pon.-čet.: 9.00 - 16.00,
pet.: 9.00 - 13.00.
Sobote nedelje in prazniki zaprto

Privacy and Personal Data Protection

PRIVACY AND COOKIES

We use multiple security and protection systems on our websites to prevent data loss, unauthorized alterations, or misuse. Without your explicit consent, we will not share, sell, or exchange your personal data with any other institution, company, or individual.

DATA CONTROLLER

The data controller is CEY d.o.o., Brnčičeva ulica 13, Ljubljana.

PERSONAL DATA

Personal data is any information that identifies you as a specific or identifiable individual. An individual is identifiable when they can be directly or indirectly identified, particularly through an identifier such as a name, identification number, location data, online identifier, or by referring to one or more factors characteristic of their physical, physiological, genetic, mental, economic, cultural, or social identity.

In accordance with the purposes outlined in this Privacy Policy, we collect the following personal data:

  • Basic user information (name and surname, residential address, location);
  • Contact details and communication records with the controller (email address, phone number, date, time, and content of email or postal communication, date, time, and duration of phone calls, call recordings);
  • Acquisition channel and campaign – how the user was acquired or the source of contact with the controller (website, advertising campaign, call center, physical store);
  • Purchase and billing information (date and location of purchase, purchased items, item prices, total purchase amount, payment method, delivery address, invoice number and date, identifier of the person issuing the invoice, etc.), and details related to product complaints;
  • Website usage data based on IP address (anonymized, visit dates and times, visited pages or URLs, time spent on pages, number of pages visited, total visit duration) and interaction with received messages (emails, SMS);
  • Data provided voluntarily via forms (e.g., participation in contests or inquiries);
  • Other voluntarily provided information for specific services that require such data.

We do not collect or process your personal data unless you enable or consent to it (e.g., when ordering products or services, subscribing to e-newsletters, participating in contests) or if there is a legal basis or legitimate interest for processing.

The retention period of collected data is further specified in the “Data Retention” section of this Policy.

PURPOSES AND LEGAL BASES FOR DATA COLLECTION

We collect and process personal data based on:

  • Legal and contractual obligations
  • Your consent
  • Legitimate interests

PROCESSING BASED ON LEGAL AND CONTRACTUAL OBLIGATIONS

When the provision of personal data is a contractual requirement or a legal obligation, you must provide the required personal data. If you fail to do so, we cannot enter into a contract with you, nor can we provide services or deliver products, as we lack the necessary data for contract execution.

You may opt out of such communication at any time via the unsubscribe link in received messages, by written request via email, or through the settings in your user account.

PROCESSING BASED ON LEGITIMATE INTERESTS

We may process data based on our legitimate interests, provided that these do not override your fundamental rights and freedoms. If we rely on legitimate interests, we always conduct an assessment in accordance with the General Data Protection Regulation (GDPR).

PROCESSING BASED ON CONSENT

We collect and process your personal data for the following purposes if you give your explicit consent:

  • Access and use of your online account and our online store;
  • Access to specific information available through our website and your user account;
  • Preparation and delivery of personalized e-newsletters if you have subscribed;
  • Sending promotional offers via email, SMS, postal mail, or phone calls, when no other legal basis exists;
  • Any other purposes for which you have explicitly consented.

USER PROFILING BASED ON CONSENT

With your consent, we conduct customized communication via various channels (email, SMS, phone calls, postal mail, browser notifications, website content, social media).

To tailor our offers and content to your specific needs, we create a user profile based on the following data:

  • Demographic information (gender, date of birth/age, address), if available and voluntarily provided;
  • Purchase history (purchased items, purchase timing, frequency of purchases);
  • Responses to surveys on our websites;
  • Behavior on our website (viewed products, added items to cart, online transactions);
  • Responses to our messages (email openings, link clicks, purchases).

Based on your user profile, we adjust:

  • The products and content we show you to maximize relevance;
  • The offers you receive (frequent buyers may receive better offers);
  • The frequency and channels of communication.

If you no longer wish to receive personalized communication, you can withdraw your consent at any time via the unsubscribe link in received messages or by sending a written request to our email.

DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purpose for which it was collected.

  • Legally required data is stored for the period prescribed by law.
  • Contractual data is stored for the duration of the contract plus five years after its termination (or longer in case of disputes).
  • Data processed based on consent or legitimate interest is retained until consent is withdrawn or the purpose is fulfilled.

Upon expiration of the retention period, we permanently delete or anonymize the data.

THIRD-PARTY DATA PROCESSING

We may entrust certain tasks related to your data to authorized third-party processors, such as:

  • Accounting services, legal firms, and consultants
  • Data processing and analytics providers
  • IT system maintenance providers
  • Email marketing service providers (e.g., Mailchimp)
  • Payment processors (e.g., Adyen, PayPal, Klarna, etc.)
  • Customer relationship management providers (e.g., Microsoft)
  • Online advertising solution providers (e.g., Google, Facebook)

These processors may process data only on our behalf and within the limits of our authorization. We do not disclose your data to unauthorized third parties.

COOKIES

We use cookies to enhance your browsing experience. These enable:

  • Easier login for future visits
  • Retaining your preferences for an optimized display
  • Quick access to products you previously viewed

Cookies do not collect personally identifiable information. Some cookies are necessary for website functionality, while others require your consent, especially those related to third-party services like Google, Facebook, Twitter, and YouTube. You can manage cookie settings in your browser at any time.

YOUR RIGHTS

You have the right to:

  • Withdraw consent at any time
  • Access your personal data
  • Rectify incorrect data
  • Request deletion (“right to be forgotten”)
  • Restrict data processing
  • Object to data processing
  • Data portability
  • Lodge a complaint with the supervisory authority

To exercise your rights, please contact us via email. We will respond within one month of receiving your request.

SECURITY

We take extensive measures to ensure the security of your data, protecting it from loss, destruction, unauthorized access, or misuse.

CHANGES TO THIS POLICY

By using our websites, you agree to the terms outlined in this policy. Any updates will be posted on our website.