Privacy Policy

Updated: 14. 9. 2025

At Grashka d.o.o., we are committed to protecting your privacy and ensuring the safe and lawful processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

1. Data Controller

The data controller of this online store is:

Grashka d.o.o.
Graška Gora 21,

2381 Podgorje pri Slovenj Gradcu


2. Purposes of Data Processing

We process your personal data for the following purposes:

  • Fulfillment of orders and delivery of products
  • Necessary communication related to orders
  • Operation and improvement of the online store
  • Compliance with legal obligations (e.g. for invoicing or fraud prevention)
  • With your explicit consent, also for:
    • Direct marketing (email newsletters, special offers)
    • Purchase behavior analysis (e.g. product preferences)

We do not share your personal data with third parties, except:

  • when legally required (e.g. fraud investigation)
  • to service providers (e.g. delivery partners), strictly limited to what is necessary


3. Data We Collect

When you register or make a purchase, we collect:

  • Full name
  • Email address
  • Billing and shipping address
  • Phone number (for delivery purposes)
  • IP address
  • Order history
  • Time and date of registration or order
  • Any communication between you and the store

We may also collect cookies or usage data, as detailed in our Cookie Policy.


4. Data Retention

We store your personal data:

  • For 2 years after the last purchase (for non-registered users)
  • For the duration of your account and up to 2 years after account deletion (for registered users)
  • Legal documentation (e.g. invoices) is stored for 10 years, as required by Slovenian tax law

Data used for marketing purposes is stored until you withdraw your consent.


5. Delivery Providers

To ensure successful delivery, we share the following with our delivery partners:

  • Full name
  • Delivery address
  • Contact phone number

Only the minimum required data is disclosed.


6. User Responsibilities

You are responsible for safeguarding your login credentials and for using a secure device or browser when accessing our online store.


7. Data Usage for Analytics

We may use anonymized and aggregated data for:

  • Internal analytics
  • Service optimization
  • Website performance improvements

This data cannot be linked back to an individual user.


8. Security Measures

We implement technical, organizational, and procedural safeguards, including:

  • Secure server infrastructure
  • HTTPS encryption
  • Access control and staff confidentiality agreements
  • Regular data backups and monitoring


9. Your Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw marketing consent at any time
  • File a complaint with a data protection authority