AG VEBO d.o.o.
Effective date: 29.05.2026
Last update: 29.05.2026
1. General
The company AG VEBO d.o.o. respects the privacy of individuals and processes personal data legally, fairly, transparently and securely.
This privacy policy explains how we collect, use, store, protect and share personal information from individuals who:
visit our websites;
submit an inquiry, order or request for a quote;
act as buyers, clients, suppliers, business partners or their contact representatives;
act as sole proprietors or private individuals;
act as representatives of companies, state bodies, municipalities, public institutions or other public sector entities;
communicate with us by phone, email, online forms, in person at the salon or in another way;
sign up to receive notifications, news or commercial messages;
exercise rights, complaints, warranty, service, returns or other claims.
AG VEBO d.o.o. mainly does business with business customers, sole proprietors, public contracting authorities and other legal entities, but in certain cases it may also do business with natural persons as consumers. When we process data of legal entities, this is generally not personal data. Personal data is data that refers to a specific or identifiable natural person, for example the name and surname of the contact person, the work email address in the form name.surname@company.en, the telephone number of the contact person, the data of the sole proprietor, the delivery address of the natural person or data on communication with the individual.
2. Personal data controller
The personal data controller is:
AG VEBO d.o.o.
Brdnikova ulica 29
1000 Ljubljana
Slovenia
Registration number: 5558924
VAT ID: SI23373334
Website: www.agvebo.si / www.vebo.si
E-mail: info@vebo.si
Phone: 01 2568 467
For questions regarding personal data protection, exercising your rights or objecting to processing, you can write to us at info@vebo.si with the label "Personal data protection".
If the company appoints a data protection officer, their contact details will be published in this privacy policy.
3. What personal data do we process?
Depending on the purpose of the processing, we may process the following types of personal data:
Identification and contact information: name, surname, title, function, company or organization, address, delivery address, email address, telephone number, country, language of communication.
Data on the business entity and representation: company or organization name, registration number, tax number or VAT ID, registered office, business address, information on the legal representative, authorized representative or contact person.
Data on demand, offer and order: content of the demand, selected products, quantities, prices, discounts, delivery time, delivery method, payment method, contractual terms, internal order codes, offer numbers, delivery notes, invoices and other documents.
Payment and accounting data: data required for invoicing, payment recording, posting, collection, credit notes, advance payments, refunds and compliance with tax and accounting obligations.
Delivery and logistics information: recipient's name and surname, delivery address, delivery phone number, email address, delivery notes, information about receipt, signature, complaint or return of goods.
Communication data:content of emails, online forms, telephone conversations, letters, complaints, requests, minutes and other business communications.
Data about website usage: IP address, date and time of visit, pages visited, device information, browser, operating system, source of visit, cookie identifiers and similar technologies, cookie settings, and data about interaction with the website.
Direct marketing data:email address, telephone number, company, field of interest, order or inquiry history, consents, unsubscribes and objections.
Data related to complaints, warranty and service: product data, date of purchase, invoice, error, product photos, problem description, service documentation, data on the resolution of the claim.
Data for rental, financing, purchase or special business arrangements: data necessary for the preparation and performance of an individual service, checking solvency, securing liabilities, preparing a contract, carrying out delivery, returning equipment or exercising contractual rights, where such processing is necessary and lawful.
As a rule, we do not process special categories of personal data, such as health data, biometric data, data concerning political opinions, religious beliefs or trade union membership. Please do not send us such data unless it is necessary for a specific legitimate purpose and we have explicitly requested it.
4. Purposes and legal bases of processing
We process personal data for the purposes listed below.
|
Purpose of processing |
Example data |
Legal basis |
|
Responding to inquiries and preparing offers |
name, surname, company, email, phone, content of inquiry, selected products |
implementation of measures prior to the conclusion of a contract; legitimate interest in business communication with customers, business partners and representatives of organizations |
|
Conclusion and implementation of the contract |
customer, order, delivery, payment, invoice, contractual documentation |
performance of a contract; legal obligations; legitimate interest in the organization of business |
|
Sales to business customers, sole proprietors and public clients |
contact details of persons at buyers, suppliers, public authorities, municipalities and other organizations |
legitimate interest in B2B communication, preparation of offers, execution of orders and support for business partners; contract, when the individual is a contracting party |
|
Sales to individuals or consumers |
name, surname, address, contact, order, payment, delivery, complaints |
performance of a contract; fulfillment of legal obligations; legitimate interest in proving and protecting rights |
|
Invoicing, accounting and tax obligations |
invoices, delivery notes, payments, tax information, business books |
legal obligation |
|
Delivery, logistics and receipt of goods |
recipient's name, delivery address, phone, delivery notes |
performance of the contract; legitimate interest in efficient delivery |
|
Complaints, warranty, service and after-sales support |
order, invoice, product, error description, communication information |
performance of a contract; legal obligations; legitimate interest in resolving claims |
|
Lease, finance, purchase of equipment or special business arrangements |
contact, contractual and financial information, equipment, insurance and return information |
performance of a contract; legitimate interest; legal obligations where applicable |
|
Communication with customers, suppliers and business partners |
email, phone number, content of communication, record of agreements |
legitimate interest; performance of contract |
|
Direct marketing and information about the offer |
email, phone, area of interest, purchase history, consent or objection |
consent; legitimate interest where permitted; specific rules for electronic communications |
|
Sending e-newsletters |
email, name, company, consent, unsubscribe record |
consent or other permissible basis under the rules on electronic communications |
|
Website analytics and improvement |
data about website visit, cookies, device, browser |
consent for non-essential cookies; legitimate interest for essential technical operation and security |
|
Website security, prevention of abuse and ensuring the operation of IT systems |
IP address, log files, technical data, security events |
legitimate interest; legal obligations where they exist |
|
Establishment, security or defense of legal claims |
contracts, communication, invoices, complaints, evidence |
legitimate interest; legal obligations |
|
Complying with the requirements of state authorities, courts, tax, customs, inspection and other competent authorities |
data required in a specific procedure |
legal obligation; legitimate interest for legitimate business |
|
International sales, delivery and customs procedures |
contact details, address, order, delivery, export or import details |
performance of a contract; legal obligations; legitimate interest in conducting international business |
When processing is based on a legitimate interest, this interest generally includes effective business communication, preparation and execution of offers, support for business partners, security of information systems, prevention of abuse, proving business events, resolving claims and protecting the rights of AG VEBO d.o.o. or third parties. In doing so, we take into account the reasonable expectations of individuals, the nature of the data and the impact of the processing on the rights of the individual.
Where processing is based on consent, the individual may withdraw consent at any time. The withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.
5. Direct marketing
AG VEBO d.o.o. may send individuals commercial messages, offers, news and notifications about products, services, promotions or other content only when there is an appropriate legal basis for this.
When conducting electronic marketing, we comply with the rules of the General Data Protection Regulation, ZVOP-2, the Electronic Communications Act, and the Electronic Commerce on the Market Act.
Commercial messages to the email addresses of natural persons, including personal work addresses in the form ime.priimek@podjetje.si, are generally sent based on prior consent, except where the law allows an exception, for example when marketing similar products or services to existing customers under the conditions set out by law.
Special rules for commercial communications apply to general contact addresses of legal entities, such as info@podjetje.si, prodaja@podjetje.si or similar addresses. Such communications must be clearly identifiable as commercial communications, it must be clearly stated on whose behalf they are sent, and the recipient must be able to request that they cease being sent.
Every individual has the right to object at any time to the processing of their personal data for direct marketing purposes. The opt-out is possible via the link in the email, by sending a message to info@vebo.si or in another clearly stated manner. After opt-out, we will stop using the data for direct marketing, but we may keep minimal opt-out data to ensure compliance with the objection.
6. Sources of personal data
We generally obtain personal data directly from an individual, for example when submitting an inquiry, order, newsletter subscription, email communication or telephone conversation.
We can also obtain data from:
employer, client or organization on behalf of which the individual acts;
business partners, suppliers, manufacturers, logistics partners or service providers;
publicly accessible business registers, websites of companies and organizations;
public records, public procurement, tender documents or official announcements;
payment, accounting, logistics or information systems;
competent state authorities, when necessary and lawful.
When we obtain personal data from other sources, we inform the individual in accordance with applicable regulations, unless an exception from the regulations allows otherwise.
7. To whom do we share personal data?
We only share personal data when necessary for legitimate business purposes, performance of a contract, fulfillment of legal obligations, or on other appropriate legal basis.
The following may have access to personal data:
Employees and contractors of AG VEBO d.o.o. who need the data for their work;
providers of website hosting, website maintenance, IT support, email systems, backups, CRM/ERP systems and other business applications;
accounting services, tax consultants, auditors and other professional consultants;
banks, payment service providers, financing providers, insurance companies or other financial partners, when necessary for payment, financing or insurance of transactions;
delivery services, freight forwarders, logistics partners, warehouse partners, installers, service technicians and other contractors required for the delivery, installation, service or receipt of goods;
suppliers, manufacturers or representatives, when necessary to carry out an order, warranty, service, complaint or special delivery;
providers of tools for sending e-mails, analytics and online advertising, when the conditions for using such tools are met;
lawyers, debt collectors, courts, bailiffs and other participants in proceedings when necessary for the exercise or defense of legal claims;
state authorities, municipalities, tax authorities, customs authorities, inspection authorities, police, courts and other competent authorities, when required by law or a legitimate request of an authority.
When external providers process personal data on our behalf, we conclude an appropriate personal data processing agreement with them or provide another appropriate legal mechanism. We require processors to process personal data only on our instructions, confidentially, securely and in accordance with applicable regulations.
We do not sell personal information.
8. Transfers of personal data to third countries
AG VEBO d.o.o. operates in Slovenia, the European Union and beyond. In certain cases, personal data may be transferred to countries outside the European Economic Area, for example in the case of international delivery, export, customs procedures, communication with customers or suppliers outside the EU, use of certain IT services or when executing an order for a recipient outside the EU.
We only transfer personal data to third countries when there is an appropriate legal basis for this and one of the conditions set out in personal data protection regulations is met, for example:
European Commission adequacy decision;
European Commission standard contractual clauses;
other appropriate protective measures;
exceptionally, when the transfer is necessary for the performance of a contract with an individual or to take pre-contractual measures at their request;
when the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual;
when the transfer is necessary for important reasons of public interest, legal claims or other legally permitted exceptions.
We strive to ensure an appropriate level of protection of personal data in any such transfer.
9. Personal data retention periods
We only retain personal data for as long as necessary for the purpose for which it was collected, or as long as required by applicable regulations, contractual deadlines, statutes of limitations, or legitimate interests to prove and protect rights.
The approximate retention periods are:
|
Data type |
Retention period |
|
Inquiries and offers that do not lead to an order |
as a rule, up to 2 years after the last communication, unless a longer period is required due to further negotiations, evidence or legitimate interest |
|
Data on orders, contracts, deliveries and communication with customers |
for the duration of the business relationship and thereafter until the expiration of the limitation periods for claims |
|
Invoices, delivery notes and accounting documents |
in accordance with tax and accounting regulations, as a rule, 10 years after the end of the year to which the document relates; longer periods may apply to documents relating to real estate |
|
Complaints, warranty and service requests |
for the duration of the claim resolution and thereafter until the expiry of the period within which legal claims can be asserted |
|
Data for direct marketing based on consent |
until consent is revoked or unsubscribed |
|
Record of consents, unsubscribes and objections |
as much time as is necessary to prove the lawfulness of the processing and respect the opt-out or objection |
|
Website technical logs and security records |
for the time required to ensure security, correct errors and prevent abuse, as a rule a maximum of 12 months, unless a longer period is required due to a security incident or procedure |
|
Cookies |
according to the type of cookie, as stated in the cookie settings or cookie table |
|
Documentation for legal claims, disputes or inspection procedures |
until the final conclusion of the procedure and the expiry of the related retention periods |
After the retention period has expired, we delete, anonymize, or otherwise securely dispose of personal data, unless further retention is required by law or another legitimate reason.
10. Rights of individuals
An individual has the following rights regarding their personal data:
the right to access personal data;
the right to correct inaccurate or incomplete data;
the right to erasure of personal data where legal conditions are met;
the right to restriction of processing;
the right to data portability where processing is carried out on the basis of consent or contract and by automated means;
the right to object to processing where the processing is based on legitimate interest;
the right to object to direct marketing at any time and without giving reasons;
the right to withdraw consent where processing is based on consent;
the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal or similarly significant effects.
You can send your request to info@vebo.si with the label "Personal data protection" or in writing to AG VEBO d.o.o., Brdnikova ulica 29, 1000 Ljubljana.
We will process your request without undue delay and, as a rule, no later than one month from receipt. If the request is complex or if we receive multiple requests, the deadline may be extended in accordance with the regulations, of which we will inform you.
For reasons of personal data protection, we may verify the identity of the applicant before processing the request. If the request is submitted by an authorized representative, we may request proof of authorization.
If you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana
E-mail: gp.ip@ip-rs.si
Website: www.ip-rs.si
11. Obligation to provide data
In some cases, providing personal data is necessary to conclude or perform a contract, prepare an offer, execute an order, deliver goods, issue an invoice, handle a complaint, or fulfill legal obligations.
If you do not provide the data necessary to fulfill the order or a legal obligation, we may not be able to prepare a quote, accept the order, make deliveries, issue an invoice, resolve complaints, or perform other requested services.
Providing data to receive e-newsletters, commercial messages or use non-essential cookies is voluntary.
12. Automated decision-making and profiling
AG VEBO d.o.o. does not make decisions that would be based solely on automated processing of personal data and would have legal or similarly significant effects for the individual.
We may use basic segmentation of business contacts or customers, for example based on the type of products they have expressed interest in, past inquiries, or business partner category. Such processing is used to make communication and offers more relevant, but does not have legal or similarly significant effects on the individual.
13. Security of personal data
AG VEBO d.o.o. implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, disclosure or other unlawful processing.
The measures include in particular:
limiting access to personal data only to authorized persons;
the use of passwords, user rights and other access controls;
regular maintenance of information systems;
backup copies, where appropriate;
protection of electronic communications and business systems;
contractual arrangement of relations with processors;
confidentiality of employees and colleagues;
physical security of business premises and documentation;
Regularly checking the need for data retention.
Despite the measures taken, complete security cannot be guaranteed when transmitting data over the Internet. We therefore recommend that you do not send us sensitive, unnecessary or special types of personal data via unsecured channels.
14. Cookies and similar technologies
Our websites use cookies and similar technologies. Cookies are small files or records that are stored on the user's device or that allow access to information on the user's device.
We use cookies to:
website operation;
ensuring security;
saving user settings;
measuring traffic and improving user experience;
displaying more relevant content or ads when the user gives consent.
Cookies are divided into:
Essential cookies - they are necessary for the operation of the website, security, the operation of forms, shopping carts, inquiries, language selection or saving privacy settings. These cookies can be used without consent when they are strictly necessary for a service that the user explicitly requests.
Analytical cookies - used to understand website usage, measure traffic and improve content. We only use them if the user gives consent, unless the specific solution meets the conditions for an exception under applicable regulations.
Marketing cookies - used to display ads, measure advertising effectiveness, re-market or connect with advertising platforms. We use them only based on consent.
Functional cookies - enable additional functions, such as saved settings, displaying maps, videos, chats or other external content. We use them depending on their nature and legal basis.
The user can change the choice regarding non-essential cookies at any time in the cookie settings on the website. They can also delete or block cookies in their browser settings. If the user blocks essential cookies, some parts of the website may not function properly.
Cookies table
You can view the cookie table by clicking the button below.
15. Links to other websites
Our websites may contain links to third-party websites, such as manufacturers, suppliers, social networks, maps, video content or other external services.
The processing of personal data on these external sites is the responsibility of their operators. We recommend that you familiarize yourself with their privacy and cookie policies before using external sites.
16. Social networks
If you communicate with us via social networks or our profiles on third-party platforms, the operator of the social network may process your personal data in accordance with its rules. AG VEBO d.o.o. processes the data it receives through such platforms only for the purpose of communication, response to the message, processing of the inquiry, promotion or other legitimate purpose.
17. Children and minors
Our offer is not intended for children. We do not knowingly collect personal data from children. If we find that we have received a child's personal data without a proper basis, we will delete it, unless there is a legitimate reason for further storage.
18. Privacy Policy Changes
AG VEBO d.o.o. may change this privacy policy from time to time, in particular due to changes in legislation, business processes, websites, information systems, cookies or service providers.
The current version of the privacy policy is always posted on the website. We recommend that you review it from time to time.
