Privacy policy and personal data protection statement

Supplier’s statement on personal data protection

The privacy policy applies to all users of the perunbullets.si website (hereinafter: website), which is managed by the company (hereinafter: Provider):

Perun Bullets, sports equipment store, Ltd.
Poljubinj 89P, 5220 Tolmin
Registration number: 7351496000 VAT
ID and tax number: SI 48560740
Date of entry in the court register: 9 October 2025
Email address: info@perunbullets.eu

A user is any legal or natural person who uses or visits the website (hereinafter: user).

By using the website, the user agrees to the method of protection, handling and transfer of personal data and agrees to this Privacy Policy and Cookie Policy. By continuing to use the website, the user agrees to the changes.

Privacy Policy

The controller and processor of personal data is the Provider.

The provider will process and manage your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: General Data Protection Regulation) and in accordance with the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07, hereinafter: ZVOP-1).

Personal data is any information relating to a specific natural person or individual, regardless of the form in which it is expressed. It is information that can be used to identify you.

Types of personal data collected by the Provider

The provider collects the following types of personal data:

  • e-mail address,
  • nickname or first and last name,
  • telephone number,
  • online identifiers such as "COOKIES" and IP addresses.

Bases on which the Provider processes personal data

In accordance with Article 6 of the General Data Protection Regulation and Article 10 of ZVOP-1, the provider has the right to process personal data in cases where at least one of the following conditions is met, and to the extent that it is met:

  1. the user to whom the personal data relates has consented to the processing of his or her personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the user to whom the personal data relates is party or in order to take steps at the request of the user prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the Provider is subject; or
  4. processing is necessary for the legitimate interests pursued by the Provider or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user to whom the personal data relate, which require the protection of personal data, in particular where the data subject is a child.

At least one of the reasons listed above in points 1 to 4 must be fulfilled in order for the Provider to process personal data.

The Provider’s purpose for processing personal data

The provider processes users’ personal data:

  • to maintain commercial relations with users, issue invoices, ship products and perform contractual services, and for the purposes of contract performance (effective contract performance);
  • to send advertising messages, if the customer gives their consent for this purpose (marketing);
  • for direct marketing purposes, if the customer gives their consent for this purpose (direct marketing);
  • to comply with tax legislation requirements (keeping tax and accounting records).

More specifically, the Provider collects, processes and stores user data primarily for the following purposes:

  • identification of user profiles,
  • identification of authors, contributions and comments,
  • concluding contracts/agreements on the transfer of material copyrights from the authors of contributions to the publisher (the Provider),
  • communication between users of the website and between the publisher and users of the website,
  • informing individuals about current news and events,
  • advertising our business partners.

Performance of the contract

During the user registration process on the website, the provider collects personal data, the provision of which is a contractual obligation, and the data is processed for the purpose of order processing: completing and confirming the order, preparing the product, delivering the product, resolving complaints and other communication related to the purchase. If the user does not provide the data, the Provider cannot fulfil the obligations arising from the order.

If the user makes a purchase without logging into their user account, the Provider only processes the data that is strictly necessary to execute their order (concluded purchase contract): first name, last name, permanent address for delivery, information about the ordered product, payment information, telephone number and e-mail address, for the purpose of notifying the user about the receipt and processing of the order. Without this information, the Provider cannot execute the order. Except in the event of a possible complaint by the user, the Provider does not process this data for any other purpose, but is required by tax regulations to store it for 10 years after issuing the invoice for the ordered product.

If the user makes a purchase as a registered user of the online store www.perunbullets.eu or website, the Provider also stores the user’s order information within the user profile and uses it for the purposes listed below on the legal basis listed below until the user cancels it (Data of registered users).

Registered user data:

By registering on the website, the user enters into a contract with the Provider for the provision of services to registered users. This gives them the right to use their user profile, where the following data is stored:

  • data that you provide during registration or later when completing your profile;
  • if the user registers using their Facebook or Google+ account, the data provided by Facebook or Google (only the e-mail address and user name) and the data provided by the user themselves are stored;
  • information about purchases made by the user as a registered user.

The Provider uses the data from your profile for the following purposes:

  • for automatic completion of customer details (users do not need to re-enter their delivery address details each time – they can save multiple addresses and simply select the one they want to receive their order at when placing an order – they can add a new address, change or delete an old one at any time);
  • so that the Provider can show the user their purchase history, which makes it easier for them to order products that they order frequently;
  • that the Provider may prepare special offers, benefits and promotions, which it will send by e-mail or post to registered users with similar purchasing habits (if the user specifically allows the Provider to do so during registration or at a later date; this permission can be easily revoked at any time in the user profile);
  • that the Provider may conduct internal research and analyses that enable the Provider to ensure the highest quality and most favourable offer on the website for all customers.

Legitimate interests of the Provider

The Provider may process certain personal data on the basis of the company’s legitimate interest, where its interests prevail over the fundamental rights and freedoms of the user, e.g. for the purpose of preventing fraud and possible criminal offences.

Consent

Subscription to electronically delivered news:

Users can subscribe to receive e-notifications at any time by:

  • enter their e-mail address in the registration form on the website;
  • When registering your user profile, tick the box "Subscribe to e-news".

The Provider will send subscribers to the e-newsletter news, notifications about new products, any special features related to business and current promotions and special offers to their e-mail address.

The provider will process the user’s personal data for the purpose of sending e-newsletters until the user cancels their subscription.

Users may unsubscribe from receiving e-newsletters at any time in the manner described in each individual e-newsletter or by sending an e-mail to or a written cancellation to the Provider’s e-mail address or postal address. Registered users may also unsubscribe in their user profile.

Retention period

The provider stores and protects personal data in electronic form appropriately at the company’s headquarters.

Data processed for the purpose of fulfilling contractual obligations is stored until all obligations arising from the contractual relationship have been fulfilled or until the expiry of the limitation period for individual claims. In accordance with the Obligations Code (Official Gazette of the Republic of Slovenia No. 97/07 and subsequent amendments, hereinafter: OZ), the general limitation period for contractual obligations is 5 years.

Due to tax legislation requirements, invoices and related personal data are stored for 10 years after the end of the year in which the invoice was issued.

Personal data processed on the basis of the user’s consent is managed and stored until its revocation. The user may at any time submit a written request to revoke the use and processing of their personal data to the Provider’s e-mail address.

Once the purpose of processing personal data has been fulfilled or the limitation period has expired, personal data shall be destroyed, deleted, blocked or anonymised.

Security measures for the protection and disclosure of personal data

The provider guarantees all users the protection of personal data entered during registration in accordance with the General Data Protection Regulation and the applicable ZVOP-1. It has adopted appropriate technical and organisational security measures to ensure the integrity of information and confidentiality of data in accordance with the obligations set out in the General Data Protection Regulation and ZVOP-1.

The security measures adopted include determining and identifying persons who are granted access to data and IT systems, recording data in a security document, informing persons who have access to data of their obligation of non-disclosure, implementing security measures to restrict access by unauthorised persons and prevent unauthorised intrusions, storing the website and its data on servers in Slovenia, keeping records of incidents and using a system for obtaining backup copies and restoring information.

All personal data transfers are protected by a secure SSL protocol.

However, the provider may disclose personal data if required to do so by law or in good faith that such action is necessary to:

  1. ensuring compliance with legal orders or court proceedings against the Provider or the website;
  2. protecting and safeguarding the rights or property of the Provider or its family of websites;
  3. taking action in emergency situations to protect the personal safety of the Provider's employees or agents, users of the Provider's products or services, or the general public.

The provider undertakes and commits to carefully protecting data in accordance with the law and to acting in accordance with the provisions of ZVOP-1 and the General Data Protection Regulation.

By accepting the general terms and conditions and using the website, users agree that the provider cannot fully guarantee the security or privacy of information transmitted via the Internet or e-mail, and that they will not hold the provider liable in any way in connection with the use of such information by third parties. There is a possibility that other members or users of the service, including unregistered users, may send, link or transfer offensive or obscene material to the service or other users, and that users will be exposed to such material. It is also possible that others may misuse users’ personal information through the use of the service and that they may use it to cause distress or harm. By accepting the general terms and conditions, users or members agree that the provider is not responsible for the handling of information sent by third parties.

Disclosure of data to third parties

Pondunik will not disclose your personal data to third parties without your express prior consent, except:

  • in cases where this is necessary to comply with the legal obligations of the Provider (e.g. disclosure of personal data to state authorities upon their reasoned written request in connection with specific proceedings),
  • external service providers with whom Pondunik has concluded appropriate data processing agreements (e.g. accounting service, printer, post office) – they process this data exclusively on behalf of the Provider and for the purposes of performing services for the Provider.

User rights

Users who have provided their personal data have the following rights:

  • right to rectification,
  • right to erasure ("right to be forgotten"),
  • the right to restriction of processing,
  • the right to data portability,
  • right to object,
  • the right to access data.
  • Right to rectification of inaccurate personal data

The user has the right to request that the Provider correct or supplement inaccurate or incomplete personal data relating to him.

The provider shall notify the user without delay in the event of any correction or supplementation of personal data.

  • Right to erasure/to be forgotten

The user has the right to request the Provider to immediately delete personal data processed in relation to him/her.

In the event of the deletion of personal data, the provider shall notify the user of the deletion without delay.

If you would like us to delete your personal data from the collection of personal data of website users, please notify us at the Provider’s e-mail address.

  • Right to restriction of processing of personal data

The user has the right to request that the Provider restrict the processing of their personal data in the event of inaccuracy, illegality, cessation of the purpose of processing or lodging an objection.

  • Right to data portability

The user has the right to request that the Provider provide them with the personal data that it processes in relation to them.

The user has the right to request that the Provider transfer the personal data it processes in relation to the user to another controller at the user’s request.

  • Right to object

In addition to the right to withdraw consent, in the case of the use of users’ personal data for the purposes of information or direct marketing, the user may at any time request in writing that the use of their personal data for this purpose be discontinued.

In the event of an objection to processing for marketing purposes, the Provider will immediately cease processing the user’s personal data for marketing and communication purposes.

  • Right to access personal data relating to you

You have the right to obtain confirmation from the provider as to whether personal data relating to you is being processed, to request access to personal data relating to you and the following information:

  • purpose of processing,
  • the type of personal data processed in relation to you,
  • users of your personal data,
  • the expected period of storage of personal data,
  • source of personal data.

The user may exercise their rights by sending a written or electronic request to the Provider. The request should be sent by post to the Provider’s address or to the Provider’s e-mail address. The Provider shall approve the request or inform the user of the reasons for rejection without undue delay, but no later than 15 days after receiving the request.

Breach of personal data protection

In the event of a personal data breach and if it is likely that such a personal data breach could result in a high risk to the rights and freedoms of the user, the Provider shall immediately notify the user thereof.

In the event of a personal data breach, the Provider shall notify the competent authority of the breach without undue delay, and no later than 72 hours after becoming aware of the personal data breach.

Right to appeal

In the event of a breach of personal data protection, the user has the right to lodge a complaint against the Provider with the competent supervisory authority at the following address: Information Commissioner, Zaloška 59, 1000 Ljubljana, or at: gp.ip@ip-rs.si.

Final provision

All explanations regarding the processing of users’ personal data refer solely to use within the website and do not apply to pages and integrated applications that users access via links found on the website. The websites and integrated applications accessed via the links have their own provisions on the processing of personal data, which may differ. The provider recommends that users familiarise themselves with the information on the processing of personal data on these websites/applications before using them.

General information

The Provider may update the Privacy Policy from time to time. When it does so, it will change the last modified date displayed on the Privacy Policy accordingly.

In case of any questions, ambiguities, or exercising of rights in the field of personal data, the user may contact the Provider’s contact person at the Provider’s postal address or e-mail address.

Cookie policy

The website only uses cookies that are necessary for the functioning of the website and its basic functionalities. The provider loads them onto the visitor’s computer as soon as they enter the site. This website does not use optional tracking cookies or third-party cookies.

The provisions of this section on cookies are part of the Website’s Privacy Policy. The Provider uses cookies to provide its services. By browsing the Website, the user accepts the cookies and the policy set out in this section.

Given that the use of the content and services of the website implies acceptance of the terms and conditions set out in this policy and its subsequent updates, the Provider recommends that you read this section frequently if you continue to use the website.

What are cookies?

A cookie is a file that is downloaded to the user’s computer when they access certain websites. Among other things, cookies enable websites to store and retrieve information about the user’s browser or computer habits and, depending on the information they contain and how the computer is used, can be used to recognise the user.

Why does the Provider use cookies?

The provider uses cookies for the basic functioning of the website.

Which cookies does the Provider use on its website?

The data obtained by cookies on the website is processed by the Provider.

The website uses session cookies, which are necessary for the website to function. These are stored on the user’s computer when they visit the website and are deleted when the user closes their browser.

The website also uses essential cookies, which ensure the functioning of essential website features, such as the online store shopping cart. The Provider does not require the user’s explicit consent for these cookies.

How can cookies be rejected?

If the user wishes to allow, know, block or delete cookies installed on their computer, they can do so by configuring the browser options installed on their computer. More detailed information, depending on the browser, is available on the following websites: