Your Cart
Cart0 item(s) - 0.00€ 0

  • Your shopping cart is empty!

0

Privacy Policy

1. General Information

The protection of your personal data is very important to us. We treat your personal data confidentially and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and this Privacy Policy.

GARTENDEK is a brand of VSDN d.o.o. and is not a separate legal entity. All references to "we", "us", or "our" in this Privacy Policy refer to VSDN d.o.o.

2. Data Controller

VSDN, d.o.o.
Hrastnik pri Trojanah 7a
1222 Trojane, Republic of Slovenia

For full company registration details (VAT ID, EORI, OSS status), see our Legal Disclosure.

Germany: +49 335 562 23 001
Slovenia: +386 16 003 119
WhatsApp (always available): +370 665 96072
Email: info@gartendek.com

We respond in German, English, and French.

3. Collection and Processing of Personal Data

We collect and process personal data when you:

  • visit our website (e.g., IP address, log files, cookies),
  • use our contact form or send us an email,
  • place orders through our online shop,
  • contact our customer service.

Processing is carried out solely for the purposes specified and on the legal bases provided by the GDPR, including:

  • Art. 6(1)(b) GDPR — performance of a contract (e.g., order processing, delivery),
  • Art. 6(1)(a) GDPR — your consent (e.g., cookies, newsletter),
  • Art. 6(1)(f) GDPR — legitimate interests (e.g., fraud prevention, website security),
  • Art. 6(1)(c) GDPR — legal obligations (e.g., tax and accounting requirements).

4. Cookies and Web Analytics (Google Analytics)

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google Analytics with IP anonymization, so your IP address is only processed in shortened form.

International data transfers: Where data is transferred to Google servers in the USA, this is covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) in accordance with Art. 46(2)(c) GDPR.

You can prevent the storage of cookies by adjusting your browser settings or by using a Google Analytics opt-out plugin:
https://tools.google.com/dlpage/gaoptout

Legal basis: Art. 6(1)(a) GDPR (consent).

5. Payment Service Providers

a) PayPal

If you choose to pay via PayPal, your payment data will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

The transfer of data takes place pursuant to Art. 6(1)(b) GDPR (contract performance).

More information: https://www.paypal.com/webapps/mpp/ua/privacy-full

b) Revolut

We also offer payments via Revolut. Provider: Revolut Ltd, 7 Westferry Circus, Canary Wharf, London, E14 4HD, United Kingdom.

When you choose this payment method, your data will be shared with Revolut to the extent necessary for payment processing.

Legal basis: Art. 6(1)(b) GDPR.

More information: https://www.revolut.com/legal/privacy

6. Disclosure of Data to Third Parties

Your data will only be shared with third parties if this is necessary for:

  • contract fulfillment (e.g., payment providers, shipping companies),
  • compliance with a legal obligation,
  • the protection of our legitimate interests, provided your rights do not override them.

Shipping companies (e.g., DPD, GLS, national postal services, pallet carriers) receive your name, delivery address, and contact details solely for the purpose of delivering your order.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Order and contract data: retained for the duration of the contractual relationship and for the statutory retention period thereafter (typically up to 10 years for tax and accounting records).
  • Contact inquiries: retained for up to 3 years after resolution of the inquiry, unless a longer retention period is required by law.
  • Analytics data: Google Analytics data retention is set to 14 months.
  • Consent records: retained for as long as the consent is valid, plus 3 years.

8. Data Security

We implement technical and organizational security measures to protect your personal data against loss, misuse, and unauthorized access. These include encrypted data transmission (SSL/TLS), access controls, and regular security reviews.

9. Rights of Data Subjects

Under the GDPR, you have the right to:

  • Access — request information about the data we store about you (Art. 15 GDPR),
  • Rectification — request the correction of inaccurate data (Art. 16 GDPR),
  • Erasure — request deletion ("right to be forgotten") (Art. 17 GDPR),
  • Restriction — request restriction of processing (Art. 18 GDPR),
  • Data portability — receive your data in a structured, machine-readable format (Art. 20 GDPR),
  • Object — object to the processing based on legitimate interests (Art. 21 GDPR),
  • Withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR).

To exercise your rights, please contact: info@gartendek.com

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory data protection authority if you believe that the processing of your personal data violates the GDPR.

The supervisory authority for VSDN d.o.o. is:

Informacijski pooblaščenec
(Information Commissioner of the Republic of Slovenia)
Dunajska cesta 22
1000 Ljubljana, Slovenia
https://www.ip-rs.si
Email: gp.ip@ip-rs.si
Phone: +386 1 230 97 30

You may also contact the supervisory authority of your country of residence.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements, our services, or data processing practices. The current version is always available at https://gartendek.com/privacy-policy.

12. See Also