0 €
0

Privacy policy

Effective Date: October 1, 2025 · Last Updated: October 1, 2025/

1. Controller

Kulturno društvo Endemit
Javornik 65
2390 Ravne na Koroškem, Slovenia

Registration Number: 2943166000
Tax Number: 64212424
Email: endemit@endemit.org

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Slovenian data protection laws.

2. Data We Collect

2.1 Information You Provide

  • Name and contact details (email, postal address, phone)
  • Payment information (processed by Stripe)
  • Order and purchase history
  • Newsletter subscription preferences

2.2 Automatically Collected Information

  • Analytics data via Google Analytics (IP address, browser type, device information, pages visited, time spent)
  • Usage patterns and preferences

2.3 Cookies We do not use cookies on our website.

3. How We Use Your Data

We process your personal data for the following purposes:

3.1 Order Processing (Legal Basis: Contract Performance)

  • Processing and fulfilling your orders
  • Sending order confirmations and updates
  • Managing payments and invoicing
  • Delivering digital products and shipping physical products

3.2 Customer Service (Legal Basis: Contract Performance)

  • Responding to inquiries and support requests
  • Handling complaints and disputes

3.3 Marketing (Legal Basis: Consent)

  • Sending newsletters and promotional emails (only if you subscribe via Email Octopus)
  • Informing you about events, products, and services

3.4 Legal Obligations (Legal Basis: Legal Compliance)

  • Maintaining records for tax and accounting purposes
  • Complying with statutory retention requirements

3.5 Analytics (Legal Basis: Legitimate Interest)

  • Understanding website usage patterns
  • Improving our platform and services

4. Data Sharing

We share your data only in the following circumstances:

4.1 Service Providers

  • Stripe: Payment processing (credit card transactions)
  • Email Octopus: Newsletter management (only if you subscribe)
  • Google Analytics: Website analytics
  • Shipping carriers: Delivery of physical products

4.2 Legal Requirements We may disclose your data if required by law, court order, or governmental authority.

4.3 No Sale of Data We do not sell, rent, or trade your personal data to third parties.

5. International Data Transfers

Some of our service providers (Stripe, Google Analytics, Email Octopus) may transfer data outside the EU/EEA. These transfers are protected by:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the EU Commission
  • Other appropriate safeguards under GDPR

6. Data Retention

Purchase Data: We retain order and customer data for 2 years from the date of purchase, or longer if required by tax or legal obligations (typically up to 10 years for accounting records).

Newsletter Subscriptions: We retain your email address until you unsubscribe.

Analytics Data: Google Analytics data is anonymized and retained according to our analytics configuration (typically 26 months).

7. Your Rights

Under GDPR, you have the following rights:

7.1 Right of Access
Request a copy of your personal data we hold.

7.2 Right to Rectification
Correct inaccurate or incomplete data.

7.3 Right to Erasure
Request deletion of your data (subject to legal retention requirements).

7.4 Right to Restriction
Request limitation of data processing in certain circumstances.

7.5 Right to Data Portability
Receive your data in a structured, machine-readable format.

7.6 Right to Object
Object to processing based on legitimate interests or for marketing purposes.

7.7 Right to Withdraw Consent
Withdraw consent for newsletter subscriptions at any time.

7.8 Right to Lodge a Complaint
File a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec):
Website: https://www.ip-rs.si
Email: gp.ip@ip-rs.si

8. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or alteration. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

Our services are not directed at individuals under 18 years old. We do not knowingly collect data from minors.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. Significant changes will be communicated via email.

12. Contact Us

For questions, concerns, or to exercise your rights:

Email: endemit@endemit.org
Address: Kulturno društvo Endemit, Javornik 65, 2390 Ravne na Koroškem, Slovenia