ShipmentPlanner

GDPR Notice

General Data Protection Regulation Compliance Information

Last updated: December 5, 2025

Our Commitment to Data Protection

Tradylon d.o.o. is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable EU data protection laws. This notice explains how we comply with GDPR requirements when processing your personal data through ShipmentPlanner.

Data Controller:

Tradylon d.o.o.

Dvor 41

3240 Šmarje pri Jelšah

Slovenia

Email: dpo@tradylon.com (Data Protection Officer)

Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

Contractual Necessity (Art. 6(1)(b))

Processing necessary to perform our contract with you (providing ShipmentPlanner service, account management, billing).

Consent (Art. 6(1)(a))

Where you have given explicit consent for specific processing activities (e.g., marketing communications, cookies).

Legitimate Interests (Art. 6(1)(f))

For our legitimate business interests (service improvement, fraud prevention, analytics) where not overridden by your rights.

Legal Obligation (Art. 6(1)(c))

To comply with legal requirements (tax, accounting, regulatory obligations).

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

1. Right of Access (Art. 15)

You have the right to obtain confirmation that we process your data and to receive a copy of your personal data.

How to exercise: Contact us at dpo@tradylon.com

2. Right to Rectification (Art. 16)

You can request correction of inaccurate personal data and completion of incomplete data.

How to exercise: Update your profile in ShipmentPlanner or contact support

3. Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data when it's no longer necessary, you withdraw consent, or you object to processing.

Limitations: We may retain data if required by law or for legitimate purposes (e.g., accounting, legal claims).

How to exercise: Contact dpo@tradylon.com

4. Right to Restriction of Processing (Art. 18)

You can request that we limit processing of your data in certain circumstances (e.g., while verifying accuracy).

How to exercise: Contact dpo@tradylon.com

5. Right to Data Portability (Art. 20)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Formats available: JSON, CSV, Excel

How to exercise: Request export via dpo@tradylon.com

6. Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Use unsubscribe links in emails or contact dpo@tradylon.com

7. Rights Related to Automated Decision-Making (Art. 22)

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects.

Note: ShipmentPlanner uses algorithms for optimization, but significant decisions require human oversight.

8. Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

How to exercise: Contact dpo@tradylon.com or adjust settings in your account

Response Times

We will respond to your requests without undue delay and within one month of receipt, as required by GDPR Article 12(3). This period may be extended by two additional months where necessary, considering the complexity and number of requests.

Data Processing Categories

Personal Data We Process

CategoryData TypesPurpose
Identity DataName, username, titleAccount management
Contact DataEmail, phone, addressCommunication, support
Financial DataPayment details, billing infoTransaction processing
Business DataSKUs, shipments, warehouse infoService delivery
Technical DataIP address, device info, cookiesSecurity, analytics
Usage DataActivity logs, preferencesService improvement

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Duration of active account + 30 days after deletion request
  • Business data: Duration of active account + up to 90 days for backup purposes
  • Financial records: 7 years (legal requirement for accounting)
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Technical logs: 90 days for security purposes

Data Security Measures

In compliance with GDPR Article 32, we implement appropriate technical and organizational measures:

Technical Measures

  • • TLS/SSL encryption in transit
  • • AES-256 encryption at rest
  • • Multi-factor authentication
  • • Regular security audits
  • • Intrusion detection systems
  • • Automated backup systems

Organizational Measures

  • • Employee data protection training
  • • Access control policies
  • • Data processing agreements
  • • Incident response procedures
  • • Regular policy reviews
  • • Privacy by design principles

Data Transfers

Within the EU

Your data is primarily stored and processed within the European Union (EU/EEA). Our primary servers are located in Slovenia and other EU data centers.

Outside the EU

If we transfer data outside the EU, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Your explicit consent for specific transfers

Data Breach Notification

In compliance with GDPR Article 33 and 34:

  • We will notify the supervisory authority within 72 hours of becoming aware of a personal data breach
  • If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay
  • Notifications will include the nature of the breach, likely consequences, and measures taken

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Slovenian Data Protection Authority:

Information Commissioner (Informacijski pooblaščenec)

Dunajska cesta 22

1000 Ljubljana

Slovenia

Website: www.ip-rs.si

Email: gp.ip@ip-rs.si

You may also contact the data protection authority in your country of residence or workplace.

Cookie Policy

We use cookies in accordance with the ePrivacy Directive. Cookie categories include:

Strictly Necessary Cookies

Required for service functionality. No consent required.

Functional Cookies

Remember preferences and settings. Consent required.

Analytics Cookies

Help us understand usage patterns. Consent required.

Marketing Cookies

Track advertising effectiveness. Consent required.

You can manage cookie preferences through your browser settings or our cookie consent tool.

Children's Privacy

ShipmentPlanner is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Contact Our Data Protection Officer

For any questions about data protection or to exercise your rights:

Data Protection Officer

Tradylon d.o.o.

Dvor 41

3240 Šmarje pri Jelšah

Slovenia

Email: dpo@tradylon.com

General inquiries: privacy@tradylon.com

Updates to This Notice

We may update this GDPR Notice periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or prominent notice on our website. Please review this notice regularly to stay informed about how we protect your data.