Privacy Statement (EU)

This privacy statement was last updated on 29.11.2025 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy statement, we explain what we do with the data we obtain about you via https://orodian.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

1.1 Compiling and analyzing statistics for website improvement.

For this purpose we use the following data:

  • An email address
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

Upon termination of the service we retain this data for the following period: The data are retained for the period necessary for analytical purposes, for a maximum of 26 months or until the user withdraws their consent. After this period, the data are anonymised or deleted. The data are processed in an anonymised or hashed form and are not used for marketing or personalisation purposes..

1.2 Deliveries

For this purpose we use the following data:

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We retain this data until the service is terminated.

1.3 To be able to offer personalised products and services

For this purpose we use the following data:

  • A first and last name
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

Upon termination of the service we retain this data for the following period: Personal data are stored in a hashed form. These data are temporarily used for matching conversions or creating audiences and are later deleted. The data may be retained for up to 26 months..

1.4 Contact – Through phone, mail, email and/or webforms

For this purpose we use the following data:

  • A first and last name
  • An email address
  • A telephone number
  • A home or other physical address, including street name and name of a city or town
  • Photos
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and that interest outweighs the interest of the person concerned.

Retention period

We determine the retention period according to fixed objective criteria: Personal data are retained on the basis of our legitimate interest in maintaining a potential business relationship with the customer, where it can be reasonably assumed that the information or products offered remain relevant or of interest to them. The data are deleted once this assumption no longer applies.

1.5 Payments

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Financial information such as bank account number of credit card number

The basis on which we may process these data is:

It is necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party.

Retention period

We determine the retention period according to fixed objective criteria: For processing payments, issuing invoices or refunds, and preventing fraud or misuse.

1.6 Newsletters

For this purpose we use the following data:

  • A first and last name
  • An email address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered

The basis on which we may process these data is:

It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and that interest outweighs the interest of the person concerned.

Retention period

Upon termination of the service we retain this data for the following period: Until the customer unsubscribes or until the legitimate interest no longer applies. The seller may process personal data for sending newsletters or emails about news, discounts, promotions and similar information even without the buyer’s prior consent, based on legitimate interest, if the customer has already made a purchase from the seller and the marketing communication relates to similar goods or services, or if the buyer has voluntarily subscribed to receive such messages. The buyer may object to such processing at any time and can easily unsubscribe by clicking the unsubscribe link in the email or by sending a request to the seller’s email address..

1.7 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered
  • Photos

The basis on which we may process these data is:

It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and that interest outweighs the interest of the person concerned.

Retention period

Upon termination of the service we retain this data for the following period: Personal data are retained on the basis of our legitimate interest in maintaining a potential business relationship with the customer, where it can be reasonably assumed that the information or products offered remain relevant or of interest to them. The data are deleted once this assumption no longer applies..

1.8 To be able to comply with legal obligations

For this purpose we use the following data:

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered
  • Financial information such as bank account number of credit card number

The basis on which we may process these data is:

For compliance with a legal or regulatory obligation.

Retention period

We retain this data upon termination of the service for the following number of months: These data are retained for the period required by the applicable legal regulations. This is usually a period of 10 years from the termination of the service or business relationship, for accounting and legal purposes, in accordance with Slovak legislation.

2. Sharing with other parties

We only share this data with processors and with other third parties for which consent must be obtained.

Processors

Name: Email delivery platform (Ecomail.cz)
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by this provider for the purpose of managing our mailing lists, sending newsletters and marketing communications to our customers or subscribers, and analysing the performance of our campaigns.
Name: Cloud storage and analytics service providers (for example, Microsoft OneDrive (Microsoft 365), Google BigQuery (Google Cloud)).
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be stored and processed by these providers as part of the cloud and analytics systems they operate and manage for us. Depending on the specific purpose and technical implementation, certain data sets may be pseudonymised or hashed before being uploaded to ensure an appropriate level of data protection.
Name: Web hosting and email infrastructure providers (e.g., DigitalOcean, Webglobe).
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by this provider as part of our web and email infrastructure, which it hosts and manages for us.
Name: Providers of payment and invoicing systems (for example, GoPay, SuperFaktura, Odoo).
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by these providers for the purpose of processing and managing customer payments and invoicing. This includes facilitating online payments through payment gateways (for example, GoPay – including card payments, Apple Pay, Google Pay, PayPal), managing invoicing and accounting records (such as SuperFaktura or Odoo), and processing payments made by bank transfer or cash on delivery via courier services. In the case of bank transfers, personal data may also be processed by financial institutions (banks).
Name: Delivery and courier service providers (e.g., GLS, Packeta or other contracted carriers).
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be shared with these providers to the extent necessary for delivering customer orders in accordance with the purchase agreement, including shipment tracking, delivery, and handling returns or claims.
Name: Providers of accounting services (for example, contracted accountants or accounting firms).
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by these providers for the purpose of maintaining our accounting records, preparing and managing invoices, and fulfilling our financial and tax obligations in accordance with applicable legal regulations.
Name: Providers of IT management and technical support
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by these providers as part of the IT system maintenance, system administration and technical support services they provide, in order to ensure the security, functionality and continuity of our online systems, databases and internal infrastructure.
Name: Marketing agencies / advertising partners
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by these partners for the purpose of managing our online marketing and communication activities, including advertising, remarketing and newsletter campaigns. This may include creating and optimising advertising content, audience targeting and segmentation, as well as sending marketing emails.
Name: Partners for the implementation of analytics and tracking tools
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed by these partners during or as part of the implementation and maintenance of our analytics and tracking systems (e.g., Google BigQuery, Google Tag Manager, Meta Pixel or conversion tracking tools) in order to support our internal analysis, performance measurement and reporting.

Third parties

Name: Advertising and analytics platforms such as Google Ads (including Enhanced Conversions), Google Analytics, Meta (Facebook/Instagram – Facebook Pixel)
Country: Personal data are processed within the European Union and the European Economic Area, but may also be transferred to other countries. All such transfers are carried out in compliance with applicable data protection laws and ensure a level of protection equivalent to the requirements of the GDPR.
Purpose: Personal data may be processed or shared with selected advertising and analytics platforms (such as Google Ads – including Enhanced Conversions, Google Analytics, or Meta platforms including Facebook and Instagram) to ensure the proper functioning of these services, measure website traffic, analyse user behaviour, and improve our marketing activities. The use of this data for personalised advertising or remarketing takes place only if the user has given consent for personalised advertising.
Data: Within these services, certain identifiers may be processed, such as an email address, phone number, IP address, cookie identifiers or browsing data. These data may undergo technical processing (such as anonymisation or hashing) within advertising systems and are used for marketing or personalised purposes only after the user has given consent.

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data Processing Agreement with Google.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

10. Contact details

Orodian s. r. o.
M. R. Štefánika 1068/6
97251 Handlová
Slovakia
Website: https://orodian.com
Email: info@ex.comorodian.com
Phone number: +421 46 202 1200