Privacy Policy of the ZdravaIzbira.si Web Portal

Last updated: 18.1.2026

This privacy policy describes how the operator of the ZdravaIzbira.si web portal (hereinafter: portal) collects, uses, stores and protects personal data of users and partners in accordance with the EU General Data Protection Regulation (GDPR) and applicable legislation of the Republic of Slovenia. ZdravaIzbira.si is a portal for comparing dietary supplements that allows users to compare offers, receive newsletters and other marketing notifications, and partners (retailers) to register and advertise their products.

1. Identification of the Data Controller

The controller of personal data collected on the ZdravaIzbira.si portal is SUPPLI d.o.o. (provider of the ZdravaIzbira.si service).

  • Headquarters: Cesta XIV. divizije 20A, 2000 Maribor, Slovenia
  • Website: zdravaizbira.si
  • Registration number: 7384084000
  • Tax number: SI62371835
  • Email: info@zdravaizbira.si
  • Phone: +386 40 800 648

The controller has also appointed a Data Protection Officer (DPO), whose contact details are listed below in the DPO Contact section.

2. Legal Bases for Processing

We process personal data lawfully, based on appropriate legal bases in accordance with Article 6 of the GDPR. Depending on the purpose of collection, processing may be based on one of the following legal bases:

Performance of Contract

Processing is necessary for the performance of a contract or for providing portal services that you have requested. This includes, for example, processing data necessary for registering and maintaining a user account or partner account and for fulfilling obligations to partners.

Individual Consent

Processing is based on your consent to specific processing for one or more purposes. This includes, for example, processing your email address for sending newsletters, offers and marketing reminders, and processing data for sending push notifications to your device. You have the right to withdraw such consent at any time.

Legal Obligation

Processing is necessary to fulfill the controller's legal obligations. This includes, for example, retaining certain data on accounting documents in accordance with tax legislation, disclosing data based on lawful requests from courts or competent authorities.

Legitimate Interest of the Controller

Processing may be based on the legitimate interests of the controller or a third party, where the controller acknowledges that they do not override the rights and freedoms of the individual. Such legitimate interest includes, for example, basic analysis of portal visits and service usage for the purpose of improving services, ensuring information security and preventing portal abuse.

3. What Data We Collect and Why

In the course of using the portal, we collect several types of personal data depending on your interaction. Below are the categories of data we collect and the purposes for which we process them:

Registration and User Account Data

If you register as a user on the portal, we collect your identification and contact data, such as first name and last name, email address and chosen username. This data is necessary for creating and managing your user account, enabling login to the portal and use of features such as rating and commenting on products, saving favorite products, etc.

Partner Registration Data

Partners (retailers) can register on the portal for the purpose of advertising their products. When registering as a partner, we collect data about the legal entity or entrepreneur and contact details of the responsible person. This typically includes the first name and last name of the contact person, company or store name, business address, tax number, contact email address and phone number.

Newsletter and Marketing Notification Data

You can subscribe to receive our newsletters and offer notifications on the portal. For this purpose, we collect your email address, and optionally your first and last name. We collect this data exclusively based on your consent when you sign up for newsletters. Every sent message contains an option to unsubscribe.

Product Reviews and Comments Data

The portal allows users to rate and comment on individual products. When you submit a rating or write a comment, we process the data you enter yourself. This may include your name or nickname, comment content, product rating and time of comment submission.

Communication and Inquiries

If you contact us through the contact form on the portal or directly by email/phone, we collect your contact data (e.g., name, email address, phone number) and the content of your message. We use this data exclusively for processing your inquiry or resolving your request.

Automatically Collected Visit and Usage Data

Each time you visit the portal, certain data is automatically collected using cookies and other analytical technologies. This data primarily includes technical data: device IP address, browser type and version, browser language, operating system, screen settings and similar device data.

Push Notification Data

The portal allows users to subscribe to push notifications. To send these notifications, we need and process your device or browser identifier. This data is recorded when you confirm receipt of push notifications in your browser.

4. Data Retention and Server Location

We retain personal data only for as long as is strictly necessary to achieve the purposes defined in this policy, or in accordance with legal retention obligations. The retention period depends on the type of data and the purpose of processing:

  • Data within contractual relationships: Data we process for the purpose of contract performance is retained for as long as necessary to fulfill the contract or legal obligations.
  • Data based on consent: Data we process exclusively based on consent is retained until you withdraw your consent.
  • Analytical and technical data: Data about your portal visits collected through cookies is retained in accordance with set retention periods, but no longer than 12 months, in our analytical tools.

Data storage location: All personal data is primarily stored on secure servers within the European Union. Our web portal and databases are hosted by a trusted hosting provider within the EU (in Slovenia or the EU area).

5. Sharing Data with Third Parties and International Transfers

We do not sell or rent your personal data to third parties. We share data with third parties only when strictly necessary for the operation of the portal, for providing our services, for analytics and advertising on the portal, or when required by law.

Web Analytics and Advertising Partners

For tracking visits, we use Google Analytics, and for advertising, Google Ads and Meta (Facebook) Pixel services. These providers may collect certain data about your visit through cookies.

Email Service Providers

For managing newsletter subscriptions and sending bulk emails, we may use external services. We currently send newsletters through Omnisend, LLC from the United Kingdom.

Push Notification Service Provider

For sending push notifications, we may use the specialized Omnisend, LLC platform, which only receives an anonymized identifier of your device.

6. Use of Cookies and Analytical Tools

Our portal uses cookies and related technologies for its operation. Cookies are small text files that are stored on your device when you visit and contain certain data about your use of the website.

Necessary Cookies

These are cookies necessary for the basic operation of the web portal and its functions. They enable basic functionalities such as storing the session of a logged-in user, secure login, adding products to the favorites list.

Analytical Cookies

These cookies collect anonymous information about how visitors use our portal. We use them for statistical analysis of visits and thus improving the user experience. We use Google Analytics with IP address anonymization on the portal.

Advertising Cookies

These cookies allow us and our advertising partners to display targeted advertising based on your interests. We use Google Ads and Meta (Facebook) Pixel. We use these advertising cookies only if you give us consent.

Users are prompted on the first visit to the portal to select which types of cookies they allow via the cookie banner. You can change your selection at any time in the footer of the website under "Cookie Settings".

7. Push Notifications

The portal enables sending push notifications to users who subscribe to this functionality. Push notifications are short messages that appear in the user's web browser, even when the user is not actively visiting our website.

Receiving push notifications is completely voluntary. The purpose of push notifications is informing and marketing: we occasionally notify users about new blog articles, current promotional offers for dietary supplements, special promotions or other news on the portal.

You can withdraw your consent to receive push notifications at any time in your web browser settings or by request to our contact address.

8. Partner Registration and User Account Management

Strict security measures apply to both user and partner accounts. Passwords for account access are stored in a way that makes them impossible to decipher (cryptographically hashed). We recommend using strong passwords and regular updates.

9. Individual Rights

As an individual to whom personal data relates, you have certain rights regarding our processing in accordance with GDPR. We ensure the exercise of your rights and will respond to your requests within the legal deadline (usually 1 month).

Right to Information and Access

You have the right to obtain information about the processing of your personal data and the right to obtain confirmation of whether we process your personal data. Upon your request, we provide you with a copy of the personal data we process about you.

Right to Rectification

If you notice that any personal data we hold about you is inaccurate or incomplete, you have the right to request rectification or supplementation of that data.

Right to Erasure ("Right to be Forgotten")

You have the right to request that we delete your personal data, e.g., if we no longer need the data for the purposes for which it was collected, or if you withdraw your consent.

Right to Restriction of Processing

In certain cases, you have the right to request that we temporarily restrict the processing of your data.

Right to Data Portability

For data you have provided to us, you have the right to request that we provide it to you in a structured, commonly used and machine-readable format (e.g., CSV).

Right to Object

When we process your data based on legitimate interest or for direct marketing purposes, you have the right to object to such processing.

Right to Lodge a Complaint with a Supervisory Authority

If you believe your rights have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia.

Contact for exercising rights: You can send your requests or questions regarding personal data to the email address info@zdravaizbira.si or in writing to the controller's address.

10. Security Measures

We take the protection of your personal data seriously. To protect data from unauthorized access, disclosure, alteration or destruction, we have implemented appropriate technical and organizational security measures:

  • Physical and logical server security in protected data centers
  • Encryption of data transfer (SSL/TLS) and pseudonymization
  • Access control based on the "need-to-know" principle
  • Organizational measures and employee training
  • Penetration testing and intrusion prevention

Although we make every effort to ensure the security of your data, no data transfer over the internet or data storage system can be 100% secure. In the event of a security incident, we will act in accordance with the GDPR and notify you if necessary.

11. DPO Contact (Data Protection Officer)

The controller has appointed a Data Protection Officer (DPO), who is an independent professional person overseeing data protection in our activities.

DPO Name: Matic Lang

Email: info@zdravaizbira.si

Phone: +386 31 518 379

Please clearly state in your communication that you are contacting the DPO regarding data protection matters.

12. Changes to Privacy Policy

This privacy policy may be updated or changed from time to time to reflect changes in our way of processing personal data or due to changes in legislation. Every change will be published in this same place, and we will also update the date of the last change at the top of the document.

In the case of significant changes, we will try to inform you in advance and, if necessary, obtain your consent again. We recommend that you periodically re-read this privacy policy.

By using the ZdravaIzbira.si portal, you confirm that you have read and understood this Privacy Policy. If you have additional questions or need clarification, we are always available at info@zdravaizbira.si or through other contacts listed in the "Identification of the Data Controller" section.

We value your privacy and strive to care for it carefully and responsibly.

Thank you for your trust.

Newsletter
Be the first to know about the best deals
By subscribing to the newsletter, you agree with the processing of your data according to data protection regulations.

ZdravaIzbira.si is an independent informational and comparison web platform designed for presenting, ranking and comparing providers and their products and services in the fields of nutrition, well-being, sports, cosmetics, wellness and preventive services.

ZdravaIzbira.si does not sell products and does not provide any health, wellness or advisory services.

Partners

Information

Platform representative

SUPPLI d.o.o.

Cesta XIV. divizije 20A, 2000, Maribor, Slovenija

Email: info@zdravaizbira.si
Call us: +386 40 800 648
Working hours: 9AM - 4PM

© 2026 zdravaizbira.si. All rights reserved.

Created by LAMA4.