Razširjeno obvestilo o varstvu podatkov
Zadnja posodobitev: 1. maj 2026 · Dopolnilo k naši Politiki zasebnosti
Na tej strani
1. Pravice GDPR podrobno
Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you is being processed, and access to that data along with supplementary information. We will provide a copy of the personal data undergoing processing free of charge.
Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data. You can update most of your data directly in your account settings.
Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of your personal data ("right to be forgotten"). We will comply unless retention is required for legal obligations (e.g. tax and commercial law retention periods), defence of legal claims, or public interest.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g. CSV or JSON). You may also request that we transmit this data directly to another controller where technically feasible.
Right to Object (Art. 21 GDPR)
You have the right to object to the processing of your personal data based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
2. Pretoki podatkov
The following diagram illustrates how your data flows through our systems:
3. Obdelovalci tretjih oseb
We engage the following categories of data processors under GDPR-compliant data processing agreements (Art. 28 GDPR):
| Obdelovalec | Namen | Kategorije podatkov | Lokacija |
|---|---|---|---|
| Shopware AG | E-commerce platform hosting | All customer and transaction data | Germany / EU |
| Stripe, Inc. | Payment processing | Payment data, billing address | EU / US (SCCs) |
| PayPal Europe | Payment processing | Payment data, email | Luxembourg / EU |
| DHL / UPS | Shipping and logistics | Name, shipping address, phone | Germany / EU / US |
| Google Ireland | Analytics (anonymised) | Pseudonymised usage data | Ireland / EU |
| SendGrid (Twilio) | Email delivery | Email address, order reference | EU / US (SCCs) |
4. Obdobja hrambe
| Kategorija podatkov | Obdobje hrambe | Pravna podlaga |
|---|---|---|
| Order and invoice data | 10 years | §257 HGB, §147 AO |
| Customer account data | Duration of account + 3 years | Legitimate interest |
| Payment data | As per order data (10 years) | Legal obligation |
| Server access logs | 30 days | Legitimate interest (security) |
| Analytics (anonymised) | 26 months | Consent / legitimate interest |
| Marketing consents | Until withdrawal | Consent (Art. 7 GDPR) |
5. Mednarodni prenosi podatkov
Your data is primarily processed within the European Union. Where data is transferred to third countries, we ensure an adequate level of data protection through:
- EU Standard Contractual Clauses (SCCs) — approved contractual safeguards with processors outside the EU
- EU-US Data Privacy Framework — for processors certified under the framework
- Adequacy decisions — transfers to countries recognised by the EU Commission as providing adequate data protection
For details on specific transfers, contact our DPO.
6. Postopek pri kršitvi podatkov
In the event of a personal data breach, we follow the notification requirements of Art. 33 and Art. 34 GDPR:
- Supervisory authority: We notify the competent supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals
- Affected individuals: We notify affected data subjects without undue delay when a breach is likely to result in a high risk to their rights and freedoms
- Documentation: All breaches are documented including the nature of the breach, categories and approximate number of data subjects, and remedial actions taken
Uveljavite svoje pravice
Za uveljavljanje katerih koli pravic GDPR ali za vprašanja o varstvu podatkov kontaktirajte našega pooblaščenca za varstvo podatkov.