Privacy Policy
Cookies & Privacy Policy
Last updated: May 2026
1. Data Controller
Spodnja Ščavnica 20, 9250 Gornja Radgona, Slovenia
Company registration number: 8537208000
VAT ID: SI94458251
Email: tomo@gastro-oprema.si
Phone: +386 31 310 101
The data controller is committed, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Slovenian data protection legislation, to carefully protecting personal data collected through gastro-oprema.si and not sharing it with third parties or using it for purposes other than those described in this document.
2. Cookies
The gastro-oprema.si website uses cookies to ensure the proper functioning of the online store and to provide a better user experience. Upon your first visit, you will be informed about the use of cookies and asked for your consent.
What are cookies?
Cookies are small text files that a website places on your device when you visit. Some cookies are strictly necessary for the website to function (e.g. the shopping cart), while others are optional. Cookies do not by themselves contain personal data that would allow identification of an individual.
Cookies used by this website
| Cookie name | Purpose | Duration | Source |
|---|---|---|---|
| CookieLawInfoConsent | Stores the user's cookie consent decision | 1 year | gastro-oprema.si |
| cookielawinfo-checkbox-necessary | Stores the user's decision for strictly necessary cookies | 1 year | gastro-oprema.si |
| cookielawinfo-checkbox-non-necessary | Stores the user's decision for non-essential cookies | 1 year | gastro-oprema.si |
| viewed_cookie_policy | Records whether the user has seen the cookie notice | 1 year | gastro-oprema.si |
| woocommerce_cart_hash | Checks whether the contents of the cart have changed | Session | gastro-oprema.si |
| woocommerce_items_in_cart | Stores whether the cart is empty or not | Session | gastro-oprema.si |
| wp_woocommerce_session_* | User session in the online store (cart contents, order status) | 2 days | gastro-oprema.si |
| wordpress_logged_in_* | Keeps registered users logged in | Session / 14 days | gastro-oprema.si |
| __stripe_mid, __stripe_sid | Fraud prevention for card payments (Stripe) | 1 year / session | Stripe |
Disabling cookies
You can manage and change your cookie settings at any time in your web browser. Instructions for the most common browsers:
Please note that disabling cookies may affect the functionality of the website, including the shopping cart and user login.
3. Contact Form and Email
When you contact us by email or through the contact form, we store the information you provide (name, surname, email address, phone number, message content) solely for the purpose of responding to your enquiry.
Legal basis: your consent in accordance with Article 6(1)(a) GDPR. This data is not shared with third parties and is deleted once the matter is no longer active, and no later than 2 years from the last communication.
4. What Data We Collect and Why
| Purpose | Data | Legal basis |
|---|---|---|
| Order fulfilment and delivery | Name, surname, address, email, phone, company name, VAT number | Performance of a contract — Art. 6(1)(b) GDPR |
| Invoicing | Company name, address, VAT ID, order amount | Legal obligation — Art. 6(1)(c) GDPR |
| Card payment processing (Stripe) | Payment card data (processed by Stripe — we do not store this) | Performance of a contract — Art. 6(1)(b) GDPR |
| Responding to enquiries | Name, email, message content | Consent — Art. 6(1)(a) GDPR |
| Marketing emails / newsletter | Name, email address | Consent — Art. 6(1)(a) GDPR |
5. Sharing Data with Third Parties
We do not sell personal data. We share data with third parties only in the following cases:
- Delivery carrier: your name, surname and delivery address are passed to the carrier solely for the purpose of completing the delivery.
- Stripe Inc. (card payment processor): payment card data is transmitted to Stripe via an encrypted connection. We do not store card details. Stripe's privacy policy is available at stripe.com/privacy.
- Legal obligation: where required by applicable law or competent authorities.
6. Marketing Emails and Newsletter
Where you have given us your explicit consent, we may send you marketing emails with information about new products, promotions and offers from our online store.
Your consent is voluntary and can be withdrawn at any time by:
- clicking the "Unsubscribe" link at the bottom of any marketing email, or
- sending a request to tomo@gastro-oprema.si
After withdrawal of consent, we will no longer contact you for marketing purposes. Withdrawal does not affect orders you have already placed, nor does it prevent you from receiving transactional messages (order confirmation, invoice, delivery updates).
7. Data Retention
- Order and invoice data is retained for 10 years in accordance with tax and accounting legislation.
- Contact form and email data is deleted no later than 2 years from the last communication.
- Marketing data is retained until consent is withdrawn.
- Cookies are deleted in accordance with the durations listed in the cookie table above.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — you may request information about what data we hold about you.
- Right to rectification — you may request correction of inaccurate or incomplete data.
- Right to erasure — you may request deletion of your data where there is no legal basis for its retention.
- Right to restriction of processing — you may request that we temporarily limit the processing of your data.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interest.
- Right to withdraw consent — you may withdraw consent for any processing based on consent at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at tomo@gastro-oprema.si. We will respond to your request within 30 days.
If you believe your rights have not been respected, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia: www.ip-rs.si, Dunajska cesta 22, 1000 Ljubljana.
9. Data Security
We use appropriate technical and organisational security measures to prevent unauthorised access to personal data, including SSL/TLS encryption, restricted access controls and secure data storage. Payment card data is not stored by us — all card processing is handled exclusively by Stripe through a PCI DSS certified payment system.
10. Social Media
This website contains links to Facebook and Instagram. By clicking on the icon of a social network, a direct connection to that platform is established, which may receive your IP address and other browser data. The processing of this data is governed by the respective platform's own privacy policy. The operator of this website is not responsible for the data processing carried out by these platforms.
11. Changes to This Policy
We reserve the right to update this privacy policy at any time. The date at the top of this document will be updated with each change. For significant changes (e.g. introduction of new tracking tools), we will also notify users via a notice on the website.
This document is valid from May 2026.
Gostilna Križan, Maja Križan s.p. | Spodnja Ščavnica 20, 9250 Gornja Radgona, Slovenia | Registration no.: 8537208000 | VAT ID: SI94458251
