Your shopping cart is empty!
At KULER d.o.o. (hereinafter referred to as the “provider”), we want you to feel safe and comfortable while visiting the TOSN.eu online store (hereinafter referred to as the “website”). We find it extremely important to give you the right and ability to decide on the use of your data. The purpose of this privacy policy is to inform customers or visitors of the website about the purposes and basis for processing personal data by the provider.
In the following sections, we inform you about the type, scope, and methods of processing your personal data. We may amend or supplement this privacy policy at any time without prior notice or warning. By using the website after any changes or additions, you agree to these changes and additions.
All our activities and data processing comply with European legislation (General Data Protection Regulation or GDPR) and the national laws of the Republic of Slovenia (ZVOP-1, ZEPT, and ZEKom-1). This privacy policy addresses the handling of information and data collected from you when you visit the website.
1. General data processing
The controller of personal data is the company KULER d.o.o., Cesta k Tamu 12, 2000 Maribor, Slovenia.
When opening and using the website, various information and data are exchanged between your device and the server, including personal data as per the EU General Data Protection Regulation. In the following sections, we present this data exchange and define its usage, interest, and reasons. The data processing software and marketing tools we use are fully GDPR-compliant, ensuring the security of your data.
The website is accessible via the secure HTTPS protocol, ensuring encrypted connections and data exchange, and our servers are updated to the latest versions, enhancing security.
2. Personal Data and Processing
Personal data is information that identifies you as a specific or identifiable individual. In accordance with the purposes defined in this privacy policy, the provider collects the following personal data:
- Basic user information, collected only when placing an order on the website (name, surname, residential address).
- Data on users' purchases and issued invoices.
- Information from voluntarily completed forms by users.
- Device IP address.
- Date and time of access.
- URL address of the website and referring URL (channel and campaign – the way visitors accessed the website).
- Time spent on the website, number and URLs of pages visited, and total visit duration.
- Browser type and operating system used.
The provider does not collect or process your personal data unless you allow or consent to it, or there is a legal basis and a legitimate interest in processing the data.
3. Data processing based on law or contractual relationship
3.1. Purchase in the online store
When concluding and performing a contract with the provider (in the case of purchasing in the online store), personal data must be provided to enter into the contract. Processing of orders in the online store is not possible without providing personal data. Thus, a legitimate interest of the provider exists in fulfilling the contract, according to Article 6 of the GDPR.
3.2. Sending promotional messages
In accordance with Article 158, paragraph 2 of ZEKom-1, the provider may send you promotional messages about sales or new items to the email address you provided during your order or when you subscribed through the website’s popup window. Under no circumstances does the provider disclose your email address to third parties, and you can always unsubscribe from promotional messages by clicking on the link in the message. The provider respects your choice, and the unsubscribe process is automated and takes effect immediately.
4. Data processing based on legitimate interest
In accordance with GDPR, the provider may also process data based on legitimate interest. The provider strives to ensure that individual rights and freedoms always outweigh these interests. If you do not wish for data processing or wish to have data deleted or processing terminated, please notify us via email at dpo@kuler.si.
4.1. General statistical processing
To optimize the website, monitor its proper functioning, analyze sales, repeat purchases, and customer behavior, as well as for business optimization and measuring business effectiveness, we use Google Analytics. We monitor sales by sales channels, the number of returning customers, quantity and value of purchases, campaign responses, and general visit statistics. We anonymize IP addresses so that your IP address is never transferred. Once anonymized, it is impossible to link your identity, so Google Analytics cannot associate your device with other Google data.
4.2. Access to order history and other data
When you call or email, provider employees may access your order history and personal data if you provide personal details or an account/order number. This access enables them to offer you better service and solutions for any claims.
4.3. Customized communication with existing and potential customers
We use personalized communication (via email, browser notifications, or social networks) to present relevant offers, discounts, and other content that may be of interest to you based on your past interactions with our website. We use your demographic data (gender, age, and location), purchase history (purchased products, number of purchases), responses to products (email opens, link clicks), and browsing behavior on the website, which may trigger personalized messages.
When using personalized communication, we do not create user profiles or analyze your personal data but only process data based on larger groups, making individual identification impossible.
4.4. Use of Facebook advertising tool “Custom Audience”
The provider also uses Facebook Custom Audience in the context of customized communication, as mentioned in the previous section. The service is performed based on legitimate interest or based on your consent. Facebook Custom Audience works by uploading your email, which you entered during the purchase process or voluntarily, to Facebook, which matches it with your Facebook profile if it exists. Facebook then adds you to the Custom Audience list, allowing us to display tailored ads.
5. Data processing based on consent
The provider may process and collect your personal data if you consent, for verifying and ensuring that you access and use your online account created by registering on the website and sending promotional messages and other content via email, when there is no other legal basis, and you have expressly consented to it. The provider may also process and collect your personal data for other purposes but only if you have been precisely informed and have given explicit consent.
If you do not wish for data processing or want data deleted or processing terminated, please notify us via email at dpo@kuler.si.
5.1. Profiling potential and existing customers based on explicit consent
Based on the provided consent, the provider may carry out advanced customized communication through various marketing channels. This allows us to present the best offers tailored to you based on your demographic data, purchase history, website behavior, and your responses and clicks on the website. Based on consent and personal data, we can create a user profile to serve the best and personalized offers.
6. Use of the contact form
By using the contact form on the website, your data (message content and email address) is sent to our mail server owned by Google. We store this data exclusively for correspondence purposes and do not share it with third parties or use it for marketing purposes.
7. Submitting an order in the online store
When you place an order in the online store, the following data is stored on the server:
- Device IP address, date, and time of the order
- Your email and phone number if provided
- Your name, surname, and billing address, and any delivery address if different from the billing address
- Company tax number and company name if provided
- Ordered products, payment, and delivery methods
- If you selected payment by credit card or PayPal, our website never stores or possesses credit card or payment processor data.
Our server transfers your data to an accounting program owned by a Slovenian company that meets the standards required by the EU General Data Protection Regulation. We also transfer your data to the DPD d.o.o. program for processing and delivery to your address.
8. Cookies
To ensure an excellent user experience, maintain statistics, and monitor website performance, we use cookies. Our analytical cookies anonymize the IP address, so your personal data is not shared with third parties. For more information about cookies, click here.
9. Data retention
The provider stores your data for as long as necessary to achieve the purpose for which personal data was collected and processed. If a specific law requires data retention for a certain period, the provider processes this data in accordance with that law.
If you placed, completed, and received an order, we store order data on the server for 2 years from the date of your receipt. We store data solely to provide quick resolution of any warranty-related claims. If you request the deletion of your data from our databases, we can delete it sooner, except for data on the invoice, which cannot be deleted under legislation and must be retained for 5 years.
Data in analytical tools (Google Analytics) is deleted after 26 months.
10. Data processing based on a contract
By using the website, you acknowledge that the provider may entrust your personal data to other contractual processors who may only process the data on behalf of the provider and within the provider’s authorization. The company collaborates with the following contractual processors:
- Provider of accounting and customer relationship management software (Cebelca.biz),
- Accounting service,
- Email service provider (e.g., Google Mail, Mailerlite)
- Payment system provider (e.g., PayPal, Stripe)
- Web advertising solution providers (e.g., Facebook, Google)
Your privacy is important to us, so the provider will never disclose your personal data to unauthorized third parties. The provider exclusively selects verified contractual processors with GDPR-compliant software. Data processors do not send data to third countries outside the EU, except for the US. All US-based contractors are members of the Privacy Shield.
11. Your data processing rights and contact person
In accordance with Articles 15, 16, 17, 18, 20, and 21 of the EU General Data Protection Regulation, you have the right to obtain information about your personal data stored with us, the right to correct and complete data, the right to delete data, the right to restrict data processing, the right to object, and the right to data portability.
You can submit a request for the data we store via email at dpo@kuler.si or in writing to the company's address (KULER d.o.o., Cesta k Tamu 12, 2000 Maribor). You may also request deletion or modification of data via this email.
For more information on data processing and additional questions, you can contact our company representative, Matej Koren, via the email above or by sending a written request to the company's address.
