This Privacy Policy is provided in accordance with the principle of informed decision-making as required by the General Data Protection Regulation (EU) 2016/679 (GDPR). Every individual has the right to know what personal data is collected, by whom, for what purpose, and for how long — presented in a lawful, fair, and transparent manner, without concealment, misleading, or omission. Only complete and honest disclosure enables a truly informed decision, as required by GDPR Art. 5(1)(a).
Section 1 — Data Controller
| Field | Value |
|---|---|
| Company name | VIVA.FIT d.o.o. |
| Address | Kersnikova ulica 1, 1241 Kamnik, Slovenia |
| VAT number | SI35205989 |
| Registration number | 6901930000 |
| info@gdprcompliantsite.com | |
| Phone | 041 320 531 |
| Contact person | Not specified — contact via email or phone |
The EU GDPR does not prescribe specific technical measures for verifying the identity of the website controller, nor does it require identification of the website visitor. Therefore, until the relevant regulations on identity verification obligations are supplemented, individuals must decide for themselves whether to trust the unprotected identity of the controller as presented.
Furthermore, the controller cannot guarantee that consent was obtained from the specific individual who purportedly agreed to the data processing terms, as the individual does not identify themselves to the controller in a unique and verifiable manner during the confirmation process. Consequently, the controller bears no responsibility for any misuse of web forms by third parties acting in another person’s name.
In the event that an individual objects to the processing of their personal data on the grounds that they did not provide consent, the controller shall immediately cease processing and delete the data upon receipt of such request. The controller accepts no responsibility for any damage incurred in the period between the entry of data by a third party and the receipt of the objection.
Section 2 — Data Protection Officer
The controller has not appointed a Data Protection Officer. For data protection inquiries, please contact the controller directly using the contact details provided in Section 1.
Section 3 — Processing Activities
| Activity | Purpose | Legal basis | Retention | Third party |
|---|---|---|---|---|
| Website visit logging | Technical operation and security | Legitimate interest (Art. 6(1)(f)) | 90 days | None |
| Security logging | Bot protection and security verification | Legitimate interest (Art. 6(1)(f)) | 30 days | None |
| SSL/TLS encryption | Secure data transmission | Legitimate interest (Art. 6(1)(f)) | N/A | None |
| Functional cookies (session, CSRF, consent) | Core website functionality and cookie consent management | Legitimate interest (Art. 6(1)(f)) | Session to 365 days | CookieYes (consent.gdprcompliantsite.com) |
| PayPal payment processing | Payment processing and fraud prevention | Legitimate interest (Art. 6(1)(f)) | 400 days | PayPal Holdings Inc. |
| PayPal analytics | Analytics and performance measurement of payment services | Consent (Art. 6(1)(a)) | 7300 days | PayPal Holdings Inc. |
| Sourcebuster referral tracking | Traffic source and referral tracking | Consent (Art. 6(1)(a)) | Session to 365 days | None (first-party script) |
Section 4 — Consent
This website uses technologies that require separate consent by category. You must consent to each category independently. You may accept or decline each category and withdraw your consent at any time.
| Category | Technologies | Purpose | Required |
|---|---|---|---|
| Functional / Security | Session cookies, CSRF tokens, Cloudflare security, CookieYes consent tool, SSL/TLS | Core website functionality and security | No — operates under Legitimate interest |
| Analytics | Sourcebuster (sbjs_* cookies), PayPal analytics (c, stats.paypal.com, b.stats.paypal.com, lhr.stats.paypal.com) | Website traffic analysis and visitor statistics | Yes — your explicit consent is required |
| Payment | PayPal (paypal.com, c.paypal.com, c6.paypal.com) | Secure payment processing | No — operates under Legitimate interest |
Section 5 — Website Technology Report
The following technical disclosure was produced using a regulatory-grade evidence collection methodology adopted by European data protection regulators and supervisory authorities. All findings are based on objective technical measurements performed on this website. This disclosure is provided in the interest of full transparency to website visitors.
5.1 SSL/HTTPS Status
| Parameter | Value |
|---|---|
| Allows HTTPS | Yes |
| HTTP redirect to HTTPS | Yes |
| Redirect location | https://trademarkdesigner.com/ |
5.2 Elements Permitted Before Consent
| Name | Domain | Category | Legal basis |
|---|---|---|---|
| gdprcs_consent | consent.gdprcompliantsite.com | Consent management | Legitimate interest |
| __cf_bm | c.paypal.com | Security (bot management) | Legitimate interest |
| sc_f, KHcl0EuY7AKSMgfvHl7J5E7hPtK, l7_az | paypal.com | Functional (Payment) | Legitimate interest |
5.3 Cookies
| Name | Domain | Category | Retention | Legal basis |
|---|---|---|---|---|
| gdprcs_consent | trademarkdesigner.com | Functional (Consent) | Session | Legitimate interest |
| sbjs_session, sbjs_migrations, sbjs_current_add, sbjs_first_add, sbjs_current, sbjs_first, sbjs_udata | trademarkdesigner.com | Analytics (Sourcebuster) | Session to 365 days | Consent |
| c | stats.paypal.com | Analytics (PayPal) | 7300 days | Consent |
| sc_f, KHcl0EuY7AKSMgfvHl7J5E7hPtK, l7_az | paypal.com | Functional (Payment) | 0.02 to 400 days | Legitimate interest |
| __cf_bm | c.paypal.com | Security (bot management) | 0.02 days | Legitimate interest |
5.4 Local Storage
| Key | Domain | Purpose | Retention | Legal basis |
|---|---|---|---|---|
| __paypal_storage__ | trademarkdesigner.com | PayPal payment session storage | Session | Legitimate interest |
5.5 Tracking Elements
| Name | Domain | Category | Legal basis |
|---|---|---|---|
| PayPal counter | b.stats.paypal.com | Analytics | Consent |
| PayPal logger | www.paypal.com | Functional (Payment) | Legitimate interest |
5.6 Third-Party Hosts
| Domain | Category | Legal basis |
|---|---|---|
| consent.gdprcompliantsite.com | Consent management | Legitimate interest |
| www.paypal.com | Payment | Legitimate interest |
| c.paypal.com | Payment | Legitimate interest |
| c6.paypal.com | Payment | Legitimate interest |
| b.stats.paypal.com | Analytics | Consent |
| lhr.stats.paypal.com | Analytics | Consent |
5.7 Recipients and Third Parties
| Provider | Domain | Purpose | Legal basis | Retention | Privacy Policy | Country |
|---|---|---|---|---|---|---|
| PayPal Holdings Inc. | paypal.com, c.paypal.com, c6.paypal.com | Payment processing and fraud prevention | Legitimate interest | 400 days | https://www.paypal.com/privacy-full | United States |
| PayPal Holdings Inc. | stats.paypal.com, b.stats.paypal.com, lhr.stats.paypal.com | Analytics and performance measurement | Consent | 7300 days | https://www.paypal.com/privacy-full | United States |
| CookieYes | consent.gdprcompliantsite.com | Cookie consent management | Legitimate interest | 365 days | https://www.cookieyes.com/privacy-policy/ | — |
Section 6 — Your Rights
| Right | Description |
|---|---|
| Right of access (Art. 15) | You have the right to obtain confirmation as to whether personal data concerning you is being processed, and access to that data. |
| Right to rectification (Art. 16) | You have the right to have inaccurate personal data corrected without undue delay. |
| Right to erasure (Art. 17) | You have the right to obtain the deletion of your personal data under certain conditions. |
| Right to restriction of processing (Art. 18) | You have the right to restrict the processing of your personal data under certain conditions. |
| Right to data portability (Art. 20) | You have the right to receive your personal data in a structured, commonly used, and machine-readable format. |
| Right to object (Art. 21) | You have the right to object to the processing of your personal data based on legitimate interests or direct marketing. |
| Right to withdraw consent (Art. 7(3)) | You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. |
To exercise any of these rights, please contact us at: info@gdprcompliantsite.com
Section 7 — Supervisory Authority
Information Commissioner of the Republic of Slovenia (IP RS)
Zaloška 59, 1000 Ljubljana, Slovenia
Phone: +386 1 230 97 30
Email: gp.ip@ip-rs.si
Website: https://www.ip-rs.si
You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR).
Section 8 — Automated Decision-Making
Based on the technical analysis of this website, no automated decision-making or profiling with legal or similarly significant effects (Art. 22 GDPR) has been detected. If this changes, this Privacy Policy will be updated accordingly.