Privacy Policy

Spletna prodaja MihaStegel s.p. (hereinafter: the data controller) obtains and process personal data of
individuals in its business proceeding. In order to provide you with basic information about the
processing of your personal data at Spletna prodaja MihaStegel s.p., we have drafted this Privacy Policy.
The policy contains information for the individuals that is provided under the General Data Protection
Regulation (hereinafter: GDPR), which is sectioned according to the purpose for which the personal data
is processed.
The controller processes your personal data when you:
– use our website www.nikastinyhouse.si,
– make an order in our online store,
– contact us via e-mail or when
– subscribing to our newsletter.
Data controller information:
Spletna prodaja Miha Stegel s.p.
Ulica IX. korpusa 9, 6330 Piran – Pirano
e-mail: info@nikastinyhouse.com
phone.: +386 40 156 945

1. THE USE OF www.nikastinyhouse.si WEBSITE
This information on the processing of personal data is intended for individuals who visit the website
www.nikastinyhouse.si.
• Purpose of processing and types of personal data
The controller processes your personal data when visiting the website www.nikastinyhouse.si in order to
monitor and ensure the operation and security of use of the website.
When visiting the website, data processing is performed and that includes:
– the time of access to the website,
– your IP address and
– the address of the (sub)website,
– browser settings and information about the operating system of the computer or mobile device,
– the content you access on the website.
In order to visit the website, the processing of the above stated personal data is necessary, as they
represent the essential cookies, which you can read more about in the Cookie Policy.
• Legal basis for the processing of personal data
This processing of your personal data is carried out on the basis of the controller's own legitimate interest
(point (f) of Article 6(1) of the General Data Protection Regulation (GDPR)).
• Explanation of legitimate interests
The controller may process the personal data of an individual who uses the website due to:
a) Ensuring information security and the operation of information systems
The controller performs the processing of personal data to ensure information security and operation of
information systems, network and information security, prevention of unauthorized access to the
controller's information systems and response to computer security threats and incidents. To this end,
the operator also performs technical maintenance of the websites and services. These measures and
processing relate to the personal data of customers or third parties (such as website visitors).

b) To prevent and detect abuse and conduct that may have signs of criminal conduct
In case of suspicion of abuse or criminal conduct, the controller may process data on users of websites
and online services to an appropriate and proportionate extent for the purpose of identifying and
preventing possible fraud or abuse (so-called black list) and may, if appropriate, provide this information
to the competent authorities.
• Categories of recipients of personal data
The controller may provide the personal data of the individual visiting the website to the following
persons:
– external IT website service providers,
– state authorities at their request or in case of suspicion of criminal conduct;
• Period of personal data storage
When storing individual’s activity data on the website (IP address), the processing and storage will last
only for the time specified in the Cookie Policy, except in the case of incidents and violations. Data
collected at the time of the identified abuse may be kept permanently.
• Rights of the data subject
An individual may request access to personal data, its rectification, to erasure (not when black-listed),
restriction of processing and to object to processing under legitimate interest legal basis. To exercise your
rights, contact us at Spletna prodaja MihaStegel s.p., Ulica IX. korpusa 9, 6330 Piran, or on e-mail
info@nikastinyhouse.com.
• The right to lodge a complaint with the supervisory authority
The controller strives to process your personal data legally and to protect it with appropriate
technological and organizational means. If you believe that your personal data is processed by the
controller in contravention of the applicable regulations governing the protection of personal data, you
have the right to file a complaint with the Information Commissioner of the Republic of Slovenia (address:
Dunajska cesta 22, 1000 Ljubljana, e-mail: gp.ip@ip -rs.si, phone: 012309730, website: www.ip-rs.si).
For more information on analytical and advertising cookies, please also follow the link to the Cookie
Policy which is an integral part of this Privacy Policy.
2. SHOPPING AT ONLINE STORE
This information is intended for individuals who shop in the data cotroller’s online store, available on
https://nikastinyhouse.si/.
• Purpose of processing and type of personal data
The basic purpose of the processing of personal data is the conclusion and implementation of a contract
which the individual concludes with the controller for the purchase of goods. The contract is governed bu
the controller’s General terms and conditions.
The information that the controller obtains from an individual when concluding a contract are:
– name and surname,
– address,
– e-mail address,
– phone number,
– delivery address,
– order information (order status, ordered item, quantity, ordering date, purchase price),
– method of payment, information on the provider of the means of payment, information on the
successful / unsuccessful execution of the transaction,

– other information that the individual provides to the controller when concluding the contract.
The listed personal data is obtained directly from the individual. The provision of the above stated
information is an individual's contractual obligation. The provision of data (excluding the un-mandatory
data) is essential for the performance of the contract of ordering products in the online store. If the
individual does not provide the information, he will not be able to make a purchase in the online store.
Personal data will be used to contact the individual, for example for additional information, coordinate
the order, to pick up and deliver the goods and other communication related to the service order.
Due to the implementation of the contract, the controller may disclose the individual’s name, surname,
address and telephone number to his delivery partner company.
The controller may also use the data on the electronic and physical address of an individual obtained in
the course of performing his services for the purpose of carrying out direct marketing of his products.
The personal data of an individual may also be processed for the purpose of preventing and identifying
abuses and conduct that may have signs of criminal conduct, to the extent necessary to achieve these
objectives.
• Legal basis for the processing of personal data
The legal basis for the processing of personal data in the online store is the performance of a contract to
which the data subject is a party or the performance of an activity at the request of an individual before
the conclusion of the contract (point (b) of Article 6 (1) of the GDPR).
The personal data of an individual ordering the products in online store may also be processed on the
basis of legitimate interests pursued by the controller pursuant to point (f) of Article 6 (1) of the GDPR or
pursuant to paragraph 2 of Article 158 of ZEKom-1 and are explained in the next section.
• Explanation of legitimate interests
The controller may process the personal data of an individual who orders his product also for:
a.) Implementation of direct marketing
For reasons of pursuing business objectives, the controller may process the personal data of customers
for the purpose of sending advertising electronic messages (paragraph 2 of Article 158 of ZEKom-1) or
physical mail (legitimate interest). In this case the controller is entitled to process the individual's past or
unfinished purchase orders and perform basic segmentation (such as type of purchased product and
location), so he will be able to prepare a relevant message for the individual (for example offering new
products, sending discount coupons, promotional gifts, invitations to events etc.). Such processing may
be objected to by the individual at any time in accordance with the procedure described below. controller
is also entitled to send its messages and correspondence equipped with marketing content.
b.) For the purpose of preventing fraud and abuse
In its operations, the controller establishes and maintains a list of persons for whom, on the basis of past
experience, it assesses that the conclusion of business relations with them is not appropriate. These are
clients who have been suspected of fraud, fraud or other illegal conduct and abuse.
• Measures to protect personal data
The online store and its downloads are electronically protected. The data that is entered in the online
form by the individual is essential for the execution of the order and are stored in the online store
management system for traceability. Access to it is password protected, and the online store also uses an
access control system, firewall and SSL certificate to protect data traffic with encryption. The server
hosting the online store is located in Slovenia and is regularly updated and protected according to
internationally accepted standards and guidelines.
Personal data on invoices issued, in the invoicing and shipping program, shipping documents, e-mails, etc.
are stored at the controller's headquarters. The controller protects this information by locking the
premises where it is stored, by passwords on computers, etc.

• Categories of personal data recipients
The controller may provide the data of the individual ordering his products to the following recipients:
– product manufacturer,
– providers of IT services (online store functioning, technical maintenance of equipment, direct
marketing);
– contractors for delivery services,
– accounting service provider,
– payment service providers (execution of transactions),
– – public authorities at their request or in case of suspicion of criminal conduct,
– state bodies in accordance with their legislative powers (such as Slovenian Tax Administration);
• Information on transfers of personal data to a third country or international organization
Customer information may be transmitted in the United States of America through communication with
the customer via email operated by Microsoft Corporation, One Microsoft Way, Redmond, Washington
and in the execution of payments through payment processor providers (Google Payments, PayPal, Stripe
Payments Europe Limited), taking into account the principles of the Privacy Shield and on the basis of
standard EU contractual clauses adopted by these online service providers into their general terms and
conditions.
The controller is using the online platform MailChimp to send newsleter to its clients, which takes into
account the standard EU contractual clauses approved by the European Commission and included in the
processing contract. The MailChimp platform privacy policy is available at
https://mailchimp.com/legal/privacy/.
• Period personal data storage
Data on concluded contracts will be kept for 10 years from the fullfilment of the contractual obligation.
Insofar as this is necessary for the conduct of legal proceedings, customer data may also be kept for a
longer period of time. Data from t.i. black lists are kept permanently.
• Rights of the data subject
An individual may exercise his rights by a written request submitted at the headquarters Spletna prodaja
Miha Stegel s.p., Ulica IX. korpusa 9, 6330 Piran – Pirano or to our e-mail address
info@nikastinyhouse.com. You may request the correction, access, restriction of processing or transfer of
personal data processed in connection with you.
An individual may object to processing for the purposes of direct marketing on the basis of paragraph 2 of
Article 158 of ZEKom-1. The latter does not affect the lawfulness of the processing carried out on that
basis until the opposition was lodged and does not affect the processing of personal data processed on
other legal bases. Exercise this right by unsubscribing from marketing messages by following the link in
the marketing email or by writing to us at info@nikastinyhouse.com.
We will guarantee the exercise of your rights within one month of receiving the request, and this period
may be extended by two months under certain conditions. If we extend the deadline, we will inform you
about this and the reasons for this within one month of submitting the request.
• The right to lodge a complaint with the supervisory authority
The controller strives to process your personal data legally and to protect it with appropriate
technological and organizational means. If you believe that your personal data is processed by the
controller in contravention of the applicable regulations governing the protection of personal data, you
have the right to file a complaint with the Information Commissioner of the Republic of Slovenia (address:
Dunajska cesta 22, 1000 Ljubljana, e-mail: gp.ip@ip -rs.si, phone: 012309730, website: www.ip-rs.si).