Privacy Policy

Version 1.0 — Last updated: 14.11.2025

This Privacy Policy provides information in accordance with Article 13 of the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (ZVOP-2) regarding the collection, processing, and protection of your personal data when using the website https://odetoconnection.com/ or purchasing a print book, e-book, or interacting with Urška Podvršič s.p.

1. Data Controller

Urška Podvršič s.p.
Pot na Fužine 5
1000 Ljubljana
Slovenia

Registration number: 3222403000
Tax code: SI 23719435
Email: info@odetoconnection.com

(Hereinafter: the “Organization”, “Company”, “we”, or “us”)

2. Definitions

The terms used in this Privacy Policy have the same meaning as in the General Data Protection Regulation (EU) 2016/679 (GDPR), including:

Personal data” – any information relating to an identified or identifiable individual
Processing” – any operation performed on personal data
Data subject” – an individual whose personal data is processed

3. Categories of Personal Data We Process

We process personal data only to the extent necessary for specific purposes. Depending on your interaction, we collect the following categories:

3.1. For ordering print books or e-books
  • Name, surname
  • Email address
  • Billing address
  • Shipping address (print books only)
  • Order details
  • Payment confirmation information (handled by third-party payment processors)
3.2. When subscribing to newsletters
  • Email address
  • Optional: name
3.3. When contacting us / customer support
  • Name
  • Email address
  • Content of communication
3.4. Website usage and cookies
  • IP address
  • Device and browser data
  • Pages visited, interactions, access times
  • Cookie preferences
4. Legal Bases and Purposes of Processing

We process personal data on the following legal grounds:

4.1. Performance of a contract – Article 6(1)(b) GDPR
  • Processing and fulfilling book or e-book orders
  • Providing order confirmations and customer support
  • Delivering digital download links
4.2. Legal obligations – Article 6(1)(c) GDPR
  • Maintaining accounting and tax records
  • Issuing invoices and complying with financial regulations
4.3. Consent – Article 6(1)(a) GDPR
  • Sending newsletters and marketing emails
  • Using non-essential cookies
  • Consent may be withdrawn at any time.
4.4. Legitimate interest – Article 6(1)(f) GDPR
  • Improving website functionality and user experience
  • Protecting the website and preventing fraud
  • We balance such interests against your rights.
5. Retention Periods

Data is deleted or anonymized after retention periods expire.

6. Special Categories of Data

We do not collect or process sensitive personal data (e.g., health data, beliefs, biometric data).
If you voluntarily provide such data, it will be immediately deleted unless legally required.

7. Children’s Data

Our services are not intended for individuals under 15 years of age.
We do not knowingly collect their data.
If we become aware of processing relating to a minor, we will delete the data without delay.

8. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

9. Sharing of Personal Data

We do not sell your personal data.
We may share data with trusted processors who assist us:

9.1. Types of processors
  • Website hosting providers
  • Email service providers
  • Payment processors (e.g., Stripe, PayPal or similar)
  • Ebook delivery platforms (if applicable)
  • Shipping services (for print books)
  • Analytics and cookie service providers

All processors operate under written GDPR-compliant agreements.

9.2. Legal authorities

We may disclose your data only when required by law.

10. International Transfers

Some service providers may operate outside the EU/EEA.
If this occurs, we ensure:

  • EU adequacy decisions, or
  • Standard Contractual Clauses (SCCs), or
  • Other GDPR-compliant safeguards

Your data is protected regardless of location.

11. Data Security

We use technical and organizational measures to ensure personal data remains protected, including:

  • Secure hosting and server configurations
  • Access control and authentication
  • Secure communication (HTTPS)
  • Data minimization and limited access
  • Contracts ensuring protection by third-party processors
12. Cookies and Tracking Technologies

We use cookies for:
Essential purposes

  • Website functionality
  • Order processing and security
    (No consent required)

Analytics cookies (optional)

  • Understanding visitor behavior
  • Improving services

Marketing cookies (optional)
Used only if you give consent.
You can manage cookie settings anytime through the cookie banner on our site.

13. Rights of Data Subjects

You have the following rights under GDPR:

  • Right of access to your data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Supervisory Authority in Slovenia:
Information Commissioner (Informacijski pooblaščenec)
Dunajska cesta 22
1000 Ljubljana
Email: gp.ip@ip-rs.si
Website: https://www.ip-rs.si

14. How to Exercise Your Rights

You may contact us at any time regarding your rights:
info@odetoconnection.com
Urška Podvršič s.p., Pot na Fužine 5, 1000 Ljubljana, Slovenia

We will respond within one month, as required by GDPR.

15. Amendments to this Privacy Policy

We may update this Privacy Policy periodically.
Changes will be published on our website with the updated version number and date.

Your continued use of the website indicates acceptance of the updated terms.