• Skip to main content
  • Skip to navigation
  • Skip to footer
Bolot Studio
Bolot StudioMetal Posters
Bolot Studio
Bolot StudioMetal Posters
Create Metal PrintReviewsProductsBlogOffer for Businesses

Join the Bolot Family

Get exclusive offers, early access, and inspiration.

By subscribing you agree to receive marketing emails. You can unsubscribe at any time. Privacy Policy

Bolot Studio

Premium metal prints for your favorite memories.

Handcrafted in EU since 2020100% Satisfaction Guarantee

Shop

  • Create Metal Print
  • Products
  • Offer for Businesses

Help

  • FAQ
  • Returns Policy
  • Shipping Policy
  • Installation Guide

Company

  • About Us
  • Our Process
  • Press & Media
  • Contact
  • Reviews
  • Blog
Privacy PolicyTerms of ServiceCookie PolicyImpressum

Bolot Studio creates premium metal prints from your photos using advanced metal printing technology. Each print is waterproof and built to last generations. Shipped across Europe.

  • American Express
  • Apple Pay
  • Bancontact
  • BLIK
  • Google Pay
  • iDEAL
  • Klarna
  • Maestro
  • Mastercard
  • Shop Pay
  • Union Pay
  • USDC
  • Visa

© 2020-2026 Bolot Studio. All rights reserved.

  1. Home
  2. /
  3. Privacy Policy
GDPR Compliant

Privacy Policy

Your privacy matters to us. We are committed to protecting your personal data and being transparent about how we use it.

Bolot Studio collects only essential data needed to process your orders: name, email, shipping address, and payment information. We use industry-standard encryption and never sell your data to third parties. Under GDPR, you have the right to access, correct, or delete your data at any time. Contact support@bolotstudio.com for any privacy-related requests.

Last updated: March 2026

Data Controller

Legal Entity

BOLOT Limited Liability Company (BOLOT sp. z o.o.)

ul. Władysława Sikorskiego 6A/10, 44-196 Knurów, Poland

support@bolotstudio.com

Tax ID (NIP): 9691668738

Business Registry (REGON): 540261047

National Court Register (KRS): 0001139800

We have not appointed a Data Protection Officer as we are a small business and do not process special categories of data at large scale. For any privacy-related inquiries, please contact us at support@bolotstudio.com.

Information We Collect

We collect only the data necessary to provide our services and improve your experience

Personal Information

Name, email address, shipping address, and phone number (optional) to process and deliver your orders.

Payment Information

Payment details are processed securely through Shopify Payments. We never store your full card details.

Usage Data

IP address, browser type, pages visited, and time spent on our site to improve our services.

Uploaded Content

Photos you upload for custom prints are stored securely and never shared with third parties.

GDPR Article 6

Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on the following legal grounds:

Performance of Contract (Art. 6(1)(b))

Processing your order, payment, shipping, and providing customer support for your purchases.

Consent (Art. 6(1)(a))

Marketing communications, newsletters, and non-essential cookies. You can withdraw consent at any time.

Legitimate Interest (Art. 6(1)(f))

Website analytics, fraud prevention, security monitoring, and improving our services.

Legal Obligation (Art. 6(1)(c))

Tax records, invoices, and accounting documentation as required by Polish and EU law.

How We Use Your Data

Order Processing

To process and fulfill your orders, send confirmations and shipping updates.

Customer Support

To respond to your questions, requests, and provide assistance when needed.

Service Improvement

To improve our website, products, and overall customer experience.

Marketing

With your consent, to send promotional offers and newsletters. You can unsubscribe anytime.

Cookies & Tracking

We use cookies and similar technologies to enhance your browsing experience and analyze site traffic.

Required for the website to function properly. These enable basic features like shopping cart and secure checkout.

Help us understand how visitors interact with our site using Google Analytics. All data is anonymized.

Used to show relevant advertisements. These are only activated with your explicit consent.

You can manage your cookie preferences in your browser settings at any time.

Third Party Services

We work with the following data processors. All processors have signed Data Processing Agreements (DPAs) with us:

  • Shopify Inc. – E-commerce platform (Canada & USA, DPF + SCCs)
  • Stripe, Inc. – Payment processing (USA, DPF + SCCs)
  • DHL & InPost – Shipping and delivery (EU)
  • Google LLC – Analytics (GA4), Gemini AI (language processing), Imagen 4 (AI image generation), Cloud Storage (stores uploaded print files). USA, EU-US Data Privacy Framework + SCCs.
  • Anthropic – AI-powered features (USA, SCCs)
  • Resend Inc. – Transactional email (USA, SCCs)
  • ElevenLabs – Audio/TTS features (USA, SCCs)
  • Judge.me – Product reviews (USA, SCCs)
  • Sentry – Error monitoring (USA, DPF + SCCs)
  • Microsoft Corporation (Clarity) – User experience analytics (USA, DPF + SCCs)
  • Fakturownia sp. z o.o. – Invoice management (Poland, EU – no transfer outside EEA)
  • Vercel Inc. – Website hosting and CDN (USA, SCCs)
  • Upstash Inc. – Cache and session storage (EU-West region)
  • TikTok (ByteDance) – Marketing and advertising (USA, Singapore, SCCs + TIA)

Automated Decision-Making and Profiling

In accordance with GDPR Art. 13(2)(f), we inform you about automated processing of your data:

Behavioural Profiling

We analyse browsing patterns (pages visited, time spent, products viewed) to classify your shopping intent into categories (e.g., casual browser, ready-to-buy). This helps us personalise your experience and show relevant content. No automated decisions with legal effects are made based solely on this profiling.

Marketing Personalisation

With your marketing consent, we use your purchase history and browsing behaviour to show you relevant advertisements on third-party platforms (Meta, TikTok, Google). You can opt out by withdrawing marketing consent in cookie settings.

You have the right to object to profiling under GDPR Art. 21. To exercise this right, contact us at support@bolotstudio.com or withdraw marketing consent in your cookie settings.

GDPR Protected

Your Privacy Rights

Under GDPR and other privacy regulations, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of any inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data from our systems.

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing of your data for direct marketing.

Withdraw Consent

Withdraw your consent for data processing at any time.

To exercise any of these rights, contact us at support@bolotstudio.com

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all data transmission
  • Restricted access to personal data on a need-to-know basis
  • Secure data storage with regular encrypted backups
  • Continuous security monitoring and threat detection

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards:

Shopify Inc.

Canada & USA

EU-US Data Privacy Framework & Standard Contractual Clauses (SCCs)

Stripe, Inc.

USA

EU-US Data Privacy Framework & Standard Contractual Clauses (SCCs)

Google LLC

USA

EU-US Data Privacy Framework

Microsoft (Clarity)

USA

EU-US Data Privacy Framework & Standard Contractual Clauses (SCCs)

TikTok (ByteDance Ltd.)

USA, Singapore, and potentially the People's Republic of China

Standard Contractual Clauses (SCCs) + Transfer Impact Assessment (TIA) conducted. TikTok For Business has committed to GDPR-compliant data handling under their Data Processing Addendum. Data transferred to China only for operational purposes under applicable SCCs. You may request our TIA documentation at support@bolotstudio.com.

You can request information about the specific safeguards in place by contacting us at support@bolotstudio.com.

We have conducted a Transfer Impact Assessment (TIA) for TikTok data transfers as required following Schrems II. The assessment is available on request.

Data Retention

We retain your personal data for specific periods based on the purpose of processing:

Order & Transaction Data

10 years from order date (required by Polish accounting law Art. 74(2))

Account Information

Until account deletion request or 3 years of inactivity

Marketing Preferences

Until consent withdrawal, or maximum 3 years from last active engagement

Uploaded Photos

Maximum 90 days from upload, or immediately upon removal from cart

Analytics Data

26 months (anonymized)

Customer Support Records

3 years from last interaction

Consent Records

3 years (GDPR compliance documentation)

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Policy Updates

We may update this privacy policy from time to time. Significant changes will be communicated via email or a prominent notice on our website before they take effect.

Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with your local data protection authority. In Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl, tel. 606-950-000. You may also contact the data protection authority in your country of residence.

President of the Personal Data Protection Office (UODO)

ul. Stawki 2, 00-193 Warsaw, Poland

www.uodo.gov.pl · 606-950-000

Frequently Asked Questions

No, absolutely not. We never sell, rent, or trade your personal data to third parties. Your information is only shared with service providers necessary to fulfill your orders (payment processing, shipping) and they are contractually bound to protect your data.

Send an email to support@bolotstudio.com with your request. We will process your deletion request within 30 days. Please note that we may need to retain certain data for legal or accounting purposes, but we will inform you of any such requirements.

Your photos are stored securely on encrypted servers and used solely to create your custom prints. We never share, sell, or use your photos for any other purpose. You can request deletion of your photos at any time, and they will be permanently removed from our systems.

Your photos are deleted in two cases: (1) Immediately when you remove the item from your cart, or (2) Automatically after 90 days from upload. This ensures your data is never kept longer than necessary.

Yes! Essential cookies are required for basic functionality (shopping cart, checkout), but you can decline analytics and marketing cookies while still using our site. Use your browser settings to manage cookie preferences.
GDPR Compliant
Secure Data Storage
We Never Sell Your Data

Explore More

Cookie PolicyTerms of ServiceContact

Privacy Questions?

Our team is here to help with any questions about your data or privacy rights. We typically respond within 24-48 hours.

Contact Us