Privacy Policy
Last updated: 3 March 2026
1. Who We Are
This Privacy Policy applies to the website nutera.eu operated by Kanami d.o.o., Mencingerjeva 7, 1000 Ljubljana, Slovenia (VAT: SI83492909). Nutera is the commercial brand of Kanami d.o.o. When we say "we", "us", or "our", we mean Kanami d.o.o. When we say "you", we mean any visitor or customer of nutera.eu.
We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and applicable Slovenian data protection law. This policy explains what data we collect, why we collect it, how we use it, and what rights you have.
2. Data We Collect
We collect personal data only to the extent necessary to provide our services. The categories of data we process are set out in the table below.
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Identity & contact | Name, email address | Account creation, order processing, customer support | Contract (Art. 6(1)(b) GDPR) |
| Order & payment | Shipping address, order history, Stripe payment reference | Fulfilling your purchase and managing subscriptions | Contract (Art. 6(1)(b) GDPR) |
| Account data | Password hash, loyalty points, wishlist | Providing account features | Contract (Art. 6(1)(b) GDPR) |
| Usage & analytics | Pages visited, session duration, device type | Improving site performance and user experience | Legitimate interest (Art. 6(1)(f) GDPR) |
| Cookie data | Session cookies, preference cookies | Site functionality and language detection | Consent (Art. 6(1)(a) GDPR) / Legitimate interest |
| Communications | Support emails, newsletter opt-in | Responding to enquiries and sending marketing (with consent) | Consent / Legitimate interest |
3. Payment Processing
All payments on nutera.eu are processed by Stripe, Inc. We do not store, process, or have access to your full card number, CVV, or any sensitive payment credentials. Stripe acts as an independent data controller for payment data and operates under its own Privacy Policy. We store only the Stripe customer reference ID and payment intent ID for order management and refund purposes.
4. How Long We Keep Your Data
We retain your personal data for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law. Order and invoice data is retained for 10 years in accordance with Slovenian accounting legislation. Account data is retained until you request deletion. Marketing data (newsletter subscriptions) is retained until you unsubscribe. Analytics data is retained in aggregated, anonymised form indefinitely.
5. Sharing Your Data
We do not sell your personal data. We share data only with trusted service providers who process it on our behalf under data processing agreements, including: Stripe (payment processing), Resend (transactional email delivery), and our hosting infrastructure provider. All processors are contractually bound to process data only on our instructions and in accordance with GDPR.
We may also disclose data where required by law, court order, or regulatory authority.
6. International Transfers
Some of our service providers (including Stripe and Resend) are based in the United States. Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place — including Standard Contractual Clauses approved by the European Commission — to protect your data to the same standard as within the EU.
7. Your Rights Under GDPR
As a data subject in the EU, you have the following rights. To exercise any of them, contact us at [email protected].
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Ask us to correct inaccurate or incomplete data.
Right to erasure
Request deletion of your data where there is no compelling reason for us to continue processing it.
Right to restriction
Ask us to restrict processing of your data in certain circumstances.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent
Where processing is based on consent, you may withdraw it at any time.
Right to lodge a complaint
You may complain to the Slovenian Information Commissioner (ip-rs.si) or any EU supervisory authority.
8. Cookies
We use cookies and similar technologies to operate the site, remember your preferences, and analyse traffic. For full details, please read our Cookie Policy.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or by a prominent notice on the website. We encourage you to review this policy periodically.
10. Contact Us
Data Controller
Kanami d.o.o. (brand: Nutera)
Mencingerjeva 7, 1000 Ljubljana, Slovenia
VAT: SI83492909
Email: [email protected]