Data Privacy and Cookie Policy

I value your privacy…


Data Privacy and Cookie Policy

Last Updated: 14 September 2018

Your privacy is important to Andrej Balaz Design. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

Generally speaking, we use a couple of cookies to help us improve the website and only store personal information when you write us a message, schedule a call or we start working together.

1. Identity

If there are any questions regarding this Data Privacy and Cookie Policy you can contact us using details below:

Andrej Balaz Design
Andrej Balaz
Groninger Str. 6
13347 Berlin

Impressum – Legal Notice

You will find further information in our Impressum – Legal Notice.

2. What information is collected?

You may visit this site anonymously although some cookies are used by our provider Squarespace to operate this website.

2.1. Necessary Cookies

What does this do? Some cookies are necessary to make this website work correctly and protect it from intruders.

This site uses the following cookies listed in the section Functional and Required Cookies on Squarespace:

  • Crumb (Name of cookie) – Session (Duration of storage): Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.

  • RecentRedirect30 minutes: Prevents redirect loops.

  • LockedSession: Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.

  • Test – Session: Investigates if the browser supports cookies and prevents errors.

2.3. Analytics and Performance Cookies

These cookies help us to improve the content of the site. Squarespace does not collect any personally identifiable data, so we cannot tell who you are when visiting this site. For example, it helps us to tell if you have visited this site in the past and then exclude you from counting you as a new visitor.

This site uses the cookies listed in the section Analytics and Performance Cookies on Squarespace:

  • ss_cid2 years: Identifies unique visitors and tracks a visitor’s sessions on a site

  • ss_cvr2 years: Identifies unique visitors and tracks a visitor’s sessions on a site

  • ss_cvisit 30 minutes: Identifies unique visitors and tracks a visitor’s sessions on a site

  • ss_cvt 30 minutes: Identifies unique visitors and tracks a visitor’s sessions on a site

  • ss_cpvisit2 years: Identifies unique visitors and tracks a visitor’s sessions on a site

  • ss_cookieAllowed30 days: Remembers if a visitor agreed to placing Analytics cookies on their browser if a site is restricting the placement of cookies

When you confirm the cookie bar that is displayed on your screen, these cookies are included into your browser’s cookie cache. You can delete them via your browser’s privacy options.

2.2. Scheduling a call with me

If you choose to schedule a call, you will be asked to share your full name and e-mail address on the service used to handle the scheduling called Calendly. You can read about Calendly’s Privacy Policy here.

3. What do we use your information for?

Any of the information we collect here or via Calendly may be used for the following purpose:

  • To answer your enquiry

  • To contact you about my services, should this be requested or apparent in your message

4. Legal basis

4.1. EU General Data Protection Regulation (GDPR)

The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If you are a resident of the EEA, you have the following data protection rights:

  • If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing

  • In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing

  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests I receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

4.2. Children’s Online Privacy Protection Act Compliance

Andrej Balaz Design is in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.

5. How do we protect your information?

Andrej Balaz Design does not store any personal identifiable information about you online or using cloud storage unless those organizations comply with GDPR.

5.1. Confidentiality

All data is protected by password access. We do not request or keep financial information such as your bank account details, unless we are collaborating contractually and payments are outstanding. All subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.

5.2. Transparency

Andrej Balaz Design will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.

5.3. security

All personal data is stored in services that require a password, two-factor authentication or higher measures of access control.

5.4. Personal Data breach notification

In the event that your data is compromised, Andrej Balaz Design will notify you and the ICO within 72 hours by email with information about the extent of the breach, affected data, any impact on the services and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the services.

7. Do we disclose any information to outside parties?

Andrej Balaz Design does not sell, trade or otherwise transfer to outside parties any personally identifiable information.

This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.

7.1. Subcontractors/trusted third parties

The subcontractors of Andrej Balaz Design are:

  • Squarespace Ireland Ltd.

  • Calendly LLC

Both companies have implemented all necessary standards to comply with GDPR.

7.2. Legally required disclosure

Andrej Balaz Design will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Andrej Balaz Design, we strive to limit the disclosure. Andrej Balaz Design will only release specific data mandated by the relevant legal demand.

If compelled to disclose your data, Andrej Balaz Design will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

8. Third party services

You may access other third-party services through links on the website. We are not responsible for the privacy policies and/or practices of these third-party services or websites, and we encourage you to carefully review their privacy policies.

9. Where do we store the information?

Personal information that you submit through the website may be transferred to countries other than where you live, such as, for example, Squarespace’s servers in the U.S.

Squarespace relies upon a number of means to transfer personal information which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR. You can find out more information about these transfer mechanisms here.

Personal information collected via email is stored in the database of our domain provider Profihost, in Hannover, Germany:

10. Request for rectification, restriction or erasure of the personal data

10.1. Rectification

You may at any time obtain rectification of inaccurate personal data about you.

10.2. Restriction of processing personal data

You may at any time request Andrej Balaz Design to restrict the processing of personal data when one of the following applies:

  • if you contest the accuracy of the personal data, for a period enabling Andrej Balaz Design to verify the accuracy of the personal data;

  • if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or

  • if Andrej Balaz Design no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

10.3. Erasure

You may without undue delay request the erasure of personal data concerning you, and Cookie-Script shall erase the personal data without undue delay when one of the following applies:

  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;

  • if the personal data have been unlawfully processed; or

  • if the personal data have to be erased for compliance with a legal obligation in EU or national law.

11. Data retention

11.1. Data retention policy

Invoicing data will due to tax regulations be retained for up to ten fiscal years from the end of the contract.

11.2. Data retention for compliance with legal requirements

You cannot require Andrej Balaz Design to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.

12. Your consent

By using our site and/or our services, you consent to this Privacy Policy.

13. Changes to our Privacy Policy

This Privacy Policy may be modified from time to time, so please review it frequently. If we materially change the ways in which we use or share personal information previously collected from you through our service, we will notify you through our email.

Changes to Privacy Policy will appear on this page, and the Privacy Policy modification will be updated (date in the top of this page).