AVA.DO Privacy Policy
Last updated: 10 November 2025
1) Who we are (Controller)
Informacijske storitve Žiga Flis s.p. (“AVADO”, “we”, “us”)
Zelena ulica 7, 3240 Šmarje pri Jelšah, Slovenia
Email: ziga.flis@gmail.com
Website: ava.do
We operate this website and are the controller of personal data processed through it. This Privacy Policy explains what we collect, why, how we use it, and your rights.
If you provide us with personal data about other people (e.g., colleagues or family), you must have their permission and ensure the data is accurate.
We comply with the EU GDPR and Slovenia’s ZVOP-2.
Our site is not intended for children under 16.
2) Definitions (short)
- Personal Data: information that identifies you or can make you identifiable (e.g., name, address, email, IP, wallet address).
- Data: information you submit or we collect.
- Cookies: small files placed on your device.
- Website: ava.do and subdomains.
3) Scope
This Policy applies to our Website only.
It does not cover third-party sites or services we link to.
4) What we collect and why (categories, purposes, legal bases)
A) Technical & usage data (automatic)
- Data: IP, device/browser, OS, pages viewed, timestamps, referrer, geo region, firewall logs.
- Purposes: site operation, security, debugging, analytics.
- Legal basis: legitimate interests (Art. 6(1)(f)).
B) Account / orders / delivery
- Data: name, email, billing/shipping address, phone, order details, invoices.
- Purposes: contract performance, delivery, returns, bookkeeping.
- Legal basis: contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)).
C) Payments (fiat & crypto)
- Fiat: payment provider metadata; no full card details.
- Crypto: wallet address, tx hash, amount, timestamp.
- Purposes: payments, fraud prevention, refunds.
- Legal basis: contract; legitimate interests.
D) Support & RMA
- Data: messages, screenshots/logs, device model/serial, contact details.
- Purposes: troubleshooting, repair/replace, support quality.
- Legal basis: contract; legitimate interests.
E) Marketing (optional)
- Data: email (opt-in).
- Purposes: newsletters, product updates.
- Legal basis: consent.
F) Cookies & analytics
- Data: depends on your cookie choices.
- Purposes: preferences, site performance, UX improvement.
- Legal basis: consent for non-essential; legitimate interests for necessary cookies.
5) Do you have to give us data?
Order/delivery data are necessary for purchasing hardware.
Support data are needed for assistance.
Analytics/marketing are optional.
6) Sources
We collect data:
- from you directly
- automatically from your device
- from payment/logistics providers
- from public blockchains for crypto payment reconciliation
7) Sharing (processors & third parties)
We share data only as needed under GDPR-compliant contracts:
- Hosting/CDN & security: Hetzner/Cloudflare
- E-commerce: WooCommerce + extensions
- Payments: PayPal, Stripe, Adyen, Mollie; blockchain networks
- Logistics: carriers, customs brokers
- Email & ticketing: Google Workspace, Mailgun/Sendgrid, helpdesk tools
- Analytics: Plausible (cookieless) or GA4 (with consent)
We do not sell your personal data.
8) International transfers
If data is transferred outside the EEA/Slovenia, we use GDPR safeguards (adequacy decisions, SCCs).
Details available on request.
9) Retention
- Orders, invoices, warranty/RMA: 10 years
- Support tickets: 3 years from resolution
- Marketing: until withdrawal or 2 years inactivity
- Server logs: typically 90 days
Data is deleted or anonymized when no longer needed.
10) Security
We apply technical and organizational measures: access controls, TLS encryption, backups, least-privilege, logging, confidentiality.
You should keep passwords private.
11) Cookies
See our Cookie Policy.
Non-essential cookies only with your consent.
12) Your rights (GDPR & ZVOP-2)
You can:
- Access data
- Rectify
- Erase
- Restrict
- Object (legitimate interests or marketing)
- Portability
- Withdraw consent
- Avoid automated decisions (we don’t do these)
Contact: ziga.flis@gmail.com
We may require identity verification.
Supervisory authority (Slovenia):
Informacijski pooblaščenec
Dunajska cesta 22, 1000 Ljubljana
Website: ip-rs.si
Phone: +386 1 230 97 30
Email: gp.ip@ip-rs.si
13) Third-party links
External sites have their own policies.
14) Corporate changes
If the business is sold/merged, data may transfer to the new operator under GDPR.
15) Changes to this Policy
Updates will be posted here (and via banner where required).
Please check periodically.