1. Introduction

MARU d.o.o. (“MARU”, “we”, “us”, or “our”) is committed to protecting your privacy and the personal data you share with us. This Privacy Policy sets out how we collect, use, store, and protect your personal data, and explains your rights under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

This Policy applies when you use our services, communicate with us, or otherwise interact with MARU – for example, by visiting our website, subscribing to our updates, or becoming a client.

We aim to be transparent, respectful, and legally compliant in how we handle personal data. If you have any questions or concerns about this Policy, please contact us using the details below.

2. Data Controller and Contact Information

The data controller responsible for processing your personal data is:

MARU d.o.o.
Registration number: 9877193000
Tax Number: SI 59555874
Business Address: Celovška cesta 317, 1210 Ljubljana – Šentvid
Email: marusa@maruinteriors.com

If you have any questions about how we handle your data, or if you wish to exercise any of your rights under this Policy, you can contact us by email or post. For certain requests, especially those involving access or deletion, we may ask you to verify your identity to ensure the security of your data.

3. Personal Data We Collect

We only collect personal data that is relevant and necessary for the provision of our services or for responding to your inquiries. Depending on your interaction with MARU, we may collect the following types of personal data:

a) Contact Information

Your name, email address, phone number, and postal address – for example, when you:

• fill out a contact form or request a consultation,
• send us an inquiry by email or phone,
• subscribe to our newsletter.

b) Business Information

If you are engaging with us in a business capacity, we may also collect:

• company name and contact details,
• your job title and business role,
• VAT or tax ID number (if relevant for invoicing).

c) Project-Related Information

In the course of providing design or consulting services, we may collect information such as:

• the address of the property or project site,
• property dimensions, photos, layout preferences,
• design goals, style preferences, and budget,
• any other information you voluntarily provide for the purpose of project execution.

Where this information relates to an individual (e.g., your personal residence), it may be considered personal data under GDPR.

d) Marketing and Communication Preferences

When you subscribe to receive updates or marketing content, we will record:

• your name and email address,
• your preferences (e.g., language or topics of interest),
• your consent to receive such communications (where required).

e) Correspondence Records

We may retain records of our communications with you, such as:

• email exchanges,
• notes from phone calls or meetings,
• your feedback, inquiries, or complaints.

Sensitive Data

We do not intentionally collect sensitive personal data (such as data revealing health status, religious beliefs, etc.). Please do not submit such information unless absolutely necessary. If, in rare cases, we need to process this kind of data (e.g., for accessibility in a project), we will handle it with strict confidentiality and only with your consent.

Children’s Data

Our services are not directed at children under 16 years of age. We do not knowingly collect data from children. Where data concerning minors must be processed (e.g., for a family interior design project), we will ensure appropriate parental or guardian consent is obtained in line with Slovenian law.

4. How We Collect Your Data

We collect personal data in the following ways:

• Directly from you: when you complete a contact form, send us an email, speak with us by phone, or otherwise communicate with us.
• Through our website: for example, via cookies, analytics tools, or when you subscribe to newsletters.
• In the context of service delivery: when we work with you on a design or consulting project, and you provide project-related data.
• From third parties (rarely): e.g., when a business partner refers you to us or when we receive publicly available company data.

5. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and based on the legal grounds permitted under GDPR:

• To provide our services: including design and consulting, project management, and responding to inquiries. Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR).
• To communicate with you: including responding to your inquiries, sending service updates, or providing requested information. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) or consent (Art. 6(1)(a) GDPR).
• For marketing purposes: where you have subscribed to our newsletter or otherwise consented. Legal basis: consent (Art. 6(1)(a) GDPR).
• To comply with legal obligations: including accounting, invoicing, and tax compliance. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
• To improve our services: through analysis of client feedback and behavior. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. In practice, this means:

• Contact inquiries: up to 1 year after resolution of the inquiry.
• Client project data: up to 10 years after project completion, in line with accounting and tax record-keeping obligations.
• Marketing data (e.g., newsletter subscriptions): until you withdraw your consent or unsubscribe.
• Correspondence records: for as long as necessary to resolve the matter, or longer if required by legal obligations.

7. Data Sharing and Transfers

We do not sell or rent your personal data to third parties. We only share data where necessary for legitimate purposes:

• Service providers and contractors: such as IT support, cloud hosting, accountants, or subcontractors involved in your project. These parties are bound by data processing agreements ensuring GDPR compliance.
• Legal compliance: where we are required to share data with regulators, courts, or public authorities.
• Business transfers: if MARU undergoes restructuring, merger, or acquisition, personal data may be transferred as part of the business assets.

We do not transfer your data outside the European Economic Area (EEA) unless necessary. In such cases, we ensure adequate safeguards (e.g., EU Standard Contractual Clauses) are in place.

8. Your Rights

As a data subject, you have the following rights under GDPR:

• Right of access: to know what data we hold about you and how we process it.
• Right to rectification: to request corrections of inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): to request deletion of your data, subject to legal or contractual restrictions.
• Right to restrict processing: to limit how we use your data in certain circumstances.
• Right to data portability: to receive your data in a structured, commonly used, machine-readable format.
• Right to object: to certain types of processing, such as direct marketing.
• Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time.
• Right to lodge a complaint: with the Slovenian Information Commissioner (www.ip-rs.si) if you believe your rights have been infringed.

To exercise your rights, please contact us using the contact details in Section 2. We will respond to your request within one month, in accordance with GDPR.

9. Data Security

We implement appropriate technical and organizational measures to ensure the security of your personal data, including:

• secure servers and encrypted communications,
• restricted access to personal data,
• confidentiality obligations for staff and contractors,
• regular review of security practices.

While we strive to protect your data, no method of transmission or storage is 100% secure. However, we are committed to applying industry best practices to minimize risks.

10. Cookies and Website Analytics

Our website may use cookies and analytics tools to improve functionality and analyze usage. This may involve collecting technical information such as IP address, browser type, and pages visited. Cookies are small text files stored on your device.

You can control or disable cookies via your browser settings. For non-essential cookies (e.g., for marketing), we will request your consent in compliance with GDPR and ePrivacy rules.

11. Updates to This Privacy Policy

We may update this Policy from time to time to reflect changes in law, practice, or our services. Updated versions will be published on our website, with the “last updated” date indicated. We encourage you to review this Policy periodically to stay informed.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

MARU d.o.o.
Celovška cesta 317, 1210 Ljubljana – Šentvid
Email: marusa@maruinteriors.com