Personal Data Controller and Contact Details

This policy applies to the processing (use) of any personal data carried out by the Ljubljana Castle Public Institution (the controller) or carried out on behalf of the controller.

Information about the controller:

Ljubljana Castle Public Institution 

Grajska planota 1

1000 Ljubljana

Registration No.: 3887359

Which Personal Data Do We Process? 

  • basic contact information (name, telephone number, email address);
  • information on website use (clicks on links, time spent) and information on responses to emails (whether the message was opened, which links the customer clicked);
  • information needed by the seller to fulfil the contract and the delivery of the purchased goods (subject of purchase, price, delivery address, delivery time, method of payment, date of payment, data on complaints, information on the issued invoice, etc.);

Legal Basis for Processing Personal Data 

The customer’s personal data can processed on the following legal bases:

  • when needed in order to fulfil the seller’s legal obligations (e.g., issuing invoices for purchased goods);
  • when the processing of the customer’s personal data is necessary in order to conclude and fulfil a contract concluded between the seller and the customer or because the customer has requested an offer from the seller;
  • when the customer has consented to the processing of personal data for a specific processing purpose, in which case the customer always retains the right to revoke the given consent;
  • when the seller has a legitimate interest in the processing of personal data (e.g., the seller sends an email to the customer in the event that he or she has left the shopping cart in the online store without completing the purchase).

Purposes of Personal Data Processing 

The customer’s personal data may be used by the seller for one or more of the following purposes: 

  • communication regarding the provision of the seller’s services and responding to customer inquiries;
  • conclusion of the contract and fulfilment of the obligations arising from the concluded contract;
  • to enforce any legal claims and resolve disputes;
  • for statistical analyses regarding the sale of goods and use of the shop’s websites.

Retention Period of Personal Data 

The seller shall retain the basic personal data (name, surname, email, language, date of account creation, last visit, company, address, telephone, country) as long as the customer has the status of a registered customer at the Friderik online store.

Personal data processed on the basis of the customer’s consent are stored permanently or until the revocation of this consent by the customer.

The customer can change his or her data at any time or request a record or deletion of such data in the module Your Account, GDPR – Personal Data.

Data on issued invoices are retained by the seller for 10 years from the date of issue.

Voluntariness of Provision of Data and Consequences of Non-Provision 

The provision of personal data is voluntary. You are not obliged to provide us with personal data, but if you do not provide such data, you cannot enter into a contract with us (as we need the data to deliver the order). The data required for the execution of the order are: name, surname, email address, address, place, postal code and telephone number.

Access to Your Personal Data 

We shall not provide your personal data or provide information about such data to third parties (outside the Ljubljana Castle Public Institution), except for those who have a written contract with us, on the basis of which they perform certain tasks related to data processing and are obliged to comply with legislation on the processing and protection of personal data (so-called contractual processors). The contractual processors to whom we provide personal data are:

  • software solution providers;
  • delivery services.

Contractual processors may only process personal data within the framework of the agreed instructions and may not process personal data for their own purposes. They are committed, together with their employees, to protecting the confidentiality of your personal data.

Contractual processors do not export personal data to third countries (outside EU Member States and the United Kingdom, Canada and the United States).

Customer Rights Regarding Personal Data 

The customer has the following rights regarding personal data:

- the customer may at any time request from the seller:

  • confirmation of whether the seller is processing the customer’s personal data;
  • access to personal data and the following information in this regard: purposes of processing; types of personal data; users or categories of users to whom personal data have been or will be disclosed, especially users in third countries or international organisations; the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine such a period; the existence of automated monitoring of decisions, including the formation of profiles and the reasons for this, as well as the significance and foreseeable consequences of such processing for the customer;
  • one (free) copy of personal data in a form specified by the customer (if the request is made by electronic means of communication and the customer does not request otherwise, a copy is provided in electronic form); for additional copies requested by the customer, the seller may charge a reasonable fee, taking into account the cost;
  • correction of inaccurate personal data;
  • restriction on the processing of personal data, in the case that:

- the customer disputes the accuracy of the personal data, for a period that allows the seller to verify the accuracy of the personal data;

- the processing of the data is illegal and the customer opposes the deletion of the personal data and instead requests a restriction on their use;

- the seller no longer requires the personal data for the purposes of processing, but the customer needs them to assert, enforce or defend legal claims;

  • the deletion of all personal data (right to be forgotten) if the preconditions set out in Article 17 of the General Data Protection Regulation are met, and in particular in the event that the customer revokes his or her consent to the processing of the personal data;
  • a record of the personal data in a structured, commonly used and machine-readable form, with the right to pass the data on to another controller without interference from the seller;
  • discontinuation of the use of personal data for direct marketing purposes, including profiling;
  • that the customer is not subject to a decision based solely on automated processing, including profiling, provided that the preconditions set out in Article 22 of the General Data Protection Regulation are met.

- the right to lodge a complaint against the seller with the Information Commissioner if the customer believes that the processing of his or her personal data violates the General Data Protection Regulation.

Procedure for Exercising Rights 

You can address your requests regarding the exercising of personal data rights in writing to

For the purposes of reliable identification in the case of exercising rights in relation to personal data, we may request additional information from you, but we may refuse to take action only if we prove that we cannot reliably identify you.

We must respond to your request to exercise your personal data rights without undue delay and at the latest within one month of receiving your request.

Any changes to our privacy policy shall be posted on this website.


Cookies are small text files, which are used by websites to enable more efficient user experience.

Pursuant to the legislation the cookies are stored on your device in case, they are necessary for displaying the website. We need your consent for any other type of cookies.

This website uses various types of cookies. Some are used on request by other websites, which appear on your website.

Strictly Necessary Cookies

Strictly necessary cookies enable a functional website, basic operations, such as website navigation and access to the safe areas of the website. A website does not function properly without these cookies.

Name Servis Valid till Desctiption
PrestaShop-id web 14 days
PHPSESSID web session
__lglaw web 1 month Stores info of cookie banner.

Cookies for Statistics Monitoring

Cookies for statistical purposes allow the owners of websites understand the way the visitors use their website by anonymously collect and report information.

Name Servis Valid till Desctiprion
_ga Google Analytics 2 years Used to distinguish users.
_ga_(container-id) Google Analytics 2 years Used to persist session state.

Advertising Cookies

The Marketing Cookies are used for tracking users on the websites. Their purpose is to display ads, which are appropriate and interesting to an individual user.

Name Servis Valid till Description
ads Google Analytics session Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
collect Google Analytics session Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
NID Google Analytics 6 months Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.