Privacy policy

PRIVACY POLICY


How we collect, use, and protect your personal data


Last updated: 16.5.2026



1. Who we are


Ever Learn (ever-learn.com) is a digital ebook store operated by:


Operator: Barbara Hudoklin

Address: Ljubljanska cesta 16, 3000 Celje Sovenia

Email: tevz@ever-learn.com, urban@ever-learn.com 

Website: ever-learn.com


As the store operator, we are the data controller responsible for personal data collected through this website. Our e-commerce platform provider, Shopify Inc., also acts as a data processor and has its own privacy practices. See Shopify's Privacy Policy at shopify.com/legal/privacy



2. What data do we collect


We collect the following data:


- Full name and email address

- Account login/authentication information

- Order history, purchased products, and download activity

- Payment status and transaction confirmation data

- Communications you send us

- Newsletter preferences and consent records

- Cookie and session data


Payment and checkout information is processed by our payment providers and Shopify. We do not store or have access to full card details, cryptocurrency private keys, or complete payment credentials.


3. How we use your data


We use your data:


- To process and fulfil your orders and deliver digital product download links

- To send order confirmation, receipt, and transactional emails

- To respond to customer support and billing inquiries

- To comply with tax, accounting, VAT, and legal obligations under Slovenian and EU law

- To prevent fraud, abuse, chargebacks, and unauthorised access

- To improve our store, products, and customer experience

- To send promotional or marketing emails — only if you have explicitly opted in


You may unsubscribe from marketing emails at any time at no cost.



4. Legal basis for processing (GDPR)


We process personal data under the following legal bases:


- Contract performance: to process your order and deliver your purchased product

- Legal obligation: for tax records, VAT compliance, accounting, and regulatory requirements

- Legitimate interests: for fraud prevention, security monitoring, and service improvement

- Consent: for marketing communications where you have expressly opted in, and for non-essential cookies



5. Data sharing


We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.


We share data only with trusted third-party service providers, and only to the extent necessary to operate our store:


- Shopify Inc.: e-commerce platform and data processor

- Supabase, Inc.: database, authentication, file storage, audit logs, and backend infrastructure

- Payment processors, such as Stripe, PayPal, and Crypto.com Pay: payment processing

- Email service providers: transactional and support emails

- Digital delivery platforms: delivery of purchased digital products

- Accounting and tax tools: invoicing, bookkeeping, VAT/tax compliance, and legal record keeping

- Legal and regulatory authorities where required or compelled by law


All third-party service providers are bound by data processing agreements and are required to handle your personal data in accordance with applicable data protection laws, including the GDPR.



6. International data transfers


Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States.


Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data to EEA standards.



7. Data retention


We retain data as follows:


- Financial and tax records: 10 years, as required under Slovenian accounting and tax law

- Order and customer data: for the duration of our business relationship and up to 3 years thereafter for dispute resolution purposes

- Marketing consent records: retained until you withdraw consent

- Support communications: up to 3 years from the date of last contact



8. Your rights (GDPR)


You have the following rights:


- Right of access

- Right to rectification

- Right to erasure

- Right to restrict processing

- Right to data portability

- Right to object

- Right to withdraw consent

- Right to lodge a complaint


You may lodge a complaint with the Information Commissioner of the Republic of Slovenia (ip-rs.si) or your local EU supervisory authority.


To exercise any of these rights, contact us at:

tevz@ever-learn.com, urban@ever-learn.com 


We will respond within 30 days as required by GDPR. We may ask you to verify your identity before processing a request.



9. Cookies


Our store uses cookies and similar tracking technologies.


Strictly necessary cookies are always active and required for the store to function.


Analytics and marketing cookies are only set with your prior consent, managed via the cookie consent banner displayed on our website. You may withdraw consent for non-essential cookies at any time by adjusting your cookie preferences.



10. Automated decision-making


We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.



11. Changes to this policy


We may update this Privacy Policy from time to time.


The "Last updated" date at the top reflects when changes were last made. Where changes are material, we will notify you by email or a prominent notice on our website.


Continued use of our store after an update constitutes acceptance of the revised policy.