Privacy Policy

of NUM d.o.o.

I. Ensuring privacy

At NUM d.o.o., we are committed to respecting your privacy rights and aim to provide the highest standard of protection for your personal data.

We will handle any personal data you provide with utmost confidentiality and strictly use it only for its intended purpose. If there is a need to further process your data for another purpose, we will contact you in advance and ask for your prior written consent.

When providing our online store services at www.386LAB.com we process your data in accordance with the applicable European legislation (General Data Protection Regulation – GDPR) and in accordance with the national legislation of the Republic of Slovenia (Consumer Protection Act (ZVOP-2), Electronic Communications Act (ZEKom-2) and Electronic Commerce Market Act (ZEPT)).

NUM d.o.o. undertakes that the personal data provided by you through the website www.386LAB.com, via e-mail or through other means will be used in accordance with this Privacy Policy and that we will not sell, lend or otherwise transfer your personal data to third parties, except in the cases provided for by law.

Our Privacy Policy defines:

  • details regarding the controller and the data protection officer,
  • categories of personal data and purpose of their processing,
  • data retention period,
  • contracted data processors and data storage area,
  • consent for children,
  • your rights in relation to the stored data; and
  • the validity of the privacy policy.

 

II. Definitions

Personal data means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.

 

III. Controller and Data Protection Officer

The controller of your personal data is NUM d.o.o., Železnikova ulica 4, 2000 Maribor, Slovenia.

The Data Protection Officer can be contacted at info@386LAB.si.

 

IV. Categories of personal data and purpose of their processing

Both registered and non-registered users (guests) are able to shop and make purchases in the online shop www.386LAB.com.

Registration allows you to create a username and password, which makes it quicker and easier for registered users to complete their purchase.

In order to activate your account, the controller collects the following personal data from you:

  • name and surname
  • email address, and
  • password.

Any data you provide are collected for the purpose of registering on the website (to create a user account) and for any communication related to the user account. If you make purchases through your user account, your order history is also stored in the “My Account” tab.

The data are processed based on your consent. You may withdraw your consent or delete your user account at any time by emailing a notice of withdrawal to info@386LAB.si or by sending a written notice to NUM d.o.o., Železnikova ulica 4, 2000 Maribor, Slovenia.

Whether you are a registered or unregistered user making a purchase on our website, NUM d.o.o. gathers the following information from you:

  • name and surname,
  • company name (optional),
  • address,
  • phone number,
  • email address,
  • order note (optional),
  • the name you want on the cream/product packaging,
  • payment method.

In addition, our websites use Facebook and Instagram plug-ins. On our social media accounts, such as Facebook and Instagram, you can get in touch with us directly through our commenting, messaging and chat features. The information you supply will be used exclusively to address your comment, request, or query. Based on legitimate interests, we have the right to manage our social media accounts and the content we share on them, to engage with visitors and to respond to your requests. When you visit our website, a direct connection is established between your browser and the Facebook and Instagram servers via the plug-in. When you use a service that uses plug-ins, data may be transferred directly from your device to the social network operator (Facebook and Instagram). We have no control over the data collected by the plug-in. If you are logged in to these social networks, your use of the service can be linked to your account on these social networks. If you interact with plug-ins, for example by liking, following or sharing, or by entering a comment, the information may automatically appear in your social network profile. Even if you are not logged into your social network account, it is possible that the plug-ins send your IP address to the social network operators. Please keep this in mind when using our services.

We wish to emphasise that we do not have any control over the extent, nature, or purpose behind the social network service provider’s processing of your personal data, so we advise you to review their privacy policies.

Facebook: https://www.facebook.com/about/privacy/

Instagram: https://help.instagram.com/519522125107875/

 

V. Data retention period

We store your data solely for the duration needed to accomplish the purpose for which it was originally collected and subsequently used. After the expiration of the retention period, your personal data will be effectively and permanently deleted or anonymised so that your identification will no longer be possible.

Data processed for the purpose of executing an order may be stored for a maximum of 5 years from the execution of the last order, except for data that, according to tax legislation, should be stored for 10 years after the end of the year in which the order was executed. The data processed on the basis of consent will be stored until its withdrawal, but no longer than 5 years from the last registered use of the Platform.

 

VI. Contracted data processors and data storage area

The collected personal data may be transferred to contracted data processors who can process the data exclusively within the framework of the controller’s instructions and authorisations and who are obliged to ensure an adequate level of personal data protection by means of a written contract concluded with the controller.
The Seller shall store the personal data collections within the EU and shall not transfer them to third countries.

The contracted data processors are required to safeguard the data with care and are prohibited from stockpiling it or using it for their own purposes.

Your personal data might be shared in accordance with legal provisions with:

  • postal service providers,
  • shipping service providers and logistics/delivery services for the purpose of executing your order (the delivery details (name and surname, delivery address, phone number and email address) are communicated with the delivery service, e.g. GLS Slovenija),
  • distributors, suppliers and authorised repairers,
  • accounting services, law firms and other providers of legal and business consulting,
  • service providers for the destruction of files and data carriers,
  • IT service providers in the context of software servicing and maintenance,
  • to the website administrator and webmaster.

We undertake that neither we, nor other users, will transfer or transmit your personal data to a third country outside the European Union and/or the European Economic Area or to an international organisation without an adequate level of protection.

 

VII. Consent for children

Children under the age of 15 may only provide us with personal data through our websites (or otherwise) with the permission (consent or approval) of the holder of parental responsibility over the child (parent or guardian).

We undertake to never knowingly collect personal information from persons we know to be under the age of 15. We will not use or disclose this information to any unauthorised third party without the permission of the holder of parental responsibility over the child. However, this does not affect the rules under Slovenian contract law relating to the validity, formation or effect of the contract in relation to the child.

In such cases, the controller will make reasonable efforts, taking into account the available technology, to verify whether the holder of parental responsibility over the child has given or granted consent.

 

VIII. Your rights in relation to stored data

As a data subject, you have the following rights:

  • right of access: you can request information about whether we process your personal data, what personal data, and additional information to confirm the lawfulness of the processing;
  • right to rectification: you can request that your inaccurate personal data be completed or corrected;
  • right to erasure: you can request that we delete your personal data if you believe that the data are being processed without an appropriate legal basis or that the data are not necessary for the purposes for which they were collected or processed;
  • the right to restriction of processing: in certain cases, you may request that we restrict the processing of your data, for example where you contest the accuracy of the data or consider that the data are being processed without an appropriate legal basis or that the data are not necessary for the purposes for which they were collected;
  • the right to data portability: where the processing is based on consent or is carried out for the purposes of an order and by automated means, you may request to receive personal data and, where technically feasible, to have that data transmitted to another controller;
  • the right to object: you can object at any time to processing carried out on the basis of consent or legitimate interests. We will immediately stop processing your data unless our legitimate interests override your interests, rights and freedoms, or if your data is needed to defend legal claims;
  • right to withdraw consent: you can withdraw your consent at any time by notifying us at info@386LAB.si, and we will no longer use the data for the purpose for which it was withdrawn. The withdrawal of consent shall be valid for the future and shall not affect the processing carried out prior to your withdrawal;
  • the right to lodge a complaint with a supervisory authority: if you suspect that the processing of your data is in breach of personal data protection legislation, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, at the address Dunajska cesta 22, 1000 Ljubljana, Slovenia, phone number: +386 (0)1 230 97 30, email address: gp.ip@ip-rs.si.

The data subject may address all requests concerning the exercise of rights relating to personal data in writing to the email address info@386LAB.si or to the company address NUM d.o.o., Železnikova ulica 4, 2000 Maribor, Slovenia.

For the purposes of reliable identification in the event of the exercise of data subject rights, the controller may request additional data from the data subject, but may not refuse to act on the request unless it demonstrates that it is not in a position reliably to identify the data subject.

The controller shall respond to a request by a data subject for exercising his or her rights concerning personal data without undue delay and no later than one month after receiving the request.

 

IV. Validity of the Privacy Policy

NUM d.o.o. reserves the right to adjust the personal data protection policy to the actual situation and to the legislation in the field of personal data protection, if necessary. For this reason, we ask you to check the current version of the policy before each submission of personal data so that you are aware of any modifications and amendments.

This Privacy Policy was updated on 21/03/2025.

NUM d.o.o.