Balagan Street
Order

Privacy Policy

Last updated: 2025-09-21

Balagan Street ("we", "us", "our") operates an ordering service for Mediterranean hummus. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian and EU laws.

Data Controller

Balagan Street, Tallinn, Estonia. Contact: info@balagan.st

What Personal Data We Collect

  • Identity and contact: name, email, phone
  • Order details: quantities, fulfillment type, payment method
  • Delivery details (if applicable): street, city, postal code, apartment, notes
  • Marketing attribution: UTM parameters (source, medium, campaign, term, content)
  • Technical data: IP address for rate-limiting and security

Why We Process Your Data (Legal Bases)

  • Performance of a contract: to take and fulfill your order
  • Legitimate interests: service analytics, fraud prevention, service improvement
  • Legal obligations: accounting and tax compliance
  • Consent: for optional marketing attribution where required

How We Use Your Data

  • To create and manage your order
  • To arrange pickup or delivery
  • To process your chosen payment method (Revolut or cash)
  • To provide customer support
  • To analyze service usage (Plausible analytics)

Data Sharing

We do not sell your data. We may share limited data with service providers strictly necessary to operate the service (e.g., analytics, hosting). All processors are bound by data processing agreements and process data only on our instructions.

Data Retention

We retain order records for up to 3 years to meet accounting and legal obligations. Delivery addresses are kept only as long as necessary to fulfill the delivery and for limited after-sales support, unless a longer retention is legally required.

Your Rights

  • Access, rectification, and erasure ("right to be forgotten")
  • Restriction and objection to processing
  • Data portability
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority

To exercise your rights, contact: data@balagan.st. We will respond within 30 days as required by GDPR.

International Transfers

If data is transferred outside the EU/EEA, we use appropriate safeguards, such as Standard Contractual Clauses.

Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, or loss.

Changes

We may update this policy from time to time. The latest version is always available on this page.