Privacy Policy

Published: July 03, 2023

About us:

As of May 25, 2018, the General Data Protection Regulation (GDPR) came into effect in all EU member states.

At Kitio Internacional d.o.o., we understand the importance of personal data and the privacy of our customers. We aim to maintain the trust and the reputation as a secure and reliable partner, so we will process your personal data in accordance with the General Data Protection Regulation.

The data administrator for personal data is Kitio Internacional d.o.o., located at Dunajska 5, 1000 Ljubljana, Slovenia.

If you have any questions, please contact us by sending an email to

Personal data:

We collect your personal data when you provide it to us, for example, through your use of the website and its features, when you contact us directly by email, phone, in writing, or through social media, in prize draws, during the registration and activation of SXP1 experiences, or in any other way in which you provide us with personal data.

The types of information we may collect about you include:

  • Your first and last name;
  • Your residential address;
  • Your business email address or any other email address you provide to us;
  • Your phone number.

We may also obtain your personal data from certain publicly accessible sources, including public online databases, business directories, media publications, social media, websites, and other publicly accessible sources.

Purposes of personal data processing:

We may use your personal data for one or more of the following purposes:

  • Communicating about updates on our website, providing products, and responding to inquiries we receive from you. This will be necessary either because we occasionally inform you about changes on our website, prepare offers, or for our legitimate interest in fulfilling and confirming your requests, providing you with our products, and responding to inquiries we receive from you.
  • Enforcing our legal rights and complying with laws, regulations, and other legal requirements. This is necessary for our legitimate interest in protecting our business and enforcing our contractual and other legal rights, ensuring physical, network, information security and integrity. This is necessary for our legitimate interest in providing a secure and uncompromised IT system and networks, including backup and archiving, preventing malicious software, viruses, errors, or other harmful code, preventing unauthorized access to our systems, and all forms of attacks or damage to our IT systems and networks. We may need to use and process your personal data to comply with legal obligations that we must respect.
  • Identifying potential criminal offenses or threats to public security to the competent authorities. This is necessary for our legitimate interest in promoting the success of our business, preventing crime, fulfilling legal obligations, serving the general public interest, or serving the legitimate interests of governmental and competent authorities in preventing criminal offenses.
  • In relation to any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest in promoting and ensuring the success of our business, resolving disputes, and making such disclosures as required by law or which we reasonably believe are necessary to comply with the law.
  • For direct marketing purposes, where permitted by law or with your explicit consent for direct marketing purposes, to inform you about our products, updates, event organization, event participation, promotions, reports, prize draws, and to offer our products.

When we process your personal data based on your consent, you can withdraw your consent at any time by sending us a message to

Storage of personal data and processing period:

We do not process personal data for longer than necessary to achieve the goal for which the personal data was collected.

Personal data processed based on the law is stored for the period prescribed by law.

Personal data processed based on your consent or legitimate interest is stored until you revoke your consent or request the end of processing.

Protection of personal data:

We have implemented appropriate technical and organizational measures to safeguard your personal data and protect it against unauthorized or unlawful use or processing, as well as accidental loss, destruction, or damage of your personal data, including:

  • The principle of data minimization and processing on an anonymized basis whenever possible;
  • Training our employees on the importance of confidentiality and preserving the privacy and security of your data;
  • Commitment to enforcing employee responsibility for privacy through appropriate disciplinary measures;
  • Limiting access to personal data to individuals who need the data for their tasks;
  • Continuous and comprehensive updating and testing of our security technology;
  • Use of secure servers for storing your personal data;
  • Appointment of a data protection officer.

We would like to inform you that the transmission of information (including personal data) over the internet is not always entirely secure. If you provide us with any information over the internet (via email, through our website, or in any other way), you do so entirely at your own risk. We cannot be held responsible for any costs, expenses, loss of profits, damage to reputation, liability, or any other form of loss or damage that you may suffer as a result of transmitting data over the internet.

The website uses the following cookies:

'_ga': the main cookie used by Google Analytics, enables a service to distinguish one visitor from another and lasts for 2 years. Any site that implements Google Analytics, including Google services, uses the '_ga' cookie.

_gid: registers a unique ID that is used to generate statistical data on how the visitor uses the website. This cookie expires after 1 day. collect: is used to send data to Google Analytics about the visitor's device and behavior. It tracks the visitor across devices and marketing channels.

__stripe_mid: Fraud prevention cookies, and similar technologies that we deploy through our Site, help us learn things about computers and web browsers used to access Stripe Services. This information helps us monitor for and detect potentially harmful or illegal use of our Services. Set for fraud prevention purposes and helps us assess the risk associated with an attempted transaction.

__stripe_sid: Set for fraud prevention purposes and helps us assess the risk associated with an attempted transaction.

AWSALB: Classic AWS load balancer first receives a request from a client, it routes the request to a target, generates a cookie named AWSALB that encodes information about the selected target, encrypts the cookie, and includes the cookie in the response to the client.

XSRF-TOKEN: Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user. Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.

Sxp1_session: A session cookie is a simple text file that a website installs on its visitor's device for temporary use. It helps track real-time changes in a user's activity while on a website, such as adding items while shopping on e-commerce websites.

Individual rights:

We would like to draw your attention to the following rights regarding your personal data, which you can exercise by sending an email to and:

  • request access to your personal data and information regarding our use and processing of your personal data;
  • requesti correction or deletion of your personal data;
  • request limitation of the use of your personal data;
  • exercise the right to data portability;
  • object to the processing of your personal data for certain purposes (for further information, see the section titled "Your right to object to the processing of your personal data for certain purposes" below); and
  • request the withdrawal of consent to our use of your personal data, where we process it based on your consent. If you withdraw your consent, it will not affect the lawfulness of our use and processing of your personal data based on your consent before the withdrawal.

Any time you object to our direct marketing using a different communication method than the marketing messages you have received from us, you must provide us with your name and sufficient information, so we will be able to identify you in connection with the communications you have received.

Final provisions:

These terms and conditions apply from May 25, 2018.

Kitio Internacional d.o.o. reserves the right to change or amend these terms and conditions. We will inform you about this. By continuing to access our website on or after this date, you agree to be bound by the new version of our privacy policy.

If we intend to use your personal data for a new purpose, you will be informed about that purpose and other relevant information before we use your personal data for this new purpose.

Amended terms and conditions take effect on the date of publication on the website.

The interpretation of the provisions of these general terms and conditions is governed by the applicable law in the Republic of Slovenia.