1. Cookies and advertising

Cookies are small text files that are stored on your computer when you visit our website and do not harm your hardware or software. Their storage is under the complete control of the user’s browser – which can restrict or disable the storage of cookies if you wish.

Cookies are not harmful and are always time-limited.

The use of cookies in the European Union (EU) is governed by Direktiva o zasebnosti in elektronskih komunikacijah 2002/58/ES,the article of which relating to cookies and similar technologies has been amended by Directive 136/2009.

In Slovenian legislation, the use of cookies is regulated by Zakon o elektronskih komunikacijah oziroma ZEKom-1 (Uradni list št. 109/2012), Article 157 of which constitutes the legal basis for the privacy concerns of web users.

The website www.cpa.si uses cookies for the operation of the website, which do not store personal data, but monitor visitor activity and interest in order to provide a better user experience. By using the website, visitors consent to their use.

More about cookies TUKAJ

2. Protection of personal data


The company is committed to protecting the confidentiality of personal data and the privacy of the users of the online shop. The Company will use the personal data collected exclusively for the provision of the services offered. The Company respects the confidentiality of personal data and the privacy of the users of the online shop and will take all necessary measures to protect them from any breach and misuse. The personal data of users is one of the areas to which the company pays the utmost care and attention, as it is aware of the sensitive nature of this area.

In certain cases, the provision of the user’s personal data to the company is necessary in order for the processor, as a provider, to be able to fulfil its contractual obligations towards the user. The Provider protects the collected personal data on a permanent basis in accordance with the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07) (ZVOP-1), the Electronic Communications Act (Official Gazette of the Republic of Slovenia, No. 109/12, 110/13, 40/14 – ZIN-B, 54/14 – Decree of the US, 81/15 and 40/17) and the General Data Protection Regulation (GDPR).

Use of personal data

For the purposes of providing the services offered by the Company, the Company collects, manages, processes and stores the following User data:

  1. name and surname
  2. delivery addresses
  3. email address (username)
  4. password in encrypted form
  5. contact telephone number
  6. country of residence
  7. other information voluntarily entered by the user in the forms in the online shop
  8. other information that the user voluntarily adds subsequently in his/her profile

The company is not responsible for the correctness, completeness and timeliness of the data entered by users.
The Provider shall not pass on the data to third parties, except to contractors with whom the Provider has concluded a contract on the protection of personal data and who are contractually bound to the same standards of protection of personal data as the Provider.
The Provider collects personal data with the explicit consent or consent of individuals. Consents shall be stored together with their content and the content of the form by which they were obtained.
The Provider shall store the personal data collections in the territory of the Republic of Slovenia and shall not export them to other countries.

Purpose of use

The personal data obtained through the website www.cpa.si for the purpose of making an online purchase are used exclusively for the purpose of the execution and delivery of the order.

Consent to the storage, processing and transmission of personal data By participating in prize draws or subscribing to the newsletter via e-mail, the user authorises CPA d.o.o. to process and store the personal data provided, in accordance with the Personal Data Protection Act. By giving his/her consent, the user authorises CPA d.o.o., as the controller of the personal data collection, to process the personal data collected for the purposes of sampling, surveys and statistical data processing, to determine the use of the services, to tailor the offer and segmentation, for market research, to inform the user about offers, news and benefits, to send newsletters by e-mail, telephone or Facebook Messenger and other advertising material, to inform the user about the services of the www.cpa.si web centre and of CPA d.o.o., and related parties, and for other uses of the data provided to which the user of the website specifically consents.

The above-mentioned data may be processed by CPA d.o.o. for its own purposes until the consent is withdrawn by requesting the removal of the personal data from the database, otherwise only for as long as is strictly necessary to achieve the purpose for which the data were collected, i.e. 3 months for participants in prize draws, 10 years for prize draw winners and until the subscriber unsubscribes from the newsletter, or until the operator ceases its activity on the market. During the management of personal data, the data subject shall have the possibility to consult and update the data in the database upon request.

You may opt-out of receiving communications through individual communication channels at any time. You can unsubscribe by sending a notice to our email: info@cpa.si

One-time notification of the progress of a product reservation via Facebook Messenger

When you add a product to your basket, it is temporarily reserved for purchase, allowing for a hassle-free shopping experience. Directly below the “Add to cart” button, the Facebook “Send to Messenger” plugin is prominently displayed, allowing the provider to send a one-time message to the user when the product reservation expires, informing the user of the reservation expiry, a change in the price of the product or a better offer for the product.

The Send One-Time Message plugin provides the provider with an anonymised temporary data “Facebook temporary PSID”, which allows sending messages for a limited time and is not identifiable. The plug-in does not allow the provider to store personal data, so no personal data is stored.

If a user does not want to receive a one-off message, they can easily disable it at any time in 3 ways:

  1. Before clicking on the “Add to basket” button, tick the “Send to messenger” box.
  2. Upon receipt of the first message, click on the “Unsubscribe” link to permanently opt out of receiving one-off basket reservation messages – even if the plugin is ticked on the next purchase

Implementation of the Privacy Policy

In accordance with the Personal Data Protection Act, the company’s personal data protection is regulated by the Personal Data Protection Regulation.
All persons employed by the company on a full-time or part-time basis who have access to the personal and other data of users are aware of the provisions of the Personal Data Protection Regulation and the duty to protect personal and other data and are obliged to comply with these provisions on the protection of the confidentiality of personal data and the privacy of users of the online shop. The obligation to protect personal and other data shall apply indefinitely, even after the termination of the relationship with the company.

Registered users may stop using the Online Shop at any time and may cancel their registration. They can do so by notifying the cancellation of their registration in writing. Before cancelling the registration, the user must pay to the company all outstanding debts arising from purchases made in the online shop. The company will protect the confidentiality of personal data and the privacy of the users of the online shop within the framework of this privacy policy, even in the event of cancellation of registration.


Advertising messages will be clearly visible (age-appropriate) and clearly separated from games and competitions. Any communication aimed at children will be age-appropriate and will not exploit children’s trust, lack of experience or sense of loyalty. The Provider shall not accept orders from someone it knows or suspects to be a child without the express permission of the child’s parents or guardians.

The Provider shall not accept any personal data concerning children without the express permission of their parents or guardians. Nor may the Provider disclose to any third party any information received from children, with the exception of parents or guardians. The provider must not offer free access to products or services that are harmful to children.

Right to information and erasure

You have the right to be informed about the personal data we hold about you, as well as the right to have that data erased. The Data Protection Officer is Anja Babij, CPA d.o.o. If you have any questions about the deletion, processing or use of your data, please contact: info@cpa.si or send us a request by post.

We reserve the right to notify you by sms to the telephone number you entered during the order process when your order has been dispatched or when it is ready for personal collection. If the items have not been collected for personal collection for more than 5 days, we reserve the right to call the telephone number provided as a reminder to collect the items.

Notifications. You are only signed up to receive notifications if a special box is ticked at the time of ordering to allow you to sign up for notifications.

You can unsubscribe from the notification database at any time by sending an email to info@cpa.si or by clicking on the “Unsubscribe here” link at the bottom of the promotional emails.

Any individual whose personal data is collected, stored and processed by the Provider has the following rights in relation to that data:

  • Right to be forgotten – if the data subject no longer wishes to have his or her personal data stored and processed by the processor, and provided that there are no legitimate grounds for its continued storage, he or she will be able to request the processor to erase his or her data at any time.
  • The right to know how long personal data are kept.
  • The right to request rectification, erasure or lodge a complaint.
  • Right to data portability – if the data subject so wishes, he or she may request the processor to provide him or her with personal data concerning him or her that he or she has provided to the controller in a structured, commonly used and machine-readable format.
  • Right to a remedy and sanctions – the individual has the right to lodge a complaint with the supervisory authority, as well as the right to a legal remedy against a decision of the supervisory authority or, in the event of inaction by the supervisory authority, the right to compensation and liability.
  • The right not to be subjected to measures resulting solely from profiling, analysis or predictions using automated means of processing.
  • Right to withdraw consent – the data subject has the right to withdraw consent to further processing of personal data, in particular in the case of direct marketing.

Procedure for exercising rights

I am aware that I may make any of the above requests concerning the exercise of my rights in relation to personal data in writing to the controller, by email to info@cpa.si.
I am aware that the controller may request additional information from me for the purposes of reliable identification in order to exercise the rights relating to personal data and may refuse to act only if it demonstrates that it cannot identify me reliably.
I am aware that the controller must respond to my request to exercise my rights with regard to the personal data referred to above without undue delay and at the latest within one month of receipt of the request.

The company shall keep the personal data of the data subject until the withdrawal of the consent to the storage and processing of the data subject’s data. The User may withdraw consent to receive electronic communications (by written request to the Provider at info@cpa.si) or request that the Company immediately and effectively and permanently delete the User’s personal data by deleting the User’s user profile with the Provider in its entirety.


The company is obliged to protect the personal data of the users of its online shop in accordance with the regulations governing the protection of personal data. Under no circumstances will the Company, without the User’s express permission, disclose the User’s personal or other data to a third party or allow a third party to access the User’s personal or other data, unless required to do so by the public authorities, if such an obligation is provided for by law, or in the good faith belief that such action is necessary for legal proceedings before the courts or other public authorities and for the protection and pursuit of the legitimate interests of the Company.

All personal and other data provided by the user when logging in to the online shop, as well as when ordering the purchase of products, including the content of orders, will be protected in accordance with the regulations governing the protection of personal data. The company will not use this information for any purpose that would in any way harm the user or any other person involved. The company will not use the user’s data to send promotional emails or other unsolicited promotional material, except for the purpose of sending those promotional communications to which the user has subscribed or expressly consented. The Company may use the data in anonymised aggregated form for statistical analysis purposes. The confidentiality of personal and other data of users will not be violated in any form.

The company will only provide the delivery service with the information necessary for the delivery of the products purchased in the online shop (recipient’s details and delivery address). The company will contact the user by email if this is necessary to complete the purchase in the online shop, and by contact telephone number only if there are problems during the registration or purchase process in the online shop.

What personal data we collect and why


When visitors leave comments on the website, we collect the information shown in the form submitted, as well as the visitor’s IP address, which helps to detect spam.

You can give the Gravatar service an anonymised string generated from your email address (also called a hash) to see whether you are using it. Gravatar’s privacy policy is available here: https://automattic.com/privacy/. After your comment has been approved, your profile picture is displayed to the public as part of your comment.

Contact forms

Basic information submitted via the contact form. We keep this personal data for the duration of the business communication

Cookies for login and registration

If you have an account and log in to this website, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie does not contain any personal information and is discarded when you close your browser.

When you log in, the system will add more cookies that store the data you have entered. Login cookies last for two days and cookie options last for one year. If you select “Remember me”, your login will last for two weeks. If you log out of your account, the login cookies will be removed.


Google Analytics
We use Google Analytics to keep statistics on visits to our website.

Disabling cookies

You decide whether to allow cookies to be stored on your device. You can control and change your cookie settings in your web browser.

For information about your cookie settings, please select the web browser you are using.

If you change or delete your browser’s cookie file, modify or reward your browser or device, you may need to disable cookies again. The process for managing and deleting cookies varies from browser to browser. If you need help with this, you can consult your browser’s help section. You can also disable Google Analytics tracking as follows povezavi.