Everything you need, in one bowl

Privacy policy

Privacy Policy of the PALDY Online Store

 

The purpose of this Privacy Policy (hereinafter referred to as the “Policy”) is to inform customers, potential customers, and other users (hereinafter: “User”) of the PALDY website (https://www.paldycereal.com/, hereinafter: the “Website”) about the purposes, legal bases, and users’ rights in relation to the processing of personal data.

 

 

Controller Information

 

The controller of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Slovenian data protection legislation is:

PALDY d.o.o.

Resslova 8, 6000 Koper, Slovenia, EU

Company registration number: 9768793000

VAT ID: SI11037300


PALDY d.o.o. is the owner and operator of the Website and the representative of the PALDY brand.

 

 

General Principles

 

We respect your privacy and process personal data lawfully, fairly, and transparently. Personal data is processed only for specified, explicit, and legitimate purposes and is limited to what is necessary for those purposes.


Providing personal data is required in certain cases in order for the Company to fulfill its contractual or legal obligations.

 

By using the Website, you acknowledge that personal data may be processed in accordance with this Policy, where processing is based on applicable legal grounds

 

 

Definitions

 

Personal data means any information relating to an identified or identifiable natural person.


Processing means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

 

 

Categories of Personal Data

 

The Company may process the following personal data:


• name and surname

• shipping and billing address

• company name and VAT ID (if applicable)

• email address

• phone number

• order and transaction details

• communication history

• technical data (IP address, browser, device type)

• cookie and usage data


We also collect data through cookies and similar technologies, as described below.

 

 

Purposes and Legal Bases for Processing

 

Personal data is processed for the following purposes and legal bases:

 

Contractual necessity

• processing and fulfilling orders

• delivery of products

• customer communication related to orders

• subscription management

 

Legal obligations

• invoicing and accounting

• tax compliance

• record keeping required by law

 

Consent

• sending newsletters and promotional emails

• participation in surveys and marketing campaigns

 

Legitimate interest

• improving Website functionality and user experience

• analytics and statistical analysis

• preventing fraud and abuse

• online advertising and remarketing


Where processing is based on legitimate interest, the Company has conducted a balancing test to ensure that such processing does not override the fundamental rights and freedoms of users.

 

 

Cookies and Similar Technologies

 

The Website uses cookies and similar technologies to ensure proper functionality, improve performance, analyze traffic, and display relevant advertisements.


Cookie consent is managed via a cookie banner on the Website. Users may manage or withdraw cookie consent at any time through browser settings or the cookie preferences tool.


Detailed information is available in the Cookie Policy published on the Website.

 

 

Online Advertising and Profiling

 

The Company uses online advertising services (such as Meta, Google, TikTok, Pinterest and Klaviyo) to display relevant advertisements and analyze campaign performance.


This may involve profiling, meaning automated processing of personal data to evaluate certain user preferences or behaviors for marketing purposes.


Such profiling:

• does not produce legal effects

• does not significantly affect users

• is used solely for marketing optimization


Users may object to such processing at any time.

 

 

Disclosure of Personal Data

 

Personal data may be disclosed to trusted processors, including:


• payment providers (Shopify Payments, PayPal)

• delivery and logistics partners

• accounting and legal service providers

• analytics and advertising platforms

• email and customer support tools


Processors act solely on the Company’s instructions and under contractual data protection obligations.

 

 

International Data Transfers

 

Personal data may be transferred to processors located outside the European Economic Area, including the United States and Canada.


Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent legal mechanisms, ensuring an adequate level of data protection.

 

 

Financial Data

 

Payment transactions are processed exclusively through third-party payment providers (Shopify Payments, PayPal). The Company does not store credit card data.


Relevant privacy policies:

• https://www.shopify.com/legal/privacy

• https://www.paypal.com/webapps/mpp/ua/privacy-full


Bank transfer data is retained as required by applicable accounting and tax laws.

 

 

Data Retention

 

Personal data is retained only as long as necessary for the purposes for which it was collected:


• order and invoice data: retained in accordance with legal obligations

• subscription data: retained for the duration of the subscription and required legal periods

• marketing data: retained until consent is withdrawn

• support communication: retained as long as necessary to resolve inquiries


After expiration of retention periods, data is securely deleted or anonymized.

 

 

Data Security

 

The Company implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.


Data transmission is protected using SSL encryption. Despite safeguards, no system can guarantee absolute security.

 

 

Company Communications

 

We use email to:

• confirm orders

• provide service updates

• respond to inquiries


Marketing communications are sent only with user consent and can be unsubscribed from at any time.


Klaviyo is used for email communication.

Privacy policy: https://www.klaviyo.com/legal/privacy-policy

 

 

User Rights

 

Users have the following rights under the GDPR:

• right of access

• right to rectification

• right to erasure

• right to restriction of processing

• right to data portability

• right to object to processing

• right to withdraw consent at any time

• right to lodge a complaint with a supervisory authority

 

 

Supervisory Authority

 

Users may lodge a complaint with:


Information Commissioner of the Republic of Slovenia

Dunajska cesta 22, 1000 Ljubljana

Email: gp.ip@ip-rs.si

Phone: +386 1 230 97 30

 

 

Policy Updates

 

This Privacy Policy may be updated at any time. The latest version is always available on the Website.


Continued use of the Website constitutes acceptance of the updated Policy.

 

 

Contact

 

For questions or concerns regarding this Policy or the processing of personal data, please contact us via our contact form.

PALDY d.o.o., Resslova 8, 6000 Koper, Slovenia