The purpose of the personal data protection policy is to inform individuals, service users, employees and other persons (hereinafter: the individual) who cooperate with TREN d.o.o., Vodovodna 30b, 2000 Maribor, Slovenija (hereinafter: the company) on the purposes and legal bases, security measures and the rights of individuals regarding the processing of personal data carried out by our company.

Company TREN d.o.o is the owner of the website through which it is represented to the public. 

The personal data protection policy contains information for individuals on how our company, as a controller, processes the personal data it receives from the individual on the basis of the legal bases described below.



Individuals to whom personal data relate may contact the contact person for personal data protection on any matter relating to the processing of their personal data and the exercise of their rights under the General Regulation:

Matej Tren
Vodovodna 30b, 2000 Maribor, Slovenija
Contact person: Matej Tren
Telephone: +386 2 32 012 90



The company collects and processes your personal data on the following legal bases:

  • processing is necessary to fulfill the legal obligation applicable to the manager;
  • processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures at the request of such data subject before the conclusion of the contract;
  • processing is necessary for legitimate interests pursued by the manager or a third party;
  • the data subject has consented to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary to protect the vital interests of the data subject or other natural persons.



Based on the provisions in the law, the company primarily processes data on its employees, which is made possible by labor law. Thus, on the basis of a legal obligation for employment purposes, the company mainly processes the following types of personal data: name and surname, gender, date of birth, “EMŠO”, tax number, place, municipality and country of birth, citizenship, residence, etc.



In the event that you enter into a contract with a company as an individual, this represents the legal basis for the processing of personal data. We may process your personal data for the conclusion and implementation of the contract. If the individual does not provide personal data, the company cannot conclude a contract, nor can the company provide you with services or deliver goods in accordance with the contract, as it does not have the necessary data to perform. 


The company may also process personal data on the basis of the legitimate interest it pursues. The latter is not permissible where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the case of a legitimate interest, the company always makes an assessment in accordance with the General Regulation.



The company may processs certain personal data of an individual also on the basis of the individual for consent for the following purposes:

  • address of residence and e-mail address for information and communication purposes,
  • tax number or EMŠO for the purposes of possible execution in case of non-fulfillment of obligations (eg non-payment of the invoice),
  • photographs, videos and other content relating to the individual (eg posting pictures of individuals on the company’s website) for the purpose of documenting activities and informing the public about the company’s work and events;
  • other purposes for which the individual consents to the consent.

If an individual gives consent for the processing of personal data and at some point no longer wishes to do so, he may request the termination of the processing of personal data by requesting an e-mail to or by regular mail to the company’s address. 



The Company will only retain personal data for as long as is necessary to achieve the purpose for which the personal data was collected and processed. If the company processes the data on the basis of the law, it will keep them for the period prescribed by law. In doing so, some data is kept for the duration of the cooperation with the company, and some data must be kept permanently.

Personal data processed by the company on the basis of a contractual relationship with an individual are kept by the company for the period necessary for the performance of the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the company. In such a case, the company keeps the data for 10 years after the final decision of the court, arbitration or court settlement or, if there was no litigation, 5 years from the date of peaceful settlement of the dispute.

Those personal data that the company processes on the basis of the individual’s personal consent or legitimate interest will be kept by the company until the consent is revoked or until the data is deleted. Upon receipt of the revocation or request for deletion, the data shall be deleted within 15 days at the latest.

The company may also delete this data before the cancellation, when the purpose of processing personal data has been achieved or if so provided by law.

After the retention period, the company must delete or anonymize personal data efficiently and permanently so that it can no longer be linked to a specific individual.



The company may entrust the contractual processor for individual processing of personal data on the basis of a contractual contract. Contractual processors may process confidential data only on behalf of the controller, within the limits of his authority, which is written in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.

The contractual processors with which the company cooperates are mainly:

  • legal and business advice providers;
  • infrastructure maintainers (video surveillance, security, cleaning services);
  • information system maintainers;
  • email service providers and software providers, cloud services (e.g. Telecom, Microsoft, Google);
  • providers of social networks and online advertising (Google, Facebook, Instagram, etc.).

Under no circumstances will the company pass on the individual’s personal data to unauthorized third parties.

Contractual processors may only process personal data in accordance with the company’s instructions and may not use personal data for any other purpose.



The company’s website works with the help of t.i. cookies. A cookie is a file that stores website settings. Websites store cookies on users’ devices that they use to access the Internet in order to identify individual devices and settings that users have used to access them. Cookies allow websites to identify if the user has already visited this website, and with advanced applications they can be used to adjust individual settings accordingly. Their storage is under the full control of the browser used by the individual – the latter can restrict or disable the storage of cookies as desired.



Cookie name



Additional info


1 month

It is used by Facebook to deliver a range of advertising products, such as real-time offers from third-party advertisers.



2 years

It registers a unique ID that is used to generate statistics about how a visitor uses the site.



24 hours

Used to control the speed of the request.



24 hours

It registers a unique ID that is used to generate statistics about how a visitor uses the site.



1 year

Recorded agreement with cookies



1 year

PHP session on the page



1 year

Used to maintain the current shopping cart



1 year

Record the number of items in the cart



72 hours

Used to record WordPress login sessions

* indicates any user identifier


72 hours

A session that accompanies shopping on the website



1 year

Used to maintain the admin panel user configuration.

* indicates any user identifier


1 year

Time setting WordPress settings for the user

“*” indicates any user identifier



Check if a cookie can be set


woocommerce_recently_viewed cookie

1 year

Recently viewed products




The company takes care of information security and infrastructure security (premises and application system software). Our information systems are protected, among other things, by anti-virus programs and a firewall. We have put in place appropriate organizational and technical security measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illegal and unauthorized forms of processing. In the case of the transmission of special types of personal data, we provide them in encrypted form and protected by a password.



According to the General Regulation, an individual has the following rights from the protection of personal data:

  • It may request information on whether we have his personal data and, if so, what data we have and on what basis we have it and why we use it.
  • He may request access to his personal data, which allows him to receive a copy of the personal data held by the company and to verify that the company is processing them legally.
  • It may request corrections to personal data, such as the correction of incomplete or inaccurate personal data.
  • He may request the deletion of his personal data when there is no reason for further processing or when he exercises his right to object to further processing.
  • It may object to the further processing of personal data where the company invokes a legitimate business interest (even in the case of a legitimate interest of a third party) when there are reasons related to the individual’s special situation; the individual has the right to object at any time if the company processes personal data for the purposes of direct marketing.
  • It may request a restriction on the processing of its personal data, which means the cessation of the processing of personal data, for example, if the individual wants the company to establish accuracy or to verify the reasons for further processing of personal data.
  • It may request the transfer of its personal data in a structured electronic form to another controller, as far as possible and practicable.
  • He may revoke the consent or consent he has given for the collection, processing and transfer of his personal data for a specific purpose; upon receipt of notice that it has withdrawn its consent, the company will cease to process personal data for the purposes it originally accepted, unless the company has no other legitimate legal basis for doing so lawfully.

If an individual has any questions regarding the processing of their personal data, you can always contact our company via e-mail at or by regular mail to the company’s address.