Skip to content
FREE SHIPPING
30% OFF EVERYTHING
BUY 2+ FOR ADDITIONAL 10%
English English
0

Privacy policy

Version 2.0 – 10 September 2025

Key Facts

Who? Maru + Bo trgovina d.o.o., Pražakova ulica 10, 1000 Ljubljana, Slovenia, is the data controller.
What? We collect your contact data (e-mail, phone, address), transactional data (purchases, refunds), and minimal technical data (cookies, logs).
Why? To conclude and perform sales contracts, provide customer service, send newsletters (with consent), maintain site security, and improve our services. Your choices: Providing data is voluntary, except where required to perform a contract. You can withdraw consent at any time via unsubscribe link.

1. Who We Are

Controller: Maru + Bo, trgovina, d.o.o., Pražakova ulica 10, 1000 Ljubljana, Slovenia. Company Reg. No.: 6315046000, VAT ID: SI16528638. We act as data controller under GDPR, ZVOP-2 and ZEKom-2. Contact: info@maru.bo 

2. What Personal Data We Collect

- Contact data: name, surname, e-mail, phone, address, tax ID (for invoices). 
- Transaction data: purchases, returns, payment details, refunds.
- Technical data: truncated IP, browser/OS, device data, strictly necessary cookies, logs.
- Communication data: inquiries, recorded calls (with notice). 
- Marketing data: newsletter sign-up, product-availability notifications, style preferences. 

3. Purposes & Legal Bases

I) Online Shopping and Services – to conclude and perform sales contracts (Art. 6(1)(b) GDPR).
II) Product Presentation – adapting website content to preferences (legitimate interest, Art. 6(1)(f)).
III) Advertising & Market Analysis – creating segments, promoting offers, analyzing shopping habits (legitimate interest, Art. 6(1)(f)).
IV) Product & Technology Development – improving services, preventing fraud, developing IT (legitimate interest, Art. 6(1)(f)).
V) Service Optimization & Compliance – fulfilling legal obligations, demonstrating compliance, protecting claims. Newsletters & Notifications – only with your consent (Art. 6(1)(a)).

4. Voluntariness and Consequences

Providing personal data is voluntary. Without necessary data, contracts cannot be concluded or performed. Refusal of consent only affects receipt of newsletters; no other consequence follows. Technical data are generated automatically when visiting the site.

5. Profiling & Automated Decisions

We do not make automated decisions with legal or similarly significant effects. We may create limited audience segments (e.g., newsletter engagement) for marketing and analytics.

6. Retention Periods

- Account/membership: duration of account. 

- Transaction data: 5 years after end of relevant tax year. 

- Customer service records: 2 years from last contact. 

- Newsletter/marketing data: until withdrawal of consent or max. 24 months from last engagement.

- Consent records: 5 years (compliance evidence).

- Security logs: 30 days, unless needed longer.

- Availability notifications: max. 6 months.

7. Recipients & International Transfers

We share data with trusted partners as processors: postal/courier providers, payment processors, IT/cloud services, analytics and marketing providers, logistics partners. Some transfers occur outside the EEA (USA). Safeguards: Standard Contractual Clauses (SCCs), supplementary measures. Key processors: Klaviyo (e-mail, USA), Shopify (hosting, EU), Google Analytics 4 (USA), Meta Ads (global), TikTok Ads (global).

8. Security Measures

We apply TLS 1.3 encryption, strict access control (least privilege), regular security updates, vulnerability scans, and administrator audit logs.

9. Your Rights

You may request access, rectification, erasure, restriction, portability, and objection (Art. 21 GDPR). You may withdraw consent at any time (unsubscribe link). Requests can be sent to info@maru.bo. 

10. How to Lodge a Complaint

You may complain to the Information Commissioner of Slovenia (Dunajska cesta 22, 1000 Ljubljana, ip@ip-rs.si) or to your local EEA authority. 

11. Social Media & Online Technologies

We operate brand profiles on Facebook, Instagram, YouTube, Pinterest, TikTok. These platforms collect usage data via cookies/pixels when you interact with our profiles. We receive anonymized statistics; platforms remain controllers for your personal data. We may also use Facebook Custom Audience, Facebook Pixel, TikTok Pixel and similar technologies (only with your consent). 

12. Cookies & Pixels

Our website uses necessary cookies for functionality and optional cookies/pixels for analytics and marketing (Google, Meta, TikTok, others). Consent for optional cookies is requested upon your first visit and may be managed in cookie settings. 

13. Changes to This Policy

We may amend this Policy at any time. The latest valid version is indicated by version number and date above. If changes are material, we will notify subscribers via e-mail.