Privacy Policy

Our privacy policy was reformulated based on the new General Data Protection Regulation (GDPR), as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council, as well as all other applicable legislation and complementary to the privacy and data protection issues.

All data that will be processed by the company and how they can be used depend on the services that will be requested by you and on the way that is agreed with you.

1. Responsible for data processing

In case of doubts regarding the treatment of my data, I can contact the person responsible for them through the contacts:
Praceta Lagar de São João, nº10 2B
Setubal – Portugal

2. Cookies

“Cookies” are text files that are stored on your computer through your search engine (browser).

VanillaBalcony, Lda collects information from its customers to provide them with a personalized service and to facilitate their navigation on our website. Their use on this site will be monitored for statistical purposes.

The setting of cookies on our website can be prevented or deleted, if the data subject so wishes, through the Internet browser or software programs. However, if the data subject does so, he may later have some features that are not fully usable.

3. Collection and Processing of Data and General Information

Our website collects some data and general information when accessed by the owner.
This data is stored by the server and consists of:

• browser types and versions used;
• operating system used by the device that performs the access;
• the website through which you were redirected to ours;
• the sub-websites;
• the date and time when our website was accessed;
• an Internet protocol address (IP address);
• other similar data and information that may be used in the event of security risks to our systems.
These data and information are not used by the company to draw conclusions from their holders. They are only used for:
• correctly deliver the content of our website;
• optimize the website content, as well as the website’s ads;
• ensure the long-term viability of our systems and technologies;
• provide information to law enforcement authorities in the event of cyber attacks.

It is also important to note that all these data are removed according to the consent of the data subject (as indicated in articles 6 (1) (a) and 7, present in the GDPR):

When you provide us with your consent for the processing of personal data, it will be carried out based on what you have been informed and on which you have consented. This consent can be revoked at any time. This revocation can also be applied to consents that may have been provided prior to the entry into force of the GDPR, that is, before the 25th of May 2018. Please note that the revocation applies only to future situations and therefore does not take into account retroactive effects, that is, the treatment that occurred before the revocation is not covered by it.

4. Who has access to the data

Within the company, the employees who need them for the analysis of statistical data and, consequently, for the optimization of the website and company contents, have access to the data.
Regarding the transmission of data to other companies, VanillaBalcony, Lda only shares data when legal provisions require us and / or when we have the consent of the holders, as provided for in the GDPR and applicable data protection laws.

5. Data storage period

The data controller must analyze and store the personal data of the data subject for the period necessary to achieve the storage objectives, for the period granted to him by the European legislator or other legislators in laws or regulations to which the data controller may also be subject. If the purpose of storage is not applicable or if the defined period of storage expires, personal data will be blocked or deleted, according to the applicable legal requirements.

6. Automated Decision Making

As provided in the GDPR, automated decision-making procedures are not used by the company. However, if it is necessary to resort to this procedure, you will be informed, as established by law.

7. Possibility of contact via website

Our website contains information that allows quick and direct contacts with our company, through a general email address (email address). In case the contact is made through our contact forms, the personal data transmitted by the holder will be stored for the purposes of being treated or to contact the holder. These data will not be transmitted to third parties.

8. Data protection for applications and application procedures

In the case of data relating to applications and these being sent to the company via e-mail or a website contact form, the person in charge will have the obligation to collect these data and process them, and the treatment can be carried out electronically. If the responsible person concludes an employment contract with the applicant, the data of the latter will be stored in accordance with the legal requirements. If no type of employment contract is entered into, the responsible person must delete the data within two months after the notice of the refusal decision, provided that no other legitimate interest of the controller was opposed to the deletion (such as, for example, being an evidence in a legal procedure) or as long as the data subject explicitly expresses his wish for the data controller to keep his personal data.

9. Data protection provisions on the application and use of Google Analytics (with anonymization functionality)

The Google Analytics component was integrated into this website. This service is based on web analysis, that is, it consists of the collection, agglomeration and analysis of data related to the behavior of visitors on websites, namely, data such as the pages you visit, the frequency with which you visit or the duration of the viewing of each page, with the objective of subsequently optimizing the website and reallocating resources in relation to online advertising. This web analysis uses the “anonymizelp” feature that allows the Google company to obtain the IP address of the internet connection of the data subject to our websites from a Member State of the European Union or another Contracting State in the European Economic Area Agreement .

Google Analytics also uses a system of cookies (definition presented above in point 2) that is responsible for analyzing personal data of visitors and data relating to the use of websites. This data is stored by Google in the United States of America and may be passed on to third parties.

The setting of cookies can be prevented by the data owner on our website, through an adjustment to the web browser used (as indicated in point 2) and the cookies already used by Google Analytics can be deleted at any time through the web browser. web or other software programs. In addition, the data subject can object to the data collection generated by Google Analytics and its treatment by downloading and installing a browser add-on at This add-on acts as an objection by Google to use visitor data. If the holder’s information technology system is subsequently deleted, formatted or newly installed, he must again install the add-on so that his data is not analyzed by Google Analytics. If the add-on is disabled, it is possible to reactivate or reinstall it.

For more information regarding Google’s data protection, see and For more information about Google Analytics, see The Google Analytics component operator is:

Google Inc., 1600 Anphitheater Parkway, Mountain View

CA 94043-1351, United States of America.

10. Data subject’s rights

• Right to be informed: Holders have the right (granted by the European legislator) to know how their personal data will be used by the controller or processor. This data protection statement explains how personal data can be used, and if there are still any doubts on the part of the holders, they can contact our data controller at any time.
• Confirmation right: Holders have the right (granted by the European legislator) to obtain confirmation from the controller as to whether or not personal data relating to them are being processed, for which it is necessary to contact our data controller.
• Right of access: Holders have the right (granted by the European legislator) to obtain from the responsible person, at any time and free of charge, information about their stored personal data and a copy of this information. In addition, according to European directives and regulations, the data subject must be granted access to information relating to:

– The purposes of data processing;
– The categories of personal data concerned;
– To recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
– The expected period for which personal data will be stored or the criteria used to determine that period;
– The existence of the right to lodge a complaint with a supervisory authority;
– The origin of the data when they are not the personal data of the holders;
– The existence of automated decision-making, including profiling, referred to in Articles 22º no. 1 and no. 4 of the GDPR and, at least in these cases, significant information on the logic involved, as well as the importance and expected consequences of such treatment for the data subject.
In addition, the data subject has the right to obtain information regarding the transmission of his personal data to a third country or to an international organization. When applicable, the data subject has the right to be informed of the appropriate safeguards relating to this transmission. If holders want to take advantage of this right of access, they can contact our data controller.

• Right of rectification: Holders have the right (granted by the European legislator) to obtain from the controller, without undue delay, the rectification of inaccurate personal data about them, as well as the filling in of incomplete personal data. If the holders want to enjoy this right, they can, at any time, contact our data controller.
• Right of erasure (or Right to be forgotten): Holders have the right (granted by the European legislator) to obtain from the controller the deletion of personal data concerning them, provided that processing is not necessary, when one of the following reasons applies:

– Personal data is no longer needed for analysis or treatment;
– The data subject withdraws the consent on which the processing is based (in accordance with Articles 6 (1) (a) or 9 (2) (a) of the GDPR) and there is no other legal basis for the processing;
– The data subject is opposed to processing under the terms of Article 21 no. 1 of the GDPR and there are no legitimate reasons for the processing, or the data subject is opposed to the processing under Article 21 no. 2 of the GDPR;
– Personal data has been processed illegally;
– Personal data must be erased in order to comply with a legal obligation under Union or Member State legislation to which the controller is subject.
– Personal data was collected in relation to the provision of information society services by children under 16 years old (article 8º nº1 of the GDPR).
If the holders want to enjoy this right, they can, at any time, contact our data controller.

• Right to limitation of treatment: Holders have the right (granted by the European legislator) to obtain a limitation on the processing of their data from the controller, if one of the following conditions applies:

– The accuracy of personal data is contested by the holder for a period that allows the controller to verify the accuracy of the same;
– The processing is illegal and the data owner, opposing the deletion of personal data, requests the restriction of its use;
– The controller no longer needs personal data for processing purposes, but they are required by the data owner for the establishment, exercise, or defense of legal processes;
– The data subject is opposed to processing under the terms of Article 21 (1) of the GDPR, and it is still unclear whether the legitimate motives of the controller annul those of the data subject.

If one of the conditions mentioned above is fulfilled and the data subject wishes to request a restriction on the processing of personal data stored by VanillaBalcony, Lda, he may, at any time, directly contact our data controller.

• Right to data portability: Holders have the right (granted by the European legislator) to receive personal data relating to them, which have been provided to a controller, in a structured format, in common use and readable by machines. The holder has the right to transmit this data to another controller without impediment of the current controller, provided that it does not negatively affect the rights and freedoms of others and provided that the treatment is based on consent (as referred to in terms of Article 6, paragraph 1, point a) or Article 9 (2) (a) of the GDPR) or in a contract in accordance with Article 6 (1) (b) of the GDPR, and the treatment is carried out by automated means, provided that it is not necessary for the performance of a task performed in the public interest or in the exercise of official authority conferred on the controller.

To ensure the right to data portability, cardholders can enjoy this right at any time and contact our data controller.

• Right of objection: Holders have the right (granted by the European legislator) to oppose, for reasons related to their particular situation, at any time, the processing of personal data concerning them, based on Article 6 (1) (e) and (f) of GDPR, this being also applicable to profiling. In these cases, the company no longer treats any personal data unless it demonstrates having convincing legitimate reasons for the treatment of the same (exercises or legal processes, for example).

To exercise the right of objection, data subjects can, at any time, contact our data controller.

11. Security of personal data

VanillaBalcony, Lda uses security systems and procedures in order to guarantee the security of the holders’ personal data and in order to prevent unauthorized access, as well as the improper use, disclosure, loss and destruction of personal data.

Definitions: This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement must be legible and understandable to the general public, as well as to our customers and business partners. To ensure this, we would like to start by explaining the terminology used.

In this data protection statement, we use, inter alia, the following terms:

• Personal data: Personal data means any information related to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the identity physical, physiological, genetic, mental, economic, cultural, or social of that natural person.
• Data holder: The data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for processing.
• Treatment: Processing is any operation or set of operations that is performed on personal data or on personal data sets (whether or not by automated means), such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, broadcast disclosure, disclosure or availability, alignment or combination, restriction, deletion, or destruction.
• Treatment restriction: The restriction of processing is the marking of personal data stored with the aim of limiting its processing in the future.
• Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects related to that person’s work performance, economic situation, health, personal preferences , interests, reliability, behavior, location, or movements .
• Data Controller or Controller or Controller responsible for processing: Data Controller or Controller or Controller responsible for processing is the natural or legal person, public authority, agency or other body that (alone or in conjunction with others) determines the purposes and means of processing personal data. When the purposes and means of such treatment are determined by Union or Member State legislation, the controller or specific criteria for their appointment may be indicated by Union or Member State legislation.
• Data Processor or Processor or Subcontractor: Data Processor or Processor or Subcontractor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
• Recipient: The recipient is a natural or legal person, a public authority, an agency, or other body, to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data as part of a specific investigation in accordance with Union or Member State legislation should not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.
• Third: The third party is a natural or legal person, a public authority, an agency, or any body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to handle personal data.