Privacy Policy

 

Effective from: 1 January 2026

 

Your privacy matters to us.

 

This Privacy Policy explains how EKOSOL TT d.o.o. (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit the BreatheBuddies™ website, communicate with us, and purchase products through embedded shopping features / checkout on the same website.

 

1. Data Controller

 

Full name: EKOSOL TT podjetniško in poslovno svetovanje d.o.o.

Contracted name: EKOSOL TT d.o.o.

Address: Ozeljan 32g, 5261 Šempas, Slovenia, EU

Company Registration Number: 8753130000

Tax number: 30235251

ID for VAT: SI30235251

Email: hello@breathebuddies.com

Phone: +386 40 722 774

Main activity: 70.200 (Business, oth. management consult. act.)

Registering Authority: Okrožno sodišče Nova Gorica, reg. number: 2020/36569

Capital contribution: 7,500.00 EUR

IBAN: LT063250044382496916, BIC: REVOLT21XXX, REVOLUT BANK UAB, LITHUANIA

We are responsible for managing and protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Slovenian legislation (including ZVOP-2).

 

2. Right to Privacy

 

We respect your privacy and process personal data responsibly, carefully, and in compliance with applicable law. Access to personal data is permitted only to authorised persons and contractual processors, to the extent necessary to operate the website and shop, provide customer support, and fulfil our contractual and legal obligations.

 

3. What Information We Collect

 

We collect only the information necessary for the functioning of our website, communication, and order fulfilment.

 

A) Information you provide directly (website & communication)

  • Name and email address (newsletter subscription, contact forms)
  • Any message or information you choose to share in correspondence

 

B) Information you provide when you shop (checkout / orders)

Depending on your order and chosen delivery/payment method, we may collect:

  • Name and surname
  • Billing address and/or delivery address
  • Email address and phone number
  • Order details (products purchased, quantity, price, time of purchase)
  • Communication related to your order (support requests, return/withdrawal, complaints)

Payment data: We do not store full card numbers. Payment is processed by payment providers (e.g., Shopify Payments and/or other providers shown at checkout). We may receive limited payment-related information, such as payment status, transaction reference, and fraud signals.

 

C) Information collected automatically (website usage)

  • Device and browser information
  • Approximate location (derived from IP address)
  • Pages visited, time spent, interactions
  • Cookie identifiers and consent preferences (depending on your cookie choices)

 

D) Complaints, returns, and disputes

If you contact us regarding returns, withdrawal, warranty/non-conformity, or complaints, we may process:

  • Contact details
  • Order reference and purchase details
  • Content of your request and our resolution steps

 

Sensitive data

We do not intentionally collect special category data (e.g., health data). Please do not submit such data via forms or emails unless necessary.

 

4. Purpose of Processing

We use personal data for legitimate and clearly defined purposes, including:

Website & community

  • Responding to inquiries and communications
  • Sending newsletters or educational updates (only with consent)
  • Improving website performance and user experience
  • Maintaining security and preventing misuse

Shopping & order fulfilment

  • Creating and processing orders, providing order confirmation and updates
  • Delivering products and handling logistics
  • Providing customer support related to orders
  • Managing returns, withdrawal requests, complaints, warranty/non-conformity claims
  • Issuing invoices and meeting accounting/tax requirements
  • Fraud prevention and security checks (where necessary)

We do not sell your personal data and do not share it with third parties for their own marketing purposes.

 

5. Legal Bases for Processing (GDPR)

We process personal data under one or more legal bases:

  • Contract performance (Art. 6(1)(b)): to process and deliver your order, provide support, and manage returns/withdrawals
  • Consent (Art. 6(1)(a)): newsletter, non-essential cookies, optional marketing tools
  • Legal obligation (Art. 6(1)©): accounting, tax, consumer-law obligations, record-keeping
  • Legitimate interest (Art. 6(1)(f)): website security, fraud prevention, analytics (where applicable and balanced against your rights)

You can withdraw consent at any time (e.g., newsletter unsubscribe or cookie settings) without affecting the lawfulness of processing prior to withdrawal.

 

6. Cookies and Analytics

We use cookies and similar technologies to ensure the website works, to remember preferences, and (if you consent) to analyze traffic and improve performance.

You can manage cookie preferences via our cookie banner and/or your browser settings.

Cookie categories (modelled on best practice)

  1. Necessary cookies – required for core website/shop functions (e.g., security, navigation, checkout session).
  2. Preferences cookies – remember settings like language or region.
  3. Analytics cookies – help us understand usage and improve the website (typically aggregated or pseudonymized).
  4. Marketing cookies – used to measure ad performance or show relevant offers (only with consent; may involve third-country transfers).
  5. Unclassified cookies – cookies under review and not yet categorized; they remain disabled until classified where required by law.

A detailed cookie notice is displayed when you first visit the site, allowing you to manage your preferences.

 

7. Data Sharing and Processors (Third Parties)

We may share personal data only as necessary with trusted service providers (“processors”) who act on our behalf under contractual obligations.

Typical categories include:

  • E-commerce platform and infrastructure (e.g., Shopify and related services used for checkout, order management)
  • Payment providers (e.g., Shopify Payments and/or payment methods shown at checkout)
  • Shipping and logistics partners (e.g., Pošta Slovenije and/or other courier services, depending on availability)
  • Email delivery tools (newsletter delivery, transactional emails)
  • Analytics and security providers (depending on your cookie consent and configuration)
  • Accounting and professional advisers (where necessary for legal compliance)

We share only the minimum data necessary (e.g., delivery address with the courier; order and payment status with the payment provider).

 

8. International Transfers (Outside the EEA)

Some of our service providers (especially e-commerce and analytics providers) may process data outside the European Economic Area (EEA).

If personal data is transferred to countries that do not provide an equivalent level of protection, we ensure appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
  • other lawful transfer mechanisms recognized by GDPR.

You may contact us to request more information about applicable safeguards.

 

9. Data Retention

We retain personal data only for as long as necessary for the purposes described above, or as required by law.

Typical retention periods:

  • Order and invoice data: retained for the period required by accounting/tax laws
  • Customer support communications (order-related): retained for a reasonable period after resolution (e.g., up to 24 months), unless a longer period is required for legal claims
  • Newsletter sign-ups: until you unsubscribe or withdraw consent
  • Analytics data: retained according to tool settings and in aggregated/pseudonymized form where possible
  • Cookie preferences: retained according to consent configuration

When data is no longer needed, it is securely deleted or anonymized.

 

10. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion (where applicable)
  • Restrict or object to processing (where applicable)
  • Data portability (where applicable)
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec)

To exercise your rights, contact us at hello@breathebuddies.com. We respond within the legally prescribed timeframe.

 

11. Data Security

We take data protection seriously. We use appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, or misuse (e.g., access controls, encryption in transit where applicable, secure infrastructure).

 

12. Children’s Privacy

Our website is intended primarily for parents and guardians.

We do not knowingly collect personal data from children under 16 without valid parental/guardian consent. If you believe a child has provided us with personal data, please contact us, and we will take appropriate steps to delete it.

 

13. Data Protection Contact

If you have any questions about privacy or how we handle personal data, contact us at:

hello@breathebuddies.comEKOSOL TT d.o.o., Ozeljan 32g, 5261 Šempas, Slovenia, EU

 

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The most current version will always be available on this page, with the effective date stated at the top.