Privacy policy and protection of personal data Due to the sensitive nature of this area, it is important for us to provide users with all information regarding the protection of personal data on our website. The privacy policy applies to all users of the tobiar.com website (hereinafter: the website) managed by the company Pravi um d.o.o., Ob železnici 27, 1420 Trbovlje (hereinafter: the manager). The controller undertakes to protect the privacy of users on the basis of the Personal Data Protection Act (ZVOP-1) and Regulation (EU) 2016/679. Collection and processing of personal data The controller collects and processes personal data of users in the case of purchase, registration and consent of the individual to receive e-news. For the needs of performing the mentioned activities, the operator collects the following user data:

• name and surname
• address and place of residence
• e-mail address
• telephone number
• IP address
• password in encrypted form
• and other information that users enter in the forms on the website.

With the consent of the user, the controller may process personal data for the purposes of preparing and sending customized offers and informing about offers that interest the user. The provision of personal data is voluntary and may be withdrawn by the user at any time. The data is stored until the user’s consent is revoked or until a request for deletion of data is received. Purpose of collecting personal data The operator of the website collects personal data for the following purposes:

• Content quality improvements and user experience
• Identification of the registered user on the page when performing user activities (adding content, commenting, rating, voting)
• When performing purchase procedures on the website (transaction execution, invoicing, product delivery, complaints) and other communication related to the purchase
• Notification of offers of interest to the user
• Sending e-news and other advertising material
• Market research, in order to optimize supply and costs
• Storage of personal data

The controller stores and adequately protects personal data in electronic form at the company’s headquarters. Data processed for the purpose of fulfilling contractual obligations shall be kept for a maximum of 5 years after the fulfillment of all obligations. Due to meeting the requirements of tax legislation in Slovenia, invoices are kept for 10 years after the end of the year to which the invoice relates. Protecting privacy The operator ensures the protection of privacy in accordance with all applicable laws. We follow technological trends in the field of data protection and build organizational support for their effective protection. Transmission of personal data The controller passes on some of your data to third parties in accordance with the purpose of processing:

• WordPress – An online platform for online stores that allows us to have our online store currently live online in full glory. You can read more about the app itself here.
• Google analytics – An analytics tool that allows us to track users on a website. The app does not collect personal information that could identify the user, but only data used in aggregate analytics such as pageviews, user time per page, user path per page, and number of conversions. You can read more about the app itself here.
• Facebook Connect – The largest social network in the world. In particular, we use the exchange of cookies, which allow Facebook users to more easily interact on our site. You can read more about the app itself here.

Cookies are essential for the operation of the above-mentioned applications. By agreeing to the use of cookies for statistics and advertising, the user agrees to the implementation of these applications. The user has the option to opt out of tracking at any time by consent. You can read more about cookies on the website and how to manage them here.

• The right to information and access to data
• Right to consent and withdrawal of consent
• Right to repair
• Right of deletion
• The right to transferability
• Right to limit
• Right to object and lodge an appeal
• Right to be informed in the event of intrusion into personal data

The user can request the exercise of the following rights by sending a request to the e-mail address of the operator info@tobiar.com. The operator undertakes to reply to the user as soon as possible or at the latest within 15 days of receiving the request.