposes of processing

Personal data are collected and processed only for the purposes mentioned below:

  • Managing and monitoring the performance of the services offered;
  • Sending and tracking of orders and invoices;
  • sending promotional information on the controller’s products and services;
  • sending promotional material;
  • Answer user questions;
  • Produce statistics;
  • improve the quality of the website and the products and/or services offered by the controller;
  • to send information about new products and/or services of the controller;
  • for commercial prospecting activities;
  • To enable better identification of the user’s interests.
  •  

The controller may be required to carry out processing operations not yet provided for in this Policy. In this case, the user will be contacted before reusing his personal data, to let him know about the changes and give him the opportunity, if necessary, to refuse such reuse.

 

Legitimate interests

Some of the processing carried out by the controller are based on the legal basis of the legitimate interests of the controller. These legitimate interests are proportionate to the respect of the user’s rights and freedoms. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended that he contact the data controller (see point relating to «contact data»).

shelf life

Some of the processing carried out by the controller are based on the legal basis of the legitimate interests of the controller. These legitimate interests are proportionate to the respect of the user’s rights and freedoms. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended that he contact the data controller (see point relating to «contact data»).

The personal data of a customer are kept for a maximum of 10 years after the end of the contractual relationship between that customer and the controller.

At the end of the retention period, the controller makes every effort to ensure that personal data has been made unavailable and inaccessible.

Application of rights

For all the rights listed below, the data controller reserves the right to verify the identity of the user for the application of the rights listed below.
This request for additional information will be made within one month of the user’s submission.

Access to data and copy

The user may obtain written communication or a copy of the personal data collected about him free of charge.
The controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.
Where the user makes such a request electronically, the information shall be provided in an electronic form of common use unless the user requests otherwise.
Except as provided for by the General Data Protection Regulation, a copy of your data will be communicated to you no later than one month after receipt of your request.

right to rectification

The user may obtain, free of charge, as soon as possible and at the latest within one month, the rectification of his personal data that are inaccurate, incomplete or irrelevant, as well as their completion if they prove to be incomplete.
Except as provided for by the General Data Protection Regulation, the application of the right to rectification is processed within one month of its introduction.

Right to object to processing

The user may at any time, for reasons related to his particular situation, oppose free of charge the processing of his personal data, when:

  • the processing is necessary for the performance of a task in the public interest or falling within the exercise of public authority with which the controller would be entrusted;
  • the processing is necessary for the legitimate interests pursued by the controller or a third party, unless the interests or fundamental freedoms and rights of the data subject which require protection of personal data prevail (in particular where the person concerned is a child).

The controller may refuse to exercise the user’s right of opposition when it establishes the existence of compelling and legitimate grounds justifying the processing, which override the interests or rights and freedoms of the user, or for the establishment, exercise or defence of a legal right. In the event of a dispute, the user may bring a remedy pursuant to the point «complaint and complaint» of this Policy.
The user may also, at any time, without justification and free of charge, oppose the processing of personal data concerning him when his data are collected for commercial prospecting purposes (including profiling).
 
Where personal data is processed for the purpose of scientific or historical research or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, for reasons relating to its particular situation, the processing of personal data concerning it, unless the processing is necessary for the performance of a public interest task.
 
Except as provided for by the General Data Protection Regulation, the controller is obliged to respond to the user’s request as soon as possible and at the latest within one month and to give reasons for its response when it intends not to comply with such request.

Right to restriction of processing

The user may obtain the restriction of the processing of his personal data in the following cases:

  • when the user disputes the accuracy of a data and only for the time that the controller can control it;
  • when the processing is unlawful and the user prefers to limit the processing rather than erase it;
  • when, although no longer necessary for the purposes of processing, the user needs it to establish, exercise or defend his rights in court;
  • for the time necessary to examine whether an objection filed by the user is justified, in other words, the time that the controller proceeds to verify the balance of interests between the legitimate interests of the controller and those of the user.

The controller will inform the user when the restriction of processing is lifted.

Droit à l'effacement (droit à l'oubli)

The user may obtain the erasure of personal data concerning him or her, where one of the following reasons applies:

  • the data is no longer required for the purposes of processing;
  • the user has withdrawn his consent to the processing of his data and there is no other legal basis for the processing;
  • the user opposes the processing and there is no compelling legitimate reason for the processing and/or the user exercises its specific right of opposition in relation to direct marketing (including profiling);
  • the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation (under Union law or Member State law) to which the controller is subject;
  • personal data were collected in the context of the provision of information society services to children.

 

The deletion of data is not applicable in the following cases:

  • when the processing is necessary for the exercise of the right to freedom of expression and information;
  • where the processing is necessary to comply with a legal obligation that requires the processing provided for by Union law or by the law of the Member State to which the controller is subject, or to carry out a task in the public interest or in the exercise of public authority that would be entrusted to the responsible person;
  • when the processing is necessary for reasons of public health interest;
  • when the processing is necessary for archival purposes in the public interest, for scientific or historical research or statistical purposes and where the right to erasure is likely to make it impossible or seriously jeopardise the achievement of the objectives of the processing in question;
  • when the processing is necessary for the establishment, exercise or defence of legal rights.

Except as provided for by the General Data Protection Regulation, the controller is obliged to respond to the user’s request as soon as possible and at the latest within one month and to give reasons for its response when it intends not to comply with such request.

Right to “data portability”

The user may at any time request to receive his personal data free of charge in a structured format, commonly used and machine-readable, for the purpose of transmitting them to another controller, when:

  • the data processing is carried out using automated processes; and when
  • the processing is based on the user’s consent or a contract between the user and the controller.

Under the same conditions and according to the same terms, the user has the right to obtain from the controller that the personal data concerning him be transmitted directly to another controller of personal data, as far as is technically possible.
The right to data portability does not apply to processing that is necessary for the performance of a public interest task or the exercise of public authority with which the controller would be entrusted.

Recipients of data and disclosure to third parties

The recipients of the collected and processed data are, in addition to the controller himself, his employees or other subcontractors, its carefully selected business partners, located in the European Union, and who collaborate with the controller in the marketing of products or the provision of services.
In the event that the data is disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed beforehand so that he can choose to accept the transfer of his data to third parties.

If this transfer is based on the user’s consent, the user may withdraw his consent for this specific purpose at any time.

The controller complies with the legal and regulatory provisions in force and will ensure that its partners, employees, subcontractors or other third parties having access to these personal data comply with this Policy.

The data controller discloses the personal data of the user in the event that a law, judicial procedure or an order from a public authority makes this disclosure necessary.
No transfer of personal data outside the European Union is carried out by the controller.

Security

The data controller implements appropriate technical and organisational measures to ensure a level of security for processing and collected data in relation to the risks presented by the processing and the nature of the data to be protected, adapted to the risk. It takes into account the state of knowledge, implementation costs and the nature, scope, context and purposes of processing as well as risks to users’ rights and freedoms.

The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.
The controller has put in place appropriate security measures to protect and prevent loss, misuse or alteration of the information received on the website.

In the event that personal data under the controller’s control is compromised, he will act promptly to identify the cause of this violation and take appropriate remediation measures.
The controller informs the user of this incident if required by law.

Complaint and Complaint

If the user wishes to react to any of the practices described in this Policy, it is advisable to contact directly the controller.

The user can also lodge a complaint with his national supervisory authority, whose contact details are available on the official website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the possibility to bring a complaint before the competent national courts

Données de contact

For any questions and/or complaints, relating to this Policy, the user may contact the controller:

By email: massimo@baliostudio.com.

By post: Boulevard Initialis 28 7000 Mons Belgium.

Modification

The controller reserves the right to change the provisions of this Policy at any time. The changes will be published directly on the website of the data controller.

Applicable law and competent jurisdiction

This Policy is governed by the national law of the principal place of business of the controller.
Any dispute relating to the interpretation or execution of this Policy will be subject to the courts of that national law.


This version of the Policy is dated 26/08/2024.