Privacy Policy

Last Updated: November 22, 2025

        Your Privacy Matters

        Grator.com is committed to protecting your privacy and complying with GDPR, CCPA, and other data protection regulations.
        This policy explains how we collect, use, and protect your personal information.
    

1. Information We Collect

1.1 Information You Provide

Order Information: Name, email, shipping address, phone number, VAT number (for businesses)
Payment Information: Processed securely through PayPal (we never store card numbers)
Account Information: Email and preferences if you create an account
Communications: Messages you send us via contact forms or email

1.2 Information We Collect Automatically (with consent)

Analytics Data: Pages visited, time on site, device type, browser, operating system
Location Data: Approximate location based on IP address (city/country level)
Cookies: Session cookies and analytics cookies (only with your consent)

2. How We Use Your Information

2.1 Essential Uses (Legal Basis: Contract Performance)

Process and fulfill your orders
Send order confirmations and shipping updates
Provide customer support
Comply with legal obligations (tax records, invoicing)

2.2 Optional Uses (Legal Basis: Consent)

Analyze website traffic and improve user experience
Send marketing communications (with your consent)
Personalize your shopping experience

3. Data Sharing and Third Parties

We share your information only when necessary:

Payment Processing: PayPal (for secure payment processing)
Shipping: Shipping carriers (to deliver your order)
Email: Gmail/Google Workspace (for order confirmations)
Geolocation: MaxMind GeoLite2 (self-hosted, no data shared)
EU VIES: VAT validation for business customers (required by law)

We do NOT sell your data to third parties.

4. Your Rights (GDPR/CCPA)

You have the right to:

✅ Access: Request a copy of your personal data
✅ Rectification: Correct inaccurate information
✅ Erasure: Request deletion of your data (subject to legal obligations)
✅ Portability: Receive your data in a machine-readable format
✅ Object: Opt-out of marketing communications
✅ Restrict Processing: Limit how we use your data
✅ Withdraw Consent: Change your cookie preferences anytime

Exercise Your Rights:
To access, correct, or delete your data, please contact us at:
📧 info@grator.com
📍 Grator d.o.o., Slovenia, EU

5. Data Retention

Order Records: 10 years (Slovenian tax law requirement)
Analytics Data: 30 days (automatically deleted)
Customer Accounts: Until you request deletion
Marketing Emails: Until you unsubscribe

6. Data Security

We implement industry-standard security measures:

HTTPS encryption for all traffic
Secure database with restricted access
Regular security updates and monitoring
No storage of payment card numbers

7. Cookies and Tracking

We use cookies only with your consent. See our Cookie Policy for details.

You can manage cookies:

Via the cookie banner when you first visit
By clicking "Revoke Cookie Consent" above
Through your browser settings
By enabling Do Not Track in your browser

8. Children's Privacy

Our website is not intended for children under 16. We do not knowingly collect data from children.

9. International Data Transfers

Your data is stored on servers in the EU (Hetzner, Germany). If transferred outside the EU, we ensure adequate protection through standard contractual clauses.

10. Changes to This Policy

We may update this policy occasionally. The "Last Updated" date at the top indicates when changes were made. Significant changes will be communicated via email.

11. Contact Us

Data Protection Contact:
Grator d.o.o.
📧 info@grator.com
📍 Slovenia, European Union

Supervisory Authority (Slovenia):
Information Commissioner of the Republic of Slovenia
🌐 www.ip-rs.si

12. Legal Basis for Processing

Purpose	Legal Basis
Order processing	Contract performance
Tax/invoice records	Legal obligation
Analytics/tracking	Consent
Marketing emails	Consent

← Back to Grator.com | Cookie Policy