Privacy Policy
Last updated: 2026-07-17
This page explains what personal data we collect when you visit no-splashin.com or buy from our shop, why we collect it, and what your rights are. It complies with the EU General Data Protection Regulation (GDPR) and Slovenia's Personal Data Protection Act (ZVOP-2).
1. Who we are (data controller)
The data controller is MADRAS - LINE d.o.o., Levičnikova ulica 4A, 1000 Ljubljana, Slovenia. Registration number: 5620198000. Tax number: 59594519.
For privacy questions, write to info@no-splashin.com.
2. What data we collect, why, and the legal basis
We collect only what we need to operate the shop. The categories are:
- Order data — items purchased, quantities, prices, order date and status. Legal basis: performance of contract.
- Shipping address — name, street, postal code, city, country, phone number. Legal basis: performance of contract.
- Contact details — your email address, used for the order confirmation, the invoice, and shipping notifications. If you sign in to your account (via Shopify's sign-in), we also process your account email address and order history. Legal basis: performance of contract.
- Payment data — handled entirely by Shopify and its payment providers; we receive a payment confirmation but never see your card number. Legal basis: performance of contract.
- Invoice data — your name, address, items and amount on every invoice we issue and fiscally verify. Legal basis: a legal obligation to keep accounting records (Slovenian tax and accounting law, GDPR Art. 6(1)(c)).
- Technical data — your IP address and browser. Legal basis: legitimate interest in operating and securing the site.
3. Cookies and analytics
We use only strictly necessary cookies/local storage. We store a small amount of data locally in your browser to remember the items in your shopping cart, your language choice, and the status of a completed checkout (so we can empty the cart after payment). If you sign in to your account, the sign-in session is kept in the browser's temporary storage (sessionStorage) and is deleted when you close the tab. We do not use any third-party analytics trackers, marketing cookies, or tracking pixels on this site. Therefore, no cookie consent banner is required.
4. Who we share data with (recipients and sub-processors)
We do not sell your data. We share specific data with the following processors, each strictly to perform their part of running the shop:
- Shopify International Ltd. (Ireland) — checkout, payment processing, and order management. Shopify is the controller for the payment data it collects directly from you.
- Google LLC / Google Ireland Ltd. — hosting and static assets. EU data centres are used where available.
- GLS (General Logistics Systems) — parcel delivery; receives your name, delivery address and contact details to deliver your order.
- Resend, Inc. (USA) — transactional email delivery (order confirmation, invoice, shipping notification); receives your name, email address, and the message content. Transfers are protected by EU Standard Contractual Clauses.
- Financial Administration of the Republic of Slovenia (FURS) — fiscal verification of invoices where legally required.
5. How long we keep your data
- Orders & invoices: at least 10 years, as required by Slovenian tax and accounting law (Zakon o davčnem postopku, Zakon o računovodstvu).
- Server logs: 30 days, then deleted.
6. Your rights
Under the GDPR you can, at any time: request a copy of your data, have inaccurate data corrected, have your data erased where law allows, restrict or object to processing, or receive your data in a portable format.
To exercise any of these, write to info@no-splashin.com. You also have the right to lodge a complaint with the Slovenian Data Protection Authority (Informacijski pooblaščenec).