Skip to content
FuzbalKartice.si
Menu
Account
SLEN

Privacy Policy

Last updated: 7 May 2026

This Privacy Policy explains how FuzbalKartice.si ("we", "us", "our") collects, uses, shares, and protects your personal data when you visit our website, create an account, or place an order. We process your personal data lawfully, transparently, and securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Scope of this Policy

This Policy applies to personal data processed through fuzbalkartice.si and its subdomains, our customer-support channels, and our marketing communications. It does not cover third-party websites we may link to — please review their privacy notices separately.

2. Data Controller

The data controller responsible for your personal data is the operator of FuzbalKartice.si. The fastest way to reach us about anything related to your data is by email at kontakt@fuzbalkartice.si — we respond within 30 days. We are not required to appoint a Data Protection Officer; the same email address is the single point of contact for all privacy-related questions.

3. Categories of Personal Data We Process

We process only the data necessary for the purposes described in Section 4. The categories are:

3.1 Account data

When you create an account: email address, securely hashed password (or your Google account identifier if you sign in with Google), display name, language preference, and the date of registration. If you sign in with Google, we also receive the basic profile information you authorise Google to share.

3.2 Order data

When you place an order: first and last name, shipping and billing address, telephone number, email address, the items ordered, order value, the payment method used, the PayPal transaction reference, and your order history. Payment-card data is collected and processed directly by our payment processor and never reaches our servers.

3.3 Communication data

When you contact us via email, the contact form, or social media: the content of your message, any attachments, and any other data you choose to share, together with our reply.

3.4 Marketing data

If you subscribe to our newsletter: your email address, language preference, the date and source of subscription, and — where technically possible — a record of which campaigns you opened or clicked, used solely to improve content relevance.

3.5 Technical and usage data

When you visit the site we automatically collect technical data such as IP address, device type, browser, operating system, referrer URL, pages viewed, timestamps, language preferences, and basic interaction events. This data comes from server logs and — only with your consent — from analytics or marketing cookies.

4. Purposes and Legal Bases for Processing

We process your personal data only when at least one of the legal bases set out in Article 6 GDPR applies. The mapping is:

  • Performance of the sales contract — processing orders, accepting payments, shipping products, handling returns, refunds, and warranty claims (Art. 6(1)(b) GDPR)
  • Compliance with legal obligations — issuing invoices, keeping accounting records, fulfilling tax, consumer-protection, and anti-money-laundering requirements (Art. 6(1)(c) GDPR)
  • Legitimate interests — preventing fraud, securing the website, debugging, defending legal claims, basic non-tracking analytics, and direct marketing of similar products to existing customers in compliance with Slovenian electronic-communications law (Art. 6(1)(f) GDPR)
  • Consent — sending the newsletter, setting analytics or marketing cookies, and any communication that requires opt-in (Art. 6(1)(a) GDPR — withdrawable at any time, without affecting the lawfulness of prior processing)
  • Vital interests / public interest — only in exceptional circumstances, where required by law (Art. 6(1)(d), (e) GDPR)

5. Recipients and Data Processors

We do not sell your personal data and we do not share it with third parties for their own marketing. We share data only with carefully selected service providers acting on our behalf under written data-processing agreements:

  • Payment processing — PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg, including PayPal's card-processing services for guest checkout
  • Shipping carriers — Pošta Slovenije d.o.o., GLS Slovenia d.o.o., DPD Slovenija d.o.o., as required to deliver your order
  • Hosting and infrastructure — Vercel Inc. (United States) for application hosting and Supabase Inc. (United States) for database, authentication, and file storage
  • Transactional email — Resend, Inc. (United States) for order confirmations, shipping updates, password resets, and contact-form delivery
  • Authentication (optional) — Google Ireland Ltd. when you choose Google sign-in
  • Accountants, auditors, and legal advisers — only to the extent strictly necessary, bound by professional confidentiality
  • Public authorities — only when we are legally required to disclose data (e.g. court orders, tax authorities, law-enforcement requests)

6. International Transfers

Some of our service providers (Vercel, Supabase, Resend, Google) are based in the United States. When personal data is transferred outside the European Economic Area, the transfer is protected by appropriate safeguards under Articles 44–49 GDPR — typically the EU Standard Contractual Clauses and, where applicable, certification under the EU–US Data Privacy Framework. You may request a copy of these safeguards by contacting us.

7. How Long We Keep Your Data

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The main retention periods are:

  • Account data — for as long as your account is active, plus 12 months after deletion to handle disputes and prevent re-registration fraud
  • Order records — for the period required by applicable accounting and tax rules and as long as needed to handle warranty or dispute claims (typically several years after the transaction)
  • Shipping data — until delivery is complete, plus the period needed to handle any warranty or claim that may arise
  • Newsletter data — until you unsubscribe
  • the unsubscribe record itself is kept to demonstrate compliance
  • Cookie consent records — 12 months from the time you give or refresh your choice
  • Customer-support correspondence — 24 months
  • Server, security, and audit logs — up to 12 months

8. Your Rights Under the GDPR

You have the following rights regarding your personal data. We respond to requests within one month (extendable by two further months for complex requests) and free of charge, unless requests are manifestly unfounded or excessive.

  • Right of access — confirmation of whether we process your data, and a copy of it (Art. 15)
  • Right to rectification — correction of inaccurate or incomplete data (Art. 16)
  • Right to erasure ("right to be forgotten") — deletion of your data when no longer necessary (Art. 17)
  • Right to restriction of processing — limit how we use your data while a dispute is resolved (Art. 18)
  • Right to data portability — receive your data in a structured, machine-readable format and transmit it to another controller (Art. 20)
  • Right to object — object to processing based on legitimate interests, including profiling and direct marketing (Art. 21)
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3))
  • Right not to be subject to automated decisions producing legal or similarly significant effects (Art. 22)
  • Right to lodge a complaint — with the Slovenian Information Commissioner (Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, gp.ip@ip-rs.si, www.ip-rs.si) or the supervisory authority in your country of residence

9. How to Exercise Your Rights

Send us an email at kontakt@fuzbalkartice.si describing your request and the right you wish to exercise. To protect your data, we may need to verify your identity before responding (for example by asking you to send the request from the email address registered to your account). Many actions can also be performed directly in the "My Account" area of the site (update profile, change password, view orders, delete account).

10. Cookies and Similar Technologies

We use strictly necessary cookies to keep the site functional (login, cart, checkout, security, language). With your consent we additionally use analytics cookies to understand how the site is used and marketing cookies to measure campaign performance. You may review and change your choices at any time via the "Cookie Settings" button in the footer, or by clearing the cookie-consent cookie in your browser. Refusing optional cookies does not affect your ability to browse or buy.

11. Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without the consent of a parent or legal guardian, please contact us and we will delete it.

12. Automated Decision-Making and Profiling

We do not make decisions producing legal or similarly significant effects on you using automated means alone. Fraud-prevention checks and risk scoring carried out by our payment processor may rely on automated logic, but any case affecting an order is reviewed by a human before action is taken.

13. Security

We protect personal data with industry-standard organisational and technical measures including TLS encryption in transit, encryption at rest, role-based access controls, hashed passwords, audit logging, regular backups, restricted administrative access, two-factor authentication for staff, and periodic review of security practices. No system is perfectly secure, but we work continuously to reduce risk.

14. Data Breaches

If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner within 72 hours of becoming aware of it (Art. 33 GDPR) and — where the risk is high — inform affected users without undue delay (Art. 34 GDPR), describing the breach and the steps we are taking.

15. Changes to this Policy

We may update this Policy to reflect changes in our practices, our services, or applicable law. The "Last updated" date at the top of the page always reflects the most recent revision. For material changes affecting your rights we will notify registered users by email or with a prominent notice on the website at least 30 days before the change takes effect.

16. Contact

If you have any questions about this Privacy Policy or about how we process your personal data, please contact us at:

kontakt@fuzbalkartice.si