Privacy Policy Information

1. Introduction

At ECODESIGN, Mitja Krajnc s.p. (hereinafter: “ECODESIGN”, “we”, “us” or “the Controller”), we respect your privacy and are committed to protecting your personal data.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable legislation of the Republic of Slovenia governing personal data protection, electronic communications, and electronic commerce.

This Privacy Policy explains:

  • what personal data we collect,
  • how and why we process it,
  • who may receive it,
  • how long we keep it,
  • your rights and how to exercise them.

We do not sell or rent personal data.

2. Data Controller

Controller: ECODESIGN, Mitja Krajnc s.p.
Address: Šmartno v Rožni dolini 21 A, 3201 Šmartno v R. d., Slovenia
Phone: +386 41 763 005
Email: info@dpp-ecodesign.com
Website: https://dpp-ecodesign.com

All matters related to personal data are treated confidentially.

3. What Is Personal Data

Personal data means any information relating to an identified or identifiable natural person, including for example:

  • name and surname,
  • company and role,
  • email address,
  • phone number,
  • IP address,
  • online identifiers,
  • communication content,
  • any information that can directly or indirectly identify you.

We do not collect personal data unless:

  • you provide it voluntarily,
  • it is necessary to provide a service or respond to you,
  • required by law, or
  • we have a legitimate interest where permitted.

4. Purposes and Legal Bases for Processing

We process personal data only where a legal basis under GDPR exists.

4.1 Communication and inquiries

Purpose: responding to inquiries, providing information, arranging meetings, preparing offers.
Legal basis: contract steps prior to entering into a contract (Art. 6(1)(b)) and/or legitimate interest (Art. 6(1)(f)).

4.2 Contracting and service delivery

Purpose: execution of contracts, invoicing, project communication, support.
Legal basis: contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).

4.3 Website functionality and security

Purpose: hosting, logs, protection against misuse, troubleshooting.
Legal basis: legitimate interest (Art. 6(1)(f)).

4.4 Analytics and website improvement

Purpose: understanding usage, improving content and performance.
Tool: Google Analytics (GA4).
Legal basis: consent (Art. 6(1)(a)) where required.

4.5 Marketing and remarketing

Purpose: measuring advertising effectiveness and remarketing.
Tool: Meta Pixel (Meta Platforms).
Legal basis: consent (Art. 6(1)(a)).

4.6 Newsletter and email communication

Purpose: sending newsletters, updates, and marketing communication.
Tool: Mailchimp.
Legal basis: consent (Art. 6(1)(a)) and/or legitimate interest where permitted.

You may unsubscribe at any time via the link in emails or by contacting us.

4.7 Customer relationship management

Purpose: managing communication, sales processes, and customer relationships.
Tool: Bitrix24 CRM.
Legal basis: contract (Art. 6(1)(b)) and/or legitimate interest (Art. 6(1)(f)).

5. Website Visits and Cookies

When you visit our website, certain technical data may be collected automatically:

  • IP address (possibly shortened/anonymized),

  • date/time of visit,

  • pages visited,

  • referrer URL,

  • browser, device, operating system.

We use cookies and similar technologies. Non-essential cookies are used only if you provide consent through our cookie banner.

Embedded YouTube videos

If we embed YouTube content, YouTube (Google) may collect device and interaction data and set cookies when you consent to the relevant category.

6. Data We Collect Directly

Depending on your interaction with us, we may collect:

  • name and surname,
  • company name and position,
  • email address,
  • phone number,
  • inquiry/message content,
  • meeting notes,
  • communication history,
  • newsletter preferences.

You control what data you provide.

7. Data Recipients and Processors

We do not disclose personal data to unauthorized third parties.

We may share personal data with trusted processors acting on our behalf, including:

  • hosting and IT service providers,
  • website administration and maintenance,
  • analytics provider (Google Analytics),
  • marketing/advertising provider (Meta Platforms – Meta Pixel),
  • email marketing provider (Mailchimp),
  • CRM provider (Bitrix24),
  • cloud service providers,
  • accounting and legal advisers,
  • authorities where required by law.

Processors may only process data on our instructions and must ensure adequate protection.

8. Transfers Outside the EU/EEA

Some providers (e.g., Google, Meta, Mailchimp, Bitrix24) may process or access data outside the EU/EEA (including the United States).

Where such transfers occur, we rely on appropriate safeguards under GDPR, such as:

  • Standard Contractual Clauses (SCCs),
  • other legally recognized safeguards.

9. Data Retention

We retain personal data only as long as necessary:

  • Inquiries: until communication is completed and for a reasonable follow-up period.
  • Contracts and invoicing: for contract duration and statutory limitation periods; accounting/tax data up to 10 years.
  • Newsletter/marketing: until you withdraw consent.
  • CRM records: while a legitimate business relationship exists or until deletion is requested where applicable.
  • Cookies: according to cookie type and consent choices.

After expiry, data is securely deleted or anonymized.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against:

  • unauthorized access,
  • loss,
  • misuse,
  • disclosure,
  • alteration or destruction.

Access to data is restricted and protected by security measures.

11. Children’s Privacy

We do not knowingly collect personal data from children under 15 years of age without parental consent. If such data is discovered, it will be deleted unless valid consent is verified.

12. Your Rights Under GDPR

You have the right to:

  • withdraw consent at any time,
  • access your personal data,
  • rectification,
  • erasure (“right to be forgotten”) where applicable,
  • restriction of processing,
  • data portability (where applicable),
  • object to processing based on legitimate interest,
  • object to direct marketing at any time,
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact: info@dpp-ecodesign.com.
We may request verification to confirm your identity.

Supervisory authority (Slovenia)

Information Commissioner of the Republic of Slovenia
Zaloška 59, 1000 Ljubljana, Slovenia
Phone: +386 (0)1 230 97 30
Email: gp.ip@ip-rs.si

13. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.

14. Changes to This Privacy Policy

We may update this Privacy Policy due to legal, technical, or operational changes. The latest version will always be available on our website.

If changes significantly affect data processing, we will notify you appropriately.

Version: 1.0
Effective date: 16 February 2026