Privacy policy

Effective Date: July 28, 2025

EthicFiber ("we," "us," or "our") operates this website and online store, including all associated content, features, tools, and services (collectively, the "Services"). This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, interact with, or make a purchase using our Services. We are committed to protecting your privacy and complying with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

 

Should there be any conflict between this Privacy Policy and our Terms of Service, this Privacy Policy will prevail concerning the processing of your personal information.

 

 1. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your personal data is:

EthicFiber

Jána Smreka 4,

841 08 Bratislava

Slovak Republic

Email: ethicfiber@gmail.com

 2. Personal Data We Collect

We collect various categories of personal data to provide and improve our Services:

·       Contact Details: Your name, shipping and billing address, email address, and phone number.

·       Account Details: Your username, password (encrypted), and any preferences you set within your account.

·       Payment Details: Payment method (e.g., last four digits of your card, payment provider used), billing and shipping address, and transaction ID. Please note we do not store full payment card details directly.

·       Transactional Data: Your order history, products purchased, returns, refunds, and other details related to your transactions.

·       Device and Usage Data: Your Internet Protocol (IP) address, browser type and version, operating system, referral source, pages visited, time spent on pages, navigation paths, and interaction timestamps.

·       Communication Data: Records of your interactions with us, including messages sent via email, chat, or contact forms, and details of customer service inquiries.

 3. Sources of Data

We collect your personal data from the following sources:

·       Directly from You: When you create an account, place an order, subscribe to our newsletter, contact customer service, or interact with us in any other direct manner.

·       Automatically When You Use Our Services: Through cookies, server logs, and other similar tracking technologies that collect information about your device and how you interact with our website.

·       From Third-Party Service Providers: In some cases, we may receive limited data from partners, for example, confirmation of payment success from payment processors or updated shipping information from carriers.

 4. Legal Bases for Processing

 We process your personal data based on the following legal grounds as outlined in the GDPR:

·       Performance of a Contract (Art. 6(1)(b) GDPR): We process your data to fulfill our contractual obligations to you, such as processing your orders, managing your account, delivering products, and providing customer support related to your purchases.

·       Compliance with a Legal Obligation (Art. 6(1)(c) GDPR): We process your data when necessary to comply with legal requirements, such as tax and accounting regulations (e.g., retaining invoices for 10 years as required by Slovak tax law).

·       Legitimate Interest (Art. 6(1)(f) GDPR): We process your data for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:

·       Improving Our Services: Analyzing website usage, user behavior, and popular products to optimize our website design, enhance features, and develop new services (e.g., A/B testing, internal research and development).

·       Preventing Fraud and Ensuring Security: Detecting and preventing fraudulent transactions, unauthorized access, and other illegal activities to protect our business and our customers.

·       Internal Administration: For internal administrative purposes, such as managing our business operations and IT systems.

·       We conduct a balancing test for any processing based on legitimate interest to ensure your privacy rights are adequately protected.

·       Consent (Art. 6(1)(a) GDPR): We process your data based on your explicit consent for specific purposes, such as sending you marketing emails about new products, promotions, or special offers, and for the use of non-essential cookies and tracking technologies. You have the right to withdraw your consent at any time.

 5. How We Use Your Data

We use your personal data for the following purposes: 

·       To process and fulfill your orders, manage your account, and deliver purchased products.

·       To deliver, personalize, and improve our Services, including analyzing website usage, customizing your experience, and developing new features.

·       To communicate with you, including responding to your inquiries, providing customer service, and sending transactional notifications (e.g., order confirmations, shipping updates).

·       To send you marketing communications (if you have provided your consent), such as newsletters and promotional offers.

·       To prevent fraud and enhance the security of our website and operations.

·       To comply with our legal obligations, including tax and accounting requirements

 6. Sharing of Personal Data

We may share your personal data with the following categories of recipients:

·       Shopify: Our e-commerce platform provider, who processes data on our behalf to operate our online store. When Shopify processes personal data for its own purposes (e.g., to improve its general services), it acts as an independent data controller. For more information, please visit the [Shopify Privacy Policy](https://www.shopify.com/legal/privacy).

·       Payment Processors: Such as Stripe, PayPal, or other providers, to securely process your payments.

·       Shipping Companies: Such as Slovak Post, DHL, GLS, or other carriers, to deliver your orders.

·       Marketing and Analytics Partners: With your explicit consent for tracking, we may share data with partners like Google Analytics and Facebook Pixel to understand website usage and provide personalized advertising.

·       Legal Authorities: If required by law or in response to valid legal requests (e.g., court orders, subpoenas).

·       Affiliated Entities: With other entities within our corporate group for internal administrative purposes or shared services.

·       Business Transfers: In the event of a merger, acquisition, asset sale, or similar transaction, your data may be transferred to the acquiring entity. We will ensure appropriate safeguards are in place and provide notice as required by law.

 7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), where data protection laws may not be as stringent as those in the EEA. When such transfers occur, we implement appropriate safeguards to ensure your data receives a similar level of protection, such as:

Standard Contractual Clauses (SCCs): We utilize the Standard Contractual Clauses approved by the European Commission, which provide contractual obligations to protect personal data.

 Adequacy Decisions: Transfers to countries deemed by the European Commission to provide an adequate level of data protection.

 8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The retention periods vary depending on the type of data and purpose of processing:

·       Transactional Data: Retained for 10 years to comply with tax and accounting laws.

·       Account Data: Retained for as long as your account is active and for a reasonable period thereafter in case you decide to reactivate it.

·       Marketing Consent: Retained until you withdraw your consent or opt-out from marketing communications.

After the applicable retention period, your personal data will be securely deleted or anonymized.

 9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to ensure our website functions correctly, analyze traffic, understand user behavior, and provide personalized advertising.

·       Strictly Necessary Cookies: Essential for the website to function and cannot be switched off in our systems.

·       Performance Cookies: Allow us to count visits and traffic sources so we can measure and improve the performance of our site.

·       Functionality Cookies: Enable the website to provide enhanced functionality and personalization.

·       Targeting/Advertising Cookies: May be set through our site by our advertising partners to build a profile of your interests and show you relevant ads on other sites.

You have control over cookies. You can manage or withdraw your cookie preferences at any time via our cookie banner when you first visit our site, or through your browser settings. For more detailed information on the cookies we use and how to manage them, please refer to our dedicated Cookie Policy.

 10. Your Rights Under the GDPR

As an EU resident, you have significant rights regarding your personal data. We are committed to facilitating the exercise of these rights:

·       Right of Access (Art. 15 GDPR): You have the right to request access to the personal data we hold about you.

·       Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

·       Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain conditions (e.g., when the data is no longer necessary for the purposes for which it was collected).

·       Right to Restrict Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., if you contest the accuracy of the data, for a period enabling us to verify its accuracy).

·       Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

·       Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.

·       Right to Withdraw Consent (Art. 7(3) GDPR): Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at ethicfiber@gmail.com. We may need to verify your identity before processing your request to ensure the security of your data. We will respond to your request without undue delay and at the latest within one month of receipt. 

Right to Lodge a Complaint

You also have the right to lodge a complaint with the supervisory authority in your Member State or with the Office for Personal Data Protection of the Slovak Republic, which is our lead supervisory authority:

Office for Personal Data Protection of the Slovak Republic

Website: https://dataprotection.gov.sk/

 11. Automated Decision-Making and Profiling

We do not currently engage in automated decision-making that produces legal effects concerning you or similarly significantly affects you. While we may use your data for profiling purposes to understand customer preferences and personalize your experience (e.g., recommending products based on your Browse history), this profiling does not lead to automated decisions with significant legal or similar effects. 

 12. Children’s Privacy

 Our Services are not intended for children under the age of 16. We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at ethicfiber@gmail.com so we can take steps to delete such information from our records.

 13. Security of Your Data

We employ appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, disclosure, or damage. These measures include data encryption, firewalls, secure server environments, and access controls.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are responsible for keeping your account login credentials confidential and for protecting against unauthorized access to your password and to your computer.

 14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological advancements. When we make significant changes, we will revise the "Effective Date" at the top of this policy and, where required by law, provide prominent notice (e.g., through a banner on our website or by direct email). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. Contact Us

For any questions, concerns, or to exercise your data protection rights, please do not hesitate to contact us:

EthicFiber

Jána Smreka 4,

841 08 Bratislava

Slovak Republic

Email: ethicfiber@gmail.com

 

We are the data controller of your personal data.