top of page

Privacy Policy

This document concerns the processing of personal data carried out by the company Progressum d.o.o. (hereinafter referred to as the "Controller") or on behalf of the Controller. It also includes the website's cookie policy.

1. Controller and Contact Information


Progressum d.o.o.
Spodnje Škofije 17a, 6281 Škofije, Slovenia
Company Registration Number: 8355045000
VAT Number: 72387416
 

Any questions or requests related to the exercise of personal data rights can be sent in writing to the email address info@aquaaltaskincare.com or by post to the Controller’s address listed above.

2. Collection, Storage, and Processing of Personal Data


In the course of providing its services, the Controller processes personal data for various purposes and to different extents. Among others, it processes the following categories of data (for a precise and updated list, individuals may contact the Controller directly):

 

Data related to customers and product purchasers:

  • full name;

  • address;

  • delivery address;

  • phone (mobile) number;

  • email address;

  • purchase history;

  • payment information;

  • invoice number;

  • social media data (optional);

  • avatar (optional).

 

Data of individuals subscribed to regular newsletters or messages:

  • full name;

  • email address;

  • phone (mobile) number;

  • data related to email interactions;

  • location.

 

Data of individuals posting comments:

  • full name;

  • avatar (optional);

  • date.

 

Data of website visitors:

  • IP address;

  • network location (when derivable from IP);

  • unique identifier (automatically generated);

  • URLs (domains) of visited pages on the site;

  • date, time, and duration of each page visit;

  • number of pages visited and time spent per page;

  • referral URL that led the visitor to the Controller's website.
     

3. Legal Bases and Purposes for Data Processing


The Controller processes personal data based on one of the legal grounds described below, depending on the purpose of processing:
 

Contractual Obligations

Data is processed to conclude and fulfil a contract in cases where an individual orders or purchases one of the Controller’s products. In this context, the Controller sends email notifications to customers for the following reasons:

  • when a customer chooses payment via UPN, the Controller sends payment instructions via email;

  • to inform customers about order status (e.g. shipping delays).
     

Consent

Processing is based on an individual’s consent in cases such as subscription to newsletters, participation in giveaways, or posting comments/reviews on the website. Consent is also used to send follow-up emails (e.g. abandoned cart reminders). Individuals may withdraw consent at any time without negative consequences by using the unsubscribe link in communications or by contacting the Controller using the contact details provided.

 

Legal Obligations

In certain cases, data processing is necessary to comply with legal requirements (e.g. invoicing for purchased goods or services).

 Legitimate Interest

The Controller may rely on legitimate interest for processing data, for example, to send follow-up emails when a user abandons a shopping cart or to detect, prevent, and respond to misuse or attempted misuse of the website.

4. Retention and Deletion of Personal Data


Personal data in a user profile is retained as long as the user remains registered on the website. Data processed based on consent is stored until the consent is revoked. Invoice data is retained for 10 years from the date of issuance. Data required for contract fulfilment is kept for an additional 5 years after the contract is completed. After the expiry of these periods, the data is either deleted or anonymized in a way that prevents identification of the individual.

5. Voluntariness of Data Provision and Consequences of Non-Disclosure


Providing personal data is voluntary. However, if an individual chooses not to provide their data, they may not be able to access certain services (e.g. product purchase is not possible without delivery and billing details).

6. Access to Personal Data


The Controller does not disclose or provide access to personal data to unauthorized third parties. Outside of Progressum d.o.o., only persons/entities with a contractual relationship regarding data processing—referred to as processors—have access. These processors perform tasks on behalf of the Controller and are obliged to comply with applicable legislation and the Controller’s privacy requirements.


Processors include:

  • marketing service providers;

  • email distribution providers;

  • SMS distribution providers;

  • IT service and software providers;

  • delivery services.

 

Processors may only process data according to the Controller’s instructions and may not use the data for their own purposes. Both processors and their employees are bound by confidentiality obligations.
 

7. Data Subject Rights


Individuals wishing to exercise their rights regarding their personal data or with questions about how their data is processed may do so at any time using the contact details provided at the beginning of this document. For the purpose of reliable identification, the Controller may request additional information before acting on a request and may only refuse action if identification is not possible.


The Controller will respond to any request regarding data subject rights within 30 days. If full resolution is not possible within that time frame, the Controller will inform the individual and provide an explanation.

Right to Information

Individuals have the right to information about what personal data is being processed, the legal basis, purpose, and duration of processing.


Right to Erasure ("Right to Be Forgotten")

Individuals can request the deletion of their data if there are no overriding legal grounds for further processing.


Right to Rectification, Deletion, and Complaint

Individuals may request correction or deletion of their data and may submit complaints regarding data processing at any time using the contact details above.
Unsubscribing from marketing communications can be done via contact details or the unsubscribe link in promotional emails.


Registered users may withdraw from the online shop by sending a written request for deregistration. Before deregistration, users must settle any outstanding obligations from past purchases. Data confidentiality and privacy protections will remain in effect even after deregistration.


Right to Data Portability

Individuals may request that the Controller provide their personal data in a structured, commonly used, and machine-readable format.


Right to Legal Remedies and Sanctions

Individuals have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia or pursue legal remedies if unsatisfied with the authority’s response. Nonetheless, the Controller encourages individuals to first reach out directly.

 

Rights Related to Automated Processing

Individuals have the right not to be subject to decisions based solely on automated processing, including profiling. A complaint may be filed with the Controller in such cases.


Right to Withdraw Consent

Individuals may withdraw their consent for any processing based on consent (e.g. promotional messages) at any time.

8. Cookie Policy


Cookies are small text files that a website sends to a user's browser and are returned to the server during future visits, allowing the server to recognize the user. The Controller's website uses cookies for the following purposes:

  • to ensure an optimal user experience;

  • to recognize registered users;

  • to monitor and analyze site performance and effectiveness;

  • to maintain site security and protection.

 

Under the Electronic Communications Act (ZEKom-1), every website using cookies must inform users about:

  • what types of cookies are used;

  • the purpose of their use;

  • how they are utilized.

 

Like most websites, cookies are used to provide a better, faster, and more secure experience. Additional guidance on cookies is available from the Slovenian Information Commissioner.


This website uses the following cookies:

  • ssr-caching: page rendering;

  • client-session-bind: session management;

  • server-session-bind: session management;

  • XSRF-TOKEN: visit security;

  • hs: platform security enhancement;

  • svSession: visitor identification;

  • fedops.logger.sessionId: session performance logging;

  • mpaSessionId: session maintenance.
     

9. General Information


Any updates to this Privacy Policy will be published on this website. This version is valid and effective from 10 June 2025 onward.

Payment Methods
bottom of page