Privacy Policy


Statement on the protection of personal data

The company Q-BRICKS d.o.o., Opekarska cesta 16, 1360 Vrhnika, Slovenia (personal data controller) respects and protects your privacy, strives for the highest level of protection and follows the principles of transparency and careful handling of personal data. The statement on the protection of personal data describes the processing of data provided to us or collected by our digital platforms that allow visitors to access our website and use our services. The company Q-BRICKS d.o.o. processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: General Data Protection Regulation (GDPR)) in accordance with the applicable Personal Data Protection Act and other provisions in the field of personal data protection.

Read below how we handle your personal data.

Administrator of the database containing personal data:

Q-BRICKS d.o.o.

Opekarska cesta 16

1360 Vrhnika

telephone: +386 31 249 097



Data Protection Officer (DPO) contact details: telephone: +386 31,249 097, email:

The purpose of the processing of personal data

The controller will process your personal data to the extent necessary for the purposes of the processing and solely for the purposes for which it was collected. The specific purpose of the processing of personal data is always indicated on the website where the data is collected (e.g. customer registration), and the controller provides general information further below.

  1. Your personal data will be received by the data controller through enquiry or communication sent by you to the email address indicated as the contact address on the website. The controller will receive from you the following information: your name and surname, email address, the content of the email and any other contact details you provide. This personal data enables us to respond to your requests for information, to take the appropriate steps and to provide you with a quote for the purchase of products, to be able to respond to requests in terms of warranty or other claims.
  2. As part of Q-BRICKS d.o.o.'s general business processes, we collect personal data from website visitors and customers who are consumers, as well as from contact persons of our suppliers and business partners. The information may include the individual's name, contact details and other information necessary for conducting business with you or your organisation (basis:
  3. For the purposes of your purchase, the controller will receive from you the following information: your name and surname, address and postcode with city, mobile number, email address, order number, date of order, name and surname of the payer, method of payment, address of the payer, delivery address, purchase and transaction data (type and number of products purchased and returned). We may pass the information to our logistics partners so that they can process the order, including payment and delivery of the products.
  4. As part of your subscription to the company's newsletters and marketing activities, the controller will receive your email address. We will keep you informed about the business activities, products and services of the company Q-BRICKS d.o.o. If you do not want Q-BRICKS d.o.o. to use your personal data in this way, or if you do not wish to receive further information, you can unsubscribe from the newsletter at any time. You have the option to unsubscribe here or contact us by email or regular mail to unsubscribe.
  5. In addition, we collect personal data in the context of surveys about our services and products. With the surveys, we collect the following information: name and surname, email address, opinion about the product or service.

Legal basis for data processing

The personal data collected in the online store, i.e. through forms filled in by the individual – or otherwise communicated to the controller – the company Q-BRICKS d.o.o. (name and surname, email, telephone, street and house number, postcode, city/location, country, region, contents of the shopping cart, IP) are collected for the purpose of carrying out the core business of Q-BRICKS d.o.o., i.e. the online store, namely for the purpose of answering the enquiry, for the drafting and conclusion of the contract, and for the performance of the contract. As the processing of this information is necessary for the performance of the service itself, the processing of this data is already carried out on the grounds that the customer enters into a contractual relationship with the provider (processing on the basis of a contract or for the performance of activities to conclude a contract). The legal basis for the lawful processing of personal data constitutes the processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1)(b) of the GDPR).

If the legal basis for the processing of the data is your consent (approval), you have the right to withdraw your consent at any time, but this does not affect the lawfulness of the processing by the company Q-BRICKS d.o.o. for the period before withdrawal of your consent (Article 6 (1)(a) of the GDPR). To withdraw your approval, please contact us at the contact email address. If you withdraw your consent to the processing of your personal data, we will cease to process the personal data collected for this purpose. Withdrawal of approval does not affect the processing of personal data collected until the withdrawal.

If we share personal data with law enforcement or other government authorities, we share your personal data because we have a legal obligation to do so. Our legal obligations also apply to the retention of documentation or other processing of your personal data arising from accounting and tax regulations (Article 6 (1)(c) of the GDPR).

In addition, the controller may collect your data on the basis of legitimate interests pursued by the controller. However, such processing is not permitted where your interests or rights override the legitimate interests of the controller (Article 6 (1)(f) of the GDPR).

In the case of processing of personal data based on a contract or act, please note that if you fail to provide us with the requested data in these cases, we will not be able to provide you with the services you have requested.

Categories of users

We will not disclose your personal data to others, except in the following cases:

  • To our contract processors to perform services for us on our behalf, such as responding to your requests, or delivering packages and services to customers, invoicing or billing for our services, and similar. These companies are prohibited from using your personal data for purposes other than those that we have requested from them or that they are required by law to use. We have contracts concluded with them for the processing of personal data, as required by applicable law.
  • When we share personal information within the company or with third parties to ensure the safety and security of our customers, to protect our legal and other legitimate interests, or in other cases where disclosure is required by law.

Your control and your choices

We allow you certain controls and choices over our collection, use and sharing of your data. In accordance with applicable law, control and decision-making on your part may include:

  • You can change your decision regarding receiving newsletters and notifications.
  • You may request access to your personal data that we hold or the correction of inaccurate or incomplete data.
  • You can request that we delete the information we store about you from our records.
  • You may object to processing or request portability of your personal data.

You can exercise your control and decisions or request access to your personal data by calling us or contacting us in writing and follow the instructions you have received. Please note that we may not be able to provide you with certain products and services if you do not allow us to collect your personal data, and that some of our services may not be able to take your interests and preferences into consideration.

Transfer of your personal data

We do not export your personal data outside the EU.

Security, integrity and data retention

The security, integrity and confidentiality of your data are extremely important to us. Our Group implements technical, administrative and physical security measures to protect data against unauthorised access, disclosure, use and alteration. We periodically review our security procedures to consider the latest relevant technologies and methods.

The transfer of sensitive personal and transactional data on the website is carried out in a secure mode using the SSL protocol (SecureSocketsLayer). The data is encrypted and transferred to the provider's server in a secure form. The system thus prevents anyone from intercepting personal and transactional data that customers send to the online store.

 Secure authorisations and transactions with payment cards are provided and the brokerage service is provided by the Bankart payment platform. Card authorisations are performed in real-time with the immediate verification of data in the banking system.

Please note that despite our best efforts, no security measures are perfect.

Personal data retention period:

We will store your personal data for as long as necessary to fulfil the purpose for which the personal data was collected and further processed. Those personal data which the controller processes on the basis of the law shall be stored by the controller for as long as the law so provides or, if the law does not provide for a retention period, until the purpose for which they were collected has been fulfilled.

Personal data processed by the controller for the performance of a contractual relationship with an individual shall be stored by the controller for the period necessary for the performance of the contract and for a period of 5 years after termination of the contract, except in cases where there is a dispute between you and the controller with regard to the contract, in which case the controller shall retain the data for a period of 5 years after the final judgement or arbitral decision or settlement, or, in the absence of litigation, for a period of 5 years from the date on which the dispute is amicably settled.

The controller shall keep the personal data processed by the controller on the basis of the personal approval of the data subject permanently, until the withdrawal of such consent by the data subject or until the request for the termination of the processing. The controller shall delete such data before withdrawal only where the purpose of the processing of the personal data has already been achieved or where required by law.

After the retention period has expired, the controller shall erase or anonymise the personal data in an effective and permanent manner so that they can no longer be associated with a specific individual.

Amendments to this statement on the protection of personal data

From time to time, this statement may be amended by adapting it to the latest technologies, industry practices, regulatory requirements or for other purposes. The current version of the data protection statement will be published on our digital platforms. We advise you to regularly review the data protection statement and, if required by applicable law, we will obtain your consent before making any changes to it.

Comments and questions

If you have any comments or questions about privacy, please contact the company Q-BRICKS d.o.o. in writing or via or by emailing the Data Protection Officer at

If you are dissatisfied with the way in which your personal data has been handled, you may lodge a complaint by contacting the controller at the contact email address provided, together with information that will enable us to contact you. We will consider your complaint and respond to it within 30 days.

If you believe that the controller has not adequately addressed your complaint and that the controller is in breach of the General Data Protection Regulation and other applicable laws, you may lodge a complaint with the Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, 1000 Ljubljana,, telephone: 012309730,

Last modification to the privacy policy: November 2021