Privacy policy

PRIVACY POLICY

Last updated: 22 June 2026

1. Who we are

This Privacy Policy explains how personal data is collected, used, stored and shared when you visit, use or make a purchase through www.taptruckinterior.com, contact us, communicate with us through social media or otherwise interact with Tap Truck Interior.

Tap Truck Interior is a brand operated by:

TAP MLINARIČ, proizvodnja, storitve in trgovina, d.o.o.
Short name: TAP MLINARIČ d.o.o.
Registered address: Vitan 1, 2276 Kog, Slovenia
Company registration number: 3373398000
VAT identification number: SI80902251
Email: taptruckinterior@gmail.com

For the purposes of the General Data Protection Regulation, the Slovenian Personal Data Protection Act and other applicable data protection legislation, TAP MLINARIČ d.o.o. is the controller of the personal data described in this Privacy Policy, except where another provider acts as an independent controller as explained below.

In this Privacy Policy, “TTI”, “Tap Truck Interior”, “we”, “us” and “our” refer to TAP MLINARIČ d.o.o.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed in connection with:

our online store and website;
customer accounts and checkout;
purchases, custom orders and product production;
payments, delivery, returns, complaints and warranty claims;
enquiries and customer support;
email, telephone, WhatsApp, Messenger, Instagram and other communications;
newsletters and promotional messages;
advertising, website analytics and similar technologies;
customer reviews, photographs, videos and other customer-provided content;
dealer, distributor and other business relationships;
competitions, promotions, events and truck shows where personal data is collected.

This Privacy Policy applies to individual customers, sole traders, representatives and contact persons of companies and other natural persons whose personal data we process.

It does not apply to the processing of employee or job applicant data, which may be covered by separate internal notices.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data.

Identification and contact information

This may include your name, surname, company name, billing address, delivery address, country, email address, telephone number and social media username.

Company and tax information

When you place a business or VAT-exempt order, we may process the company name, registered address, VAT identification number, company registration details and the name and contact details of the person placing the order.

We may verify VAT information through official European Union or national VAT verification systems.

Order and transaction information

This may include:

order number;
products ordered;
product colour, model and configuration;
truck make, model, year, cabin type and passenger seat type;
chosen materials, stitching, buttons, text and logo options;
billing and delivery information;
purchase price, discounts and VAT status;
payment method and payment confirmation;
shipping, tracking, delivery, return and complaint information;
previous purchases and communication connected with an order.

Custom product and production information

Because many TTI products are made or customised according to the customer’s selections, we may process:

uploaded logos, photographs, drawings and other files;
company logos, personal names, nicknames and custom text;
embroidery or quilting instructions;
colour and placement instructions;
photographs or videos of the truck interior;
vehicle configuration details;
measurements or other information required to determine product compatibility;
communication regarding approval of the design or production details.

Uploaded files may contain personal data if they include a person’s name, photograph, signature, social media name or another identifiable element.

Please provide only the information necessary for the order and do not send special-category or highly sensitive personal data.

Payment information

Payments may be processed by Shopify, PayPal, banks, payment card providers or another payment provider made available at checkout.

We generally do not receive or store your complete payment card number. Payment providers process complete card or account details under their own security and privacy procedures. We may receive limited payment information, such as the payment status, transaction reference, payment method and the last digits of the payment card where applicable.

Account information

If you create an account, we may process your login details, account preferences, saved addresses, order history and account activity.

Passwords are processed through Shopify’s systems and are not visible to us in plain text.

Communications and customer support

We process information contained in emails, contact forms, telephone calls, WhatsApp messages, Messenger messages, Instagram messages and other communications.

This may include questions about products, order changes, logo approvals, payment arrangements, VAT information, complaints, photographs, videos and other information you choose to provide.

Marketing information

This may include:

whether you subscribed to marketing;
the date, time and method of subscription;
evidence of consent;
whether an email was delivered, opened or clicked, where this functionality is enabled and permitted;
your marketing preferences;
the date and method of withdrawal or unsubscribe;
information needed to ensure that we do not send further marketing messages after you have opted out.

Website, device and usage information

When you visit our website, we or our technology providers may process:

IP address;
device and browser type;
operating system;
approximate location based on IP address;
language and time zone;
pages viewed;
products viewed;
searches;
referring website;
time spent on the website;
products placed in the cart;
checkout activity;
purchase events;
cookie and similar technology identifiers;
technical and security logs.

Non-essential analytics and advertising data are processed only where the required consent has been obtained.

Reviews, photographs and promotional content

If you submit a review, photograph, video or testimonial, we may process your name, social media username, image, voice, truck, company name and the content you submit.

We will publish identifiable customer photographs, videos or testimonials only where we have an appropriate legal basis, normally your consent or a separate agreement with you.

4. How we obtain personal data

We may obtain personal data:

directly from you;
through our website, checkout or customer account;
through emails, telephone calls and contact forms;
through WhatsApp, Facebook, Messenger, Instagram or other social platforms;
from the company, employer or other person placing an order on your behalf;
from payment providers and banks;
from delivery companies;
from Shopify and approved Shopify applications;
through cookies and similar technologies where permitted;
from public business registers and VAT verification systems;
from dealers, distributors or business partners where they are legally permitted to provide the data;
from fraud-prevention, security and technical service providers.

If another person or company provides us with your personal data, they are responsible for ensuring that they are authorised to do so and that you have been provided with the required privacy information.

5. Why we process personal data and our legal bases

We process personal data only where we have a valid legal basis.

Processing enquiries and preparing an order

We process your contact details, truck details, requested products and communications in order to answer questions, check product compatibility, prepare an offer or pro forma invoice and take steps at your request before entering into a contract.

Legal basis: steps taken before entering into a contract and performance of a contract.

Processing and fulfilling orders

We process identification, contact, order, customisation, payment, production and delivery information to:

accept and manage an order;
manufacture or customise the selected products;
confirm compatibility;
process payment;
issue order confirmations and invoices;
arrange delivery;
communicate about production or delivery;
handle returns, complaints and warranty requests;
provide customer support.

Legal basis: performance of a contract.

Accounting, VAT and legal obligations

We process and retain invoices, payment information, VAT numbers, transaction records and other required documents to comply with tax, accounting, consumer protection and other legal obligations.

Legal basis: compliance with a legal obligation.

Preventing fraud and protecting the website

We process technical, order, payment and device information to protect our website, customers, accounts and business against fraud, misuse, unauthorised access, malicious activity and other security threats.

Legal basis: our legitimate interests in protecting our business, customers, systems and legal rights.

Managing customer relationships

We may retain relevant order history and previous communication to provide efficient support, recognise repeat customers, respond to questions and manage an ongoing commercial relationship.

Legal basis: performance of a contract and our legitimate interest in providing effective customer service and managing customer relationships.

Establishing and defending legal claims

We may process and retain relevant information to enforce agreements, collect unpaid amounts, respond to legal requests and establish, exercise or defend legal claims.

Legal basis: our legitimate interests in protecting and enforcing our legal rights and, where applicable, compliance with a legal obligation.

Newsletter and promotional communications

Where you voluntarily subscribe to our newsletter or promotional communications, we process your email address and marketing preferences based on your consent.

You may withdraw consent at any time by using the unsubscribe link included in the message or by contacting us.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Legal basis: consent.

Marketing to existing customers

Where permitted by applicable electronic communications legislation, we may use an email address obtained in connection with a previous purchase to inform the customer about our own similar products.

Customers are given a clear and free opportunity to object when the email address is collected and in every subsequent marketing message.

We do not use this exception to send unrelated third-party advertising.

Legal basis: our legitimate interest in marketing our own similar products to existing customers, subject to the requirements and opt-out rights under applicable electronic communications legislation.

Transactional communications

Order confirmations, payment notices, production questions, delivery notifications, complaint responses and similar service messages are not marketing communications and may still be sent after you unsubscribe from promotional emails.

Legal basis: performance of a contract, steps before entering into a contract or compliance with a legal obligation.

Analytics and improvement of the website

Where required consent has been obtained, we use analytics technologies to understand how visitors use the website, measure website performance, identify technical problems and improve products, navigation and content.

Legal basis: consent for non-essential cookies and similar technologies.

Where strictly necessary technical information is processed without non-essential cookies to maintain website security and operation, the legal basis is our legitimate interest and the necessity of providing the website service requested by the user.

Advertising and measurement

Where you have consented, we may use advertising and measurement technologies provided by Shopify, Meta, Google or other providers to:

measure the effectiveness of advertising;
understand whether an advertisement resulted in a website visit or purchase;
display more relevant advertising;
limit repeated advertisements;
create advertising audiences based on website interactions;
attribute purchases and other events to advertising campaigns.

Depending on the technology used, this may involve browser-based technologies such as pixels and cookies, as well as server-side transmission of event information, such as Meta Conversions API.

Advertising and analytics technologies that require consent must not be activated before the required consent has been obtained.

Legal basis: consent.

Customer reviews, photographs, videos and testimonials

We may use customer-submitted content for publication on our website, social media profiles, emails or advertisements where the customer has agreed to the intended use or where another appropriate legal basis exists.

Where processing is based on consent, consent may be withdrawn for future use. Withdrawal does not affect lawful use before withdrawal and may not require the recall of physical promotional materials that were already produced and distributed before withdrawal.

Legal basis: consent or performance of a separate agreement.

Dealer and business relationships

We process the names and business contact details of dealers, suppliers, distributors and company representatives to communicate, negotiate, conclude and manage business relationships.

Legal basis: performance of a contract, steps before entering into a contract and our legitimate interest in conducting and developing business relationships.

6. Information required to place an order

Certain information is necessary for us to enter into and perform a contract.

This normally includes your name, contact information, billing and delivery address, selected product, required product configuration and payment information.

For customised products, we may also need information about the truck, cabin, seat configuration, requested logo, text, colours or other production details.

If required information is not provided, we may be unable to confirm compatibility, manufacture the product, process payment or deliver the order.

Providing information for marketing purposes is voluntary and is not a condition of purchasing a product.

7. Custom logos, uploaded files and intellectual property

Files uploaded for embroidery, quilting or other customisation are used to prepare and manufacture the requested product, communicate with you about the design and handle any related complaint or repeat order.

You should upload only files that you are authorised to use.

Where an uploaded file contains another person’s personal data, you are responsible for ensuring that you are authorised to provide that information to us for the requested production.

We may refuse to process files that unnecessarily contain sensitive personal information or appear to violate applicable law or third-party rights.

Custom logo and production files are not used for unrelated marketing or made publicly available unless you separately agree to such use.

8. Cookies and similar technologies

Our website uses cookies and similar technologies.

Some cookies are strictly necessary for the website, shopping cart, checkout, account login, security, language settings, payment process and other services expressly requested by the user. These technologies may be used without consent where permitted by law.

Other technologies, including certain preference, analytics and advertising cookies, pixels and similar identifiers, are used only after the user has provided the required consent.

The categories may include:

strictly necessary cookies;
functionality and preference cookies;
analytics and performance cookies;
advertising and marketing cookies.

The cookie settings panel available on the website provides more detailed and current information about individual cookies and technologies, including their provider, purpose and duration.

You can accept, reject or customise non-essential cookies through the cookie banner. You can later change or withdraw your choice through the cookie or privacy settings link displayed on the website.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Blocking or deleting certain cookies through your browser may affect website functionality. Strictly necessary cookies cannot be disabled through our consent tool because they are required to provide the requested service.

9. Shopify

Our online store is hosted and supported by Shopify.

For the ordinary operation of the online store, TAP MLINARIČ d.o.o. generally acts as the controller of customer personal data and Shopify acts as our processor. Shopify processes personal data to provide hosting, checkout, order management, security, technical support and related e-commerce services.

Information submitted through the website may therefore be transmitted to and processed by Shopify and its authorised subprocessors.

Where we enable certain Shopify enhanced services, Shopify may process information about interactions with our store and other Shopify services for its own defined purposes and may act as an independent controller.

In those circumstances, Shopify is responsible for its own processing and for handling requests relating to that processing. Further information is available in Shopify’s Consumer Privacy Policy and through Shopify’s Privacy Portal.

Customers who use Shop, Shop Pay or another Shopify consumer service may also have a direct relationship with Shopify that is governed by Shopify’s own privacy terms.

10. Meta, Google and other advertising providers

Where you have provided the required consent, our website may use technologies provided by companies such as Meta Platforms Ireland Limited, Google Ireland Limited, Shopify and their related companies.

These providers may receive information about your device and your interaction with our website, such as:

cookie or advertising identifiers;
IP address;
page or product viewed;
cart activity;
checkout or purchase event;
order value and currency;
browser and device information.

Where possible, information transmitted for advertising measurement may be hashed or otherwise protected. Hashing does not necessarily make information anonymous.

Depending on the service and processing activity, a provider may act as our processor, an independent controller or, in limited situations, a joint controller with us.

The provider’s own privacy policy applies to processing for which that provider determines the purposes and means.

You can prevent non-essential advertising technologies from being activated by rejecting advertising cookies or withdrawing consent through the website’s cookie settings.

11. Direct marketing and your right to object

You may unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us.

You may also object at any time to the use of your personal data for direct marketing, including related profiling.

After an unsubscribe or objection, we may retain your email address on a suppression list. This is necessary to ensure that we respect your choice and do not accidentally add the address back to an active marketing list.

Opting out of marketing does not prevent us from sending messages necessary to manage an existing order, payment, delivery, complaint, warranty request or another contractual relationship.

We do not add a person to the general newsletter merely because they contacted us through WhatsApp, Messenger, Instagram, email or a contact form.

Separate consent or another lawful basis is required for promotional communications.

12. How we share personal data

We share personal data only where necessary for the purposes described in this Privacy Policy.

Recipients may include:

E-commerce and website providers

Shopify and providers of approved website applications, hosting, security, customer support, order management, forms and technical services.

Payment providers

PayPal, Shopify-supported payment providers, banks, payment card networks and other providers selected by the customer at checkout.

Payment providers may act as independent controllers for payment processing, fraud prevention, regulatory compliance and their own legal obligations.

Delivery and logistics providers

GLS and other postal, courier, freight, customs or logistics providers used to deliver orders.

Delivery providers receive information required for delivery, such as the recipient’s name, address, telephone number, email address and shipment information.

Accounting, tax and professional advisers

Our accountants, tax advisers, legal advisers, auditors, insurance providers and other professional service providers where access is necessary for their work.

Production and fulfilment providers

Employees, authorised contractors and service providers involved in preparing, manufacturing, embroidering, packaging or fulfilling an order, where access to relevant order information is necessary.

Marketing and analytics providers

Shopify, Meta, Google, email marketing providers and other advertising or analytics providers, but only in accordance with the applicable legal basis and consent requirements.

Communication providers

Email, telecommunications, WhatsApp, Messenger, Instagram and other platforms used when you choose to communicate with us through those services.

The operator of the relevant platform may separately process communication metadata and other information under its own privacy policy.

Public authorities

Tax authorities, courts, law-enforcement authorities, customs authorities, inspection bodies and other public bodies where disclosure is legally required or necessary to protect legal rights.

Business transactions

Personal data may be shared in connection with a merger, restructuring, financing, transfer or sale of all or part of the business, subject to appropriate confidentiality and legal protections.

We do not sell personal data for monetary payment.

13. International transfers

Some of our providers, including Shopify, Meta, Google and certain technology or payment providers, may process personal data outside Slovenia or outside the European Economic Area.

Where personal data is transferred to a country outside the European Economic Area that has not been recognised as providing an adequate level of protection, we use or require an appropriate lawful transfer mechanism.

Depending on the provider and destination, this may include:

an adequacy decision adopted by the European Commission;
standard contractual clauses approved by the European Commission;
supplementary technical and organisational safeguards;
another transfer mechanism permitted by applicable law.

Further information about the safeguards used by a particular independent provider is available in that provider’s privacy documentation.

You may contact us for additional information about the transfer safeguards applicable to personal data for which we act as controller.

14. How long we retain personal data

We retain personal data only for as long as necessary for the purpose for which it was collected, to comply with legal obligations and to establish, exercise or defend legal claims.

The following periods generally apply.

Orders, invoices and accounting documentation

Invoices, tax records, VAT information and related accounting documentation are generally retained for 10 years after the end of the calendar year to which they relate, or longer where required by applicable law.

Order and production documentation

Order specifications, compatibility information, production instructions, delivery information and communication connected with an order are generally retained for five years after completion of the order.

Information that forms part of accounting or tax documentation may be retained for the longer statutory period.

Information may also be retained longer where required for an unresolved complaint, legal claim, investigation or enforcement of an agreement.

Custom logo and design files

Custom logos, embroidery files, quilting files and associated production instructions are generally retained for five years after the most recent relevant order to handle complaints, verify what was produced and facilitate an authorised repeat order.

You may request earlier deletion where the file is no longer required for a legal obligation, active order, complaint or legal claim.

Enquiries that do not result in an order

General enquiries and related communication are generally retained for up to two years after the last meaningful communication, unless a longer period is justified by an ongoing business relationship or legal claim.

Abandoned checkout information

Information connected with an incomplete or abandoned checkout is generally retained for up to 12 months after the last activity, unless the checkout is converted into an order or longer retention is required for security, fraud prevention or legal reasons.

Customer account information

Account information is retained while the account remains active and generally for up to two years after closure or the last account activity.

Order, invoice and transaction records connected with the account may be retained separately for the applicable statutory period.

Marketing subscriptions

Marketing contact information is retained until you unsubscribe, withdraw consent or successfully object to direct marketing.

Evidence of consent and records of withdrawal or objection may be retained for up to five years after withdrawal or objection, where necessary to demonstrate compliance and protect legal rights.

A minimal suppression record may be retained for as long as necessary to ensure that your marketing objection continues to be respected.

Cookies and online identifiers

Cookie and similar technology retention periods are stated in the website’s cookie settings panel.

Data received by independent advertising and analytics providers may also be retained according to their own privacy policies and settings.

Technical and security logs

Technical and security logs are generally retained for up to 12 months, unless a longer period is necessary to investigate a security incident, fraud, misuse or legal claim.

Reviews, photographs, videos and testimonials

Published customer content is retained for the period covered by the consent or agreement, until consent is withdrawn for future use or until the content is no longer used.

Evidence of the authorisation or consent may be retained for up to five years after the content is removed where necessary to demonstrate lawful use or defend a legal claim.

When a retention period expires, data is deleted, anonymised or securely restricted unless further retention is required or permitted by law.

15. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, loss, destruction and misuse.

These measures may include:

access restrictions;
individual user accounts;
password protection;
secure connections;
platform security controls;
regular software updates;
backups;
staff confidentiality obligations;
review of provider access;
fraud and security monitoring.

No online transmission or storage system can be guaranteed to be completely secure.

Please do not send payment card numbers, passwords or unnecessary sensitive information through ordinary email, social media messages or other unsecured communication channels.

You are responsible for keeping your account credentials confidential and for notifying us if you suspect unauthorised account use.

16. Your rights

Subject to the conditions and limitations of applicable law, you have the right to:

obtain confirmation as to whether we process your personal data;
request access to your personal data;
request correction of inaccurate or incomplete data;
request deletion of personal data;
request restriction of processing;
receive certain personal data in a structured, commonly used and machine-readable format;
request transmission of eligible data to another controller where technically feasible;
object to processing based on legitimate interests;
object at any time to direct marketing, including related profiling;
withdraw consent at any time where processing is based on consent;
lodge a complaint with a competent supervisory authority;
receive information about applicable safeguards for international transfers.

These rights are not absolute. For example, we may need to retain invoices or transaction records despite a deletion request where retention is required by tax or accounting legislation.

To exercise your rights, contact:

taptruckinterior@gmail.com

Please describe your request clearly. We may request additional information where reasonably necessary to verify your identity and prevent unauthorised disclosure.

We will respond without undue delay and normally within one month of receiving a complete request. Where permitted by law, this period may be extended due to the complexity or number of requests. We will inform you if an extension is required.

Exercising your rights is generally free of charge. A reasonable fee may be charged, or a request may be refused, where a request is manifestly unfounded or excessive, particularly because of repetition, as permitted by law.

17. Automated decision-making and profiling

We may use limited profiling for advertising, audience selection, campaign measurement, product recommendations and analysis of website interactions where the required consent has been obtained.

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

Security and fraud-prevention systems may automatically flag an order for additional review. Where appropriate, the final decision is reviewed by a person or the relevant payment provider.

18. Social media

We maintain profiles on platforms such as Facebook and Instagram and may communicate through Messenger and WhatsApp.

When you interact with our social media profiles, both we and the platform operator may process information about the interaction.

The platform operator may process information for its own purposes, including platform security, advertising, analytics and personalisation, under its own privacy policy.

For certain aggregated statistics or page-insight functions, we and the platform operator may have responsibilities as joint controllers. Requests concerning data processed exclusively by the platform should be directed to the platform operator.

Messages received through social media are processed to respond to your enquiry, manage an order or maintain a business relationship.

We do not automatically subscribe social media contacts to our email marketing list.

19. Third-party websites and services

Our website may contain links to websites, payment services, social media platforms or other services operated by third parties.

We are not responsible for the privacy practices, security or content of websites and services that we do not control.

Before submitting personal data to a third party, please review that party’s privacy information.

20. Children

Our website and products are intended primarily for adults and business customers.

We do not knowingly collect personal data from children for marketing purposes.

A person under 18 should place an order only with the involvement or authorisation of a parent or legal representative where required by law.

If you believe that a child has provided personal data to us without appropriate authorisation, please contact us so that we can review and, where appropriate, delete the information.

21. Complaints

Please contact us first if you have concerns about how we process your personal data. We will attempt to investigate and resolve the matter.

You also have the right to lodge a complaint with the Slovenian supervisory authority:

Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana
Slovenia

If you live in another European Economic Area country, you may also contact the competent data protection authority in your country.

22. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our processing activities, providers, website functions or legal obligations.

The current version will be published on this website with the date of the latest update.

Where a change materially affects processing based on consent or requires new information to be provided, we will take additional steps where required by law.

23. Contact

For questions about this Privacy Policy, the processing of your personal data or the exercise of your rights, contact:

TAP MLINARIČ d.o.o.
Vitan 1
2276 Kog
Slovenia

Email: taptruckinterior@gmail.com

Company registration number: 3373398000
VAT identification number: SI80902251

Country/region

Language