Privacy Policy

Adventure to Color  |  Last updated: March 2026

§ 1 Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

•      Adventure to Color

•      Ljubljana, Slovenia

•      Email: t56uk9v@gmail.com

If you have any questions about data protection, please contact us at the email address above.

§ 2 General Information on Data Processing

We process personal data of our users only to the extent necessary to provide a functioning website and our content and services. Personal data is processed regularly only with the consent of the user or where processing is permitted by law.

The legal bases for the processing of personal data are:

•      Art. 6(1)(a) GDPR – Consent of the data subject

•      Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures

•      Art. 6(1)(c) GDPR – Compliance with a legal obligation

•      Art. 6(1)(f) GDPR – Legitimate interests of the controller

§ 3 What Data We Collect

As part of the ordering process, we collect the following personal data:

•      Name

•      Email address

•      Billing address

•      Payment information (processed by Shopify Payments)

•      IP address and browser information (technically required)

We do not collect sensitive personal data (e.g. health data, political opinions).

§ 4 Purpose of Data Processing

Your data is used exclusively for the following purposes:

•      Processing and fulfilling your order

•      Providing the download link after purchase

•      Sending the order confirmation by email

•      Compliance with legal retention obligations (e.g. tax records)

•      Fraud prevention and security

We do not use your data for advertising purposes or newsletters unless you have explicitly consented to this.

§ 5 Shopify Payments

For payment processing, we use Shopify Payments, a service provided by Shopify Inc., 151 O’Brien Street, Ottawa, Ontario, K1P 6L2, Canada.

When you make a payment, your payment details (e.g. credit card number, expiry date) are transmitted directly to and processed by Shopify Payments. We do not have access to your full payment data. Shopify Payments processes data in accordance with its own privacy policy, which can be found at https://www.shopify.com/legal/privacy.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

§ 6 Facebook Pixel

Our shop uses the Facebook Pixel, an analytics tool provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The Facebook Pixel allows us to track the behaviour of visitors to our website after they have been redirected to our site by clicking on a Facebook advertisement. This enables us to measure the effectiveness of our Facebook ads for statistical and market research purposes and to optimise our advertising efforts.

The data collected is anonymous to us and does not allow any conclusions to be drawn about the identity of users. However, the data is stored and processed by Facebook, which means a connection to the respective user profile is possible. Facebook may use this data for its own advertising purposes in accordance with its data use policy.

Legal basis: Art. 6(1)(a) GDPR (consent). You can object to data collection by the Facebook Pixel by adjusting your cookie settings in our shop or by managing your advertising preferences on Facebook at https://www.facebook.com/settings/?tab=ads.

For more information on data protection at Facebook, please visit: https://www.facebook.com/about/privacy

§ 7 Shopify as a Platform

Our online shop is operated on the Shopify platform (Shopify Inc., 151 O’Brien Street, Ottawa, Ontario, K1P 6L2, Canada). Shopify processes personal data on our behalf that is technically necessary for the operation of the shop (e.g. order data, IP addresses).

Shopify is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection. For more information, please visit https://www.shopify.com/legal/privacy.

§ 8 Email Communication

After your purchase, we will send you an order confirmation and the download link by email. These emails are necessary for the performance of the contract and are sent on the basis of Art. 6(1)(b) GDPR.

We do not send promotional emails or newsletters unless you have explicitly consented to receive them.

§ 9 Retention Period

We store your personal data only for as long as is necessary to fulfil the respective purposes:

•      Order data: 10 years (statutory retention obligation for accounting records)

•      Email communication: 3 years after completion of the purchase contract

•      Facebook Pixel data: in accordance with Meta's storage policy (usually 180 days)

After the respective retention period expires, the data is routinely deleted.

§ 10 Disclosure of Data to Third Parties

We only share your personal data in the following cases:

•      With Shopify Inc. as a technical service provider for operating the shop

•      With Shopify Payments for payment processing

•      With Meta Platforms (Facebook Pixel) – only with your consent

•      With authorities, where we are legally required to do so

We do not sell your data to third parties.

§ 11 Your Rights as a Data Subject

Under the GDPR, you have the following rights:

•      Right of access (Art. 15 GDPR) – You may request information about the data we store about you at any time

•      Right to rectification (Art. 16 GDPR) – You may request the correction of inaccurate data

•      Right to erasure (Art. 17 GDPR) – You may request the deletion of your data, provided no legal retention obligations apply

•      Right to restriction of processing (Art. 18 GDPR)

•      Right to data portability (Art. 20 GDPR)

•      Right to object (Art. 21 GDPR) – You may object to the processing of your data at any time

•      Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact us at: t56uk9v@gmail.com

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Slovenia is the Informacijski pooblaščenec (https://www.ip-rs.si).

§ 12 Data Security

We use technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

Data transmission on our website is encrypted using the HTTPS protocol (SSL/TLS).

§ 13 Cookies

Our shop uses cookies – small text files stored on your device. The following types of cookies are used:

•      Technically necessary cookies: These are required for the operation of the shop (e.g. shopping cart, session). Legal basis: Art. 6(1)(f) GDPR.

•      Marketing cookies (Facebook Pixel): These are only set with your explicit consent. Legal basis: Art. 6(1)(a) GDPR.

You can disable or delete cookies in your browser at any time. Please note that disabling technically necessary cookies may affect the functionality of the shop.

§ 14 Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or reflects changes to our services. The current version is always available on our website.

Note: This privacy policy has been prepared to the best of our knowledge but does not replace individual legal advice. We recommend having this document reviewed by a data protection expert.