Privacy Policy

Version updated on: 21 June 2026

This Privacy Policy explains how Adria Science processes personal data connected with browsing, customer accounts, orders, payment status, shipping, support, legal compliance, partner activity, analytics, marketing, website security, and related E-shop operations.

Adria Science processes personal data in accordance with Regulation (EU) 2016/679 (GDPR), applicable Slovenian personal data protection law including ZVOP-2 where applicable, and other applicable EU member-state data protection requirements. Where fulfilment or processing is carried out through Hungary or another EU location, processing remains within the European Economic Area unless a specific service provider requires a protected international transfer.

1. Controller

The controller is Adria Science, Tehnološki park 19, 1000 Ljubljana, Slovenia, operating adriascience.com, unless a different Adria operating entity is expressly identified in the Legal Notice or checkout.

Privacy requests should be submitted through the Contact page. Please include enough information for us to identify the relevant account, order, message, or request.

2. Categories of Personal Data

Depending on how you use the E-shop, Adria Science may process identification details, contact details, billing details, shipping details, account login data, order history, payment status, transaction references, fraud and risk indicators, support messages, product and batch documentation requests, uploaded evidence, customs or carrier documents, partner/referral data, coupon activity, consent records, cookie choices, device data, browser data, IP address, security logs, and website activity data.

Adria Science does not request special-category personal data for ordinary E-shop use. Customers should not submit health, medical, biometric, genetic, patient, prescription, treatment, or other unnecessary sensitive information through the E-shop or support forms.

3. Purposes, Legal Bases, and Retention

Orders and Contract Performance

We process personal data to receive, verify, accept, invoice, fulfil, track, support, and administer orders. Legal basis: contract and pre-contractual steps. Retention: for the business relationship and as long as needed for accounting, tax, compliance, claims, security, and legal obligations.

Customer Accounts

We process account details, login details, saved addresses, order history, support history, and account activity to provide account functionality and order management. Legal basis: contract and legitimate interests. Retention: for the account lifetime and as needed for legal, security, fraud-prevention, and compliance purposes.

Support, Complaints, Returns, and Shipping Evidence

We process order references, communication content, photos, videos, carrier responses, authority notices, and related evidence to respond to support requests and evaluate complaints, refunds, reshipments, missing items, damaged products, and delivery issues. Legal basis: contract, legitimate interests, and legal obligations where applicable. Retention: normally up to 4 years after closure, or longer where needed for claims, disputes, legal obligations, or authority requests.

Payment, Fraud Prevention, and Risk Review

We process payment status, payment identifiers, billing details, fraud indicators, chargeback information, and risk signals to process payments, prevent abuse, manage chargebacks, and protect the E-shop. Legal basis: contract, legitimate interests, and legal obligations. Retention: as needed for payment, accounting, chargeback, fraud, and legal limitation periods.

Direct Marketing and Customer Communications

We may process email address, customer status, order history, coupon use, restock preferences, VIP alerts, email engagement, and communication preferences to send lawful product, restock, account, cart, lifecycle, and similar communications. Legal basis: consent or legitimate interests where permitted. Retention: until unsubscribe, objection, withdrawal of consent, or expiry of the relevant communication purpose.

Newsletter, Promotions, and Giveaways

Where you subscribe or participate voluntarily, we process submitted contact details and campaign data to administer newsletters, promotions, competitions, or giveaways. Legal basis: consent, contract, or legitimate interests depending on the activity. Retention: until withdrawal, objection, campaign closure, or as needed for legal and claims purposes.

Partner, Affiliate, and Referral Programs

We process partner applications, account details, referral links, coupon codes, commission records, attribution data, payout status, compliance messages, and fraud indicators. Legal basis: contract, pre-contractual steps, legitimate interests, and legal obligations. Retention: for the partner relationship and as needed for accounting, tax, claims, fraud prevention, and compliance.

Accounting, Tax, and Legal Compliance

We process invoices, transaction data, payment status, customer identity where required, tax records, complaint records, legal correspondence, and compliance confirmations. Legal basis: legal obligations and legitimate interests. Retention: according to applicable accounting, tax, limitation, and compliance periods, commonly up to 10 years for accounting and tax records where required.

Website Operation, Security, and IT Administration

We process IP addresses, user agents, session identifiers, security logs, failed actions, checkout events, server logs, error reports, and fraud/risk indicators to operate the website, secure accounts, prevent abuse, and troubleshoot issues. Legal basis: legitimate interests and legal obligations. Retention: normally up to 12 months unless an incident, dispute, fraud case, or legal requirement justifies longer retention.

Analytics, Advertising, and Cookies

Essential cookies are used to operate the website, cart, checkout, consent records, account, and security functions. Optional analytics and advertising technologies are used only where consent is granted or otherwise permitted by law. Details are provided in the Cookie Policy.

Legal Claims and Rights Administration

We process records needed to establish, exercise, defend, or settle legal claims and to respond to data-subject requests, authority requests, disputes, chargebacks, complaints, and compliance matters. Legal basis: legitimate interests and legal obligations. Retention: for the period required by limitation, dispute, legal, and regulatory rules.

4. Recipients and Service Providers

We may share personal data with hosting providers, WordPress and WooCommerce service providers, payment providers, fraud and security providers, shipping and logistics providers, fulfilment partners, email and SMTP providers, analytics and advertising providers where consent applies, customer-support tools, partner-program tools, accounting and tax advisers, legal advisers, IT contractors, and public authorities where required by law.

Service providers process data only for defined purposes and under contractual, confidentiality, and security obligations where required by GDPR. Some professional advisers and public authorities may act as independent controllers.

5. International Transfers

Most operational processing is intended to remain within the European Economic Area. Where a provider transfers personal data outside the EEA, Adria Science relies on appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, contractual protections, or other mechanisms permitted by GDPR.

6. Data Subject Rights

Subject to GDPR conditions and limitations, you may have the right of access, rectification, erasure, restriction, objection, data portability, withdrawal of consent, and complaint to a supervisory authority. Where processing is based on legitimate interests, you may object. Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.

Requests should be submitted through the Contact page. If the request concerns an order or account, include the order number and checkout email so that we can verify the request. We may request additional information where necessary to verify identity or prevent unauthorized disclosure.

7. Supervisory Authorities

For Slovenia, the supervisory authority is the Information Commissioner of the Republic of Slovenia. If a Hungarian Adria operating entity or Hungarian processing context becomes the main controller context for your data, the Hungarian National Authority for Data Protection and Freedom of Information may also be relevant. You may also contact the supervisory authority in your EU member state where GDPR permits.

8. Mandatory and Voluntary Data

Where data is required for order processing, payment, shipping, account access, legal compliance, fraud prevention, or support, failure to provide the data may prevent us from accepting an order, fulfilling an order, providing account access, responding to a request, or complying with legal obligations. Where processing is based on consent, providing data is voluntary.

9. Marketing Opt-Out and Cookie Choices

You may unsubscribe from marketing emails through the unsubscribe link where available or by contacting us through the Contact page. Cookie choices can be managed through the cookie banner where available, by clearing site cookies, or through browser settings.

10. Security

Adria Science uses technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No online system is completely risk-free, and customers are responsible for keeping account credentials secure.

11. Changes

We may update this Privacy Policy from time to time. The current version is published on this page with the version date above.