Barion Pixel

We are pleased that you are visiting our website, and we appreciate choosing our services. We value your trust and privacy, which is not a matter of PLAY to us! And to honour that, in our Privacy & Cookie Policy we aim to  give you straightforward, detailed and hopefully easy-to-understand information on how and why we collect and process your personal data, what is our legal basis to do so, to whom it is transferred to and for what reasons, and what rights you have regarding it. We would also like to ensure you that we are committed to do our best to protect your data in accordance with the relevant EU GDPR regulations, and with Slovenian data protection law (ZVOP-1).

We regularly review our policy, and in cases of changes of law and / or our operation or marketing tools, we update it, so please do come back regularly to keep yourself up to date. This Policy is effective from: 1st July, 2022.

Disclaimer: We do our best to provide all information precisely in English as well. But please note that it is not an official translation. Without any responsibility for the correct translation – for all legal relationships, Slovenian rights and the original, valid Slovenian language Privacy & Policy (Politika zasebnosti in piškotkov) is always overriding.


1. Data Controller

The controller in charge (later referred to as ’company’, ’we’, ’us’ or ’our’) of the website of within the meaning of the General Data Protection Regulation (GDPR) is:

Name: Playgency d.o.o.
Registered address: Črniče 79E, 5262 Črniče, Slovenia
Registration number: 8887438000
Phone: +386 69 951 390

Mitja Kastelic, personally oversees questions in relation to this privacy policy, and if you have any questions, including any requests to exercise your legal rights, please contact him using the details set out above. We do not pursue any activity that would make it necessary an appointment of a DPO.

Hosting provider
Name: d.o.o. 
Registered address: Cesta železarjev 8b, 4270 Jesenice, Slovenia
Phone: +386 45835048


2. The aim of the Privacy Policy

The aim of the Privacy Policy is to ensure that, in accordance with the EU GDPR regulations and Personal Data Protection Act (ZVOP-1), we  are committed to protect your personal data. Personal data is all the data with which you can be personally identified. We only ask for data that is absolutely necessary to provide the services you request us to do, and we undertake the obligation to safeguard it, and use it only for the time required in order to serve the purpose(s) it was collected for. We will not sell or forward it to any third parties without your knowledge and previous consent (so as stated and accepted in this policy), with the very rare exception it is required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).   By visiting and using our website, you are accepting and consenting to the practices described in this policy. By providing us with your data, you also warrant to us that you are over 13 years of age. This website is not intended for children and we do not knowingly collect data relating to children. If we become aware that personal information from a child under the age of 13 has been collected, we use reasonable efforts to delete such information from our database.

3. High security standards

This website uses Secure Socket Layer (SSL) encryption to ensure high security standards, and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line, that we automatically enforce during your visit for our shop’s and for your personal data’s security. To protect our website and database we also use other security measures, for example a security program monitoring and blocking suspicious and malicious activity. We also use strong passwords, double identification where possible, as well as physical protection. Please note that you are also responsible for your security on the internet, therefore we recommend to use an anti-virus program.

4. Third-party links

This website contains third-party links (e.g. the webpages of our partners). Clicking on those links allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read on arrival the privacy notice of every website you visit.


5. Data collection when visiting our site

When you visit our website and browse it for your information, you have to allow for strictly necessary cookies (needed for the operation of the website), and you can decide by opting in our about allowing functional cookies (not needed but making the user experience better) as well as cookies for marketing purposes.

In case you do not give permission for using your data for marketing purposes, we only collect statistical data

We see the following data in a daily breakdown, all in aggregated form:

  • number of visits of our webpage (and that of the different sub-pages);
  • the country of the visitor;
  • the referrer of the visit (if you have arrived directly, through search engines or a social media link);
  • and if any third-party links have been clicked-through.

Aggregated data is not personal data as this data does not reveal your identity in any direct or indirect way!

As for every website you visit, your IP address though – which in some states is considered as a personal data already – is kept by the hosting company in so-called server log files if you pay a visit. These files are essential for loading and displaying the webpage in your browser, to maintain and monitor the website security and troubleshoot the website if necessary – so practically for the operation of the website. Our hosting company keeps these files for 30 days, which get automatically deleted afterwards. The data is not passed or used in any other way. We do not have a direct access ourselves to these files, only if we request it, which we reserve the right to do so in case there is an indication of malicious activity against our website, or concrete indications of illegal use.

6. Contacting us

When you contact us personal data is collected. When you contact us through:

  • contact form: we ask for your name, email address and optionally for your phone number (see more 17. Website contact form);
  • email: you again provide us with your name and email address;
  • phone: you usually provide us with your telephone number (if the number is not set invisible), and any other personal data you share during the conversation (like your name).

These data is collected and used exclusively for the purpose of responding to your enquiry, request or for establishing contact in order for the associated technical administration. The legal basis for processing data is  your consent in responding to your request in accordance with Art. 6 (1) point a) GDPR. Your data will be deleted after final processing of your enquiry: so if we can infer from the circumstances that the question has been finally clarified, provided that there are no legal storage obligations to the contrary. As a secondary measure, we also overview our mailbox if all data has been deleted every 6 months.

If your contact is aimed at concluding a contract, so to ask for an offer or make an order), the additional legal basis for our data processing is Art. 6 (1) point b) GDPR.

7. Making an order

Pursuant to Art. 6 (1) point b) GDPR, we collect your personal data when you make an order with us. You can make an order on our site with registering a customer account, or as a visitor without registration. We store and use the data provided by you in both cases for contract processing and execution (namely billing, payment, shipping). In case you do not provide the data requested, unfortunately we are unable to provide the services you request. In order to provide with our services, we rely on the services of data processors when it comes to accounting, payment or shipping. (See: V. THIRD-PARTY PROVIDERS AND DATA PROCESSORS)

After complete processing of the contract and / or deletion of your customer account, we will not store any personal data in our webshop system, but please note that all personal data required by law will be kept – in form of issued bills – in consideration of tax and commercial retention periods of 10 years and deleted after expiry of these periods in accordance with Art. 6 (1) point 3) GDPR and according to the Law on Value Added Tax ZDDV-1, the Rules on the Implementation of the Value Added Tax Act, the Tax Procedure Act, the Companies Act, the Accounting Act and Slovenian Accounting Standards.

7.1. Making an order as a visitor

If you choose to make an order as a visitor, in order to execute the contract, the following data is asked for and collected, corresponding the respective input form on our site:

  • your full name: to be able to identify you;
  • your full delivery address: to be able to deliver your order;
  • your billing address: to be able to issue a bill, which is our legal obligation;
  • your phone number: to be able to contact you more easily in case of problems with your order ; and your email address, to confirm your order, delivery, and send you the electronic bill.

If you chose to pay by bank card without leaving our site in the embedded form provided by Stripe, then you need to provide your payment details, including card holder name, bank card number and CVC code, in order for us to be able to process your payment. Please note that this data are is not collected or even seen by us, the data are collected and forwarded directly by our third-party payment provider, Stripe Inc. (see 16.) itself, under the highest security standards. All transaction information passed between our website and Stripe’s systems is encrypted using 256-bit SSL certificates. When placing a payment you agree to become the direct user of the Stripe system and accept their Terms of Service and Privacy Policy (see more 16.)

When you choose to pay by bank card using our other third-party payment provider, Barion, you are redirected to their own website where the payment takes place. The service happens separated from our website, and in order to use their services, you need to read and accept their Terms of Service and Privacy Policy when using their website. Again, all data collected by this service is not known or stored in any ways by our shop.

When you make a payment opting for a bank-transfer, we will see on the bank statement the name and bank account number where the money was sent from, and we might need to use this information to identify the order which was paid for in order to process it.

Our webshop platform also registers your IP address you make an order from, which in some states constitutes as digital personal data. The reason why our webshop’s (and other webshops’) platform collect this data is for security measures and to prevent fraud or malicious activity.

7.2. Making order with account registration

When you register a customer account – with your consent, pursuant to Art. 6 (1) point a) GDPR  – we collect your email address upon registration, and when you pursue an order, the same data is requested and collected as under 7.1. This data is also stored in the system, since that’s the reason why registrations are usually made, to make a purchase faster and easier the next time.

As a registered customer you also have exclusive access to a personal Wishlist or Waitlist on our webpage. (See more 9. Wishlist)

It is possible to withdraw your consent to storing these data and delete your customer account at any time. This can be done by sending a message to If an account is inactive for more than a year, then the account – along with any personal data provided – gets automatically deleted by our system. Please note that we are not liable for damage that would occur to the user because he provided incorrect, incomplete or inaccurate data relating to the user when registering.

7.3. Making order via email

As stated in our Terms & Conditions, under special circumstances (eg. pre-orders) you might have the possibility to place your order by sending an email to you. In this case the same data is requested as in the previous points, and we also send you and ask you to confirm that you have read and understood this policy, which is valid in that case, too.

8. Newsletter and promotional communication lists

8.1. General newsletter

On our webpage you can subscribe to receive our newsletters (including direct marketing, and promotional offers) in accordance with Art. 6 (1) point a) GDPR. When you subscribe we collect exclusively your email address without further personal information, which we use in order to deliver the service you have expressed interest in. We can and we will send you promotional emails with your previous consent. We do not only ask for a clear express of interest (aka. ticking the consent box when you subscribe) at the respective subscription forms, but also provide the possibility of a double opt-in, meaning you will receive an initial email asking for confirmation that it was the owner of the email address personally expressing an interest. From our newsletters you can unsubscribe anytime using the link in the bottom of any of our previous newsletters or by writing to us and requesting to be deleted. We will keep your personal data as long as we provide the newsletter service, or until your unsubscribe or withdraw your consent in any other way.

8.2. VIP Customer Membership (WhatsApp list)

Customers who qualify for VIP Customer Membership and offers can subscribe to our communication list operated on WhatsApp, where special offers and discounts are distributed in a message sent out 2 times a calendar months. In this case data is collected in accordance with Art. 6 (1) point a) GDPR. Customers applying initially must provide their name and a copy of previously issued invoices in order to prove they qualify for the membership, and they need to provide their phone number on which they can receive messages through the application WhatsApp. An email address is also collected at the time of application – and stored in case the membership is approved. VIP customer discount codes can only be used when making an order with a user with an eligible email address. The customer’s data is stored for the duration of the membership (12 months after approval) or until customer’s withdraw their consent. Customers can terminate their membership and withdraw their consent of receiving promotional offers by writing a WhatsApp message stating UNSUBSCRIBE on the last message they received, or by writing an email to

9. Wishlist and Waitlist

 9.1. Wishlist

If you have a registered account (see 7.2. Making an order with account registration) you also have the possibility to create a wishlist, adding products which are of future interest to you. By using the wishlist you acknowledge that we can see your added items in our system, and we might use this information to prioritise our own orders from our suppliers. We have information about your wishlist until you stop using the wishlist or delete your registered account.

9.2. Waitlist

If you have a registered account (see 7.2. Making an order with account registration) you also have the possibility to subscribe for notifications for out-of-stock items on their products page. With a logged in account, by pressing the Notify me button, your email is automatically registered, and a short communication (email) is sent out by our system once the item is available again. After the one-time communication, your email address is automatically deleted from the waitlist and is not stored or used for any other purpose any longer.

10. Our social media platforms

Related to our website we operate two social media platforms for the time being: a facebook page (Malih nog naokrog), facebook groups (Naravne igrace, naravna igra; Malih nog naokrog barátai) and an Instagram account (malihnognaokrog or takoseigramo) in order to promote our activity and causes, share related news, blog posts, and to get in more personal contact with our customers. By following our social media platforms, you are voluntarily (with consent) sharing with us (and other people following our pages) your name, picture, any other public information you have shared of yourself, as well as  any other personal data or opinion you chose to reveal in your comments or interacting on our pages. We do not use these data provided here in any way, just for public interaction within the framework of our page. You have the right to be forgotten and full control over the data you have shared, and can decide to unlike or unfollow our platforms any time. You can also delete your previous data or opinion you have shared about yourself in your comments. By unliking or unfollowing us we don’t have access to your data anymore. As administrators we also reserve the right to moderate, block followers or delete comments in case they are disrespectful or do not comply with our values or the law.

By using these social media platforms you also acknowledge that Facebook is a third-party provider and is processing your data. (See more V. 19. Social media platforms) On our facebook and Instagram account the Insight tool and cookies (pixels) are also used in order to make advertising more effective and meaningful. (See more IV. Cookies)

11. Giveaways

In case we ever host a giveaway on our webpage or social media platform, we will only collect any personal data with your previous consent (GDPR, Art. 6 (1) point a). In case we host such a giveaway in every case we will clearly specify in the terms and conditions of the giveaway what data we collect, for what purpose we need it, and how long we we store it and what your rights are.


In order to make your visit on our website a better experience and to provide full functionality, we use so-called cookies on various pages. Cookies are small text files that are stored on your end device. Cookies themselves do not contain any data that enables the identification of individuals, but if you provide identification yourself, e.g. by registering, they can be linked to data stored in the cookie.  Some of the cookies are deleted after the end of the browser session (session cookies), other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie itself.

If personal data is also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b) GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can have full control of cookies through the settings of your browser. You can be informed about the setting of cookies, you can decide to accept or refuse them individually or generally, and you can delete them anytime, even automatically when closing a browser. Each browser differs in the way it manages the cookie settings – you will find it described in the help menu of each browser (Internet Explorer, Firefox, Google, Safari, Opera).

The cookies you might encounter while visiting our webpage:

Cookie nameFunctionalityExpiry date
1.      Necessary cookies: Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them. These cookies do not store any personally identifiable data.


woocommerce_items_in_cart, woocommerce_cart_hash, wp_woocommerce_session_,


The first two cookies contain information about the cart as a whole and helps the webshop platform (WordPress) know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.session
PHPSESSIDThis cookie is strictly essential to use the webshop because it is used to maintain user session variables, for example to maintain the logged-in status between the pages, stores the basket content during the session, shows if an enquiry is missing a required field, or if the enquiry has been submitted.session
wordpress_logged_in_Our platform places this cookie once a user is logged in to consistently keep user logged in and deliver the pages for associated with that account.session
Wp_wpml_current languageThis cookie name is placed by the WPML plugin in WordPress that makes it possible to us to translate our webpage and have it displayed multilingually. The cookie itself stores the language value for the website (which language you use it), so it can consistently show the pages on your chosen language.session
m, __stripe_mid, __stripe_sidThese cookies is set by Stripe payment gateway. The first cookie is used in order to determine the device used to access the website, and allow it to be formatted accordingly. The other two cookies are used to enable payment on the website without storing any payment information on a server.2 years / 1 year / 1 day
cky-active-check, __cfduid, cookieyesID, cky-consent, cookieyes-necessary, cookieyes-functional, cookieyes-analytics, cookieyes-performance, cookieyes-advertisement, cookieyes-otherThe cookie is set by our cookie consent and management service, CookieYes in order to check if the consent banner is active on the website.  To identify individual clients behind a shared IP address and apply security settings on a per-client basis (it does not correspond to any user ID in the web application and does not store any personally identifiable information.) And to remember the visitor’s consent of certain cookie categories.1 year
eucookielawThis cookie provided by WordPress (Automattic Inc) registers and stores your cookie consent.30 days
2.      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
yith_wcwl_productsThis cookie is set by a functional website plugin for a better customer experience, and it remembers the products on customer’s wishlist.30 days
woocommerce_recently_viewedThis webshop cookie, placed by our webshop platform, contains an array of up to 15 recently viewed products, and helps to display it on the sidebar while you are visiting our shop.session
3.      Analytical / statistical: Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
_gat_UAThis cookie is placed by Google Universal Analytics, and is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.1 day
_ga, _gidThese cookies are used by Google Analytics to get information on  how visitors use a website and helps in creating an analytics report of how the website is doing, and to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.


2 years / 1 day
tk_or, tk_lr, tk_r3d, , tk_ai, tk_qsThe cookies are used by our website platform WordPress (automatic Inc.) , and store a randomly-generated anonymous IDs and is used for general analytics tracking, , including referral behaviour5 years / 1 year / 2 days / session / session
4.      Marketing: Marketing cookies are used to deliver visitors with customized advertisements based on the pages they visited before and analyze the effectiveness of the ad campaign.
fr, _fbp, spin, wd, xs, sbThese cookies are set by Facebook too measure, optimize and build audiences for advertising campaigns served on Facebook.3 months
utma, utmb, utmc, utmz, utmvThese cookies are set by Google Analytics used to distinguish individual users sessions, and traffic source or campaign that explains how the user reached your site.session / 6 months / 2 years
1P_JAR, NID, CONSENTThese cookies are placed by Google collect site statistics, track conversion rates and provide personalised ads to the visitor. The CONSENT cookie stores information regarding the consent of the user of Google-related cookies.30 days / 6 months


For marketing and advertising reasons, we take advantage of two third-party tools: Facebook Tools (Insight and pixels) and Google Analytics. You always have the chance to opt-out of marketing-realted cookies with controlling the options at the cookie consent bar when viting our website.

If you have a Facebook account and visit Facebook (including our facebook page), it places cookies in your browser to register and analyse your data and activity (e.g. which pages you like) and help to make advertising more efficient. Collected data is also used to create so called !lookalike audiences” in advertising.  Through the Insight tool, facebook provides business pages (including us), with aggregated (so again no personal!) statistical data relevant to the activity to that specific page. Data is also used to We encourage you to read more about the facebook cookie policy here, including how to opt out if you’d wish soFacebook also uses cookie-like JavaScript snippets of data, so called conversion measuring pixels. It helps facebook – without the sharing any personal data – to connect your facebook activity and your activity on our site, and with that help to measure the effectiveness of our facebook advertising activity, that we occasionally take advantage of, just like many others companies today. When you chose to visit our website and accept our policy along with the marketing cookies, you agree to the usage of these pixels, too. Please remember, you can always control the ad options on facebook regarding your account here.

Google Analytics is again a marketing tool that we use for understanding our customers behaviour and bringing more relevant and tailormade advertisements for them.


We rely on the services of the following third-party providers and business partners. By requesting our services, you acknowledge that they are processing your data in order to provide the essential requirements of our operation and to perform the contracts pursuant to Art. 6 (1) point a) GDPR. When we are choosing our business partners we are always opting for reputable and reliable companies in order to ensure of the protection of your personal data.

When sharing personal data with these external third parties, their processing of your personal data may involve transfers of your data outside the EU, to the United States of America (especially in case of point 14.2., 15., 16., 18., 19.). Whenever your personal data is transferred out of the EU, a similar degree of protection is ensured by these providers.

12. Delivery services

12.1. Domestic Deliveries

To process your order we work together with (a) shipping provider(s), which support us in the execution of concluded contracts. Our main shipping partner is GLS (GLS Slovenia d.o.o., Cesta v Prod 84, 1129 Ljubljana – Slovenija), you can read their privacy policy (in Slovene) here. According to our terms and conditions, we also reserve the right to work with other service providers (depending of availability of couriers), including  Pošta Slovenije d.o.o. (Slomškov trg 10, 2500 Maribor / privacy policy) or DPD (DPD d.o.o. KURIRSKA IN PAKETNA DISTRIBUCIJA, Celovška cesta 492, 1210 Ljubljana-Šentvid / privacy policy).

In order to deliver your order we need to pass on the following data to the transport company:

  • your full name and your delivery address to be able to deliver;
  • and your email and / or phone number , for the purpose of coordinating a date of delivery or of a notice about the shipment status.

12.2. International Deliveries

For international deliveries the same data is required and it is carried out with the same courier companies: GLS, DPD and Pošta Slovenije. The only difference is that for international deliveries we might use the services of a third-party transport arranging system, and your data is registered through their system – within the EU Eurosender (Eurosender SARL, 9 Rue du Laboratoire, LU-1911, Luxemburg / privacy policy), for regional countries (Hungary) and AllPacka (Fürgefutá Logisitcs Service Ltd., Wesselényi utca 28, H-1077 Budapest, Hungary / privacy policy).

13. Accounting

For billing and accounting services we are in partnership with Saop d.o.o. (Cesta Goriške fronte 46 5290 Šempeter pri Gorici), who have matter-of-factly access to billing data and the issued bills to be able to provide the essential service. Their privacy policy is available to read here.Our other accounting partner is Fidak d.o.o.., Kidričeva ulica 19, 5000 Nova Gorica, Slovenia (their privacy policy is available here),

14. Website hosting services

14.1. Hosting and email

Our hosting provider is d.o.o. (Cesta železarjev 8b, 4270 Jesenice, Slovenia). You can familiarise yourself with their privacy policy (in Slovene) here.

14.2. Webshop platform

The company providing the webshop and website editor platform (WooCommerce) is Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). To secure the operation of our website and services, we use security measures, including making automatic daily back-ups of our database by the help of the same company. You can familiarize yourself with their Privacy Policy here.

15. Bank, Barion, Stripe

Our banking service provider, Delavska Hranilnica d.d. Ljubljana (Miklošičeva 5, 1000 Ljubljana) has access to bank statements listing transactions, thus including your name and bank account number in case your payment was made via bank transfer. Their privacy policy is available on their website.

To provide the options of bank card payment, we use the services of two different thirs party payment providers:

One of the options of bank card payment is provided by Barion Payment Inc. (Budapest, Infopark stny. 1, 1117 Hungary),  an Electronic Money issuer, licenced by the Central Bank of Hungary (licence ID: H-EN-I-1064/2013) based on the Electronic Money EU Directive (2009/110/EC). The payment happens in their own secure system, we do not have any access to the your peronal data (credit card number, expiry date, CVC code) provided during the transaction, and you provide your personal data connected to the transaction directly to them. We advice you to familiarise yourself with their Privacy Policy before opting for the bank card payment, which you also need to accept on their website to finalise the trans action.

The other option of bank card payment is provided by Stripe Inc. (510 Townsend Street, San Francisco, CA 94103-4918), a specialized and secure online payment solution. When using the services of Stripe, you provide your personal data (credit card number, expiry date, CVC code) in a built-in form (plugin) on our website. These data is collected and transmitted to the payment service provider directly through the plugin – we do not have access or store these information. All transaction information passed between the form and Stripe’s systems is encrypted using 256-bit SSL certificates. By accepting our Terms & Conditions and Privacy Policy, you agree to be bound by Stripe’s Terms of Use and Privacy Policy, which may be amended at any time by Stripe itself.

16. Website contact form

Our contact form is powered by Gravity Forms (developed by Rocketgenius, Inc., 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, United States). It only collects the personal data that our respective contact form asks for (and does not collect your IP address, for example!). With using the contact form you consent that your personal data and enquiry is saved into our data base, and stored there for 30 days, serving only as a technical back-up, where it gets automatically deleted after this period. Your enquiry then is also forwarded to our official e-mail address, where we handle it as outlined under point 6. Contacting us.

17. Newsletter provider

We provide our newsletter services with the help of Mailchimp (The Rocket Science Group Llc., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). You can familiarise with their privacy policy here.

18. Social media platforms

As we have mentioned above, we use facebook and Instagram for marketing and advertising reasons. You can familiarise yourself with the privacy policy of Meta Platform Inc. (formerly Facebook Inc., Menlo Park, California, USA), also owner of Instagram, here. We also use WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to send messages to our VIP customer – their privacy policy is available under this link.


The data protection law grants you comprehensive rights with regard to the processing of your personal data. These rights include:

  • Request access to your personal data;
  • Request correction or deletion of your personal data;
  • Object to our use and processing of your personal data;
  • Request that we limit our use and processing of your personal data; and
  • Request portability of your personal data.

We do not have automated decision making processes, so we cannot provide rights connected to that. And of course in case you think we do not have a legitimate interest or not processing your data lawfully, you have the right to complain.

19. Data access

Pursuant to Art. 15. GDPR, you can request access in order to see what data we have of you and for what purpose. Please note in case of data access, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

20. Data correction

Pursuant to Art. 16 GDPR, you can request the correction of your personal information (if your phone number, email, address, or name is not correct).

21. The right to be forgotten and withdraw given consent

Pursuant to Art. 17 GDPR, you can request to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (eg. there is a commercial or tax retention period). In such case we will notify you of this at the time of your request.

Pursuant to Art. 7 (3) GDPR, you also have the right to withdraw consent at any time where we are relying on consent to process your personal data (like in case os sending you newletters). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You can usually access, correct, or delete your personal data, or withdraw your consent using your account settings and tools that we offer (e.g. unsubscribe link in our newsletters), but if you aren’t able to do that, please contacts us and we are happy to assist you.

22. Data portability

The right of data portability allows you to obtain data that we hold on you and to reuse it for your own purposes. You are free to either store the data for personal use or to transmit it to another data controller.  The data you receive should be in a structured, commonly used and machine-readable format.

23. The right to complain

We are doing our best to protect your data and provide you with transparent and understandable information about it. Still, if you have any worries, questions, or complaints, please contacts us through any of the contact details provied above.  In case you have any questions or compalints, you can also turn directly to the Information Commissioner, which is the Slovenian authority overseeing the area in question:

Informacijski pooblaščenec
Address: Dunajska cesta 22, 1000 Ljubljana
Telephone: 01 230 97 30
E-mail: gp.ip(at)



In legal questions not covered by this privacy policy, the relevant laws of the Republic of Slovenia and the European Communities shall apply.