Privacy policy

1. Overview

This privacy policy explains how Feel Awsm, trgovina na drobno d.o.o. (“we”, “us”, “Feel AWSM”) collects, uses, stores, and protects your personal data when you visit feelawsm.com, sign up for our newsletter, complete our routine quiz, or purchase our products. We process your data in accordance with the GDPR, ZVOP-2, and applicable EU consumer-protection law.

2. Data controller

The data controller responsible for processing your personal data on this website is:

Feel Awsm, trgovina na drobno d.o.o.
Potočnikova ulica 10
1000 Ljubljana, Slovenia (EU)
Email: sales@feelawsm.com
Company registration number: 8548684000
VAT-ID: SI62214497

3. Data protection officer

A Data Protection Officer has not been appointed because there is no legal obligation to appoint one under Article 37 GDPR for our current processing activities. Should our processing activities evolve such that the appointment becomes mandatory, we will publish the DPO’s contact details here.

For any data-protection inquiries in the meantime, contact us at sales@feelawsm.com — we read and respond to every message.

4. What data we collect

4.1 Data you provide directly

• Order data: name, billing and shipping address, email, phone (optional), order contents. Payment card details are entered directly into the payment provider’s secure form — we never see or store them.
• Account data: if you create a Shopify customer account, your email, password (encrypted by Shopify), order history, and saved addresses.
• Communication data: when you contact us by email, your name, email address, and the content of your message.
• Newsletter data: email address, first name (optional), consent timestamp, and consent source (e.g. footer form, checkout opt-in).
• Quiz data: answers you provide in the “Find your routine” quiz. By default, quiz answers are processed only to display a result and are not linked to your customer profile. If you choose to receive your result by email, the answers are stored alongside your email address.
• Review data: if you submit a product review via Judge.me, your display name (or initials), rating, comment, and verified-buyer status.

4.2 Data collected automatically

• Technical data: IP address (anonymised before analytics processing), browser type, device type, operating system, referring URL, language.
• Usage data: pages visited, time on page, clicks, scroll depth, exit page — processed only with your consent.
• Cookies and similar technologies: see our cookie policy for full details on what is set, by whom, and for how long.

5. Purposes and legal basis for processing

Purpose	Legal basis (GDPR Art. 6)
Processing your order, payment, and delivery	Art. 6(1)(b) — performance of a contract
Customer service: replying to your messages, processing returns	Art. 6(1)(b) and (f) — contract and legitimate interest in supporting our customers
Sending our newsletter and marketing emails	Art. 6(1)(a) — explicit consent (double opt-in)
Quiz personalisation and emailed quiz result	Art. 6(1)(a) — explicit consent (only if you opt in)
Web analytics (Google Analytics 4)	Art. 6(1)(a) — consent via cookie banner
Marketing analytics (Meta Pixel, TikTok Pixel where used)	Art. 6(1)(a) — consent via cookie banner
Fraud prevention, abuse detection, network security	Art. 6(1)(f) — legitimate interest in operating a safe service
Tax and accounting record retention	Art. 6(1)(c) — compliance with a legal obligation (Slovenian Tax Procedure Act, ZDavP-2, §86)

6. Who we share your data with

We share your data only with the categories of recipients listed below, only to the extent necessary for the stated purpose, and only under a written data-processing agreement (DPA) as required by Article 28 GDPR.

• E-commerce platform: Shopify International Ltd. (Ireland) and Shopify Inc. (Canada) — hosts our store, processes orders.
• Payment providers: Shopify Payments, Stripe, PayPal, Shop Pay — to process payments. Card details are entered directly into the provider’s form; we never receive them.
• Shipping carriers: the carrier responsible for delivering your specific order receives the minimum data needed (recipient name, address, phone for delivery notifications).
• Email marketing platforms: Klaviyo (Klaviyo, Inc., USA) and Mailchimp (Intuit Inc., USA) — send transactional and marketing emails. We rely on EU Standard Contractual Clauses for these transfers.
• Reviews platform: Judge.me (Webcoster, Hong Kong / processing in EU) — collects and displays product reviews.
• Web analytics: Google Ireland Ltd. (Google Analytics 4) — only with consent. Measurement ID: G-VN1FNDRZHH.
• CDN and hosting: Shopify CDN, Cloudflare — serves website assets globally.
• Translation tools: Translate & Adapt (Shopify), EZ Product Translate — automates DE/SL translations of our content.
• Accounting and tax advisors: our external accountants in Slovenia — for fulfilling tax-record obligations.

7. International data transfers

Some of our service providers (notably Shopify, Google, Klaviyo, Mailchimp) process data outside the European Economic Area (EEA), primarily in the United States and Canada. For such transfers we rely on:

• EU Standard Contractual Clauses (SCCs) under European Commission Implementing Decision (EU) 2021/914.
• Adequacy decisions of the European Commission, where applicable (for example the EU–US Data Privacy Framework where the provider is certified).
• Additional technical and organisational safeguards, including encryption in transit and at rest where supported.

You may request a copy of the safeguards we apply by emailing sales@feelawsm.com.

8. How long we keep your data

• Order and invoice data: 10 years from the end of the year in which the transaction occurred (Slovenian Tax Procedure Act, ZDavP-2, §86).
• Account data: until you delete your account, plus a 30-day grace period for accidental restoration.
• Newsletter consent and subscription data: until you unsubscribe, or 36 months after your last interaction with our emails, whichever is sooner.
• Email enquiries: 24 months unless retention is needed for a complaint or legal claim.
• Quiz answers (when emailed result): 12 months from quiz completion, then deleted from our marketing platform.
• Analytics data: Google Analytics 4 set to 14-month retention; earlier deletion on consent withdrawal.
• Cookies: per-cookie retention is listed in our cookie policy.

9. Your rights under GDPR

Under Articles 15–22 GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15) — receive a copy of the data we hold about you.
• Right to rectification (Art. 16) — correct inaccurate or incomplete data.
• Right to erasure (Art. 17) — have your data deleted (“right to be forgotten”), subject to legal retention obligations.
• Right to restrict processing (Art. 18) — freeze processing while a dispute is resolved.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interest, or to direct marketing at any time.
• Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint (Art. 77) — with a supervisory authority (see section 10).

To exercise any of these rights, email sales@feelawsm.com. We respond within 30 days of a verified request (Art. 12(3) GDPR), and may extend this by up to 60 days for complex requests, in which case we will tell you within the first 30 days.

10. Supervisory authority

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Feel Awsm, trgovina na drobno d.o.o. is:

Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec)
Dunajska cesta 22, SI-1000 Ljubljana, Slovenia
Email: gp.ip@ip-rs.si
Website: www.ip-rs.si

You may also contact your local supervisory authority in your country of residence.

11. Data security

We apply appropriate technical and organisational measures to protect your data, in line with Article 32 GDPR:

• TLS/SSL encryption for all data in transit.
• Encrypted password storage (one-way hashing on Shopify infrastructure).
• Role-based access controls, multi-factor authentication for our admin team.
• Regular security reviews and platform updates.
• Data minimisation — we collect only what we need.
• Documented incident-response process, including notification to the Information Commissioner within 72 hours where required (Art. 33 GDPR).

12. Minors

Our products are intended for adults aged 18 and older. We do not knowingly collect personal data from individuals under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

13. Automated decision-making and profiling

We do not engage in automated decision-making that produces legal or similarly significant effects within the meaning of Article 22 GDPR. We may use basic segmentation in our email platform (for example, sending different newsletter content to past purchasers vs. new subscribers), but this segmentation does not produce legally significant effects on you.

14. Changes to this policy

We may update this privacy policy to reflect changes in our processing activities or applicable law. Material changes will be communicated via email (if you have an active account or active newsletter subscription) or via a prominent notice on this website. The “Last updated” date at the top of the page reflects the most recent revision. The current published version always governs.

15. Contact

For any questions about this privacy policy or our data practices, email sales@feelawsm.com. We respond within two business hours during business days (Mon–Fri, 9:00–17:00 CET).