Privacy Policy and Cookie Policy

When you visit this website (”Website”) we take your privacy seriously. This Privacy Policy and Cookie Policy (‘’Policy’’) explains who we are, how we collect, process, use and store your personal data in accordance with legislation of Republic of Slovenia and Regulation (EU) 2016/679 (General Data Protection Regulation-GDPR).

We process personal data only for the purposes for which it was collected and in accordance with this Policy. We take reasonable steps to ensure that the personal data we process is accurate, complete and current, but we depend on you to update or correct your personal data when necessary.


Controller of personal data is TOSLA d.o.o., Železna cesta 8a, 1000 Ljubljana, Slovenia, VAT nr.:
12355992,  registration nr.: 6596886000 (‘’controller’’, ‘’we’’ or ‘’us’’). We do not have Data Protection Officer as we do not process personal data to such an extent that this obligation should be fulfilled, but you can always contact us by e-mail

When do we collect your personal data, what type of data we collect, on what lawful basis we process data

  • We may collect your personal data when you use our Website.

This Website is designed for informative purpose and is not designed to collect any data from you without your knowledge, but we have to ensure that this Website is secured. We process non-personal data when you visit and use our Website. Some of that data is considered as personal data (such as IP address) but mostly that data alone, cannot be used to identify or contact you. We want to continuously improve our Website and your experience, so the information of your use of our Website is very important for us. For that purpose we use cookies and other tracking technologies to automatically collect and analyze data we collect.

When you visit and use our Website, your browser automatically sends data to our server and temporary saves it. The data we collect may include:

  • operating system,
  • browser type/version,
  • IP address,
  • Date and time of your use of Website.

Legal basis for personal data processing: personal consent which you can withdraw at any time (Article 6 (1) (a) of GDPR) and our legitimate interests (Article 6 (1) (f) of GDPR) for the purpose of securing, improving and optimizing our Website.

  • We collect your personal data when you decide to contact us such as by contact form available at our Website, our e-mail indicated on our Website.

When you send us an e-mail you may provide us with your personal data. We will use your personal data that you provide to us for the purpose of answering your inquiry and to make further contact with you about your regard. The data we collect may include:

  • your e-mail,
  • your name and surname,
  • all other personal and non-personal data that you provide to us voluntary, such us in message.

Legal basis for personal data processing: your consent (Article 6 (1) (a) of GDPR), our legitimate interests (Article 6 (1) (f) of GDPR), or performance of contract or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1) (b) of GDPR).

We do not collect or process other personal data through this Website.


We are not in the business of selling your personal data.  We do share personal data with third parties, which may be processors of your personal data only as set forth in this Policy. We share it with carefully selected business partners that we either control or are our external contractors and that are either subjects to this Policy or that follow practices that are at least as restrictive as those described in this  Policy or we have a data processing contract in accordance with GDPR requirements. We may share it with:

  • Based on your consent, we may share your personal data with those third-parties for whom you have given your consent. Our service providers, Website maintenance staff and as we use some other third-party service providers to offer or facilitate services on our behalf. These services may include research and analyze the individuals who use our Webiste (such us Google Analytics).
  • We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or safety of us or another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed.
  • We may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.



We do not transmit your personal data to third countries, but we use Google Analytics who may forward the collected data to a different country. Please note that Google Analytics might transfer the data outside of the EU/EEA and to a country without the required data protection standards.


We are committed to protecting the online privacy of children and making the internet safe. Any communication we get that is identified as being from a child under 15 will not be kept by us. We encourage parents or guardians of children under 15 to regularly check and monitor their children’s use of email and other activities online.


We do not process personal data for automated decision making and profiling.


We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal data to our employees, service providers and agents who need to know such information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We use secure socket layer (“SSL”) technology to encrypt and protect the security of your personal data. Therefore, while we strive to protect your personal data, we cannot guarantee its absolute security. We are not responsible for the functionality, privacy or security measures of any other organization.


We store your personal data for as long as is needed for its purpose. We may store anonymized information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law. Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration. When personal data is no longer needed, we shall delete it using reasonable measures to protect the personal data from unauthorized access or use.


In relation to your personal data that we process, you have the right:

  • To withdraw consent to processing of your personal data at any time (The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).
  • To obtain confirmation whether we process your personal data.
  • To access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.
  • To rectification: to request that we rectify or update any personal data that is inaccurate, incomplete or outdated.
  • To erasure (Right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc.
  • Of restriction of processing: to request that we restrict the use of your personal data in certain circumstances, such as when accuracy of the personal data is contested by you;
  • To data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances.
  • To object: at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing.
  • To appeal, independent of the above stated rights, to a supervisory authority if you believe that processing of your personal data violates the data protection regulations. You may file a complaint to the competent state authority: Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address:, phone: 00386 1 230 97 30, website:

For all stated rights, you may, at any time, contact us

We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.


Cookies are small text files placed on your hard drive. We use cookies or similar technologies (Google Analytics etc.) to personalize your online experience and improve our Website to you. For example, cookies will remember and process the items in your shopping cart on our Website. You can modify your browser settings to control whether your computer accepts or declines cookies. If you choose to decline cookies, you may not be able to use certain interactive features of our Website. Note that you can always go back and delete cookies from your browser; however, that means that any settings or preferences controlled by those cookies will also be deleted and you may need to recreate them. The law states that we can store cookies on your device if they are strictly necessary for the operation of the Website. For all other types of cookies (unnecessary cookies; e.g. analytics cookies), we need your prior informed consent.

Below is a list of cookies that we use. We have listed them so that you can choose if you want to opt-out of cookies or not.






1 year

This cookie is used to save information whether the visitor agrees with the use of cookie.







2 years

Used to distinguish users by Google Analytics.


24 hours

Used to distinguish users by Google Analytics.


10 minutes

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.



On our Website, we have the component of Google Analytics. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising. The data processing is based on a data processing agreement with Google. You can read more about Google Analytics privacy policy here.

More about Google Analytics: The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.


More information about cookies, including instructions on how to manage cookies in the browser you use, is available at the following links:

If you do not accept our cookies completely, there is a possibility that some parts of our Website will not work properly, or you may need to manually adjust your desired settings each time you visit our Website.


Our Website may contain links to third websites. These websites have their own privacy policies, which you should familiarize yourself with, as we do not assume any responsibility for them.


We may amend this Policy from time to time. Use of personal data we collect now is subject to the Policy in effect at the time such personal data is used. If we make changes in the way we collect or use personal data, we will notify you by posting new Policy on Website. You are bound by the changes to the Policy when you use our Website after such changes have been first posted. This Policy was last updated on 1.6.2021.



Tosla d.o.o.
Železna cesta 8A 
1000 Ljubljana

Phone: +386 81 601 100

Tosla d.o.o. P.E. Ajdovščina
Tovarniška cesta 6E
5270 Ajdovščina

Copyright 2021 © TOSLA d.o.o. All rights reserved.