Privacy policy

With this Privacy Policy, we aim to transparently inform you about which personal data we collect, how we process it, for what purposes, on what legal basis, and what rights you have regarding your personal data.

The controller of the online store is:

Outclimb d.o.o.
Jelovškova ulica 19
1241 Kamnik
Slovenia

Company registration No.: 8986606000
VAT ID No.: SI19406223
Email: info@postenah.si
Phone: +386 51 206 701

The controller operates the website www.postenah.si, built and hosted on the Shopify Inc. platform.

1. Personal Data We Collect

We collect only the data necessary to provide services, fulfill legal obligations, pursue legitimate interests, or data for which you have given consent.

1.1 Data you provide

  • first and last name

  • delivery and billing address

  • contact email address

  • phone number

  • order information

  • invoicing details

  • data provided via email or contact forms

  • account data (if you create an account)

1.2 Data collected automatically (Shopify)

  • IP address

  • device and browser data

  • general location data (not precise)

  • time of visit and pages viewed

  • referring URL (how you reached the site)

  • cookies and similar tracking technologies

1.3 Data from third parties

  • payment processors (e.g. Stripe, PayPal)

  • shipping providers

  • analytics and marketing providers (e.g. Meta, Google – if installed)

2. Purpose of Processing and Legal Basis

2.1 Order processing and contract performance

  • processing and delivery of orders

  • issuing invoices

  • order status notifications

Legal basis: Article 6(1)(b) GDPR – performance of a contract

2.2 User account creation

Legal basis: Article 6(1)(b) GDPR

2.3 Customer communication / support

Legal basis:

  • contract performance

  • legitimate interest (Article 6(1)(f)) – e.g. responding to inquiries, preventing misuse

2.4 Email marketing and newsletters

Only with explicit consent.

Legal basis: Article 6(1)(a) GDPR

2.5 Cookies and analytics

Website analytics, behavioral marketing, ad performance measurement, etc.

Legal basis: consent (except strictly necessary cookies)

2.6 Legal obligations

  • storage of invoices in accordance with the law

  • ensuring security

  • handling complaints

Legal basis: Article 6(1)(c) GDPR – legal obligation

3. Use of Shopify – Data Transfers

The online store postenah.si is built on the Shopify Inc. platform, therefore certain data may be processed on servers outside the EU, primarily in Canada and the United States.

Shopify provides:

  • Standard Contractual Clauses (SCCs)

  • compliance certifications

  • security measures for data protection

  • technical and organizational safeguards

More information: Shopify Data Processing Addendum (DPA) and Shopify Privacy Policy.

4. Data Retention Periods

 

Purpose Retention period
Order processing 6 years (in accordance with VAT law)
User account until account deletion
Communication 2 years after completion
Marketing until consent is withdrawn
Analytics based on cookie duration or up to 26 months (Google Analytics)
Complaints up to 5 years after contract fulfillment

 

5. Who Has Access to Your Data (Processors)

We share your data only with trusted contractual partners:

5.1 Shopify (platform and hosting)

Processes and stores data technically.

5.2 Payment processors

  • Stripe

  • PayPal

  • Shopify Payments

These data are processed directly by the providers and are not visible to us.

5.3 Shipping providers

  • Pošta Slovenije

  • GLS, DHL, DPD, etc. (depending on delivery method and destination country)

5.4 Accounting

– for legally required invoicing and documentation

5.5 Marketing and analytics tools (if installed)

  • Google Analytics

  • Meta Pixel

  • Klaviyo / Mailchimp (email marketing)

We have concluded appropriate Data Processing Agreements (DPA) with all processors.

6. Cookies

The website uses:

Strictly necessary cookies

For website functionality (cart, login, server security).

Analytics cookies

Google Analytics, Shopify Analytics.

Marketing cookies

Meta Pixel, Google Ads, remarketing tags – only with consent.

Upon first visit, users are presented with a cookie consent banner, allowing them to select cookie preferences.

7. User Rights

Under GDPR, you have the right to:

  • access your personal data

  • rectify inaccurate data

  • erasure (“right to be forgotten”)

  • restrict processing

  • object to processing

  • data portability

  • withdraw consent

  • lodge a complaint with the supervisory authority (Information Commissioner – ip-rs.si)

Requests can be sent to: info@postenah.si

8. Data Security

The controller implements:

  • HTTPS/TLS encryption

  • secure Shopify servers

  • access control

  • audit logs

  • backups

  • protection against abuse and attacks (firewalls, anti-bot systems)

9. Transfers to Third Countries

Data may be transferred outside the EU (e.g. USA, Canada) where required for Shopify or tools such as Google/Meta.

Transfers are carried out exclusively based on:

  • Standard Contractual Clauses (SCCs)

  • additional safeguards

  • contractual obligations of processors

10. Policy Updates

This policy may be updated due to:

  • changes in legislation

  • business changes

  • website upgrades

The current version is always available at: www.postenah.si

11. Contact for Privacy Questions

Outclimb d.o.o.
Email: info@postenah.si
Phone: +386 51 206 701