Privacy Policy

Grashka d.o.o.

Updated: 16 January 2026

At Grashka d.o.o., we are committed to protecting your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently, in accordance with the General Data Protection Regulation (GDPR) and applicable national legislation.

1. Data Controller

The data controller of this website and online store is:

Grashka d.o.o.

Graška Gora 21

2381 Podgorje pri Slovenj Gradcu

Slovenia

Email: info@grashka.co

2. Purposes of Data Processing

We process personal data for the following purposes:

  • fulfillment of orders and delivery of products,
  • communication related to orders and customer support,
  • operation, maintenance, and improvement of the online store,
  • compliance with legal obligations (e.g. invoicing, accounting, fraud prevention).

With your explicit consent, we may also process data for:

  • direct marketing (email newsletters, special offers),
  • analysis of purchase behavior and website usage.

Personal data is not shared with third parties, except:

  • where required by law,
  • with service providers (e.g. delivery, IT, analytics, or marketing providers), strictly limited to what is necessary to perform their services.

3. Data We Collect

Depending on your interaction with the website, we may collect the following personal data:

  • full name,
  • email address,
  • billing and delivery address,
  • phone number (for delivery purposes),
  • IP address,
  • order history and transaction details,
  • date and time of registration or purchase,
  • communication between you and the online store.

We may also collect usage data and cookies, as described in our Cookie Policy.

4. Data Retention

Personal data is stored as follows:

  • for non-registered users: up to 2 years after the last purchase,
  • for registered users: for the duration of the account and up to 2 years after account deletion,
  • accounting and legal documentation (e.g. invoices): 10 years, as required by Slovenian tax law,
  • marketing data: until consent is withdrawn.

5. Delivery Providers

For the purpose of delivering orders, we share the following data with delivery service providers:

  • full name,
  • delivery address,
  • contact phone number.

Only the minimum data necessary for delivery is disclosed.

6. User Responsibilities

Users are responsible for:

  • safeguarding their login credentials,
  • using secure devices and browsers when accessing the online store.

The company cannot be held responsible for unauthorized access resulting from user negligence.

7. Data Usage for Analytics

We may use anonymized and aggregated data for:

  • internal analytics,
  • service and process optimization,
  • website performance improvements.

This data cannot be used to identify individual users.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • secure server infrastructure,
  • HTTPS encryption,
  • access controls and confidentiality obligations for staff,
  • regular backups and system monitoring.

9. Your Rights

In accordance with GDPR, you have the right to:

  • access your personal data,
  • request correction or deletion,
  • restrict or object to processing,
  • withdraw consent for marketing at any time,
  • lodge a complaint with a supervisory data protection authority.

Requests regarding personal data can be sent to: info@grashka.co