This Privacy Policy describes how Cardpoint ("we", "us", or "our") collects, uses, and shares your personal information when you use our website located at https://cardpoint.si (the "Site").

We are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in Slovenia and the European Union.

We collect the following types of information when you use our Site:

• Account Information: When you register, we collect your name, email address, and password.
• Order Information: When you make a purchase, we collect your shipping address, contact information, and order details (products purchased, quantities, prices).
• Payment Information: Payment card details are collected and processed securely by Stripe. We never store your full payment card information on our servers.
• Usage Data: We automatically collect information about how you use our Site, including IP address, browser type, device information, and pages visited.
• Cookies and Session Data: We use cookies to maintain your shopping cart, keep you logged in, and improve your browsing experience.

We use the information we collect for the following purposes:

• To create and manage your account
• To process your orders and arrange shipping
• To send order confirmations, shipping notifications, and tracking information
• To maintain your shopping cart across sessions
• To provide customer support and respond to your inquiries
• To improve our product selection and website functionality
• To detect and prevent fraud and abuse
• To comply with legal obligations and enforce our Terms of Service

We do not use your information for marketing purposes unless you explicitly opt-in to receive promotional emails.

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: To provide services you have requested (e.g., processing orders)
• Legitimate Interests: To improve our services and ensure site security
• Legal Obligation: To comply with applicable laws
• Consent: When you explicitly consent to specific processing activities

We do not sell, trade, or otherwise transfer your personal information to third parties for commercial purposes. We may share your information with:

• Service Providers: We may share your information with trusted third-party service providers who assist us in operating our Site, conducting business, or serving our users (e.g., payment processors, hosting services).
• Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction.

When sharing data with service providers, we ensure they provide adequate protection for your personal data.

We retain personal data for as long as necessary to fulfill the purposes for which it was collected and for legal compliance purposes. The retention period varies depending on:

• The type of personal data collected
• The purpose for which it was collected
• Legal obligations applicable to us

We will delete your personal data when it is no longer required for these purposes, unless retention is required by law.

As a resident of the European Union, you have the following rights regarding your personal data:

• The right to be informed about how we use your personal data
• The right of access to your personal data
• The right to rectification of inaccurate personal data
• The right to erasure ("right to be forgotten")
• The right to restrict processing of your personal data
• The right to data portability (in electronic format)
• The right to object to processing of your personal data
• The right to withdraw consent where processing is based on consent

If you wish to exercise any of these rights, please contact us using the contact details provided below.

We implement appropriate technical and organizational measures to protect against unauthorized access to your personal information. These include:

• Secure transmission of data using HTTPS and SSL encryption
• Secure storage of personal data with access controls
• Regular security assessments and updates
• Staff training on data protection principles

However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

We use cookies and similar technologies to enhance your experience on our Site. Cookies are small text files stored on your device when you visit our website.

We use the following types of cookies:

• Essential cookies: Necessary for the website to function properly
• Performance cookies: Help us understand how visitors interact with our site
• Functionality cookies: Enable enhanced functionality and personalization

You can control and/or delete cookies as you wish. For more information, visit aboutcookies.org.

Our Site does not address anyone under the age of 16. We do not knowingly collect personal information from children under 16. In the case we discover that a child under 16 has provided us with personal information, we immediately delete this from our servers.

If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary steps.

Where we transfer your personal data outside the European Economic Area (EEA), we ensure that it receives adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Reliance on adequacy decisions made by the European Commission
• Other appropriate safeguards in accordance with GDPR requirements

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy or our data practices, please contact us at:

If you believe that we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with the Information Commissioner's Office or the relevant supervisory authority in Slovenia.